Saviynt Forums

Hi @pmahalle 

Thanks for your respose.

I have created it, please can you verify it is correct or not.

CN=${user.lastname}\\,${user.firstname} + ${if(requestAccessAttributes.get('accountype')=='Developer'){'(Developer)'},OU=Developer Accounts,OU=User Accounts,OU=Secured Resources,OU=Savyint-Dev,DC=datacenter,DC=radiangroupinc,DC=net else if(requestAccessAttributes.get('accountype')=='Super User'){'(Super User)'}},OU=Super User Account,OU=User Accounts,OU=Secured Resources,OU=Savyint-Dev,DC=datacenter,DC=radiangroupinc,DC=net

Hi @pmahalle 

I tried with this below json in account name rule.

but getting the error.

CN=${user.lastname}\\,${user.firstname} + ${if(requestAccessAttributes.get('accountype')=='Developer'){'(Developer),OU=Developer Accounts,OU=User Accounts,OU=Secured Resources,OU=Savyint-Dev,DC=datacenter,DC=radiangroupinc,DC=net'} else ${if(requestAccessAttributes.get('accountype')=='Super User'){'(Super User),OU=Super User Account,OU=User Accounts,OU=Secured Resources,OU=Savyint-Dev,DC=datacenter,DC=radiangroupinc,DC=net'}}}

Error while creating account in AD - No such property: requestAccessAttributes for class: SimpleTemplateScript6

Is there anything issue in the json.

Hi @AshirvadhN ,

Referencing dynamic attributes on the AD connection json's, can you simply use ${<dynamic attribute name>} and check? ${accountype}

Thanks,

Armaan

@AshirvadhN , As per the screenshot the name of the dynamic attribute is privaccount and not accountype. Let me know if this understanding is correct?

Sorry the dynamic attribute name is privaccount

Hi @AshirvadhN ,

Can you try below one in ACCOUNT NAME RULE

CN=${user.lastname}\\,${user.firstname},${if(privaccount.equals('Developer')){'(Developer),OU=Developer Accounts'} else if(privaccount.equals('Super User')){'(Super User),OU=Super User Account'}},OU=User Accounts,OU=Secured Resources,OU=Savyint-Dev,DC=datacenter,DC=radiangroupinc,DC=net

Hi @pmahalle 

Nope it didn't worked for me

It is showing null in dynamic attribute selection filed please find the highlighted field.

Checking DN for CN=test10\,Simeio,null,OU=User Accounts,OU=Secured Resources,OU=Savyint-Dev,DC=datacenter,DC=radiangroupinc,DC=net.Error while searching for DN-CN=test10\,Simeio,null,OU=User Accounts,OU=Secured Resources,OU=Savyint-Dev,DC=datacenter,DC=radiangroupinc,DC=net: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090B26, comment: Error processing name, data 0, v4563] SAV-Error while creating account,Could not find a unique DN to provision

@AshirvadhN 

Seems like you are selecting "Developer Account" in dynamic attribute and not Developer. I mentioned only Developer in if condition. Did you change it in you json. If not try below:

CN=${user.lastname}\\,${user.firstname},${if(privaccount.equals('Developer Account')){'(Developer),OU=Developer Accounts'} else if(privaccount.equals('Super User')){'(Super User),OU=Super User Account'}},OU=User Accounts,OU=Secured Resources,OU=Savyint-Dev,DC=datacenter,DC=radiangroupinc,DC=net

@AshirvadhN ,

So now No such property issue is resolved, right?

Seems like account with DN CN=test10\,Simeio,(Developer),OU=Developer Accounts,OU=User Accounts,OU=Secured Resources,OU=Savyint-Dev,DC=datacenter,DC=radiangroupinc,DC=net is already present in Active directory.

In that case you need to write few more rule separated by ### in Account Name Rule as per requirement. So that if DN is present next rule will be picked up and new DN will be generated.

@AshirvadhN 

Make sure "OU=Developer Accounts,OU=User Accounts,OU=Secured Resources,OU=Savyint-Dev,DC=datacenter,DC=radiangroupinc,DC=net" is present in target AD.