Hi all.
We have used the Username Generator transform in our CREATE
provisioning policy and it works fine for the following logic:
{
"name": "distinguishedName",
"transform": {
"type": "usernameGenerator",
"attributes": {
"sourceCheck": true,
"patterns": [
"CN=$cn,$ouPath",
"CN=$cn${uniqueCounter},$ouPath"
],
"cn": {
// get the CN value
},
"ouPath": {
// get the OU path
}
}
},
"attributes": {
"cloudMaxUniqueChecks": "50",
"cloudMaxSize": "255",
"cloudRequired": "true"
},
"isRequired": false,
"type": "string",
"isMultiValued": false
}
However, in our use case, when we are enabling the account, we want the CN value to be a new unique value, for example,
CN=John Doe → CN=John Doe1
and since username generator can only be used on accountID
, i.e., distinguishedName, what we have tried to do is still placing the same JSON object for distinguishedName attribute in the ENABLE
provisioning policy and below this attribute, we have added:
{
"name": "AC_NewName",
"transform": {
"type": "split",
"attributes": {
"delimiter": ",",
"index": 0,
"input": {
"attributes": {
"value": "$distinguishedName"
},
"type": "static"
}
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
However, with this configuration, we can see that the CN value is not updated to the expected new value.
Appreciate any input and advice on this!