Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/22/2024 07:27 AM
Hello,
We're using a JSON using the following format to create groups from Saviynt and add them to AD. The service account has the required permissions but the flow keeps erroring out constantly:
{
"cn": "${role?.customproperty27}",
"objectCategory": "CN=Group,CN=Schema,CN=Configuration,dc=sav,dc=com",
"displayName": "${role?.displayname}",
"sAMAccountName": "${role?.customproperty27}",
"description": "${role?.description}",
"objectClass": "group",
"name": "${role?.customproperty27}"
}
I tried running the JSON with minimal mappings (only CN and SAMAccountName), but it also failed.
This is the full error we're encountering:
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C091363, comment: Error in attribute conversion operation, data 0, v4563]; remaining name 'CN=Test_Entitlement_05,dc=testenv,dc=com' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3282) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2998) at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:840) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:341) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:268) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:256) at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:197) at com.saviynt.ldap.SaviyntGroovyLdapService.createGroup(SaviyntGroovyLdapService.groovy:8184) at com.saviynt.ldap.SaviyntGroovyLdapService.createOrUpdateGroups(SaviyntGroovyLdapService.groovy:7980) at com.saviynt.ldap.SaviyntGroovyLdapService.createEntitlementGLDAP(SaviyntGroovyLdapService.groovy:7655) at com.saviynt.ecm.services.ArsTaskService.createEntitlementTarget(ArsTaskService.groovy:16803) at com.saviynt.ecm.services.ArsTaskService$_processParentTask_closure206.doCall(ArsTaskService.groovy:17064) at com.saviynt.ecm.services.ArsTaskService.processParentTask(ArsTaskService.groovy:17054) at com.saviynt.ecm.services.ArsTaskService.createEntitlement(ArsTaskService.groovy:16861) at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:212) at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160) at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
Please let me know if further information is needed.
Thank you! Looking forward to the replies.
Solved! Go to Solution.
07/22/2024 08:53 AM
Validate if role have Cp27 and displayname Provide screenshot
07/22/2024 09:17 AM
Hi @AdrianMarchis ,
Check cp27 value if it is been passed as null it won't work
07/22/2024 11:57 AM
07/22/2024 12:01 PM
what about displayname & description
07/22/2024 01:09 PM
Both fields are/were tested filled and empty, failed too, same error.
07/22/2024 01:14 PM
Does role have values ?
07/22/2024 01:59 PM
I've never used this specific function of Saviynt but I did get such an error in the past when the distinguishedName was not properly defined. Looking at the doc, I see no parameter to define the DN... where is that set, exactly?
07/22/2024 02:21 PM
Does role have displayname / Description ?
07/23/2024 07:38 AM
@rushikeshvartak Yes, the role has a displayname / description
07/23/2024 08:18 AM
Share full logs in text file when you run wsretry
07/26/2024 04:56 AM
Will test again and provide logs soon.
Thank you!
07/29/2024 07:07 AM
@rushikeshvartak Attached are the logs exported for a failed group creation. Role values, Display name and Description were filled with data.
07/29/2024 07:33 AM
Incorrect objectCategory Attribute:
08/01/2024 09:19 AM
That fixed it.