and more in a single search tool across platforms. Read the announcement here. |
09/29/2022 09:09 PM
Hi Team,
1. We are not able to configure 'Disable Account' Option for AD end point- how to configure Disable/Enable Account options ?
2. When we try to remove account through ARS - its throwing below error
Error while Delete operation for account-testuser5 in AD, Error Deleting/Disabling the Account from AD - testuser5: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100229, problem 2006 (BAD_NAME), data 8350, best match of: 'testuser500' ]
09/30/2022 02:23 AM
There is a slash / character in the distinguished name. While this is a legal character in a DN, perhaps it should be a comma ,. See also Distinguished Names
Disable / Enable Option needs to be enabled from endpoint -status option add enable & disable values & locked column in account drives this action either enable or disable
09/30/2022 07:03 AM
What would help would be to send the full logs when you run the Provisioning Job where it shows what is the final constructed DN which is showing a BAD_NAME exception.
09/30/2022 12:06 PM - edited 09/30/2022 12:19 PM
09/30/2022 12:15 PM
2022-09-29 19:11:25,285 [quartzScheduler_Worker-1] ERROR ldap.SaviyntGroovyLdapService - Error while creating account in AD - [LDAP: error code 19 - 000020B5: AtrErr: DSID-0315317E, #1:
0: 000020B5: DSID-0315317E, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager)
]
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 000020B5: AtrErr: DSID-0315317E, #1:
0: 000020B5: DSID-0315317E, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager)
]; remaining name 'CN=Bhavaniprasadkommi,Ou=B04_Users,DC=kaali,DC=in'
Manager Field is sent blank.
2022-09-29 19:11:25,386 [quartzScheduler_Worker-1] ERROR ldap.SaviyntGroovyLdapService - Error Deleting/Disablng the Account from AD -
javax.naming.InvalidNameException: jagadish: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100229, problem 2006 (BAD_NAME), data 8350, best match of:
'jagadish'
]; remaining name 'jagadish'
Sample REMOVEACCOUNTACTION
{"removeAction": "DELETE","moveUsertoOU": "OU=DeletedUsers,DC=YYYYY,DC=YYYY","deleteAllGroups": "Yes","userAccountControl": "514"}
Sample CREATEACCOUNTJSON
{"cn": "${user.username}","displayname": "${user.displayname}","givenname": "${user.firstname}","mail": "${user.email}","name": "${user.displayname}","objectClass": ["top", "person", "organizationalPerson", "user"],"sAMAccountName": "${task.accountName}","sn": "${user.lastname}","title": "${user.title}"}
09/30/2022 12:21 PM
Thank you , Can you let me know Disable/Enable configuration as well.
09/30/2022 12:31 PM
ENABLEACCOUNTJSON
{
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "NO",
"REMOVEGROUPS": "NO",
"AFTERMOVEACTIONS": {
"userAccountControl": "512",
"userPassword": "${randomPassword}"
}
}
DISABLEACCOUNTJSON
{
"userAccountControl": "546"
}
09/30/2022 03:59 PM
Hello @IAM_99,
I would suggest you to refer documentations and try our these functionalities. If these dont work then you can report these as a feedback.
09/30/2022 06:54 PM
Thanks for the responses.
1. We have valid manager now and tried to deprovision -getting Bad_NAME error again
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
2022-09-30 18:35:00,005 [quartzScheduler_Worker-4] ERROR ldap.SaviyntGroovyLdapService - Error Deleting/Disablng the Account from AD -
javax.naming.InvalidNameException: Jayakrishna: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100229, problem 2006 (BAD_NAME), data 8350, best match of:
'Jayakrishna'
]; remaining name 'Jayakrishna'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3198)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1875)
2. Let me rephrase the question - We are not able to see how to configure Enable/Disable options/buttons ( not JSON details) please find below
10/01/2022 06:04 AM - edited 10/03/2022 07:47 AM
ask operation team to add status_config column in endpoints table
10/03/2022 08:09 AM - edited 10/03/2022 04:08 PM
Any operations in LDAP compliant servers are done based on your Disinguished Name. As per the logs it seems that your DN is not configured properly.
For this user that is failing, which account attribute has the user's DN stored in ? What is the value of the AccountID for this user account ?
09/30/2022 06:55 PM