Hi all,
We have a requirement to get the last value of LastName attribute to create a samAcc name as $FirstName.$LastValueofLastName (uiqune counter). I amnow confused how to get the exact last value of LastName attribute. We might have multiple lastName values because Middle names are prepend to last name. So, if someone has a lastname : “Martin Luther Last Final”, how do I get a value Final only using transform in provisioning policy?
Thank you all in advance.
Hi @Ujjwol_rowe
Welcome back to the Developer Community!
Please use the below transform which will get the last string of your lastname as you mention. Also modify according to your requirement in provisioning plan.
{
"attributes": {
"begin": {
"attributes": {
"input": {
"attributes": {
"name": "lastName"
},
"type": "identityAttribute"
},
"substring": " "
},
"type": "lastIndexOf"
},
"beginOffset": 1
},
"type": "substring",
"name": ""
}
I hope this transform will work for you!
Thank you!
2 Likes
Try below -
{
"type": "static",
"attributes": {
"lastName":{
"type": "identityAttribute",
"attributes": {
"name": "lastname"
}
},
"FirstName":{
"type": "identityAttribute",
"attributes": {
"name": "firstname"
}
},
"value": "#set($lastParts = $lastName.split(' '))#set($lastValue = $lastParts[$lastParts.size() - 1])$FirstName.$lastValue"
},
"name": "Community-FetchLastPartOfLastName"
}
Cheers!!!
just a note that this is not necessarily a good practice. different cultures have different ideas about “last name” (more accurately described as family name, as it isn’t necessarily the last name). some cultures have multiple “last” names, in other cultures, people may have no last name.
highly recommend reading this article about misconceptions developers have about names.
a better solution here would involve working with whomever handles the data entry in the authoritative source to ensure they’re using the right fields upstream, and not putting middle names in the last name field. your current solution would break cases where someone has a legitimate space in their last name, like Van Der Beek, St. James, or Lloyd Weber or Bonham Carter.
1 Like
Absolutely agree with this.
The given requirement didn’t take the global diversity into consideration.
Not necessary the fault of the developer…but a joint responsibility with the policy / requirement / decision makers’ limited view of the world.
2 Likes
Hi Mark,
I really appreciate your insights on it. Since the samAccountName has 20 characters limits on AD which is why we want to truncate the last name. We have decided to use the last Name value of last Name Attribute for consistency.
Exactly.
With this “$FirstName.$LastValueofLastName (uiqune counter)”, you’re hitting assumption 6 from the link (at least).
Please try this one - I am trying to help you. I am not confident.
2 Likes
{
“name”: “LastWordOfLastName”,
“type”: “script”,
“attributes”: {
“source”: “var lastName = source.lastName || ‘’; var parts = lastName.trim().split(’ '); return parts[parts.length - 1];”
}
}
{
“name”: “samAccountName”,
“type”: “script”,
“attributes”: {
“source”: “var fn = source.firstName || ‘’; var ln = source.lastName || ‘’; var parts = ln.trim().split(’ '); var last = parts[parts.length - 1]; return fn + ‘.’ + last;”
}
}
The typical practice is to start at the beginning of someone’s name and use as much of the name as you can fit; not to start partway-through and use what you can fit. Removing the first part of someone’s last name can have a bigger difference on the meaning of the name than removing the last few characters.
1 Like
Hi,
It worked while I used in Idenitty Profile transform but when I use it in provisioning policy along with samAcc generation, it throws an error : Exception occurred while executing the RPC request. Errors returned from IQ service; upon my study, this error usally occurs when the samAccount Name passed is invalid.
Is there any way out any one can think of?
{
"attributes": {
"begin": {
"attributes": {
"input": {
"attributes": {
"name": "lastname"
},
"type": "identityAttribute"
},
"substring": " "
},
"type": "lastIndexOf"
},
"beginOffset": 1
},
"type": "substring",
"name": "lastValuelastName"
},
{
"name": "sAMAccountName",
"transform": {
"attributes": {
"name": "Create Unique LDAP Attribute"
},
"type": "rule"
},
"attributes": {
"template": "$(firstname).$(lastValuelastName)$(uniqueCounter)",
"cloudMaxUniqueChecks": "50",
"cloudMaxSize": "20",
"cloudRequired": "true"
},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
Hi all,
EXPERTS, PLEASE HELP ME UNDERSTAND THIS:
We decided to use the Attribute Generator because my previous configuration failed in a few edge cases. Here’s a breakdown of what I did and where it failed:
What I Did:
- I used a transform to get the last value of the lastname and applied it in a template like this:
$firstname.$lastvaluelastname$unique_counterto generate the samAccountName.
- This worked in about 99% of cases, where it correctly added the counter when the values were identical.
Where It Failed:
- The issue occurred when the identical values are passed to template samAccountName that exceeded the 20-character limit.
Expected Behavior with “CREATE UNIQUE LDAP ATTRIBUTE”:
- The system should generate a samAccountName that fits within the 20-character limit. If there’s a duplicate, the system should truncate the lastname (not the counter) to make the name unique.
- For example, if the first user’s name is “Firstname Lastnamelong”, the generated samAccountName would be:
- First:
Firstname Lastnamel - Second:
Firstname Lastname1However, the system failed to do this and didn’t handle the truncation as expected.
- First:
Questions:
- How does CREATE UNIQUE LDAP ATTRIBUTE work in the provisioning policy, particularly with respect to duplicate checks and character length limitations?
I’d appreciate any insights on the underlying behavior, limitations, and best practices. I’m happy to provide more details if needed.
Thank you in advance!
@colin_mckibben @tyler_mairose @Sagar_18 @sup3rmark