Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error in tasks for Enterprise Role

Sanket
New Contributor II
New Contributor II

‎12/20/2022 09:28 PM

Hi,

We have couple of enterprise role in place.

Whenever we make request for that role, task is getting generated, but during provisioning, task gets errored out with below error.

2022-12-21, 04:04 pm
ecm-worker
{"log":"javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D77, comment: Error in attribute conversion operation, data 0, v2580\u0000]; remaining name 'CN=APP-SAV-DEV-Compliance,OU=Saviynt,OU=Security,OU=Groups,OU=AAD,OU=HSP,DC=AU,DC=AD,DC=HSP'\n","stream":"stdout","time":"2022-12-21T05:04:22.106844017Z"}

When we make request for other enterprise role, it is working fine, but for this error is coming.

Can someone help me on this error as attribute is not specifically mentioned?

Thanks!

Sanket Bhandhari

Labels:
0 Kudos
32 REPLIES 32

rushikeshvartak
All-Star
All-Star

‎12/20/2022 09:31 PM

What is task type, share respective json


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎12/20/2022 09:33 PM

Hi Rushikesh,

Thanks for replying.

Task type is Add Access.

For JSON, can you please let me know which JSON you are looking for?

Thanks!

Sanket Bhandhari

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanket

‎12/21/2022 09:47 AM

You might encounter this error if either any attribute name or value being passed to AD is incorrect or one of the attributes you are passing to add access does not exist in the AD or is empty .

Please compare these attribute/values with existing values in AD to see if there is any discrepancy in how the data is being passed.   Also ,  can you please try to pass SUPPORTEMPTYSTRING = true in the connection and see if this works?

If you still can't find the solution , please raise an FD for the Saviynt Support to assist you. 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎12/21/2022 06:21 PM

Thanks for replying Rushikesh, but if this is the case it should not work for other enterprise role as well.

We are using same user with same attributes for both the roles.

For one role, working as expected.

For other role, task is getting errored out.

Thanks!

Sanket Bhandhari

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanket

‎12/22/2022 07:29 AM

Please share more logs


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎12/22/2022 06:49 PM

Hi Rushikesh,

PFA latest and complete logs for request which i submitted just now.

Thanks!

Sanket Bhandhari

Preview file
246 KB
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanket

‎12/22/2022 07:37 PM

"ecm-worker","2022-12-23T02:44:01.885+0000","{"log":"2022-12-23 02:44:01,075 [quartzScheduler_Worker-2] DEBUG ldap.SaviyntGroovyLdapService - AD addmap :: [groups:CN=D-TY PARK,OU=Users,OU=ACHASA1177,OU=ACHA,OU=TestHSP,DC=AU,DC=AD,DC=HSP,]\n","stream":"stdout","time":"2022-12-23T02:44:01.075473829Z"}"
"ecm-worker","2022-12-23T02:44:01.885+0000","{"log":"2022-12-23 02:44:01,075 [quartzScheduler_Worker-2] DEBUG ldap.SaviyntGroovyLdapService - AD ADD loop\n","stream":"stdout","time":"2022-12-23T02:44:01.075487498Z"}"
"ecm-worker","2022-12-23T02:44:01.885+0000","{"log":"2022-12-23 02:44:01,229 [quartzScheduler_Worker-2] ERROR ldap.SaviyntGroovyLdapService - Exception \n","stream":"stdout","time":"2022-12-23T02:44:01.229862276Z"}"
"ecm-worker","2022-12-23T02:44:01.885+0000","{"log":"javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D77, comment: Error in attribute conversion operation, data 0, v2580\u0000]; remaining name 'CN=APP-SAV-DEV-ServiceDesk,OU=Saviynt,OU=Security,OU=Groups,OU=AAD,OU=HSP,DC=AU,DC=AD,DC=HSP'\n","stream":"stdout","time":"2022-12-23T02:44:01.229890217Z"}"
"ecm-worker","2022-12-23T02:44:01.885+0000","{"log":"\u0009at

 

 

Is this correct group name ?

Also confirmed user does not have role as direct /nested in AD


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎12/22/2022 07:43 PM - edited ‎12/25/2022 07:26 PM

Hi Rushikesh,

We were also able to locate this same error.

Group name is correct one.

Please find below snippets of user in Saviynt.

User is not having any role in AD.

Thanks!

Sanket Bhandhari

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanket

‎12/23/2022 10:58 AM

its ssl or non ssl connection 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎12/25/2022 07:20 PM

Non-SSL Connection

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanket

‎12/25/2022 07:53 PM

Make connection SSL . it should work

https://forums.saviynt.com/t5/identity-governance/adding-ad-group-assignment-during-provisioning/m-p...


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎12/25/2022 08:06 PM

Hi Rushikesh,

How we can make it an SSL connection?

Thanks!

Sanket Bhandhari

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanket

‎12/25/2022 08:39 PM

  • Request SSL certificate from AD Team
  • Upload SSL certificate from Connection ADD CERTIFICATE ( if option not available raise freshdesk ticket)
  • restart server once certificate is loaded
  • url should changed to ldaps://hostname:636
  • please add hostname instead ip in url

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎12/25/2022 09:06 PM

But Rushikesh, I still have one doubt over here before proceeding with this.

Why it is working fine for one of the role even with NON-SSL Connection and not working for other role?

Thanks!

Sanket Bhandhari

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanket

‎12/25/2022 10:17 PM

This are debug we are checking


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎12/25/2022 10:51 PM

I didn't get you Rushikesh!

Thanks!

Sanket Bhandhari

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanket

‎12/25/2022 11:22 PM

We are trying to check if it resolves issue or not


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎01/02/2023 09:38 PM

@rushikeshvartak any updates?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sanket

‎01/02/2023 10:20 PM

Raise freshdesk ticket


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

sk
All-Star
All-Star
In response to Sanket

‎12/23/2022 02:28 PM

I hope you are doing SSL connection to AD. If not can you try making an SSL connection to AD and see if it fixes the issue?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to sk

‎12/25/2022 07:21 PM

We are using Non-SSL Connection.

0 Kudos

sk
All-Star
All-Star

‎12/21/2022 01:32 PM

@Sanket : If I understood your issue you have couple of Enterprise roles which gives access to certain AD entitlements from same endpoint. Out of which one of the enterprise role is failing to provision AD entitlement which was reported but rest other enterprise roles are working as expected is that correct understanding? 

If so then can you check the status of the reported entitlement in Saviynt? Make sure that is Active vs Inactive. Also can you confirm that entitlement do exist on target?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to sk

‎12/21/2022 06:18 PM - edited ‎12/21/2022 06:21 PM

Hi SK,

Thanks for replying!

Yes, you have understood the issue correctly.

Status of reported entitlement in Saviynt is already ACTIVE and it does exists on target as well.

Thanks!

Sanket Bhandhari

0 Kudos

jdoma
Regular Contributor
Regular Contributor

‎01/15/2023 10:12 PM

We are connecting to AD using port 636 but we have not installed any AD related SSL certificate in Saviynt but able to connect. I hope, that indicates we are using SSL connection as we are communicating through 636.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to jdoma

‎01/16/2023 04:30 AM

If your provisioning works then there should not be any issues


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

jdoma
Regular Contributor
Regular Contributor

‎01/16/2023 02:58 PM

Thanks Rushikesh, the problem here is  the same group is working for one user out of 10 users. We tried to compare the attributes between the success and failure users but could not find any, still getting the attribute conversion error and tried to capture logs at AD side but not much information., attaching the logs for review.

Preview file
777 KB
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to jdoma

‎01/17/2023 09:14 PM

Does this group exists ?

addmap :: [groups:CN=D-SAMEER KUMARA911,OU=Users,OU=CORPVIC1006,OU=CORP,OU=TestHSP,DC=AU,DC=AD,DC=HSP,]\n","stream":"stdout","time":"2023-01-16T05:17:40.610695324Z"}"

 

Share log for working user


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎01/17/2023 09:58 PM

Logs for working user.

Preview file
2559 KB
0 Kudos

jdoma
Regular Contributor
Regular Contributor

‎01/17/2023 09:31 PM

This is the user on which we tried to provision group.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to jdoma

‎01/17/2023 09:50 PM

User active in saviynt ? Lockedstatus ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sanket
New Contributor II
New Contributor II
In response to rushikeshvartak

‎01/17/2023 10:00 PM

Users are active in Saviynt.

0 Kudos

jdoma
Regular Contributor
Regular Contributor
In response to Sanket

‎01/23/2023 02:42 PM

What attributes usually passed from Saviynt to AD during AD group provisioning. As per AD APIs, we need to pass sAMAccountName to add a group at AD end.

0 Kudos
Copyright © 2024 Khoros, LLC