Saviynt Forums

utkarshING · ‎06/13/2024

Hi Team,

Previously we were using the 23.8 version and earlier ACCOUNTNAMERULE was working as given below:-

{
"AccountNameRule": {
"Attributes": [
{
"cn": "${user.displayname}",
"baseDn": "${UserOUCalculation}"

}
]
}
}

But today we moved to the 24.5 version, during Save and Test the connection we got the error that RuleCheck is a mandatory attribute so, we put as below:-

{
"AccountNameRule": {
"Attributes": [
{
"cn": "${user.displayname}",
"baseDn": "${UserOUCalculation}",
"RuleCheck": "${user.username}"
}
]
}
}

but during testing account creation, we got an error

Error while creating account in ADSI : { "status": "Failure", "failedObjects": [ { "status": "Failure", "message": "'objectClasses','cn', and 'baseDn' are mandatory attributes.", "messageCodes": "OBJ_ERR_MSG_00005" } ], "connectionString": "LDAP://USPLYSDCNA01.na.globalad.local" }{ "status": "Failure", "failedObjects": [ { "status": "Failure", "message": "'objectClasses','cn', and 'baseDn' are mandatory attributes.", "messageCodes": "OBJ_ERR_MSG_00005" } ], "connectionString": "LDAP://USPLYSDCNA01.na.globalad.local" }{ "status": "Failure", "failedObjects": [ { "status": "Failure", "message": "'objectClasses','cn', and 'baseDn' are mandatory attributes.", "messageCodes": "OBJ_ERR_MSG_00005" } ], "connectionString": "LDAP://USPLYSDCNA01.na.globalad.local" }

Kindly assist/suggest the correct ACCOUNTNAMERULE JSON.

Thanks,

Utkarsh Rathore

rushikeshvartak · ‎06/13/2024

{
"AccountNameRule": {
"Attributes": [
{
"cn": "ACCOUNTID",
"baseDN": "CN=Users,DC=saviyntlabs,DC=org",
"RuleCheck": "${user.lastname}, ${user.firstname}###${user.lastname}, ${user.firstname}1###${user.lastname}, ${user.firstname}2###${user.lastname}, ${user.firstname}3###${user.lastname}, ${user.firstname}4"
}
]
}
}

Refer above sample https://docs.saviyntcloud.com/bundle/ADSI-v24x/page/Content/Configuring-the-Integration-for-Provisio...

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

utkarshING · ‎06/14/2024

Thanks for your reply.

The AD connector was built by the Saviynt team they did not configure the RuleCheck in ACCOUNTNAMERULE but in newer version 24.5 they mandate the RuleCheck attribute. So, I tried to configure as "RuleCheck": "${user.username}" as we are using username as AD ID/account name,

I tested it out with one test user, and an account was created in AD. My doubt is

will be there any major impact on existing or new users if I config as "RuleCheck": "${user.username}".

Thanks,

Utkarsh Rathore

rushikeshvartak · ‎06/14/2024

Its not mandatory in our environment 24.5

You can remove mandatory thing - https://forums.saviynt.com/t5/identity-governance/aws-connection-failure-non-aws/m-p/92699

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

utkarshING · ‎06/14/2024

ACCOUNTNAMERULE is not mandatory but inside it, RULECHECK attribute is required.

Thanks,

Utkarsh Rathore

rushikeshvartak · ‎06/15/2024

If you are account name is username then there is no impact.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

utkarshING · ‎06/27/2024

Thanks

Saviynt Forums

ACCOUNTNAMERULE | ADSI