Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error provisionning in AD LDAP: error code 19 - 000020B5

Go to solution
user228
New Contributor
New Contributor

‎03/07/2024 12:37 AM - edited ‎03/07/2024 02:39 AM

We try to provision in AD but received the following error:

Error while creating account in AD - [LDAP: error code 19 - 000020B5: AtrErr: DSID-03153438, #2: 0: 000020B5: DSID-03153438, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager) 1: 00002082: DSID-03151F1C, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 6 (c):len 974 ]

but why?

{
"givenName": "${user?.firstname}",
"sn": "${user.lastname}",
"displayname": "${user.displayname}",
"sAMAccountName": "${task.accountName}",
"UnicodePwd": "Randompassword1",
"manager": "${managerAccount!=null ? managerAccount.accountID: ''}",
"name": "${user?.username}",
"physicalDeliveryOfficeName": "${user?.location}",
"info": "${user.comments}",
"CostCenter": "${user?.costcenter}",
"EmployeeHierarchy": "${user?.customproperty1}",
"Status": "${user?.customproperty6}",
"country": "${if (user?.customproperty20.endsWith('54') && user.employeeId.startsWith('89')) {'IT'}else if (user.customproperty20.endsWith('89') && user.employeeId.startsWith('503')) {'FI'}else if (user.customproperty20.endsWith('54')) {'LT'}else if (user.customproperty20.endsWith('PRY')) {'FR'}else if (user.customproperty20.endsWith('56')) {'LV'}else if (user.customproperty20.endsWith('345')) {'PT'}else if (user.customproperty20.endsWith('245')) {'ES'}else if (user.customproperty20.endsWith('678')) {'BG'}}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"userAccountControl": 512
}

Labels:
0 Kudos
9 REPLIES 9

Go to solution
naveenss
All-Star
All-Star

‎03/07/2024 12:41 AM

Hi @user228 ,

Can you please share what is the value in manager's accountID?

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

Go to solution
user228
New Contributor
New Contributor
In response to naveenss

‎03/07/2024 12:43 AM

the user name of the manager, but the thing is, even if we remove the manager from the list, we receive the following error., smth might be with syntax here:

 

"country": "${if (user?.customproperty20.endsWith('54') && user.employeeId.startsWith('89')) {'IT'}else if (user.customproperty20.endsWith('89') && user.employeeId.startsWith('503')) {'FI'}else if (user.customproperty20.endsWith('54')) {'LT'}else if (user.customproperty20.endsWith('PRY')) {'FR'}else if (user.customproperty20.endsWith('56')) {'LV'}else if (user.customproperty20.endsWith('345')) {'PT'}else if (user.customproperty20.endsWith('245')) {'ES'}else if (user.customproperty20.endsWith('678')) {'BG'}}",

 

0 Kudos

Go to solution
naveenss
All-Star
All-Star
In response to user228

‎03/07/2024 12:46 AM

@user228  to set the manager attribute in AD, you should pass the manager's full DN.

Regarding the above if/else for country, change user.employeeId to user.employeeid

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

Go to solution
AmitM
Valued Contributor
Valued Contributor
In response to user228

‎03/07/2024 12:49 AM

manager account ID should not be the username. Mostly it is manager AD GUID.

If you hard code country , does it (create account) work?

0 Kudos

Go to solution
user228
New Contributor
New Contributor
In response to AmitM

‎03/07/2024 12:53 AM

yes, it has nothing to do with manager, without country attribute with manager or without, everything works perfectly

0 Kudos

Go to solution
CR
Regular Contributor III
Regular Contributor III

‎03/07/2024 02:38 AM - last edited on ‎03/07/2024 03:10 AM by Community Manager

@user228  can you try below please

{
"givenName": "${user?.firstname}",
"sn": "${user.lastname}",
"displayname": "${user.displayname}",
"sAMAccountName": "${task.accountName}",
"UnicodePwd": "Randompassword1",
"manager": "${managerAccount!=null ? managerAccount.accountID: ''}",
"name": "${user?.username}",
"physicalDeliveryOfficeName": "${user?.location}",
"info": "${user.comments}",
"CostCenter": "${user?.costcenter}",
"EmployeeHierarchy": "${user?.customproperty1}",
"Status": "${user?.customproperty6}",
"country": "${if (user.employeeId!=null) && (user.customproperty20!='') && (user.customproperty20!= null) && user.customproperty20.endsWith('54') && user.employeeId.startsWith('89')) {'IT'}else if (user.customproperty20.endsWith('89') && user.employeeId.startsWith('503')) {'FI'}else if (user.customproperty20.endsWith('54')) {'LT'}else if (user.customproperty20.endsWith('PRY')) {'FR'}else if (user.customproperty20.endsWith('56')) {'LV'}else if (user.customproperty20.endsWith('345')) {'PT'}else if (user.customproperty20.endsWith('245')) {'ES'}else if (user.customproperty20.endsWith('678')) {'BG'}}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"userAccountControl": 512
}


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎03/07/2024 08:33 PM - edited ‎03/07/2024 08:34 PM

@user228 I believe there could be issue with 2 attributes :

"manager": "${ if (managerAccount == null || managerAccount?.accountID == null || managerAccount?.accountID == '' ){''} else {managerAccount?.accountID} }"

Other could be with country

can you use below instead of country attribute

sample

"c": "${user.customproperty10!=null?user.customproperty10:''}", 

 

country and countrycode attributes in AD - Microsoft Q&A

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
Aparna
New Contributor III
New Contributor III

‎03/13/2024 11:06 PM

@Manu269 Facing similar issue for just 1 user checked the UPN its unique and no other mapping with the UPN in target .

LDAP: error code 19 - 000021C8: AtrErr: DSID-03200E96, #1: 0: 000021C8: DSID-03200E96, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90290 (userPrincipalName) ]

0 Kudos

Go to solution
user228
New Contributor
New Contributor
In response to Aparna

‎03/14/2024 05:38 AM - edited ‎03/14/2024 05:38 AM

in my case, the problem was in completely other attributes, so I recommend you to check other attributes to see if the syntax there is correct. Because the logs are saying one thing and in realiaty the problem was in the other attribute...

0 Kudos
Copyright © 2024 Khoros, LLC