Multiple rule execution

Dear all,

In Active Directory, we created a rule that handle Clash Resolution cases. in fact, when there are two identities with the same firstname and lastname, we add -2 for the last identity being created.

for creation, the rule works perfectly. But, for internalization (identity switch its type from external to internal), the email should be changed from firstname.lastname-ext@smtpdomain to firstname.lastname@smtpdomain. Instead, it changes to firstname-2.lastname@smtpDomain even if no identity has the same (fistname, lastname).

After checking the rule’s logs, we found out that the rule gets executed twice (still trying to find why).

But to resolve the problem temporary as it creates problems, in addition to the condition accountRequest.getOp().equals(ProvisioningPlan.ObjectOperation.Modify), i added the condition IdentityTypeFutureArgument != null. IdentityTypeFutureArgument is defined as follows:
Object IdentityTypeFutureArgument = accountRequest.getArgument(“identityType”);

The idea is to only access to Modify bloc when the provisioningPlan has the value identityType, which means that identityType was changed.
Unfortunately, after reproducing the case, it does not access to the bloc even in the first time (to remove -ext).

Does Provisioning Plan contain just modified attributes or all sync attributes?
Do you see any non logical thing in the code i added ?
in this code line (accountRequest.getArgument(“identityType”);), i retrieved the name of attribute using Postman. Should I use the name retrieved from api call, or the one in the UI with spaces (Identity Type) ?

Thanks all.

Hi @yaghzere,

Can you confirm if your use-case is just for the change of employeeType and email change for this operation?

Thanks

Hi @ashutosh08,

Once there is an internalization, the employeeType is modified. that should trigger the rule that will update the email address.

The problem is that the rule is executed many times, and Modify bloc get accessed many times. I added these code lines in my rule to restreint this access :

Object IdentityTypeArgument_object = null;
            String IdentityTypeArgument_string_get = null;
            String IdentityTypeArgument_string_getString = null;
            Attributes attributes = accountRequest.getArguments();           
            if (null != attributes) {
				IdentityTypeArgument_object = attributes.get("employeeType");
                log.error("Email calculation New Rule - IdentityTypeArgument_object: " + IdentityTypeArgument_object);
				IdentityTypeArgument_string_getString = attributes.getString("employeeType");
                log.error("Email calculation New Rule - IdentityTypeArgument_string_getString: " + IdentityTypeArgument_string_getString);
				IdentityTypeArgument_string_get = attributes.get("employeeType");
                log.error("Email calculation New Rule - IdentityTypeArgument_string_get: " + IdentityTypeArgument_string_get);
			}
            else{
                log.error("Email calculation New Rule - attributes: " + attributes);
            }
else if (accountRequest.getOp().equals(ProvisioningPlan.ObjectOperation.Modify) && (IdentityTypeArgument_object != null || IdentityTypeArgument_string_get != null || IdentityTypeArgument_string_getString != null))

I don’t know if it will work or not.

“employeeType” is the account attribute in AD connector, and “identityType” is the identity attribute.

I suppose that accountRequest from the provisioningPlan will have “employeeType” only when it is modified

Thanks for your help

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.