Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/13/2024 04:30 PM
Hi Team,
Previously we were using the 23.8 version and earlier ACCOUNTNAMERULE was working as given below:-
{
"AccountNameRule": {
"Attributes": [
{
"cn": "${user.displayname}",
"baseDn": "${UserOUCalculation}"
}
]
}
}
But today we moved to the 24.5 version, during Save and Test the connection we got the error that RuleCheck is a mandatory attribute so, we put as below:-
{
"AccountNameRule": {
"Attributes": [
{
"cn": "${user.displayname}",
"baseDn": "${UserOUCalculation}",
"RuleCheck": "${user.username}"
}
]
}
}
but during testing account creation, we got an error
Error while creating account in ADSI : { "status": "Failure", "failedObjects": [ { "status": "Failure", "message": "'objectClasses','cn', and 'baseDn' are mandatory attributes.", "messageCodes": "OBJ_ERR_MSG_00005" } ], "connectionString": "LDAP://USPLYSDCNA01.na.globalad.local" }{ "status": "Failure", "failedObjects": [ { "status": "Failure", "message": "'objectClasses','cn', and 'baseDn' are mandatory attributes.", "messageCodes": "OBJ_ERR_MSG_00005" } ], "connectionString": "LDAP://USPLYSDCNA01.na.globalad.local" }{ "status": "Failure", "failedObjects": [ { "status": "Failure", "message": "'objectClasses','cn', and 'baseDn' are mandatory attributes.", "messageCodes": "OBJ_ERR_MSG_00005" } ], "connectionString": "LDAP://USPLYSDCNA01.na.globalad.local" }
Kindly assist/suggest the correct ACCOUNTNAMERULE JSON.
Thanks,
Utkarsh Rathore
Solved! Go to Solution.
06/13/2024 08:29 PM
{
"AccountNameRule": {
"Attributes": [
{
"cn": "ACCOUNTID",
"baseDN": "CN=Users,DC=saviyntlabs,DC=org",
"RuleCheck": "${user.lastname}, ${user.firstname}###${user.lastname}, ${user.firstname}1###${user.lastname}, ${user.firstname}2###${user.lastname}, ${user.firstname}3###${user.lastname}, ${user.firstname}4"
}
]
}
}
Refer above sample https://docs.saviyntcloud.com/bundle/ADSI-v24x/page/Content/Configuring-the-Integration-for-Provisio...
06/14/2024 09:39 AM
Thanks for your reply.
The AD connector was built by the Saviynt team they did not configure the RuleCheck in ACCOUNTNAMERULE but in newer version 24.5 they mandate the RuleCheck attribute. So, I tried to configure as "RuleCheck": "${user.username}" as we are using username as AD ID/account name,
I tested it out with one test user, and an account was created in AD. My doubt is
will be there any major impact on existing or new users if I config as "RuleCheck": "${user.username}".
Thanks,
Utkarsh Rathore
06/14/2024 11:46 AM
Its not mandatory in our environment 24.5
You can remove mandatory thing - https://forums.saviynt.com/t5/identity-governance/aws-connection-failure-non-aws/m-p/92699
06/14/2024 12:48 PM
ACCOUNTNAMERULE is not mandatory but inside it, RULECHECK attribute is required.
Thanks,
Utkarsh Rathore
06/15/2024 10:02 PM
If you are account name is username then there is no impact.
06/27/2024 05:52 AM
Thanks