Saviynt Forums

sureshchalla · ‎06/16/2024

Hi Team,

When creating an OUD account, the object class [top, st-person] is included. We tried to add another objectclass [st-login] for that OUD account, but it threw an error below.

Error:

"2024-06-17T05:30:56.925+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","JSON to be used for Update Account-{"
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx",""," "employeenumber":"${user.username}","
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx",""," "givenName":"${user.firstname}","
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx",""," "objectClass":["
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx",""," "top","
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx",""," "st-person","
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx",""," "st-login""
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx",""," ],"
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx",""," "sn":"${user.lastname}","
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx",""," "st-entrystatus":"A""
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx","","}"
"2024-06-17T05:30:56.925+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","Binding Map-[ServiceAccountOwnerMap:[:], endpointsObj:STOUDDEV, entitlementValuesObj:null, manager:344583, usersObj:344583, cn:ed131201, usersManagerObj:344583, managerAccount:null, userAttributesMap:[:], password:****, task:com.saviynt.ecm.task.ArsTasks : 1044, cnRDN:st-eduid=ed131201, requestAccessAttributes:[:], user:344583, account:ed131201, arstasksObj:com.saviynt.ecm.task.ArsTasks : 1044, accountsObj:ed131201]"
"2024-06-17T05:30:56.926+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","movetoUserou in updateLDAPAccount null"
"2024-06-17T05:30:56.927+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","DataMap-[st-entrystatus:A, employeenumber:344583, givenName:GOMEZ, objectClass:[top, st-person, st-login], sn:Francisco]"
"2024-06-17T05:30:56.927+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","Enter isADConnection"
"2024-06-17T05:30:56.927+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","External connection is :: STOUDDEV"
"2024-06-17T05:30:56.927+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","Connection is LDAP.. Setting to FALSE"
"2024-06-17T05:30:56.927+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","isadconnection = false"
"2024-06-17T05:30:56.927+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","Exit isADConnection"
"2024-06-17T05:30:56.927+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","escapeddn = st-eduid=ed131201,ou=people,dc=st,dc=com"
"2024-06-17T05:30:57.128+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","LDAP Account Attrs-[employeetype:st, st-entrystatus:A, employeenumber:344583, givenname:GOMEZ, st-eduid:ed131201, dn:st-eduid=ed131201,ou=people,dc=st,dc=com, sn:Francisco, objectclass:[top, st-person]]"
"2024-06-17T05:30:57.130+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","readOperationalAttributes = null"
"2024-06-17T05:30:57.130+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","datamapval:null"
"2024-06-17T05:30:57.130+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","excludedAttributesForPasswordBinding:null"
"2024-06-17T05:30:57.130+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","excludedAttributesForPasswordBinding:null"
"2024-06-17T05:30:57.130+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","excludedAttributesForPasswordBinding:null"
"2024-06-17T05:30:57.130+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","dataList-[top, st-person, st-login]"
"2024-06-17T05:30:57.130+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","excludedAttributesForPasswordBinding:null"
"2024-06-17T05:30:57.131+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","values2beAdded (lowercased) = [st-login]"
"2024-06-17T05:30:57.131+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","Exception in processItemsforModification"
"2024-06-17T05:30:57.538+00:00","ecm-worker","","null-pvpzx","","groovy.lang.MissingMethodException: No signature of method: java.util.LinkedHashMap.equalsIgnoreCase() is applicable for argument types: (java.lang.String) values: [proxyAddresses] at com.saviynt.ldap.SaviyntGroovyLdapService$_processItemsforModification_closure126.doCall(SaviyntGroovyLdapService.groovy:9771) at com.saviynt.ldap.SaviyntGroovyLdapService.processItemsforModification(SaviyntGroovyLdapService.groovy:9770) at com.saviynt.ldap.SaviyntGroovyLdapService$_updateLDAPAccount_closure79.doCall(SaviyntGroovyLdapService.groovy:7158) at com.saviynt.ldap.SaviyntGroovyLdapService.updateLDAPAccount(SaviyntGroovyLdapService.groovy:7083) at com.saviynt.ldap.SaviyntGroovyLdapService$_updateAccountGLDAP_closure7.doCall(SaviyntGroovyLdapService.groovy:2667) at com.saviynt.ldap.SaviyntGroovyLdapService.updateAccountGLDAP(SaviyntGroovyLdapService.groovy:2236) at com.saviynt.ecm.services.ArsTaskService.updateAccountTarget(ArsTaskService.groovy:11424) at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsTwelveUpdateAccount_closure46.doCall(ArsTaskHelperService.groovy:2890) at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsTwelveUpdateAccount(ArsTaskHelperService.groovy:2880) at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:200) at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160) at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)"
"2024-06-17T05:30:57.131+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-pvpzx","DEBUG","excludedAttributesForPasswordBinding:null"

--proxyAddresses: this does not include in OUD schema.

CreateaccountJSON:

{
"employeenumber":"${user.username}",
"givenName":"${user.firstname}",
"objectClass":[
"top",
"st-person"
],
"sn":"${user.lastname}",
"st-entrystatus":"${user.customproperty1}"
}

UpdateaccountJSON:

{
"employeenumber":"${user.username}",
"givenName":"${user.firstname}",
"objectClass":[
"top",
"st-person",
"st-login"
],
"sn":"${user.lastname}",
"st-entrystatus":"${user.customproperty1}"
}

I require assistance with this problem.

Thanks

NM · ‎06/16/2024

Hi @sureshchalla , As per logs i see an error while changing the password, are you also trying to change user password?

sureshchalla · ‎06/17/2024

YES,

I saw that error.

ERROR","Error occured while changing password"
"2024-06-17T05:30:58.540+00:00","ecm-worker","","null-pvpzx","","javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Entry st-eduid=ed131201,ou=people,dc=st,dc=com cannot not be modified because the resulting entry would have violated the server schema: Entry st-eduid=ed131201,ou=people,dc=st,dc=com violates the Directory Server schema configuration because it includes attribute userPassword which is not allowed by any of the objectclasses defined in that entry]; remaining name 'st-eduid=ed131201,ou=people,dc=st,dc=com'

What is the reason for this error?

NM · ‎06/17/2024

can you share your resetandchange password json?

sureshchalla · ‎06/17/2024

RESETANDCHANGEPASSWRDJSON:

{
"userPassword": "${randomPassword}"
}

NM · ‎06/17/2024

@sureshchalla , try "UnicodePwd" once..

sureshchalla · ‎06/17/2024

I tried,

{
"RESET": {
"pwdLastSet": "-1",
"title": "reset password changed"
},
"CHANGE": {
"title": "change password changed",
"pwdLastSet": "-1",
"UnicodePwd": "${randomPassword}"
}
}

NM · ‎06/17/2024

@sureshchalla , when you try to set password in create account does that work?

error -Directory Server schema configuration because it includes attribute userPassword which is not allowed by any of the objectclasses defined in that entry];

try to remove the last object class [st-login] and the try .. instead of unicodePwd use userPassword only

sureshchalla · ‎06/21/2024

We are facing the same problem.

rushikeshvartak · ‎06/21/2024

Does it works directly from oud

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

An error occurred while adding the object class in OUD Account