Fact
- PhenixID Identity Manager 4.8.x or later
- Filter: Tab External filter ComposeAndCreateUserID.class
Situation
This document will describe how to use the tab external filter ComposeAndCreateUserID.class, found in this file: PSD1082
Add the file in folder \..\PhenixID\IM\customer\extension\class\psd
This tabExternalfilter generates user names in purpose to create unique user accounts. The filter gives you the opportunity to build user names from a given number of characters from the givenname, the lastname and middlename, add a given prefix, add a given suffix or a digit etc.
NOTE – The policies in this filter may be overridden by a tab filter variable. In this way it’s possible to have different configurations in several tabs. If tab filter variables are used, the variable name should be the same (case sensitive) as the policy name (for example ACCOUNTNAME_PREFIX and so on).
After the filter has finished and the account is created you may want to send and email to the end user (or elsewhere) with information about the new account. How to configure this option is explained further down in this document.
Solution
Policies
The default values of this filter is configured for Active Directory.
Policy that always has to be configured:
ACCOUNTNAME_BASEDN – LDAP context to search for user ID’s. Example: ou=users,o=company,dc=local (This policy is for the search, not the placement of the account.)
Policies that always have to be configured if any other directory than AD is used:
ACCOUNTNAME_USER_CLASS – ‘user’
ACCOUNTNAME_LOGONID_ATTRIBUTE – ‘samaccountname’. Example: ‘cn’ for eDirectory
ACCOUNTNAME_GIVENNAME_ATTRIBUTE – ‘givenName’
ACCOUNTNAME_MIDDLENAME_ATTRIBUTE – ‘middleName’
ACCOUNTNAME_LASTNAME_ATTRIBUTE – ‘sn’
ACCOUNTNAME_USERPRINCIPALNAME_ATTRIBUTE – ‘userPrincipalName’
ACCOUNTNAME_USERPRINCIPALNAME_VALUE – UPN suffix value e.g. @phenixid.demo.net
Compose the User Name – Configuration and Examples
The user name is composed by a number of components/methods. The components are enumerated, for instance number 1 will run getCharsFromGivenname() that will return the three first letters from the given name.
The user name is composed in the policy ACCOUNTNAME_NAME_COMPOSITION. The default value for ACCOUNTNAME_NAME_COMPOSITION is ‘1,3’. This configuration will generate the user name ‘petsmi’ for ‘Peter Smith’. If ‘petsmi’ already is in use, ‘petsmi1’ will be returned. If policy ACCOUNTNAME_ACCOUNTNUMBER_LENGTH is set to ‘3’, ‘petsmi001’ is returned instead.
You’ll find the components/methods below:
| Component | Description | Default value |
| 1 | Get characters from the given name | Default value is set to three (3) characters |
| 2 | Get characters from the middle name | Default value is set to one (1) character |
| 3 | Get characters from the last name | Default value is set to three (3) characters |
| 4 | Get a serial number | Gets a serial number from a counter that is stored in an attribute of given object |
Examples
Example 1
An account for ‘Peter Wo’ is ordered.
User name composition: Use the three first letters from the givenname and the three first letters from the lastname. Add a digit to the end of the user name if it’s already in use. If the givenname or the lastname is shorter than three characters, fill it up with a ‘x’.
Expected result for ‘Peter Wo’ = ‘petwox’
If petwox is taken, next generated username will be ‘petwox1’ and so on.
Used policies:
| Policy | Value |
| ACCOUNTNAME_NAME_COMPOSITION | 1,3 (default value) |
| ACCOUNTNAME_BASEDN | ou=users,ou=myorg,dc=org,dc=local |
| ACCOUNTNAME_GIVENNAME_STARTPOSITION | 0 (default value) |
| ACCOUNTNAME_GIVENNAME_ENDPOSITION | 3 (default value) |
| ACCOUNTNAME_GIVENNAME_FILLUP_CHAR | x (default value) |
| ACCOUNTNAME_LASTNAME_STARTPOSITION | 0 (default value) |
| ACCOUNTNAME_LASTNAME_ENDPOSITION | 3 (default value) |
| ACCOUNTNAME_LASTNAME_FILLUP_CHAR | x (default value) |
| ACCOUNTNAME_SET_USERID_AS_NAMING_ATTRIBUTE | true |
| ACCOUNTNAME_SEND_EMAIL | false |
Example 2
An account for ‘Peter Wo’ is ordered.
User name composition: Use the three first letters from the givenname and the three first letters from the lastname. ALWAYS add a digit to the end of the user name if it’s already in use. If the givenname or the lastname is shorter than three characters, fill it up with a ‘x’.
Expected result for ‘Peter Wo’ = ‘petwox1’
If petwox1 is taken, next generated username will be ‘petwox2’ and so on.
Used policies:
| Policy | Value |
| ACCOUNTNAME_NAME_COMPOSITION | 1,3 (default value) |
| ACCOUNTNAME_BASEDN | ou=users,… |
| ACCOUNTNAME_GIVENNAME_STARTPOSITION | 0 (default value) |
| ACCOUNTNAME_GIVENNAME_ENDPOSITION | 3 (default value) |
| ACCOUNTNAME_GIVENNAME_FILLUP_CHAR | x (default value) |
| ACCOUNTNAME_LASTNAME_STARTPOSITION | 0 (default value) |
| ACCOUNTNAME_LASTNAME_ENDPOSITION | 3 (default value) |
| ACCOUNTNAME_LASTNAME_FILLUP_CHAR | x (default value) |
| ACCOUNTNAME_OBJECT_NAMING_ATTRIBUTE | cn (default value) |
| ACCOUNTNAME_SET_USERID_AS_NAMING_ATTRIBUTE | true |
| ACCOUNTNAME_ALWAYS_ADD_INCREMENTAL_DIGIT | true |
| ACCOUNTNAME_SEND_EMAIL | false |
Example 3
An account for ‘Peter William Smith’ is ordered.
User name composition: Use the two first letters from the givenname, the two first letters from the middlename and the two first letters from the lastname. Add a digit to the end of the user name if it’s already in use.
Expected result = ‘pewism’
If ‘pewism’ is taken, next generated username will be ‘pewism1’ and so on.
Used policies:
| Policy | Value |
| ACCOUNTNAME_NAME_COMPOSITION | 1,2,3 |
| ACCOUNTNAME_BASEDN | ou=users,… |
| ACCOUNTNAME_GIVENNAME_STARTPOSITION | 0 (default value) |
| ACCOUNTNAME_GIVENNAME_ENDPOSITION | 2 |
| ACCOUNTNAME_MIDDLENAME_STARTPOSITION | 0 (default value) |
| ACCOUNTNAME_MIDDLENAME_ENDPOSITION | 2 |
| ACCOUNTNAME_LASTNAME_STARTPOSITION | 0 (default value) |
| ACCOUNTNAME_LASTNAME_ENDPOSITION | 2 |
| ACCOUNTNAME_SET_USERID_AS_NAMING_ATTRIBUTE | true |
| ACCOUNTNAME_SEND_EMAIL | false |
Example 4
Account name without given name, middle name and last name.
User name composition: A prefix (or suffix) and a counter. The initial counter value is set to 80001 in this example.
Result: [userPrefix]0080001, [userPrefix]0080002 or 0080001[userSuffix],0080002[userSuffix] and so on.
Used policies:
| Policy | Value |
| ACCOUNTNAME_NAME_COMPOSITION | 4 |
| ACCOUNTNAME_PREFIX | userPrefix |
| ACCOUNTNAME_COUNTER_DN | ou=users,… |
| ACCOUNTNAME_COUNTER_DN_ATTRIBUTE | businessCategory (value set to ‘0080001’) |
| ACCOUNTNAME_COUNTER_LENGTH | 7 |
| ACCOUNTNAME_SET_USERID_AS_NAMING_ATTRIBUTE | true |
| ACCOUNTNAME_SEND_EMAIL | false |
Exclude Blacklisted Words
Configure the policy ACCOUNTNAME_EXCLUDED_USERNAMES_FILE with the name and path to the file for excluded user name words.
Example: /blacklists/excludelist.txt
The names in the file should be separated by carriage return (line feed)
adrian
pete
Character Replacement
Before a user name is returned, illegal characters are replaced. The characters and it’s substitutes are found in the policy ACCOUNTNAME_CHAR_SUBSTITUTION. The character to be replaced is delimited with a pipe from the substitute character: [char to be replaced]|[char substitute]. Comma (,) is used as delimiter before the character pair.
NOTE that ‘space’ and ‘dash’ always is removed.
Example: ‘gün -äsk’ will be ‘gunask’
Sending an Email with Account Information to an Email Recipient
Make sure ACCOUNTNAME_SEND_EMAIL is set to true (default value), to enable this option.
To configure the SMTP settings you have to set some policies in Communication > E-Mail.
Example with gmail account:
| Policy | Value |
| ACCOUNTNAME_SEND_EMAIL | true |
| Communication.email.authentication | true |
| Communication.email.mailattribute | |
| Communication.email.port | 465 |
| Communication.email.smtphost | smtp.gmail.com |
| Communication.email.smtppassword | password |
| Communication.email.smtpuser | smtp.user@gmail.com (sender) |
| Communication.email.ssl | true |
| Communication.email.fromaddress | address@domain.local |
| Communication.email.toaddress | address@domain.local |
| Communication.email.ccaddress | to.address@domain.local |
Email Message
Note that the email message is html formatted. Use the predefined variables below to display account information in the message.
The default message can be changed using the policy Communication.email.emailmessage
The default subject can be changed using the policy Communication.email.setSubject
The variables used in the message are by default mapped to Active Directory attributes. These may be changed with policies called Communication.email.attribute.givenname and so on.
| Variable | Attribute |
| $$GIVENNAME$$ | givenName |
| $$SN$$ | sn |
| $$SAMACCOUNTNAME$$ | samAccountName |
| $$USERPASSWORD$$ | userPassword |
| $$MIDDLENAME$$ | middleName |
| $$NAME$$ | name |
| $$DISPLAYNAME$$ | displayName |
| $$MOBILE$$ | mobile |
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se