Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

LDAP invalid search filter exception

Abdul_Gaffar
New Contributor II
New Contributor II

Hi ,

We have a successful AD connection for the application. However, while running the account import for the same the error is received as follows

ERROR services.AdImportService - Got Exception while performing ctx.search: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'DC=Name,DC=ORGNAME,DC=com'

please suggest what shall be the remediation for the same

Regards,

Abdul Gaffar

7 REPLIES 7

dgandhi
All-Star
All-Star

This seems to be an issue in the search filter, is the account that you are trying to import part of the search filter that you have given?

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

vivekmohanty_pm
Saviynt Employee
Saviynt Employee

Please share your LDAP OBJECFILTER and SEARCHFILTER

Abdul_Gaffar
New Contributor II
New Contributor II

Hi @dgandhi

@vivekmohanty_pm 

We are facing the error while doing the account import and following are values for the same:

search filter: DC=abcd,DC=wxyz,DC=com

 

object filters: (!(userAccountControl:1.2.840.113556.1.4.803:=2)) AND ((INSTR(distinguishedName,'OU=Tier 2',1,1) > 0 AND ((INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=Asia,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=Europe,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=South America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=Asia,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=Europe,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=South America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 ))) OR (INSTR(distinguishedName,'OU=Tier 2',1,1) > 0 AND INSTR(UPPER(AdminDescription),'MIGRATED-PRIMARY-abcd',1,1) > 0)) AND INSTR(upper(parentdn),'OU=PA ACCOUNTS',1,1)=0 AND INSTR(upper(memberOf),'WTS-SA-NON-TRACKED',1,1)=0 AND IIF(ISNULL(extensionAttribute8),'$$',LOWER(extensionAttribute8))<>'blended' AND INSTR(distinguishedName,'OU=Service Accounts,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=Asia,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Mailboxes,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Shared Mailboxes,OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Service Accounts,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Mailboxes,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=Europe,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Orion Blended Users Mailbox,OU=Orion Blended Users,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Shared Mailboxes,OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0

 

Regards,

Abdul gaffar

AdminDescription is string or column


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Abdul_Gaffar
New Contributor II
New Contributor II

Hi @rushikeshvartak 

I did not get you where in admin description

Regards,

Abdul gaffar

(INSTR(distinguishedName,'OU=Tier 2',1,1) > 0 AND INSTR(UPPER(AdminDescription),'MIGRATED-PRIMARY-abcd',1,1) > 0)) A


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

vivekmohanty_pm
Saviynt Employee
Saviynt Employee

The AD connection parameter OBJECTFILTER only accepts valid LDAP filters(https://ldap.com/ldap-filters/).

It seems you are using database methods in the OBJECTFILTER, which is not supported.