UserName Generator Issue

ahmednasr · February 11, 2024, 9:34am

Hello All,

iam trying to Generate Unique samAccountName Account Attribute using below rule:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="generateUsername" type="AttributeGenerator">
  <Description>Generate Unique samAccountName Account Attribute</Description>
  <Source><![CDATA[

    import sailpoint.tools.GeneralException;
    import java.util.Iterator;
    import sailpoint.object.*;
    import java.util.ArrayList;
    import sailpoint.api.*;
    import java.util.Iterator;
    import java.util.List;
    import org.apache.commons.lang.StringUtils;

    // Define the maximum number of iterations to try different samAccountName patterns
    int maxIteration = 50;

    // Define the maximum length of the samAccountName
    int maxLength = 20;

    // Define the separator character between name parts
    String separator = ".";

    // Define the unique counter suffix
    int counterSuffix = 1;

    // Define the input attributes for the rule
    String firstName = identity.getAttribute("firstname");
    String middleName = identity.getAttribute("middleName");
    String lastName = identity.getAttribute("lastname");

    // Normalize the input attributes by removing spaces and null values
    firstName = StringUtils.trimToNull(firstName);
    middleName = StringUtils.trimToNull(middleName);
    lastName = StringUtils.trimToNull(lastName);

    // Check if the input attributes are valid
    if (firstName == null || lastName == null) {
        // Return null if any of the required attributes are missing
        return null;
    }

    // This method generates a samAccountName based on the given name parts and iteration number
    public String generateuserName(String firstName, String middleName, String lastName, int iteration) {
        // Declare the samAccountName variable
        String samAccountName = null;

        // Generate the samAccountName based on the iteration number and the desired patterns
        switch (iteration) {
            case 0:
                // Pattern 1: firstname.lastname
                samAccountName = firstName + separator + lastName;
                break;
            case 1:
                // Pattern 2: firstname.middleName[0].lastname
                if (middleName != null) {
                    samAccountName = firstName + separator + middleName.charAt(0) + separator + lastName;
                }
                break;
            case 2:
                // Pattern 3: firstname.lastname+uniqueCounter
                if (counterSuffix < 40){
                samAccountName = firstName + separator + lastName + String.valueOf(counterSuffix);
                counterSuffix++;
                }
                break;
            case 3:
                // Pattern 4: firstname[0].lastname
                samAccountName = firstName.charAt(0) + separator + lastName;
                break;
            case 4:
                // Pattern 5: firstname[0,1].lastname
                if (firstName.length() > 1) {
                    samAccountName = firstName.substring(0, 2) + separator + lastName;
                }
                break;
            case 5:
                // Pattern 6: firstname.lastname[0]
                if (lastName.length() > 1) {
                    samAccountName = firstName + separator + lastName.charAt(0);
                }
                break;
            default:
                // Default: add numbers until we get a unique samAccountName
                samAccountName = firstName + separator + lastName + (iteration - 5);
                break;
        }

        // Check if the samAccountName is unique and within the maximum length
        if (isUnique(samAccountName) && samAccountName.length() <= maxLength)
            // Return the samAccountName if it meets the criteria
            return samAccountName;
        else if (iteration < maxIteration)
            // Try the next iteration if the limit is not reached
            return generateuserName(firstName, middleName, lastName, (iteration + 1));
        else
            // Return null if no samAccountName can be generated
            return null;
    }

    // This method checks if the username is unique in the Active Directory
    public boolean isUnique(String samAccountName) {
        // Declare the result variable
        boolean result = false;

        // Get the LDAP connector service object
        LDAPConnectorService ldap = ServiceModule.getService(LDAPConnectorService.class);

        // Create a field object to specify the samAccountName attribute
        Field field = new Field();
        field.setName("samAccountName");
        field.setAttribute("template", samAccountName);
        field.setAttribute("cloudToUpperCase", false);
        field.setType("String");
        field.setAttribute("cloudMaxUniqueChecks", 50);

        // Declare a variable to store the generated value
        String generated = null;

        // Try to generate a unique LDAP attribute using the field object
        try {
            generated = ldap.generateUniqueLDAPAttribute(context, application, identity, field, null);
        } catch (Exception e) {
            // Account found, need to generate second attempt
        }

        // Check if the generated value is null or different from the samAccountName
        if (generated == null || !generated.equals(samAccountName)) {
            // Set the result to false if a match is found
            result = false;
        } else {
            // Set the result to true if no match is found
            result = true;
        }

        // Return the result
        return result;
    }

    // Call the generateuserName method with the initial iteration number
    return generateuserName(firstName, middleName, lastName, 0);


  ]]></Source>
</Rule>

but I am getting below errors:

 Line 104 - [LintBSHType(37)] null Exception: Class: LDAPConnectorService not found in namespace
    104: LDAPConnectorService ldap = ServiceModule .getService ( LDAPConnectorService .class )

  Line 104 - [LintBSHTypedVariableDeclaration(38)] Could not retrieve type 'LDAPConnectorService ' for linting in statement: LDAPConnectorService ldap = ServiceModule .getService ( LDAPConnectorService .class )
    104: LDAPConnectorService ldap = ServiceModule .getService ( LDAPConnectorService .class )

is there any missed import that should be added or what is the problem ?

MVKR7T · February 13, 2024, 8:30am

As the error indicates, you have not imported LDAPConnectorService class.

I have not implemented this much complex Rule for any calculations.

I believe you are using this at Account side, not identity side. As uniqueness doesn’t guarantee 100% at identity side.
Why don’t you make use of Transforms in generating unique values.

Thanks
Krish

iamology · February 13, 2024, 10:36pm

Consider using isUniqueLDAPValue from newer class IdnRuleUtil from SailPoint library, instead of LDAPConnectorService
https://developer.sailpoint.com/rule-java-docs/sailpoint/server/IdnRuleUtil.html

It’s a lot simpler and easier to use

system · April 13, 2024, 10:37pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
sAMAccountName Generator ISC Discussion and Questions	15	4255	July 19, 2023
Unable to generate incremental samAccountName in AttributeGenerator Rule ISC Discussion and Questions identity-security-cloud , provisioning , attributes	6	505	May 7, 2024
Unable to generate samAccountName via AttributeGenerator Rule ISC Discussion and Questions rules , identity-security-cloud , attributes	10	669	October 12, 2023
Uniquely generated id using IDN Rule Util method conflicts during AD account creation ISC Discussion and Questions rules , provisioning	4	692	July 19, 2023
generateUsername AttributeGenerator Rule ISC Discussion and Questions rules , identity-security-cloud	3	363	April 8, 2024

UserName Generator Issue

Related topics