Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Active Directory update account is failing with below error

txvajrag
New Contributor III
New Contributor III
2024-08-01T18:19:27-04:00-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-9-xcwcw-ERROR-Error in escapeLDAPSpecialChars for KXAJROT_PBD -
 
2024-08-01T18:19:28-04:00-ecm-worker--null-xcwcw--javax.naming.InvalidNameException: Invalid name: KXAJROT_PBD at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:111) at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:70) at javax.naming.ldap.LdapName.parse(LdapName.java:785) at javax.naming.ldap.LdapName.<init>(LdapName.java:123) at com.saviynt.ldap.SaviyntGroovyLdapService.escapeLDAPSpecialChars(SaviyntGroovyLdapService.groovy:7493) at com.saviynt.ldap.SaviyntGroovyLdapService$_updateAccountGLDAP_closure7.doCall(SaviyntGroovyLdapService.groovy:2251) at com.saviynt.ldap.SaviyntGroovyLdapService.updateAccountGLDAP(SaviyntGroovyLdapService.groovy:2239) at com.saviynt.ecm.services.ArsTaskService.updateAccountTarget(ArsTaskService.groovy:11587) at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsTwelveUpdateAccount_closure46.doCall(ArsTaskHelperService.groovy:3000) at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsTwelveUpdateAccount(ArsTaskHelperService.groovy:2990) at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:201) at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:161) at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
 
2024-08-01T18:19:27-04:00-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-9-xcwcw-DEBUG-EXISTING ACCOUNT CHECKKXAJROT_PBD
 
2024-08-01T18:19:28-04:00-ecm-worker--null-xcwcw--javax.naming.InvalidNameException: KXAJROT_PBD: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100232, problem 2006 (BAD_NAME), data 8350, best match of
 
Accountnamerule is configured on AD connection as below
CN=${user.systemUserName}_PBD,OU=PBPS,OU=ADMIN IDS,OU=USER,DC=corplab,DC=adlab,DC=sentara,DC=labin
7 REPLIES 7

rushikeshvartak
All-Star
All-Star

Invalid Characters: The underscore (_) in KXAJROT_PBD may not be allowed or expected in certain parts of the Distinguished Name (DN). Although underscores are generally permissible, specific LDAP schemas or rules might restrict their use in certain attributes.

Escape Special Characters: Ensure that all special characters are properly escaped. The method escapeLDAPSpecialChars should handle this, but it seems like there might be an issue in its implementation. Check the method for any bugs or incomplete logic.

Check DN Format: Make sure the complete DN follows the correct format. 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

is it because the account is not reconciled? 

looks like somewhere special characters needs to be specified


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

txvajrag
New Contributor III
New Contributor III

Haha surprised to know Saviynt cannot update AD account without getting reconciled as it doesnt find the account id in Saviynt. Its wrong on Saviynt  side , Saviynt ideally should be able to update the account without reconciling by including the DN value in update account JSON.

txvajrag
New Contributor III
New Contributor III

its

if thats the case it is able to create the account.why update is failing

 

 

NM
Honored Contributor II
Honored Contributor II

@txvajrag Share update json

txvajrag
New Contributor III
New Contributor III

i dont think its anything to do with JSON

{
"employeeType": "${user.employeeType}",
"givenName": "${if(user.preferedFirstName == null && user.middlename == null){user.firstname.toUpperCase()}else if(user.preferedFirstName != null && user.preferedFirstName.length() > 0 && user.middlename !=null && user.middlename.length() >0){user.preferedFirstName.toUpperCase()}else if(user.preferedFirstName != null && user.preferedFirstName.length() > 0 && (user.middlename == null || user.middlename.length() == 0)){user.preferedFirstName.toUpperCase()}else if(user.preferedFirstName ==null && user.middlename != null && user.middlename.length() > 0){user.firstname.toUpperCase() + ' ' + user.middlename.charAt(0).toUpperCase()}}",
"sn": "${if(user.customproperty12!=null && user.customproperty12!='') {user.customproperty12.toUpperCase()} else {user.lastname.toUpperCase()}}",
"displayName": "${if(user.customproperty12==null||user.customproperty12.length()==0){if(user.preferedFirstName==null&&user.middlename==null){user.firstname.toUpperCase()+' '+user.lastname.toUpperCase()}else if(user.preferedFirstName!=null&&user.preferedFirstName.length()>0&&user.middlename!=null&&user.middlename.length()>0){user.preferedFirstName.toUpperCase()+' '+user.lastname.toUpperCase()}else if(user.preferedFirstName!=null&&user.preferedFirstName.length()>0&&(user.middlename==null||user.middlename.length()==0)){user.preferedFirstName.toUpperCase()+' '+user.lastname.toUpperCase()}else if(user.preferedFirstName==null&&user.middlename!=null&&user.middlename.length()>0){user.firstname.toUpperCase()+' '+user.middlename.charAt(0).toUpperCase()+' '+user.lastname.toUpperCase()}}else{if(user.preferedFirstName==null&&user.middlename==null){user.firstname.toUpperCase()+' '+user.customproperty12.toUpperCase()}else if(user.preferedFirstName!=null&&user.preferedFirstName.length()>0&&user.middlename!=null&&user.middlename.length()>0){user.preferedFirstName.toUpperCase()+' '+user.customproperty12.toUpperCase()}else if(user.preferedFirstName!=null&&user.preferedFirstName.length()>0&&(user.middlename==null||user.middlename.length()==0)){user.preferedFirstName.toUpperCase()+' '+user.customproperty12.toUpperCase()}else if(user.preferedFirstName==null&&user.middlename!=null&&user.middlename.length()>0){user.firstname.toUpperCase()+' '+user.middlename.charAt(0).toUpperCase()+' '+user.customproperty12.toUpperCase()}}}",
"title": "${if(user.title!=null){user.title}}",
"extensionAttribute8": "${user.username}",
"departmentNumber": "${if(user.customproperty5!=null && user.customproperty5=='SecZetta') {''} else if((user.employeeType!= null &&(user.employeeType.toLowerCase().contains('emp') || user.employeeType.toLowerCase().contains('cwr'))) && (user.customproperty15=='CM117' || user.customproperty15=='CM170' || user.customproperty15=='CM176')){user.customproperty15 + '-' + user.customproperty43 + '-' + user.costcenter} else if(user.employeeType!= null && (user.employeeType.toLowerCase().contains('emp') || user.employeeType.toLowerCase().contains('cwr'))) {user.customproperty15 + '-' + user.customproperty17 + '-' + user.costcenter} else {''}}",
"department": "${if(user.customproperty16!=null && user.customproperty16.length()>64) {user.customproperty16.substring(0,63)} else {user.customproperty16}}",
"accountExpires": "${if(user.customproperty3!=null && user.customproperty3.equalsIgnoreCase('Suspend')){'126227375990000000'} else if(user.customproperty5!=null && user.customproperty5=='SecZetta' && user.termDate!= null){10000*(user.termDate.getTime() + 28800000 + 11644473600000)} else if(user.customproperty25=='HIRED' || user.customproperty4=='VP' || user.customproperty4=='CEO' || user.customproperty4=='CVP' || user.customproperty4=='EVP' || user.customproperty4=='Divisional President'){'0'}else if((user.customproperty25=='PREHIRE' || user.customproperty25=='FUTUREHIRE') && ( user.comments!='Conversion')) {'126227375990000000'}else{'0'}}"
}