and more in a single search tool across platforms. Read the announcement here. |
02/02/2024 08:06 AM
Hi team,
I am trying to create a new AD account from ARS Saviynt.
Account creation failed with the below error.
We are using LDAP on 389.
Create Account: I am using basic fields only
{
"givenName": "${user.firstname}",
"sn": "${user.lastname}",
"displayname": "${user.displayname}",
"sAMAccountName": "${task.accountName}",
"employeetype": "${user.employeeType}",
"description": "${user.customproperty63}",
"userPrincipalName": "${user.email}",
"employeeID": "${user.employeeid}",
"co": "${user.country}",
"department": "${user.departmentname}",
"mail": "${user.email}",
"name": "${user.displayname}",
"title": "${user.title}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"userAccountControl": 512
}
AccountNameRule:
CN=${user.firstname} ${user.lastname},OU=Saviynt Test,DC=Test,DC=lan,DC=io###CN=${user.firstname} ${user.lastname}1,OU=Saviynt Test,DC=Test,DC=lan,DC=io###CN=${user.firstname} ${user.lastname}2,OU=Saviynt Test,DC=Test,DC=lan,DC=io
Error:
Checking DN for CN=Test Sav39,OU=Saviynt Test,DC=Test,DC=lan,DC=io.Not FOund DN for CN=Test Sav39,OU=Saviynt Test,DC=Test,DC=lan,DC=io. Error while creating account in AD - [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A126C, problem 5003 (WILL_NOT_PERFORM), data 0 ]
02/02/2024 08:18 AM
Hi @GPS ,
This happens generally when you try to setup sensitive information on non-tls connection that is 389 like password.
SETRANDOMPASSWORD , set this config in your connection to false
Thanks,
Amit
If it helped. Please ACCEPT SOLUTION and hit Kudos.
02/02/2024 09:16 AM
02/02/2024 09:28 AM
Hi @GPS , good to know that. You didn't mention that in your post earlier.
This is an issue that mostly happens when connecting on port 389. You can try to use 636 and have certs uploaded and try. It might not happen.
You need to do some hit and trial. I would have started with removing userAccountControl. Just start with 3-4 attrs and reach to the attribute causing it,
Hope it helps , good luck.
Thanks,
Amit
02/02/2024 09:37 AM - edited 02/02/2024 09:37 AM
@AmitM
Thanks for the input. We want to use the 389 port only.
I started do it. I just posted my question so if there is any quick fix I can look for.
02/02/2024 07:35 PM - edited 02/02/2024 07:35 PM
Possible reasons for this error include:
Insufficient Permissions: The account used for creating the user might not have the necessary permissions to perform the operation.
Validation or Constraints: The data being provided might not meet certain validation rules or constraints defined in the Directory schema.
Object Already Exists: The user account might already exist, and the operation is attempting to create a duplicate entry.
Password Policy Violation: If you're setting a password, ensure it complies with the password policy of your LDAP Directory.
04/24/2024 05:52 PM
@GPS Did you happen to get this resolved? Facing similar issue.
04/25/2024 04:44 AM
@jralexander137
Yes, the issue is Resolved.
04/25/2024 04:46 AM - edited 04/25/2024 04:47 AM
Were you able to resolve the issue and still connect over port 389 or did you have to use a ssl cert and use ldaps over 636? Or what did you end up having to do to resolve? Thanks. @GPS
04/25/2024 09:02 PM
You need to use 636.
@GPS Please confirm working solution and Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.
04/26/2024 08:20 AM
@jralexander137 and @rushikeshvartak
I can create an account on 389 port, with 3 or 4 attributes.
Later, I moved to 636 port to pass the password while creating the account.
I would recommend to use 636 port.
04/26/2024 12:34 PM
Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.