Leveraging Intelligent Recommendations for Operational Transformation. AMS Partners click HERE | EMEA/APJ Partners click HERE |
11/19/2023 11:25 PM
Hi team,
I have a requirement where in I want to give capability to service account owner/admins to extend validity of service account. I tried creating dynamic attribute of type date and used below jsons to pass date in accountexpires attribute in AD however it doesn't seems to work and throws error.
Can you please suggest right way to pass date from dynamic attribute to update account json to change date in AD.
json used:
"accountExpires": "${requestAccessAttributes.get("Extend_Validity").toInstant()?.toEpochMilli() - (-11644494808000 * 10000)}"
error: "No such property: requestAccessAttributes for class: SimpleTemplateScript4210"
Json:
"accountExpires": "${if(requestAccessAttributes.get("Extend_Validity") != null){10000*(requestAccessAttributes.get("Extend_Validity").getTime() + 11644473600000)} else {'0'}}"
Error:
[LDAP: error code 53 - 00002077: SvcErr: DSID-031903D2, problem 5003 (WILL_NOT_PERFORM), data 0 ]
Thanks,
Reshma
Solved! Go to Solution.
11/21/2023 09:49 AM
Hi @reshma_sonawane ,
Greetings.
LDPA error code 53 is thrown when you're trying to perform an operation over a connection that is non SSL.
However, please refer to the below document which provides more information on usage of 'requestAccessAttributes' while calling binding variables.
Thanks,
11/22/2023 12:47 AM
Thanks for your reply. We are using SSL connection for AD.
After checking some other references, I understand dynamic attributes can be directly used in json without use of requestAccessAttributes. Now with below json, i am getting error
"No signature of method: java.lang.String.getTime() is applicable for argument types: () values: [] "
json:
"accountExpires": "${if(Extend_Validity != null){10000*(Extend_Validity.getTime() + 11644473600000)} else {'0'}}"
Dynamic attribute type is set as Date
Any pointers on this?
11/27/2023 12:51 AM
Hi,
I am able to achieve this using below json:
"accountExpires": "${if(!ServiceAccountOwnerMap!=null && ServiceAccountOwnerMap != 'null' && ServiceAccountOwnerMap != '' && !ServiceAccountOwnerMap.isEmpty() && ServiceAccountOwnerMap.ServiceAccountType.equals('SERVICE ACCOUNT')) {10000*(Date.parse('dd-MMM-yyyy',Extend_Validity).getTime() + 11644473600000)} else {''}}",