Version: 3.0
Category: Process
Extended Category: LDAP
Action Package: Standard Actions
Description
This action generates user ID’s in purpose to create unique user accounts.
It generates user ID’s based on a given number of characters via provided information from for instance: session attributes, incrementing numbers and static string values.
There are a number of settings in Compose and Generate User ID that makes it possible to generate a user id from the naming rules that apply to the current directory and/or database.
Parameter | Description | Example |
LDAP Data Source | [Optional] The LDAP directory where to perform a search in order to ensure that the generated user ID is unique. | My Active Directory |
LDAP Search Base DN | [Optional] The LDAP base DN. The search of user object starts here to determine if the generated user ID is unique. Supports SESSION() and GLOBAL(). | ou=users,o=company,dc=local |
LDAP Search Filter for User ID Lookup | [Optional] The search criteria to avoid user ID conflicts. Use ##UID## to insert the new user ID value. Default value is (&(objectclass=user)(samaccountname=##UID##)) | |
Second LDAP Data Source | [Optional] The second LDAP directory where to perform a search in order to ensure that the generated user ID is unique. | My Active Directory |
Second LDAP Search Base DN | [Optional] The LDAP base DN for the second LDAP directory. The search of user object starts here to determine if the generated user ID is unique. Supports SESSION() and GLOBAL(). | ou=users,o=company,dc=local |
Second LDAP Search Filter for User ID Lookup | [Optional] The search criteria to avoid user ID conflicts (in the second LDAP directory). Use ##UID## to insert the new user ID value. Default value is (&(objectclass=user)(samaccountname=##UID##)) | |
SQL Data Source | [Optional] The SQL database where to perform a search in order to ensure that the generated user ID is unique. | My SQL Data Source |
SQL SELECT Statement for User ID Lookup | [Optional] The search criteria to avoid user ID conflicts. Use ##UID## to insert the new user ID value. | SELECT * FROM users WHERE userid=’##UID##’ |
Result attributes | [Mandatory] The name of the session attribute(s) where the result of the generated user ID will be stored. Multiple names separated by comma (,). Default value is empty. | userid |
User ID Character Min Length | [Optional] User ID minimum length. If the minimum length is not reached, padding will be used if included in the parts. Use 0 to not check the minimum length. Default is 0. | 6 |
User ID Character Max Length | [Optional] User ID maximum length. If the maximum length has been exceeded, the value from any session attributes in the parts will be reduced. Use 0 to not check the maximum length. Default is 0. | 12 |
Character Substitution | [Optional] Characters to be replaced if they are found in the generated user ID. [char to be replaced]|[char substitute]. Comma (,) is used as delimiter. Example: ‘günäsk’ will be converted to ‘gunask’. Default value is å|a,ä|a,ą|a,â|a,á|a,à|a,ã|a,è|e, é|e,ê|e,ë|e,ę|e,ç|c,ć|c,ł|l,ü|u,ñ|n,û|u,ú|u,ù|u,í|i, ì|i,î|i,õ|o,ò|o,ö|o,ø|o,ó|o,ô|O,æ|ae,ś|s,ß|ss,ź|z, ż|z,Å|A,Ä|A,Â|A,Á|A,À|A,Ã|A,È|E,É|E,Ê|E,Ë|E, Ç|C,ł|l,Ü|U,Ñ|N,Û|U,Ú|U,Ù|U,Í|I,Ì|I,Í|I,Õ|O,Ò|O, Ö|O,Ø|O,Ó|O,Ô|O,Æ|AE | |
Textfile Containing Excluded User IDs | [Optional] The name and path to the file for excluded, blacklisted user ID’s. The words (names) in the file shall be separated by carriage return (line feed). Default value is empty. | c:\blacklist\excludedUserIDslist.txt |
Blacklist Replacement Chars | [Optional] Characters to be replaced if User ID is on the blacklist. [char to be replaced]|[char substitute]. Comma (,) is used as delimiter. Example: ‘DEVIL’ will be converted to ‘DDVIL’. Default value is a|z,e|d,i|h,o|n,u|t,y|x,å|x,ä|å, ö|ä,A|Z,E|D,I|H,O|N,U|T,Y|X,Å|X,Ä|Å,Ö|Ä | |
Allow Special characters (true/false) | [Optional] Allow special characters, like -., and space (true) or only letters and digits (false) in session attribute values. If false, the special characters will be removed. Default value is false | true |
Part 1 in User ID | [Optional] Part 1 in the User ID. See description below. | |
Part 2 in User ID | [Optional] Part 2 in the User ID. See description below. | |
Part 3 in User ID | [Optional] Part 3 in the User ID. See description below. | |
Part 4 in User ID | [Optional] Part 4 in the User ID. See description below. | |
Part 5 in User ID | [Optional] Part 5 in the User ID. See description below. | |
Part 6 in User ID | [Optional] Part 6 in the User ID. See description below. | |
Part 7 in User ID | [Optional] Part 7 in the User ID. See description below. | |
Part 8 in User ID | [Optional] Part 8 in the User ID. See description below. | |
Part 9 in User ID | [Optional] Part 9 in the User ID. See description below. | |
Part 10 in User ID | [Optional] Part 10 in the User ID. See description below. |
User ID Parts
A part can be any of the following types: session attribute, static text string, counter from the directory, padding or incremental digit or alpha. The types can be mixed as desired, to create the user id you want.
Every part starts with the type name, and then the rest of the configuration for that part follows, separated with pipes (|). Note that the right amount of separators must be entered, even if you use the default values for some parameters.
Session attribute value
Used to add a value from a session attribute to the user ID.
Attribute|AttributeName|CharacterCase|Length|UseNextCharForIncrement|PaddingRules
Parameter | Description | Example |
Attribute | The type used for a session attribute value. | Attribute |
AttributeName | The name of the session attribute. | givenname |
CharacterCase | To change the case of the letters, enter ‘upper’ for upper case, ‘lower’ for lower case or leave empty to leave the case as it is. Default is empty, the case will not be changed. | upper |
Length | The number of characters to use from the attribute value. If the value is longer, it will be cut at the end to match the length. If the value is shorter, padding can be configured to fill out to the length. If no padding is configured, the length will be shorter than configured. Default value is 0, meaning that the length of the attribute value is not changed. | 4 |
UseNextCharForIncrement | When the composed user ID is not unique, some kind of change is made to the user ID to find a unique value. If this parameter is set to true, and a length is configured to use a length shorter than the attribute value, the last letter in the value will be changed to the letter after that one. (true/false) Default value is false. Example: The attribute value is ‘Simon’ and the length is set to 3, which gives the value ‘Sim’. If the composed user ID is not unique, the action will then change the ending ‘m’ to the next character in ‘Simon, which is ‘o’. The value that will be used in the user ID is therefor ‘Sio’. | true |
PaddingRules | The rules for adding padding if the value in the session attribute is shorter than the configured length for this value. The rules are separated with colon (:). First rule, useLatestCharForPadding, can be set to true or false. If set to true, the last character in the value will be repeated until the length is reached. If set to false, the character after the colon is used instead. | false:X |
String
Used to add a static string value to the user ID.
String|Value
Parameter | Description | Example |
String | The type used for a string value | String |
Value | The text value. Supports GLOBAL() | USER |
Counter
Used to read a digital counter from an object in the directory.
Counter|DN|AttributeName|Length
Parameter | Description | Example |
Counter | The type used for a counter | Counter |
DN | The distinguishedName for the object in ‘LDAP Data Source’ that holds the counter. | ou=consultants,o=company,dc=local |
AttributeName | The name of the attribute at the above object, that holds the counter. | adminDescription |
Length | The desired length of the value. If the counter value is shorter, zeros will be added to reach the desired length. If length is set to 0, the actual length of the counter value will be used. Example: The length is set to ‘4’ and the value in the counter is ’34’. The used value will be ‘0034’. | 3 |
Padding
Add characters to reach the minimun length.
Padding|Character
Parameter | Description | Example |
Padding | The type used for padding | Padding |
Character | The character to use for the padding. | X |
Incremental Alpha
Used to add an incremental alpha. The character can be added always, or only when the first tested user ID is not unique. The characters used are A-Z, and if the user ID is still not unique, two characters will be added like AA, AB, AC up to ZZ.
IncrementalAlpha|AlwaysAdd|IncludeInMaxLength|UpperCase|StartCharacter
Parameter | Description | Example |
IncrementalAlpha | The type used for an incremental alpha | IncrementalAlpha |
AlwaysAdd | Set to true to always add the alpha, or set to false to only add the alpha if the tested user ID is not unique. Default is false. | true |
IncludeInMaxLength | If set to false, the character(s) in this part will not be counted when checking the maximum length of the user ID. If set to true, this part will be counted, so if the character(s) are only added when the tested user ID is not unique, the rest of the user ID will be shortened to give room for this character(s) in the maximum length. Default is false. | true |
UpperCase | If set to true, the character(s) added will be in upper case. If set to false, the character(s) added will be in lower case. Default is true. | false |
StartCharacter | The character to start with, if other than A. Default is A. | X |
Incremental Digit
Used to add an incremental digit. The character can be added always, or only when the first tested user ID is not unique.
IncrementalDigit|AlwaysAdd(true/false)|IncludeInMaxLength(true/false)|Length|StartNumber
Parameter | Description | Example |
IncrementalDigit | The type used for incremental digit | IncrementalDigit |
AlwaysAdd | Set to true to always add the digit, or set to false to only add the digit if the tested user ID is not unique. Default is false. | true |
IncludeInMaxLength | If set to false, the character(s) in this part will not be counted when checking the maximum length of the user ID. If set to true, this part will be counted, so if the character(s) are only added when the tested user ID is not unique, the rest of the user ID will be shortened to give room for this character(s) in the maximum length. Default is false. | true |
Length | The desired length of the value. If the incremental digit value is shorter, zeros will be added to reach the desired length. If length is set to 0, the actual length of the incremental digit will be used. Example: The length is set to ‘3’ and the value in the incremental digit is ‘5’. The used value will be ‘005’. | 3 |
StartNumber | The number to start with. Default is 1. | 2 |
Use Cases
Example 1
An account for ‘Peter Wo’ is ordered.
User ID composition: Use the three first letters from the givenname and the three first letters from the lastname. Add a digit to the end of the user name if it’s already in use. If any of the attribute values are shorten than 3 characters, fill it up with an ‘x’.
Expected result for ‘Peter Wo’ = ‘petwox’
If petwox is taken, next generated username will be ‘petwox1’ and so on.
Used settings:
Parameter | Value |
Part 1 in User ID | Attribute|givenname|lower|3|false|false:x |
Part 2 in User ID | Attribute|lastname|lower|3|false|false:x |
Part 3 in User ID | IncrementalDigit|false|false|0|1 |
Example 2
An account for ‘Peter Wo’ is ordered.
User ID composition: Use the three first letters from the givenname and the three first letters from the lastname. ALWAYS add a digit to the end of the user name. If the total length of the user ID is shorten than 7 characters, fill it up with an ‘x’ before the digit.
Expected result for ‘Peter Wo’ = ‘petwox1’
If petwox1 is taken, next generated username will be ‘petwox2’ and so on.
Used settings:
Parameter | Value |
User ID Character Min Length | 7 |
Part 1 in User ID | Attribute|givenname|lower|3|false|false: |
Part 2 in User ID | Attribute|lastname|lower|3|false|false: |
Part 3 in User ID | Padding|x |
Part 4 in User ID | IncrementalDigit|true|true|0|1 |
Example 3
An account for ‘Peter William’ is ordered.
User ID composition: Use the whole givenname in lower case and lastname in upper case. Add an alpha to the end of the user name if it’s already in use, starting with the letter X. The maximum length of the user ID is 10.
Expected result = ‘peterWILLI’
If ‘peterWILLI’ is taken, next generated username will be ‘peterWILLX’. If that is taken, the next generated username will be ‘peterWILLY’ and so on.
Used settings:
Parameter | Value |
User ID Character Max Length | 10 |
Part 1 in User ID | Attribute|givenname|lower|0|false|false: |
Part 2 in User ID | Attribute|lastname|upper|0|false|false: |
Part 3 in User ID | Padding|x |
Part 4 in User ID | IncrementalAlpha|false|true|true|X |
Example 4
User ID without any session attribute values.
User ID composition: A prefix and a counter. The counter is stored in the attribute adminDescription at the object ou=consultants. The initial counter value is set to 80001 in this example.
Result: Consult_0080001, Consult_0080002 and so on.
Used settings:
Parameter | Value |
Part 1 in User ID | String|Consult_ |
Part 2 in User ID | Counter|ou=consultants,o=company,dc=local|adminDescription|7 |
Exclude Blacklisted Words
Configure the setting Textfile Containing Excluded User IDs with the name and path to the file for excluded user ID words.
Parameter | Value |
Textfile Containing Excluded User IDs | c:\blacklists\excludelist.txt |
Example of file content. The words in the text file should be separated by carriage return (line feed).
adrian
pete
evil
satan
Character Replacement
Before a user ID is returned, illegal characters are replaced. The characters and it’s substitutes are found in the setting Character Substitution.
The character to be replaced is delimited with a pipe from the substitute character: [char to be replaced]|[char substitute]. Comma (,) is used as delimiter before the character pair.
Example: ‘günäsk’ returns ‘gunask’
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se