Condition in Transform is not working

Happy Friday!!

I am using the below transform in the create provisioning policy. Syntactically, it is correct and not throwing any error during execution. But, it is not working as expected. It should pass a blank value on not meeting the if condition.

"transform": {
                "type": "static",
                "attributes": {
                    "emplType": {
                        "attributes": {
                            "name": "employeeType"
                        },
                        "type": "identityAttribute"
                    },
                    "managerDN": {
                        "attributes": {
                            "name": "adManagerDn"
                        },
                        "type": "identityAttribute"
                    },
                    "value": "#if($emplType==\"internal-primary\")$managerDN#{else}#end"
                }
            }

Though, I tried to use another transform with a type conditional. Below is the transform:

"transform": {
            "type": "conditional",
            "expression": "$emplType eq internal-primary",
            "positiveCondition": "$managerDN",
            "negativeCondition": null,
                "emplType": {
                    "attributes": {
                        "name": "employeeType"
                    },
                    "type": "identityAttribute"
                },
                "managerDN": {
                    "attributes": {
                        "name": "adManagerDn"
                    },
                    "type": "identityAttribute"
                }
        }

Could you please help what I am doing wrong in this?

Thanks & Best Regards,
Ashish Kumar

@ashish_kumar3284 Can you show an example of a user where the employeeType is ‘internal-primary’ and the manager is not set to null? Can this logic be added to the managerDN transform so that the provisioning policy is just a direct Identity Attribute mapping?

@ethompson

Manager is getting set in both cases. We want the manager’s value should not to be set in the negative condition.

No, logic could not be added to “managerDN” transform as we want to populate manager value on Identity but don’t get synced with the application.

I tried an example of an Identity Attribute so you can see the preview. With a version similar to what you started with:

{
    "name": "Condition Test",
    "type": "static",
    "attributes": {
        "location": {
            "type": "accountAttribute",
            "attributes": {
                "sourceName": "et HR",
                "attributeName": "location"
            }
        },
        "managerDN": "CN=Edward,OU=Users,DC=example,DC=com",
        "value": "#if($location == \"internal-primary\")$managerDN#{else}#end"
    }
}

I see the DN value when the user equals the value:

Null when they do not:

1 Like

@ethompson

Thanks for sharing the screenshots and working samples. But unfortunately, the same is not working in my case.

Is there any possibility that the conditions-based transform does not work in the provisioning policy of sources?

Thanks

Does the positive condition work? What exactly happens during the negative condition?

Yes, it is working for the positive condition. During the negative condition, the manager is being set as it is being set during the positive condition.

That tells me that the condition is always true. Either your input data always has the emplType of internal-primary, or there is some kind of syntax error in your code.

Try these two tests:

  1. Set the output of your value to $emplType instead of $managerDn to see what value for emplType you are testing. This will verify whether you are actually testing the negative condition for emplType or if you are always getting a value of internal-primary.

  2. The only difference that I can see between your code and Edward’s code is that Edward put spaces between his equal signs. I doubt that is an issue, but maybe this is resulting in an always true evaluation.

    • Your code: #if($emplType==\"internal-primary\")
    • Edward’s code: #if($location == \"internal-primary\")
1 Like

@colin_mckibben

I have tested the same transform in the Identity mappings and it is working flawlessly. I was able to test both conditions and got the results same as Edward’s. But, the same transform is not working in the provisioning policy.

Hello @ashish_kumar3284,

I tested the following code in one of my CREATE provisioning policies. The conditional will work, however it requires the negativeCondition to have a value and it cannot just be null.

{
  "name": "lastName",
  "transform": {
    "type": "conditional",
    "attributes": {
      "expression": "$emplType eq internal-primary",
      "positiveCondition": "$managerDN",
      "negativeCondition": "$empty",
      "emplType": {
        "attributes": {
          "value": "internal-primary"
        },
        "type": "static"
      },
      "empty": {
        "attributes": {
          "value": "test"
        },
        "type": "static"
      },
      "managerDN": {
        "attributes": {
          "value": "DNname"
        },
        "type": "static"
      }
    }
  },
  "attributes": {},
  "isRequired": false,
  "type": "string",
  "isMultiValued": false
}

With that being said the second method with a static transform worked in my provisioning policy. I tested it with static values instead of identityAttributes to simplify things. When I set the emplType to internal-primary, I got back the result DNName and any other value returned null. If you’re always getting back the positiveCondition I would agree with @colin_mckibben in that the emplType is always equal to internal-primary.

{
  "name": "lastName",
  "transform": {
    "type": "static",
    "attributes": {
      "emplType": {
        "attributes": {
          "value": "internal-primary"
        },
        "type": "static"
      },
      "managerDN": {
        "attributes": {
          "value": "DNName"
        },
        "type": "static"
      },
      "value": "#if($emplType==\"internal-primary\")$managerDN#{else}#end"
    }
  },
  "attributes": {},
  "isRequired": false,
  "type": "string",
  "isMultiValued": false
}

@ashish_kumar3284 Have you tried @tyler_mairose suggestion? Did it work for you?

@colin_mckibben

I have tried that way at the very beginning of my tests. Tried again as suggested but not working.

I am trying to make it work with a different approach.

Thanks all for your valuable input and suggestions.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.