Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD group Creation failing from Saviynt

SumathiSomala
All-Star
All-Star

‎08/15/2024 10:49 PM

Hi team,

I am creating the AD group from Saviynt. To perform this enabled the group management.

 

createUpdateMappings:

{
"cn": "${role?.customproperty13}",
"objectCategory": "CN=Group,CN=Schema,CN=Configuration,dc=xxxx,dc=com",
"displayName": "${role?.displayname}",
"sAMAccountName": "${role?.customproperty11}",
"description": "${role?.description}",
"objectClass": "group",
"name": "${role?.customproperty9}"
}

Getting the below error where i run the provisioning JOB

Provisioning comments in task:

<br> unexpected end of subtree [select new Map(a.entitlement_value as entitlement_value, a.entitlementtypekey.id as entitlementtypekey, a.id as id, a.entitlement_value as UNIQUE_COL) from com.saviynt.ecm.identitywarehouse.domain.Entitlement_values a where a.entitlementtypekey.id in ()]; nested exception is org.hibernate.hql.ast.QuerySyntaxException: unexpected end of subtree [select new Map(a.entitlement_value as entitlement_value, a.entitlementtypekey.id as entitlementtypekey, a.id as id, a.entitlement_value as UNIQUE_COL) from com.saviynt.ecm.identitywarehouse.domain.Entitlement_values a where a.entitlementtypekey.id in ()]

 

Any help would be appreciated.

 

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

Labels:
0 Kudos
9 REPLIES 9

rushikeshvartak
All-Star
All-Star

‎08/15/2024 10:51 PM

  • Does all roles attributes are populated without special characters ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to rushikeshvartak

‎08/15/2024 11:34 PM

@rushikeshvartak yes

Role name is Adtestgroup3

 

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎08/15/2024 11:40 PM

Try hardcoding details in json


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

SumathiSomala
All-Star
All-Star

‎08/16/2024 12:43 AM

Updated the JSON

{
"cn": "${role?.customproperty13}",
"objectCategory": "CN=Group,CN=Schema,CN=Configuration,dc=xxxx,dc=com",
"displayName": "${role?.displayname}",
"sAMAccountName": "${role?.customproperty11}",
"objectGUID":"${role?. Entitlementid}",
"description": "${role?.description}",
"objectClass": "group",
"name": "${role?.customproperty9}"
}

Provisioning comments:<br> Error while Create operation for Entitlment-CN=Adtestgroup4,OU=EnterpriseGroups,DC=xxx,DC=com in AD, Exception : Error while GROUP CREATION IN AD <br>

error logs:

2024-08-16T13:00:32+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-16-xdcks-ERROR-Error in createGroup :
2024-08-16T13:00:33+05:30-ecm-worker--null-xdcks--javax.naming.NamingException: [LDAP: error code 80 - 00000523: SysErr: DSID-031A1242, problem 22 (Invalid argument), data 0

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎08/16/2024 07:08 AM

Did you done endpoint level configs from GLM


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to rushikeshvartak

‎08/16/2024 07:22 AM

@rushikeshvartak what was the configuration you are referring to?

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎08/16/2024 07:24 AM

rushikeshvartak_0-1723818232656.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

SumathiSomala
All-Star
All-Star

‎08/26/2024 03:36 AM

@rushikeshvartak figured out the issue .ENTITLEMENT_ATTRIBUTE was wiped off .

Now group creation is working fine.

Currently I provided the groupsearchBaseDN for Group import because of that I am able to create groups in the main OU.

Any possibilities to create groups in SUB OUs with out using the advanced filter in groupimportmapping?

 

 

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎08/26/2024 06:09 AM

You need to use advanced filter in groupimportmapping


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC