Hello everybody!
I hope y’all doing great, thanks for all your help and support you have been providing.
So, we have experiencing issues with samaccountname generation in the past, so I came up with a cloud rule that essentially generated the samaccountname:
So, whenever the user is added into our HR system, birthright role is assigned and an account in AD is created with samaccountname, which is then used for populating identity attribute “samaccountname”:
The issue with this set up arose when we tried to use samaccountname identity attribute for account creation in other applications, for example our ITSM solution, which requires networkusername(samaccountname). Accounts are being created at the same time for AD and ITSM, and networkusername account attribute is not being populated, because samaccountname has not been generated at that point.
So, I am a little lost, here. I have a couple of ideas, but I have some questions.
for your reference, newSamaccountnameGenerator Rule:
int maxIteration = 100;
public String generateUsername ( String firstName, String lastName, String middleName, int iteration ) {
// Data protection.
firstName = StringUtils.trimToNull( firstName );
lastName = StringUtils.trimToNull( lastName );
middleName = StringUtils.trimToNull(middleName);
if ( ( firstName == null ) || ( lastName == null ) )
return null;
// This will hold the final username;
String username = null;
//log.info(firstName, lastName, middleName);
if (middleName == null){
username = StringUtils.substring(lastName, 0, 6) + StringUtils.substring(firstName, 0, 1);
if(iteration > 0){
username = username + Integer.toString(iteration);
}
}
else{
username = StringUtils.substring(lastName, 0, 6) + StringUtils.substring(firstName, 0, 1) + StringUtils.substring(middleName, 0, 1);
if(iteration > 0){
username = username + Integer.toString(iteration);
}
}
if ( isUnique ( username ) )
return username;
else if ( iteration < maxIteration )
return generateUsername ( firstName, lastName, middleName, ( iteration + 1 ) );
else
return null;
}
public boolean isUnique ( String username ) throws GeneralException {
return !idn.accountExistsByDisplayName(application.getName(), username);
}
return generateUsername( identity.getFirstname(), identity.getLastname(), identity.getStringAttribute("middleName"), 0 );
My initial idea was just using this rule in account creation, but it might be an issue, because isUnique function is checking if the account exists in specific source. So, for example, if samaccountname generated in AD would be Ibrahim1 (because somebody already have Ibrahim as samaccountname in AD), ITSM source could generate networkusername(which should match samaccountname) as Ibrahim, because not everybody has the same access to sources, and the person who has Ibrahim in AD might not have access to ITSM.
Another idea was to use a complex first valid transform in identity profile, something like:
{
"attributes": {
"values": [
{
"attributes": {
"sourceName": "Active Directory UAT",
"attributeName": "sAMAccountName"
},
"type": "accountAttribute"
},
{
"attributes": {
"name": "NewSamAccountNameGenerator"
},
"type": "rule"
}
]
},
"type": "firstValid",
"name": "SamAccountName First Valid Transform"
}
But I am not sure if I need to reuse the rule here. Please, need advice.