Saviynt Forums

Abdul_Gaffar · ‎06/09/2023

Hi ,

We have a successful AD connection for the application. However, while running the account import for the same the error is received as follows

ERROR services.AdImportService - Got Exception while performing ctx.search: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'DC=Name,DC=ORGNAME,DC=com'

please suggest what shall be the remediation for the same

Regards,

Abdul Gaffar

dgandhi · ‎06/09/2023

This seems to be an issue in the search filter, is the account that you are trying to import part of the search filter that you have given?

Thanks,
Devang Gandhi
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

vivekmohanty_pm · ‎06/11/2023

Please share your LDAP OBJECFILTER and SEARCHFILTER

Abdul_Gaffar · ‎06/12/2023

Hi @dgandhi

@vivekmohanty_pm

We are facing the error while doing the account import and following are values for the same:

search filter: DC=abcd,DC=wxyz,DC=com

object filters: (!(userAccountControl:1.2.840.113556.1.4.803:=2)) AND ((INSTR(distinguishedName,'OU=Tier 2',1,1) > 0 AND ((INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=Asia,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=Europe,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=South America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=Asia,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=Europe,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=South America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 ))) OR (INSTR(distinguishedName,'OU=Tier 2',1,1) > 0 AND INSTR(UPPER(AdminDescription),'MIGRATED-PRIMARY-abcd',1,1) > 0)) AND INSTR(upper(parentdn),'OU=PA ACCOUNTS',1,1)=0 AND INSTR(upper(memberOf),'WTS-SA-NON-TRACKED',1,1)=0 AND IIF(ISNULL(extensionAttribute8),'$$',LOWER(extensionAttribute8))<>'blended' AND INSTR(distinguishedName,'OU=Service Accounts,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=Asia,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Mailboxes,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Shared Mailboxes,OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Service Accounts,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Mailboxes,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=Europe,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Orion Blended Users Mailbox,OU=Orion Blended Users,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Shared Mailboxes,OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0

Regards,

Abdul gaffar

rushikeshvartak · ‎06/12/2023

AdminDescription is string or column

Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.

Abdul_Gaffar · ‎06/12/2023

Hi @rushikeshvartak

I did not get you where in admin description

Regards,

Abdul gaffar

rushikeshvartak · ‎06/12/2023

(INSTR(distinguishedName,'OU=Tier 2',1,1) > 0 AND INSTR(UPPER(AdminDescription),'MIGRATED-PRIMARY-abcd',1,1) > 0)) A

Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.

vivekmohanty_pm · ‎06/12/2023

The AD connection parameter OBJECTFILTER only accepts valid LDAP filters(https://ldap.com/ldap-filters/).

It seems you are using database methods in the OBJECTFILTER, which is not supported.

Saviynt Forums

LDAP invalid search filter exception