Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP New Account Creation Failing

GPS
New Contributor II
New Contributor II

‎02/02/2024 08:06 AM

Hi team,

I am trying to create a new AD account from ARS Saviynt.

Account creation failed with the below error.
We are using LDAP on 389.

Create Account: I am using basic fields only
{
"givenName": "${user.firstname}",
"sn": "${user.lastname}",
"displayname": "${user.displayname}",
"sAMAccountName": "${task.accountName}",
"employeetype": "${user.employeeType}",
"description": "${user.customproperty63}",
"userPrincipalName": "${user.email}",
"employeeID": "${user.employeeid}",
"co": "${user.country}",
"department": "${user.departmentname}",
"mail": "${user.email}",
"name": "${user.displayname}",
"title": "${user.title}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"userAccountControl": 512
}

AccountNameRule:
CN=${user.firstname} ${user.lastname},OU=Saviynt Test,DC=Test,DC=lan,DC=io###CN=${user.firstname} ${user.lastname}1,OU=Saviynt Test,DC=Test,DC=lan,DC=io###CN=${user.firstname} ${user.lastname}2,OU=Saviynt Test,DC=Test,DC=lan,DC=io



Error:
Checking DN for CN=Test Sav39,OU=Saviynt Test,DC=Test,DC=lan,DC=io.Not FOund DN for CN=Test Sav39,OU=Saviynt Test,DC=Test,DC=lan,DC=io. Error while creating account in AD - [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A126C, problem 5003 (WILL_NOT_PERFORM), data 0 ]

0 Kudos
11 REPLIES 11

AmitM
Valued Contributor
Valued Contributor

‎02/02/2024 08:18 AM

Hi @GPS ,

This happens generally when you try to setup sensitive information on non-tls connection that is 389 like password.

SETRANDOMPASSWORD , set this config in your connection to false

Thanks,

Amit

If it helped. Please ACCEPT SOLUTION and hit Kudos.

0 Kudos

GPS
New Contributor II
New Contributor II
In response to AmitM

‎02/02/2024 09:16 AM

@AmitM 
I have already done that.

GPS_0-1706894166410.png

 

0 Kudos

AmitM
Valued Contributor
Valued Contributor
In response to GPS

‎02/02/2024 09:28 AM

Hi @GPS , good to know that. You didn't mention that in your post earlier.

This is an issue that mostly happens when connecting on port 389. You can try to use 636 and have certs uploaded and try. It might not happen.

You need to do some hit and trial. I would have started with removing userAccountControl. Just start with 3-4 attrs and reach to the attribute causing it,

Hope it helps , good luck.

Thanks,

Amit 

0 Kudos

GPS
New Contributor II
New Contributor II
In response to AmitM

‎02/02/2024 09:37 AM - edited ‎02/02/2024 09:37 AM

@AmitM 

Thanks for the input. We want to use the 389 port only.
I started do it. I just posted my question so if there is any quick fix I can look for.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to GPS

‎02/02/2024 07:35 PM - edited ‎02/02/2024 07:35 PM

Possible reasons for this error include:

  1. Insufficient Permissions: The account used for creating the user might not have the necessary permissions to perform the operation.

  2. Validation or Constraints: The data being provided might not meet certain validation rules or constraints defined in the Directory schema.

  3. Object Already Exists: The user account might already exist, and the operation is attempting to create a duplicate entry.

  4. Password Policy Violation: If you're setting a password, ensure it complies with the password policy of your LDAP Directory.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

jralexander137
New Contributor III
New Contributor III
In response to GPS

‎04/24/2024 05:52 PM

@GPS Did you happen to get this resolved? Facing similar issue.

0 Kudos

GPS
New Contributor II
New Contributor II
In response to jralexander137

‎04/25/2024 04:44 AM

@jralexander137 
Yes, the issue is Resolved.

0 Kudos

jralexander137
New Contributor III
New Contributor III
In response to GPS

‎04/25/2024 04:46 AM - edited ‎04/25/2024 04:47 AM

Were you able to resolve the issue and still connect over port 389 or did you have to use a ssl cert and use ldaps over 636? Or what did you end up having to do to resolve? Thanks. @GPS 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to jralexander137

‎04/25/2024 09:02 PM

You need to use 636.

@GPS Please confirm working solution and Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

GPS
New Contributor II
New Contributor II
In response to rushikeshvartak

‎04/26/2024 08:20 AM

@jralexander137 and @rushikeshvartak 
I can create an account on 389 port, with 3 or 4 attributes.
Later, I moved to 636 port to pass the password while creating the account.

I would recommend to use 636 port. 




0 Kudos

rushikeshvartak
All-Star
All-Star
In response to GPS

‎04/26/2024 12:34 PM

Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC