Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Add Access getting error with LDAP error code 16

BalajiEpari
New Contributor III
New Contributor III

Hello,

 

We are integrating LDAP Application, while performing add entitlement to an account getting below error. it's an IBM Directory services, as checked about the GLPRDB050E error code. it says, "attribute name was not found in the schema definition". 

In Saviynt logs, we didn't find which attribute was not found.

Error while ADD operation for account-uid=tdiUserTest1,ou=External,ou=People,ou=AHM,o=NA,DC=XXXXX,DC=COM to Group-cn=career_opportunity_a_group,ou=Groups,ou=AHM,o=na,dc=XXXXX,dc=com in AD - [LDAP: error code 16 - GLPRDB050E Attribute was not found in the schema definition.

 

 

6 REPLIES 6

armaanzahir
Valued Contributor
Valued Contributor

Hi @BalajiEpari ,

 

What is the ENTITLEMENT_ATTRIBUTE parameter defined in the connection?

armaanzahir_0-1689237316598.png

 

Also, please confirm if you have performed the Endpoint configuration (Connection Configuration field and the customproperty2 of the entitlement type) as is defined in the below link:

LDAP Integration Guide Appendix (saviyntcloud.com)

Setting this up is necessary for the grant and revoke access actions on IGA.

 

Thanks,

Armaan

Regards,
Md Armaan Zahir

Hi @armaanzahir 

ENTITLEMENT_ATTRIBUTE value is member

I have tried to update Connection Configuration value as below, but it is showing as invalid format.

<conf><ADDMEMBERTOENT>TRUE</ADDMEMBERTOENT><ADDUSERTOENT>TRUE</ADDUSERTOENT></conf>

 

I had updated cp2 of entitlement type to member. i tried to trigger the task with only this change.

Now it is showing Object Class Violation issue.

Error while ADD operation for account-Christopher Wilkinson to Group-cn=AnkurTestGroup1,ou=Groups,ou=AHM,o=na,dc=XXXXX,dc=com in AD - [LDAP: error code 65 - Object Class Violation].

Can you pls provide proper format of connection configuration value.

 

Regards,

Balaji Epari

 

Hi @BalajiEpari The LDAP group you mentioned in your post is selected by user while raising access request for target LDAP application? OR its hardcoded somewhere in LDAP connector? i am little confused as in how saviynt grants/revokes access to a particular LDAP group? can you share some steps to achieve this usecase - i want to add/remove a user/account to a particular user selected LDAP group through access request? 

armaanzahir
Valued Contributor
Valued Contributor

Hi @BalajiEpari ,

Try using this:

{"conf":[{"ADDMEMBERTOENT":"TRUE"},{"ADDUSERTOENT":"TRUE"}]}

The document seems to have the old connection config format.

Thanks,

Armaan

Regards,
Md Armaan Zahir

Feedback added on doc page


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

BalajiEpari
New Contributor III
New Contributor III

Hi @armaanzahir 

Thank you so much. It worked for me.