Originally posted on March 16 2022 at 14:25 UTCHi Everyone,
I am trying to configure a new connection to provision admin accounts via birthright assignment( Secondary one in addition to regular primary AD account which is already getting provisioned fine).
I seem to be getting stuck in Accountrename rule.Configurations for primary AD accounts were already set up and are already getting Provisioned fine.
I went through couple of questions posted in forum here and still seem to get stuck.
Could you please check and do the needful?
Here is my sample Create Account JSON
"sAMAccountName": "${user.username.toLowerCase()+'-Admin'}",
"displayName": "${user.lastname.toLowerCase()+'-Admin'},${user.preferedFirstName}",
"userPrincipalName": "${user.username.toLowerCase()+'-Admin'}@XYZ.org",
"name": "${user.lastname.toLowerCase()+'-Admin'},${user.preferedFirstName}",
"cn": "${user.username+'-Admin'}",
"sn": "${user.lastname.toLowerCase()+'-Admin'}",
"pwdLastSet": "0"
USER_ATTRIBUTE also has DN mapped to one of CP
We have the ACCOUNT_ATTRIBUTE with the below entry.
ACCOUNTID::distinguishedName#String,
I am trying to configure the ACCOUNTNAMERULE and tried with few combinations in using backslash to escape comma and space between last name and firstname. I have pasted two different messages observed in pending tasks/debug logs
It seem to not accept the DN
1) CN=${user?.lastname+'-Admin'}\\\,\ ${user?.firstname},OU=XXXX,OU=XXXX,OU=SystemUsers,DC=XXXX,DC=XXXX,DC=local
2)
CN=${user?.lastname}-Admin\\, ${user?.firstname},OU=XXXX,OU=XXXX,OU=SystemUsers,DC=XXXX,DC=XXXX,DC=local
3) CN=${user?.lastname+'-Admin'}\\\,\ ${user?.firstname},OU=XXXX,OU=XXXX,OU=SystemUsers,DC=XXXX,DC=XXXX,DC=local
I can see the user's primary account getting provisioned to this
CN=Testuser32\, Namedadmin32,OU=XXX,OU=XXX,OU=SystemUsers,DC=XXX,DC=XXX,DC=local
Debug Logs
at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:111)
at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:74)
at javax.naming.ldap.LdapName.parse(LdapName.java:785)
at javax.naming.ldap.LdapName.<init>(LdapName.java:123)
at com.saviynt.ldap.SaviyntGroovyLdapService.escapeLDAPSpecialChars(SaviyntGroovyLdapService.groovy:6924)
at com.saviynt.ldap.SaviyntGroovyLdapService$_createAccountGLDAP_closure3_closure103.doCall(SaviyntGroovyLdapService.groovy:491)
at com.saviynt.ldap.SaviyntGroovyLdapService$_createAccountGLDAP_closure3.doCall(SaviyntGroovyLdapService.groovy:486)
at com.saviynt.ldap.SaviyntGroovyLdapService.createAccountGLDAP(SaviyntGroovyLdapService.groovy:259)
at com.saviynt.ecm.services.ArsTaskService.createAccountTarget(ArsTaskService.groovy:10422)
at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsThreeNewAccountAccess_closure46.doCall(ArsTaskHelperService.groovy:2883)
at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsThreeNewAccountAccess(ArsTaskHelperService.groovy:2874)
at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:160)
at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:145)
at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:221)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)
2022-03-16/13:35:03.222 [{{trace.id,b6510bab7643dd4806b531ba675ecf95}{transaction.id,a1092bc410309272}}] [quartzScheduler_Worker-2] DEBUG ldap.SaviyntGroovyLdapService - modifieddn = CN=Testuser32-Admin\\, Namedadmin32,OU=XXXX,OU=XXXX,OU=SystemUsers,DC=XXXX,DC=XXXX,DC=local
2022-03-16/13:35:03.830 [{{error.id,a2cce1df34b0442ad6ee970682bbd821}{trace.id,b6510bab7643dd4806b531ba675ecf95}{transaction.id,a1092bc410309272}}] [quartzScheduler_Worker-2] ERROR ldap.SaviyntGroovyLdapService - Error while creating account ntestu61 in AD - Invalid name: CN=Testuser32-Admin\\, Namedadmin32,OU=XXXX,OU=XXXX,OU=SystemUsers,DC=XXXX,DC=XXXX,DC=local
javax.naming.InvalidNameException: Invalid name: CN=Testuser32-Admin\\, Namedadmin32,OU=XXXX,OU=XXXX,OU=SystemUsers,DC=XXXX,DC=XXXX,DC=local
at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:111)
at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:74)
at javax.naming.ldap.LdapName.parse(LdapName.java:785)
at javax.naming.ldap.LdapName.<init>(LdapName.java:123)
at com.saviynt.ldap.SaviyntGroovyLdapService$_createAccountGLDAP_closure3.doCall(SaviyntGroovyLdapService.groovy:546)
at com.saviynt.ldap.SaviyntGroovyLdapService.createAccountGLDAP(SaviyntGroovyLdapService.groovy:259)
at com.saviynt.ecm.services.ArsTaskService.createAccountTarget(ArsTaskService.groovy:10422)
at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsThreeNewAccountAccess_closure46.doCall(ArsTaskHelperService.groovy:2883)
at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsThreeNewAccountAccess(ArsTaskHelperService.groovy:2874)
at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:160)
at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:145)
at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:221)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
Error while creating account in AD - Failed to parse template script (your template may contain an error or be trying to use expressions not currently supported): startup failed: SimpleTemplateScript1768.groovy: 1: unexpected char: '\' @ line 1, column 45. N=${user?.lastname+'-Admin'}\\\,\ ${user ^ 1 error Error while creating account in AD - Failed to parse template script (your template may contain an error or be trying to use expressions not currently supported): startup failed: SimpleTemplateScript1770.groovy: 1: unexpected char: '\' @ line 1, column 45. N=${user?.lastname+'-Admin'}\\\,\ ${user ^ 1 error Error while creating account in AD - Failed to parse template script (your template may contain an error or be trying to use expressions not currently supported): startup failed: SimpleTemplateScript1772.groovy: 1: unexpected char: '\' @ line 1, column 45. N=${user?.lastname+'-Admin'}\\\,\ ${user ^ 1 error
Thanks
Shyam
This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
