We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Getting LDAP error code 19 while user account creation

yogarajk
New Contributor III
New Contributor III

Hi Team,

We are trying to create user account to ADLDS with object class as inetOrgPerson, while creating new user account getting below error message. we are not passing any passwords to AD. we configured "SETRANDOMPASSWORD" as FALSE in connection.

Error: [LDAP: error code 19 - 0000052D: AtrErr: DSID-033808CA, #1: 0: 0000052D: DSID-033808CA, problem 1005 (CONSTRAINT_ATT_TYPE), data 2245, Att 9005a (unicodePwd) ]

Create account JSON:

{"objectclass": ["top", "person", "organizationalPerson", "user", "inetOrgPerson"],
"mail": "${user.email}",
"displayName": "${user.firstname} ${user.lastname}",
"comment": "active",
"msDS-UserAccountDisabled": "FALSE",
"co": "${user.country}",
"company": "${user.companyname}",
"employeeID": "${user.employeeid}",
"employeeType": "${user.employeeType}",
"uid": "${user.username}",
"givenName": "${user.firstname}",
"sn":"${user.lastname}",
"name":"${user.username}",
"departmentNumber":"${user.departmentNumber}",
"postalAddress":"${user.street} ${user.locationnumber} ${user.city} ${user.country}",
"postalCode":"${user.locationnumber}",
"street":"${user.street}",
"l":"${user.city}",
"st":"${user.state}",
"mobile":"${user.phonenumber}",
"costCentre":"${user.costcenter}",
"c": "${user.customproperty19}",
"employeeNumber": "${user.customproperty5}",
"telephoneNumber":"${user.customproperty9}",
"preferredLanguage":"${user.customproperty2}",
"facsimileTelephoneNumber":"${user.customproperty10}",
"title":"${user.title}",
"companyShortName":"${user.customproperty21}",
"physicalDeliveryOfficeName":"${user.location}",
"cn": "${user.username}",
"preferredFirstName": "${user.customproperty14}",
"globalOrganisation": "${user.customer.description}",
"globalOrganisationCode": "${user.orgunitid}",
"globalDepartmentName": "${user.customproperty4}",
"globalDepartment": "${user.customproperty3}",
"initials": "${user.customproperty13}",
"employmentEnd": "${user.enddate}"
}

Could you please let me how to fix this issue.

Thanks & Regards,

Yogaraj K

13 REPLIES 13

sk
All-Star
All-Star

Do you want to set the password while creation?

If so can you try to add below two parameters and see if that works

"accountExpires": "0",

"pwdLastSet": "0"


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

yogarajk
New Contributor III
New Contributor III

@sk No, we don't want to set password while creation of user account.

Okay then try to include two parameters I suggested. Also rushikesh identified one AD parameter(streetAddress) which is wrongly used please correct that as well.


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

yogarajk
New Contributor III
New Contributor III

@sk Getting below error message after updated the suggested attributes "accountExpires": "0", "pwdLastSet": "0" 

Error: [LDAP: error code 19 - 0000209A: AtrErr: DSID-030509A6, #1: 0: 0000209A: DSID-030509A6, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90060 (pwdLastSet) ]

beacuse you are setting password 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

We don't want to set password.

ms-DS-User-Password-Not-Required = false


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Still getting this error [LDAP: error code 19 - 0000052D: AtrErr: DSID-033808CA, #1: 0: 0000052D: DSID-033808CA, problem 1005 (CONSTRAINT_ATT_TYPE), data 2245, Att 9005a (unicodePwd) ]

yogarajk
New Contributor III
New Contributor III

The issue has been resolved. Issue was with attribute, we have changed "msDS-UserAccountDisabled" to "IsDisable" custom attribute in AD.

rushikeshvartak
All-Star
All-Star

It should streetAddress instead of street


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@rushikeshvartak street attribute is existing in AD. so, I guess there is no issues with street attribute.

Oh nevermind you mentioned ADLDS so ignore about street attribute 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

"msDS-UserAccountDisabled": "false",


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.