and more in a single search tool across platforms. Read the announcement here. |
03/07/2024 12:37 AM - edited 03/07/2024 02:39 AM
We try to provision in AD but received the following error:
Error while creating account in AD - [LDAP: error code 19 - 000020B5: AtrErr: DSID-03153438, #2: 0: 000020B5: DSID-03153438, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager) 1: 00002082: DSID-03151F1C, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 6 (c):len 974 ]
but why?
{
"givenName": "${user?.firstname}",
"sn": "${user.lastname}",
"displayname": "${user.displayname}",
"sAMAccountName": "${task.accountName}",
"UnicodePwd": "Randompassword1",
"manager": "${managerAccount!=null ? managerAccount.accountID: ''}",
"name": "${user?.username}",
"physicalDeliveryOfficeName": "${user?.location}",
"info": "${user.comments}",
"CostCenter": "${user?.costcenter}",
"EmployeeHierarchy": "${user?.customproperty1}",
"Status": "${user?.customproperty6}",
"country": "${if (user?.customproperty20.endsWith('54') && user.employeeId.startsWith('89')) {'IT'}else if (user.customproperty20.endsWith('89') && user.employeeId.startsWith('503')) {'FI'}else if (user.customproperty20.endsWith('54')) {'LT'}else if (user.customproperty20.endsWith('PRY')) {'FR'}else if (user.customproperty20.endsWith('56')) {'LV'}else if (user.customproperty20.endsWith('345')) {'PT'}else if (user.customproperty20.endsWith('245')) {'ES'}else if (user.customproperty20.endsWith('678')) {'BG'}}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"userAccountControl": 512
}
Solved! Go to Solution.
03/07/2024 12:41 AM
Hi @user228 ,
Can you please share what is the value in manager's accountID?
03/07/2024 12:43 AM
the user name of the manager, but the thing is, even if we remove the manager from the list, we receive the following error., smth might be with syntax here:
"country": "${if (user?.customproperty20.endsWith('54') && user.employeeId.startsWith('89')) {'IT'}else if (user.customproperty20.endsWith('89') && user.employeeId.startsWith('503')) {'FI'}else if (user.customproperty20.endsWith('54')) {'LT'}else if (user.customproperty20.endsWith('PRY')) {'FR'}else if (user.customproperty20.endsWith('56')) {'LV'}else if (user.customproperty20.endsWith('345')) {'PT'}else if (user.customproperty20.endsWith('245')) {'ES'}else if (user.customproperty20.endsWith('678')) {'BG'}}",
03/07/2024 12:46 AM
@user228 to set the manager attribute in AD, you should pass the manager's full DN.
Regarding the above if/else for country, change user.employeeId to user.employeeid.
03/07/2024 12:49 AM
manager account ID should not be the username. Mostly it is manager AD GUID.
If you hard code country , does it (create account) work?
03/07/2024 12:53 AM
yes, it has nothing to do with manager, without country attribute with manager or without, everything works perfectly
03/07/2024 02:38 AM - last edited on 03/07/2024 03:10 AM by Sunil
@user228 can you try below please
{
"givenName": "${user?.firstname}",
"sn": "${user.lastname}",
"displayname": "${user.displayname}",
"sAMAccountName": "${task.accountName}",
"UnicodePwd": "Randompassword1",
"manager": "${managerAccount!=null ? managerAccount.accountID: ''}",
"name": "${user?.username}",
"physicalDeliveryOfficeName": "${user?.location}",
"info": "${user.comments}",
"CostCenter": "${user?.costcenter}",
"EmployeeHierarchy": "${user?.customproperty1}",
"Status": "${user?.customproperty6}",
"country": "${if (user.employeeId!=null) && (user.customproperty20!='') && (user.customproperty20!= null) && user.customproperty20.endsWith('54') && user.employeeId.startsWith('89')) {'IT'}else if (user.customproperty20.endsWith('89') && user.employeeId.startsWith('503')) {'FI'}else if (user.customproperty20.endsWith('54')) {'LT'}else if (user.customproperty20.endsWith('PRY')) {'FR'}else if (user.customproperty20.endsWith('56')) {'LV'}else if (user.customproperty20.endsWith('345')) {'PT'}else if (user.customproperty20.endsWith('245')) {'ES'}else if (user.customproperty20.endsWith('678')) {'BG'}}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"userAccountControl": 512
}
03/07/2024 08:33 PM - edited 03/07/2024 08:34 PM
@user228 I believe there could be issue with 2 attributes :
"manager": "${ if (managerAccount == null || managerAccount?.accountID == null || managerAccount?.accountID == '' ){''} else {managerAccount?.accountID} }"
Other could be with country
can you use below instead of country attribute
sample
"c": "${user.customproperty10!=null?user.customproperty10:''}",
country and countrycode attributes in AD - Microsoft Q&A
03/13/2024 11:06 PM
@Manu269 Facing similar issue for just 1 user checked the UPN its unique and no other mapping with the UPN in target .
LDAP: error code 19 - 000021C8: AtrErr: DSID-03200E96, #1: 0: 000021C8: DSID-03200E96, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90290 (userPrincipalName) ]
03/14/2024 05:38 AM - edited 03/14/2024 05:38 AM
in my case, the problem was in completely other attributes, so I recommend you to check other attributes to see if the syntax there is correct. Because the logs are saying one thing and in realiaty the problem was in the other attribute...