[midPoint] How to deal with duplicate unique attributes?
Ethan Kromhout
kromhout at unc.edu
Tue Oct 20 23:12:08 CEST 2020
In my case, each of the unique accounts has a userName attribute, so I
pull that out and use it as the tag, but you can also just let midPoint
generate the tag. The below is from my account kind in schemahandling,
I'm using grovy in my case to pull the needed userName from an incoming
json object.
<multiplicity>
<maxOccurs>unbounded</maxOccurs>
<tag>
<expression>
<script
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
import groovy.json.JsonSlurper
userNameString =
basic.getAttributeValue(projection, "userName");
jsonSlurper = new JsonSlurper()
userNameJson =
jsonSlurper.parseText(userNameString)
log.info('userName = {}',userNameJson.userName)
return userNameJson.userName
</code>
</script>
</expression>
</tag>
</multiplicity>
Then later I do something similar to pull out the primary username, and
store that in an extension property "loginId". For your case you
probably can just use a condition, and not worry about groovy.
<inbound id="19">
<source>
<name>loginId</name>
<c:path
xmlns:uncPerson="http://unc.edu/xml/ns/uncPerson">$user/extension/uncPerson:logonId</c:path>
</source>
<expression>
<script
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
import groovy.json.JsonSlurper
jsonSlurper = new JsonSlurper()
userNameJson = jsonSlurper.parseText(input)
log.info('userName = {}',userNameJson.userName)
if(userNameJson.type.equals('PRIMARY')) {
return userNameJson.userName
}
else {
return loginId
}
</code>
</script>
</expression>
<target>
<c:path
xmlns:uncPerson="http://unc.edu/xml/ns/uncPerson">$user/extension/uncPerson:logonId</c:path>
</target>
</inbound>
I needed to return the existing value of loginId so that I wouldn't get
a null loginId when processing the non-primary account.
Full resource definition is attached in case that is useful. The scim
service it connects to is a UNC proprietary service, so that may not add
much value to the above. I'd forgotten, but the correlation expression
is using a different attribute of the account, one that is unique per
user, not per account. I think that probably always needs to be the case
when doing correlation with a multiaccount resource.
Ethan
On 10/20/20 4:33 PM, Gus Lou via midPoint wrote:
> Hi Ethan
> Thank you for share, I would like to see your approach.
> I will study the link you recommended as well.
> Thank you very much.
> Gus
>
> Em ter., 20 de out. de 2020 às 17:20, Ethan Kromhout via midPoint
> <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
> escreveu:
>
> I have a situation that is similar, though perhaps not quite the
> same, where one of my source systems has multiple accounts for
> some users. In my case there primary and secondary accounts for
> some users, and then sometimes accounts can be considered
> inactive. I used the method discussed here
> https://wiki.evolveum.com/display/midPoint/Multiaccounts+HOWTO
> <https://wiki.evolveum.com/display/midPoint/Multiaccounts+HOWTO>
> to create tagged shadows for each of the accounts, then in
> schemahandling I select the primary account record to store in a
> user attribute that I use later in correlation.
>
> I can share some config snippets if the multiaccount approach
> sounds useful.
>
> Thanks,
>
> Ethan
>
> On 10/20/20 2:57 PM, Gus Lou via midPoint wrote:
>> Hi Guys
>>
>> Has anyone here ever had to deal with unique attributes
>> (dupplicate) from the HR base?
>> I explain, in my human resources system the same person can have
>> more than one record, with the status of hired and fired.
>> When I run the synchronization task, the MP displays the error of
>> unique attribute value 111.111 is not unique in Data.csv
>> I would like to apply some kind of filter to process only the
>> record with hired status in case of duplicate records.
>>
>> I am studying the information on Correlation Expression to try to
>> achieve this goal
>> https://wiki.evolveum.com/display/midPoint/Correlation+and+Confirmation+Expressions
>> <https://wiki.evolveum.com/display/midPoint/Correlation+and+Confirmation+Expressions>
>>
>> Best Regards
>>
>> Gus
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> https://lists.evolveum.com/mailman/listinfo/midpoint <https://lists.evolveum.com/mailman/listinfo/midpoint>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201020/cebb4a9a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scim-resource-multiaccount.xml
Type: text/xml
Size: 15936 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201020/cebb4a9a/attachment.xml>
More information about the midPoint
mailing list