Saviynt Forums

Suyash_Badnore1 · ‎07/31/2024

Hi Team,

When we are requesting for Enterprise role which has entitlements from 2 applications, none of the account exists for user. Our expectation is when a role is requested it should provision account and access via that activity itself.

The issue we are facing is when we request for role it creates new account task but while provisioning it's failing, and the application is Active Directory. We have cross validated the user attribute values for whom the provisioning for AD worked when the task was generated via Rules.

So, unable to understand the exact cause why this might be happening, if anyone of you have encountered the same issue or have any suggestions on this please?

PFB the log snippet:

Error while creating account in ADSI : { "status": "Failure", "failedObjects": [ { "id": "${user.customproperty30}", "status": "Failure", "message": "Failed to create object of given objectClasses", "messageCodes": "OBJ_ERR_00001", "errorDetails": "OBJ_ERR_00001 : -2147016654 : An invalid dn syntax has been specified. : 0000208F: NameErr: DSID-03100231, problem 2006 (BAD_NAME), data 8350, best match of:\n\t'${user.customproperty30}'\n" } ], "connectionString": "LDAP://root.sil:636" }

Regards,

Suyash

NM · ‎07/31/2024

Hi @Suyash_Badnore1 ,

Is user customproperty30 blank?

Which object class are you using while trying to create account?

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

pmahalle · ‎07/31/2024

@Suyash_Badnore1 ,

Share your create account json.

Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

Suyash_Badnore1 · ‎07/31/2024

Hi @pmahalle ,

Thanks for your reply. Yes, we have customproperty30 populated for the user attribute value and following is the object class we are using :- "objectClasses": ["user", "top", "person", "organizationalPerson"]

Please let me know anything is required to be changed/modified in the JSON or any other config.

NM · ‎07/31/2024

Share create account json

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Suyash_Badnore1 · ‎07/31/2024

Hi @NM @pmahalle ,

PFA the Create Account JSON. We're using 'User' object it seems.

rushikeshvartak · ‎07/31/2024

The error OBJ_ERR_00001 : -2147016656 : There is no such object on the server. : 0000208D: indicates that the Active Directory (AD) object you're trying to interact with does not exist on the server. This commonly occurs when the distinguished name (DN) provided for the object is incorrect or the object has been moved or deleted.

Verify Distinguished Name (DN)
Check for Object Existence
Check OU/Container Existence

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Suyash_Badnore1 · ‎07/31/2024

Hi @rushikeshvartak ,

Thanks for your reply!

With the same connection configurations when we are trying to provision new account task which is generated through technical rule, it's provisioning successfully without any error.

That's where I was looking for any specific configuration or change is required in case of Enterprise role, if you could suggest anything on this please?

Regards,

Suyash

rushikeshvartak · ‎07/31/2024

It seems some attributes are not getting evaluated

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Error while provisioning new account when requested access via Enterprise Role