Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/09/2023 06:43 AM
Hi ,
We have a successful AD connection for the application. However, while running the account import for the same the error is received as follows
ERROR services.AdImportService - Got Exception while performing ctx.search: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'DC=Name,DC=ORGNAME,DC=com'
please suggest what shall be the remediation for the same
Regards,
Abdul Gaffar
06/09/2023 01:27 PM
This seems to be an issue in the search filter, is the account that you are trying to import part of the search filter that you have given?
Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
06/11/2023 10:04 PM
Please share your LDAP OBJECFILTER and SEARCHFILTER
06/12/2023 03:32 AM
Hi @dgandhi
We are facing the error while doing the account import and following are values for the same:
search filter: DC=abcd,DC=wxyz,DC=com
object filters: (!(userAccountControl:1.2.840.113556.1.4.803:=2)) AND ((INSTR(distinguishedName,'OU=Tier 2',1,1) > 0 AND ((INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=Asia,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=Europe,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=South America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Employees,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=Asia,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=Europe,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=South America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 OR INSTR(distinguishedName,'OU=abcd_New_Users,OU=Consultants And Contractors,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) > 0 ))) OR (INSTR(distinguishedName,'OU=Tier 2',1,1) > 0 AND INSTR(UPPER(AdminDescription),'MIGRATED-PRIMARY-abcd',1,1) > 0)) AND INSTR(upper(parentdn),'OU=PA ACCOUNTS',1,1)=0 AND INSTR(upper(memberOf),'WTS-SA-NON-TRACKED',1,1)=0 AND IIF(ISNULL(extensionAttribute8),'$$',LOWER(extensionAttribute8))<>'blended' AND INSTR(distinguishedName,'OU=Service Accounts,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=Asia,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Mailboxes,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Shared Mailboxes,OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Service Accounts,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Mailboxes,OU=People,OU=Tier 2,OU=North America,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=Europe,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Orion Blended Users Mailbox,OU=Orion Blended Users,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=Shared Mailboxes,OU=Mailboxes,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0 AND INSTR(distinguishedName,'OU=AzureSync,OU=Service Accounts,OU=People,OU=Tier 2,OU=Global,OU=ProductionAD,DC=abcd,DC=wxyz,DC=com',1,1) = 0
Regards,
Abdul gaffar
06/12/2023 03:37 AM
AdminDescription is string or column
06/12/2023 03:45 AM
06/12/2023 03:46 AM
(INSTR(distinguishedName,'OU=Tier 2',1,1) > 0 AND INSTR(UPPER(AdminDescription),'MIGRATED-PRIMARY-abcd',1,1) > 0)) A
06/12/2023 04:44 AM
The AD connection parameter OBJECTFILTER only accepts valid LDAP filters(https://ldap.com/ldap-filters/).
It seems you are using database methods in the OBJECTFILTER, which is not supported.