Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Back slash in dynamic attributes value value causing errors

Go to solution
yogesh
Regular Contributor III
Regular Contributor III

‎06/14/2022 05:12 AM

I have a dynamic attribute on my application form of single select sql type and the query returns the DN of AD account of the requestee (stored in AD accounts accountid). The query is below:

SELECT accounts.accountid AS id
FROM accounts
LEFT JOIN user_accounts ON user_accounts.ACCOUNTKEY = accounts.ACCOUNTKEY
LEFT JOIN endpoints ON endpoints.ENDPOINTKEY = accounts.ENDPOINTKEY
LEFT JOIN users u ON u.userkey = user_accounts.userkey
WHERE endpoints.ENDPOINTNAME = 'Active_Directory'
	AND u.username = '${user.username}'

The value returned by this query contains a "\" backslash as the value is like this:

CN=Kushwaha\, Yogesh,OU=NA,OU=Users,OU=xx,DC=yyyy,DC=net

The query is working fine and the DN is also showing up fine on the submission page:

yogesh_0-1655208284782.png

But on pressing the submit button below error is shown:
(The server encountered an error and cannot complete your request)

yogesh_2-1655208382609.png

On release notes page of v2021.0.3 (https://saviynt.freshdesk.com/support/solutions/articles/43000664437-release-notes-v2021-0-3) it says that this is a known issue:

yogesh_3-1655208485510.png

Is there a workaround for this?

Usecase:
1. To provision an AD Admin account to user (requestable endpoint), This is in addition to the Normal AD account that is provisioned on birthright.
2. The manager attribute at the AD end for this Admin account should be set to the DN of the Normal AD Account of the Requestee. Normal Admin account is assigned to user on birthright.
3. Thus I want to fetch the account ID (which stores DN) of the Normal AD account of requestee and send it as manager attribute for the Admin AD Account.

Labels:
0 Kudos
3 REPLIES 3

Go to solution
Nikitaj
Saviynt Employee
Saviynt Employee

‎06/14/2022 05:52 AM

Hi Yogesh,

Yes, this is an existing issue and has already been taken care of and fixed in our future release which is v2022.

 


Thanks
Nikita
0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee

‎06/24/2022 12:15 PM - edited ‎06/24/2022 02:11 PM

 

Yogesh,

You can try this workaround , if it is feasible.

a) Create a Saviynt4Saviynt connection with the query to populate the DN of the AD account in user profile, say in user comments. (assuming that there is a way to identify primary accounts e.g SavUsername=SamAccountName or some other identifier(s) )

b) Schedule this connection to run after each AD import (to update new DN's, if any)

c) Now, since the user has the Primary AD DN in the user comments, this can be used in the Provisioning logic to update the Manager DN in the new secondary/admin account request.

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

Go to solution
Dave
Community Manager
Community Manager

‎06/27/2022 08:23 AM

@yogesh Did the reply by Avinash help?  If you feel one of the replies is the appropriate answer to your question, please click the "Accept As Solution" button, even if the solution is "it is fixed in a future release." This will help others users searching the forum for the same question.   Thank you! 

0 Kudos
Copyright © 2024 Khoros, LLC