<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Jason,<br>
<br>
this is definitely strange. Please send the AD resource
configuration (without confidential info of course). I'll try to
have a more complete look at it...<br>
<br>
What is the exact scenario? Are you creating the user from GUI, or
from external source (recon, livesync or import)? If so, can you try
to create the user from GUI?<br>
<br>
Thank you,<br>
regards,<br>
Ivan<br>
<br>
<br>
<div class="moz-cite-prefix">On 11/21/2014 06:24 PM, Jason Everling
wrote:<br>
</div>
<blockquote
cite="mid:CAFkZXY5BuFQe5LEJPFDRMTXM52P7uN-mTGe5F=yb2-BCqHvs5g@mail.gmail.com"
type="cite">
<div dir="ltr">I upgraded to 3.0.1 this morning and it is still
the same, it doesn't add the iteratorToken, it is almost as if
it is using the displayName.
<div><br>
</div>
<div>I can keep using the + name + attribute or with what I
tested today in the below</div>
<div><br>
</div>
<div>Another I got around it is by creating a mapping to
additionalName with iterationToken then changing the way the
DN is built by just using the additionalName like</div>
<div><br>
</div>
<div>'CN=' + additionalName + ',' + organization + ''<br>
</div>
<div><br>
</div>
<div>
<div> <mapping></div>
<div> <source></div>
<div> <path>$user/givenName</path></div>
<div> </source></div>
<div> <source></div>
<div> <path>$user/familyName</path></div>
<div> </source></div>
<div> <expression></div>
<div> <script></div>
<div> <code></div>
<div> givenName + ' ' + familyName +
iterationToken</div>
<div> </code></div>
<div> </script></div>
<div> </expression></div>
<div> <target></div>
<div> <path>additionalName</path></div>
<div> </target></div>
<div> </mapping></div>
</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Nov 20, 2014 at 1:52 PM, Ivan
Noris <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi Jason,<br>
<br>
it could also help if you can try the same with midPoint
3.0.1...<br>
<br>
Regards,<br>
Ivan
<div>
<div class="h5"><br>
<br>
<div>On 11/20/2014 06:13 PM, Jason Everling wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">Ok thanks, for now until this is
fixed just for my testing purposes I changed it
from
<div><br>
</div>
<div><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">'cn='+givenName+'
'+familyName+iterationToken+',</span><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">'+organization+''</span><br>
</div>
<div><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">To</span></div>
<div><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">'CN='+name+',</span><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">'+organization+''</span><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">Which
works since it uses the username instead of
first/last and doesn't need the iterator, this
might be the best way to go for us in the
future, we never delete student accounts. just
disabled, right now we have over 6000 disabled
accounts in AD and in the future using
first/last with iterator might get up to
flastname54 which I am not sure we would like
anyways.</span></div>
<div><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span
style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">JASON</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Nov 19, 2014 at
1:47 PM, Ivan Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">Hi Jason,<br>
<span><br>
<br>
> Just on a side note, the username from
the db table source gets<br>
> created correctly with the iteration
token, it is just not applying<br>
> the iteration token when building the
DN for AD.<br>
><br>
<br>
</span>So I recommend to wait for Pavol's
resolution then. He's our primary AD<br>
connector specialist. From what you've written
it _looks_ like AD<br>
connector specific issue. But it's strange as
I've used the AD connector<br>
with iterator for even older midPoint versions
- and it has worked.<br>
<br>
I'd have another look at it too, just in case.<br>
<br>
Regards,<br>
Ivan<br>
<div>
<div><br>
--<br>
Ing. Ivan Noris<br>
Senior Identity Management Engineer<br>
<a moz-do-not-send="true"
href="http://evolveum.com"
target="_blank">evolveum.com</a><br>
___________________________________________<br>
"Idem per idem - semper idem
Vix."<br>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
</div>
</div>
<font><br>
<br>
<span class=""> CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only the
recipient(s) named above and may contain information
that is privileged. You should not retain, copy or
use this e-mail or any attachments for any purpose,
or disclose all or any part of the contents to any
person. Any views or opinions expressed in this
e-mail are those of the author and do not represent
those of the Baptist School of Health Professions.
If you have received this e-mail in error, or are
not the named recipient(s), you are hereby notified
that any review, dissemination, distribution or
copying of this communication is prohibited by the
sender and to do so might constitute a violation of
the Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </span></font><br>
<br>
<fieldset></fieldset>
<br>
<span class="">
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</span></blockquote>
<span class=""> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a moz-do-not-send="true" href="http://evolveum.com">evolveum.com</a>
___________________________________________
"Idem per idem - semper idem Vix."
</pre>
</span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com evolveum.com/blog/
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>