Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Hashmap Error in LDAP Connector - Version 2021

ssudhakar
New Contributor III
New Contributor III

Hi Team,

We are trying to use hashmap in LDAP Conector Update Account JSON and we are getting below error while provisioning the task in Version 2021.

Error while Update operation for account-EURIEHWANG in AD - Template contains string which are not allowed \bnew\s+[a-zA-Z0-9_.]{1,}\s*\(

Simple JSON we tried given below

${
Map map1 = new HashMap();
map1.put("title",user.customproperty9);
jsonBuilder = new groovy.json.JsonBuilder(map1);
return jsonBuilder.toString();
}

Can you please help, if we are missing something with JSON here.

Same hashmap syntax worked in earlier saviynt version

Regards,
Sudhin Sudhakar

7 REPLIES 7

sahajranajee
Saviynt Employee
Saviynt Employee

Hello,

As a part of stronger security framework for the application, you can no longer initialize objects, ie. using 'new' keyword to initialize a hashmap, list etc.

You would need to use the usual mapping format and use conditional logic via ternary operators or if-else.

 


Regards,
Sahaj Ranajee
Sr. Product Specialist

Is this documented as part of product documentation? 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ssudhakar
New Contributor III
New Contributor III

Thanks Sahaj for the details.

For if else conditions we really need to specify else condition to maintain the target attribute.

We have scenario where we want to set LDAP attribute(multivalued) only when condition matches other wise we want to let the system continue with the existing value in target attribute, no value push should happen basically for else as it would fail to provision it due to duplicate value conflict.

when we tried if else if statement without else , it cleared out target attribute value as none of the condition matched, how we can achieve the above mentioned scenario using if else or what are the alternatives with V2021.

Regards,
Sudhin Sudhakar

 

sahajranajee
Saviynt Employee
Saviynt Employee

Hi Sudhin,

If you are able to use if-else to figure out whether the attribute should be provisioned or not, you can set an empty string like '' on the non matching condition and set SUPPORTEMPTYSTRING as FALSE on the connector. 
This should then skip the attribute provisioning when it does not match the provisioning logic.

 


Regards,
Sahaj Ranajee
Sr. Product Specialist

ssudhakar
New Contributor III
New Contributor III

Hi Sahaj,

We cannot apply that Connector level setting to ignore pushing  null or ''  while provisioning as we have some logic for emptying certain fields.

we are looking up for something specific for individual attributes.

Regards,
Sudhin Sudhakar

Hi Sudhin,

Were you able to find a solution for this?
We are kind of trying to achieve the same behavior to AD for a different attribute.

Regards,

Bharadwaj

avinashchhetri
Saviynt Employee
Saviynt Employee

Sudhin,

What exactly are you trying to do with a Hashmap ? All I see is that your updating CP9 to the title. Where is the logic that you've said to check and validate to ensure the target mappings are not lost ?

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri