Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Error while creating Account in LDAP [LDAP: error code 65 - Object Class Violation]

BalajiEpari
New Contributor III
New Contributor III

Hi Team,

 

We are integrating LDAP application, getting object violation issue while creating account. PFB error details, CREATEACCOUNTJSON. 

Error:

"ecm-worker","2023-07-20T08:01:58.995+00:00","{"log":"2023-07-20 08:01:58,078 [quartzScheduler_Worker-8] ERROR ldap.SaviyntGroovyLdapService - Error while creating account in AD - [LDAP: error code 65 - Object Class Violation]\n","stream":"stdout","time":"2023-07-20T08:01:58.078420375Z"}"
"ecm-worker","2023-07-20T08:01:58.995+00:00","{"log":"javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Object Class Violation]; remaining name 'principalName=Test1,cn=Users,secAuthority=Default'\n","stream":"stdout","time":"2023-07-20T08:01:58.078449063Z"}"

 

CREATEACCOUNTJSON:

{
"objectClass": ["secUser","eUser","cimManagedElement","top"],
"principalName": "${user.username}",
"secDN": "uid=${user.username},ou=External,ou=People,ou=AHM,o=NA,DC=XXXXX,DC=COM",
"secAuthority": "Default",
"secLoginType": "Default:LDAP"
}

 

Sample Account in target:

# TestUser, Users, Default

dn: principalName=TestUser,cn=Users,secAuthority=Default

secLoginType: Default:LDAP

secDomainId: Default%TestUser

secPwdValid: TRUE

principalName: TestUser

objectClass: secUser

objectClass: eUser

objectClass: cimManagedElement

objectClass: top

secAcctValid: TRUE

secDN: uid=TestUser,ou=External,ou=People,ou=AHM,o=NA,DC=XXXXX,DC=COM

secHasPolicy: FALSE

secUUID: XXXXXXXXXX

secAuthority: Default

secPwdLastChanged: 20220113220908.0Z

 

 

4 REPLIES 4

armaanzahir
Valued Contributor
Valued Contributor

Hi @BalajiEpari ,

When creating entries within LDAP, there are Attributes which are a MUST (required) for the ObjectClasses used when creating the entry. 

You've defined the object class secUser and there are some sec related attributes in your sample user which you have not defined in your creation logic.

You can check the schema of the ldap and the object class definitions on the target and design your creation logic accordingly.

Thanks,

Armaan

Regards,
Md Armaan Zahir

Hi @armaanzahir ,

I checked the object class definitions. only 2 attributes (secAuthority, secLoginType) are Required and remaining all are optional. So, I have tested with these 2 attributes. Still same issue.

Regards,

Balaji E

 

I had tried with passing remaining attributes as well still getting same ObjectClass Violation issue.

Is there any other possibility for getting this issue.

 

Issue is with SETRANDOMPASSWORD attribute. Once its sets it starts working