Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extend Service account validity using dynamic attributes

Go to solution
reshma_sonawane
New Contributor III
New Contributor III

‎11/19/2023 11:25 PM

Hi team,

I have a requirement where in I want to give capability to service account owner/admins to extend validity of service account. I tried creating dynamic attribute of type date and used below jsons to pass date in accountexpires attribute in AD however it doesn't seems to work and throws error.

Can you please suggest right way to pass date from dynamic attribute to update account json to change date in AD.

json used:

"accountExpires": "${requestAccessAttributes.get("Extend_Validity").toInstant()?.toEpochMilli() - (-11644494808000 * 10000)}"

error: "No such property: requestAccessAttributes for class: SimpleTemplateScript4210"

 

Json:

"accountExpires": "${if(requestAccessAttributes.get("Extend_Validity") != null){10000*(requestAccessAttributes.get("Extend_Validity").getTime() + 11644473600000)} else {'0'}}"

Error:

 [LDAP: error code 53 - 00002077: SvcErr: DSID-031903D2, problem 5003 (WILL_NOT_PERFORM), data 0 ]

 

Thanks,

Reshma

 

Labels:
0 Kudos
3 REPLIES 3

Go to solution
pruthvi_t
Saviynt Employee
Saviynt Employee

‎11/21/2023 09:49 AM

Hi @reshma_sonawane ,

Greetings.

LDPA error code 53 is thrown when you're trying to perform an operation over a connection that is non SSL. 

However, please refer to the below document which provides more information on usage of 'requestAccessAttributes' while calling binding variables.

https://docs.saviyntcloud.com/bundle/REST-v23x/page/Content/Configuring-the-Integration-for-Provisio...

Thanks,


Regards,
Pruthvi
0 Kudos

Go to solution
reshma_sonawane
New Contributor III
New Contributor III

‎11/22/2023 12:47 AM

Thanks for your reply. We are using SSL connection for AD.

After checking some other references, I understand dynamic attributes can be directly used in json without use of requestAccessAttributes. Now with below json, i am getting error

"No signature of method: java.lang.String.getTime() is applicable for argument types: () values: [] "

json:

"accountExpires": "${if(Extend_Validity != null){10000*(Extend_Validity.getTime() + 11644473600000)} else {'0'}}"

 

Dynamic attribute type is set as Date 

reshma_sonawane_0-1700642843339.png

Any pointers on this?

0 Kudos

Go to solution
reshma_sonawane
New Contributor III
New Contributor III

‎11/27/2023 12:51 AM

Hi,

I am able to achieve this using below json:

"accountExpires": "${if(!ServiceAccountOwnerMap!=null && ServiceAccountOwnerMap != 'null' && ServiceAccountOwnerMap != '' && !ServiceAccountOwnerMap.isEmpty() && ServiceAccountOwnerMap.ServiceAccountType.equals('SERVICE ACCOUNT')) {10000*(Date.parse('dd-MMM-yyyy',Extend_Validity).getTime() + 11644473600000)} else {''}}",

Copyright © 2024 Khoros, LLC