<div dir="ltr">I got a little closer, tried Groovy and XPATH,<div><br></div><div>Using a Groovy expression, it picks up the iterationToken but I am getting an error in the expressions, Groovy is new to me so here is the code,</div><div><br></div><div><div> <code></div><div> "cn=" + user.getFullName() + user.getIterationToken() + "," + user.getOrganization();</div><div> </code></div></div><div><br></div><div>When trying to add the account to midpoint, I am getting the below, you can see the iterationToken was added but I dont think my code above is correct</div><div><br></div><div><span class=""> Attribute: {Name=__NAME__, Value=[cn=Tim Hecks2,[OU=AAD,OU=SHP Students,DC=TEST,DC=LOCAL]]}, </span><br></div><div><span class=""><br></span></div><div>JASON</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 21, 2014 at 5:41 PM, Jason Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I know so strange,<div><br></div><div>This is basically still the same setup, with the CSV resource how it is not creating the username on the AD resource when it is generating the username from this conversation</div><div><a href="http://lists.evolveum.com/pipermail/midpoint/2014-November/000576.html" target="_blank">http://lists.evolveum.com/pipermail/midpoint/2014-November/000576.html</a><br></div><div><br></div><div>I put it up on a temp repo to make it easier for you to pull what you want to look at, it has the latest changes I made using the additionalName mapping, you can add back the distinguishedName code that is on the samples github which is what I was using,</div><div><br></div><div>Here are the files,</div><div><a href="https://bitbucket.org/jason_everling/idm_midpoint-dev" target="_blank">https://bitbucket.org/jason_everling/idm_midpoint-dev</a><span class="HOEnZb"><font color="#888888"><br></font></span></div><span class="HOEnZb"><font color="#888888"><div><br></div><div>JASON</div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 21, 2014 at 3:22 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi Jason,<br>
<br>
this is definitely strange. Please send the AD resource
configuration (without confidential info of course). I'll try to
have a more complete look at it...<br>
<br>
What is the exact scenario? Are you creating the user from GUI, or
from external source (recon, livesync or import)? If so, can you try
to create the user from GUI?<br>
<br>
Thank you,<br>
regards,<br>
Ivan<div><div><br>
<br>
<br>
<div>On 11/21/2014 06:24 PM, Jason Everling
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I upgraded to 3.0.1 this morning and it is still
the same, it doesn't add the iteratorToken, it is almost as if
it is using the displayName.
<div><br>
</div>
<div>I can keep using the + name + attribute or with what I
tested today in the below</div>
<div><br>
</div>
<div>Another I got around it is by creating a mapping to
additionalName with iterationToken then changing the way the
DN is built by just using the additionalName like</div>
<div><br>
</div>
<div>'CN=' + additionalName + ',' + organization + ''<br>
</div>
<div><br>
</div>
<div>
<div> <mapping></div>
<div> <source></div>
<div> <path>$user/givenName</path></div>
<div> </source></div>
<div> <source></div>
<div> <path>$user/familyName</path></div>
<div> </source></div>
<div> <expression></div>
<div> <script></div>
<div> <code></div>
<div> givenName + ' ' + familyName +
iterationToken</div>
<div> </code></div>
<div> </script></div>
<div> </expression></div>
<div> <target></div>
<div> <path>additionalName</path></div>
<div> </target></div>
<div> </mapping></div>
</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Nov 20, 2014 at 1:52 PM, Ivan
Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi Jason,<br>
<br>
it could also help if you can try the same with midPoint
3.0.1...<br>
<br>
Regards,<br>
Ivan
<div>
<div><br>
<br>
<div>On 11/20/2014 06:13 PM, Jason Everling wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">Ok thanks, for now until this is
fixed just for my testing purposes I changed it
from
<div><br>
</div>
<div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">'cn='+givenName+'
'+familyName+iterationToken+',</span><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">'+organization+''</span><br>
</div>
<div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">To</span></div>
<div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">'CN='+name+',</span><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">'+organization+''</span><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">Which
works since it uses the username instead of
first/last and doesn't need the iterator, this
might be the best way to go for us in the
future, we never delete student accounts. just
disabled, right now we have over 6000 disabled
accounts in AD and in the future using
first/last with iterator might get up to
flastname54 which I am not sure we would like
anyways.</span></div>
<div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px">JASON</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Nov 19, 2014 at
1:47 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Jason,<br>
<span><br>
<br>
> Just on a side note, the username from
the db table source gets<br>
> created correctly with the iteration
token, it is just not applying<br>
> the iteration token when building the
DN for AD.<br>
><br>
<br>
</span>So I recommend to wait for Pavol's
resolution then. He's our primary AD<br>
connector specialist. From what you've written
it _looks_ like AD<br>
connector specific issue. But it's strange as
I've used the AD connector<br>
with iterator for even older midPoint versions
- and it has worked.<br>
<br>
I'd have another look at it too, just in case.<br>
<br>
Regards,<br>
Ivan<br>
<div>
<div><br>
--<br>
Ing. Ivan Noris<br>
Senior Identity Management Engineer<br>
<a href="http://evolveum.com" target="_blank">evolveum.com</a><br>
___________________________________________<br>
"Idem per idem - semper idem
Vix."<br>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
</div>
</div>
<font><br>
<br>
<span> CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only the
recipient(s) named above and may contain information
that is privileged. You should not retain, copy or
use this e-mail or any attachments for any purpose,
or disclose all or any part of the contents to any
person. Any views or opinions expressed in this
e-mail are those of the author and do not represent
those of the Baptist School of Health Professions.
If you have received this e-mail in error, or are
not the named recipient(s), you are hereby notified
that any review, dissemination, distribution or
copying of this communication is prohibited by the
sender and to do so might constitute a violation of
the Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </span></font><br>
<br>
<fieldset></fieldset>
<br>
<span>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</span></blockquote>
<span> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
___________________________________________
"Idem per idem - semper idem Vix."
</pre>
</span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div></div><span><font color="#888888"><pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>