12/16/2022 12:09 PM
Hello,
I'm getting the below error when trying to create a service account in AD.
NoSuchAttributeException [LDAP:ERROR CODE 16 - 00000057 ]
Below is my createaccountjson. Creating a regular account works, wondering if there are any attributes that cannot be modified or included for creating service accounts.
{
"samaccountname": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task?.accountName : user?.username}",
"displayName": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task.accountName : user?.displayname}",
"mail": "${user?.email}",
"employeeid": "${user?.employeeid}",
"CannotChangePassword": "",
"l": "${user?.city}",
"scriptPath": "default.bat",
"givenName": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task?.accountName : user?.firstname}",
"sn": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task?.accountName : user?.lastname}",
"objectclass": [
"top",
"person",
"organizationalPerson",
"user"
],
"userPrincipalName": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task?.accountName : user?.systemUserName}@domain.com",
"company": "CN",
"description": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task.accountName : user?.displayname}",
"pwdLastSet": "0",
"department": "${user?.departmentname}",
"title": "${user?.title}",
"homePhone": "${user?.phonenumber}",
"streetAdress": "${user?.street}",
"st": "${user?.street}",
"postalcode": "${user?.regioncode}",
"extensionAttribute1": "${user?.customproperty14}",
"extensionAttribute2": "${user?.customproperty15}",
"exofficelocation": "${user?.location}",
"pager": "${user?.customproperty61}",
"userPassword": " ${randomPassword}",
"accountExpires": "0",
"userAccountControl": "66048",
"manager": "${managerAccount?.accountID}"
}
Solved! Go to Solution.
12/16/2022 12:15 PM - edited 12/17/2022 07:57 AM
Title: "LDAP error 16 - No such attribute" occurs when removing TITLE attribute of AD account
Change case of sAMAccountName
12/16/2022 02:01 PM
Try to change manager mapping as below and see it that works
"manager": "${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {} else {managerAccount==null?null:managerAccount.accountID}}"
Also I see some if the fields you didn't check if account is service account or not directly passing user attributes(which in service account request case it would be requestor details) like, manager, title, departement etc. Are you expecting to pass requestor details for those attributes if not then do service account check for all attributes.