Saviynt Forums

prashanth_sv · ‎06/20/2022

Hi Team,

We have an requirement where we need to provision objectClass based on employeeclass attribute. So if employeeclass is Employee, we need to provision objectclass as below

objectClass": [

"top",

"person",

"organizationalPerson",

"ntUser",

"inetOrgPerson",

"hpPerson",

"hpEmployee"

]

If employeeclass is not employee then

objectClass": [

"top",

"person",

"organizationalPerson",

"ntUser",

"inetOrgPerson",

"hpPerson",

"hpContingentWorker"

]

We tried the below logic to provision the user but we are getting the error as "Error while creating account in AD - [LDAP: error code 21 - objectClass: value #6 invalid per syntax]"

Please find the below logic we tried.

"if(${user.employeeclass}==("Employee")){"objectClass": ["top","person","organizationalPerson","ntUser","inetOrgPerson","hpPerson","hpEmployee"]} else {"objectClass": ["top","person","organizationalPerson","ntUser","inetOrgPerson","hpPerson","hpContingentWorker"]}",

------------------------------------------------------------------------------------------------------------------

"objectClass": "${

if(user.employeeclass==('Employee')) {

["top","person","organizationalPerson","ntUser","inetOrgPerson","hpPerson","hpEmployee"]

}

else {

["top","person","organizationalPerson","ntUser","inetOrgPerson","hpPerson","hpContingentWorker"]

}

}",

---------------------------------------------------------------------------------------------------------------

"objectClass": "${if(user.employeeclass==('Employee')) {

['top','person','organizationalPerson','ntUser','inetOrgPerson','hpPerson','hpEmployee']

}

else {

['top','person','organizationalPerson','ntUser','inetOrgPerson','hpPerson','hpContingentWorker']

}

}",

----------------------------------------------------------------------------------------------------------------

"objectClass": "${user.employeeclass.equals('Employee')?

'[\"top\",\"person\",\"organizationalPerson\",\"ntUser\",\"inetOrgPerson\",\"hpPerson\",\"hpEmployee\"]': '[\"top\",\"person\",\"organizationalPerson\",\"ntUser\",\"inetOrgPerson\",\"hpPerson\",\"hpContingentWorker\"]'}",

-------------------------------------------------------------------------------------------------------------

"objectClass": [

"top",

"person",

"organizationalPerson",

"ntUser",

"inetOrgPerson",

"hpPerson",

"${user.employeeClass}==('Employee')?{"hpEmployee"}:{"hpContingentWorker"}"

],

-----------------------------------------------------------------------------------------------------------

"objectClass": [

"top",

"person",

"organizationalPerson",

"ntUser",

"inetOrgPerson",

"hpPerson",

"if(${user.employeeclass}==('Employee')){'hpEmployee'} else {'hpContingentWorker'}"

],

Please let us know if there syntax to provision the objectClass for our requirement.

Regards,

Prashanth.s.v

avinashchhetri · ‎06/20/2022

You could try the sample shared below :

{
${if(user?.employeeclass.equals('Employee'))
'\"objectclass\" : [\"top\", \"person\", \"organizationalPerson\", \"ntUser\",\"inetOrgPerson\",\"hpPerson\",\"hpEmployee\"],
\"accountlock\" : \"False\",'
else
'\"objectclass\" : [\"top\", \"person\", \"organizationalPerson\", \"ntUser\",\"inetOrgPerson\",\"hpPerson\",\"hpContingentWorker\"],
\"accountlock\" : \"False\",'
}
"cn": "${user.displayname}",
"sn": "${user.lastname}",
"mail": "${user.email}",
"telephonenumber": "${user.phonenumber}"
}

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

prashanth_sv · ‎06/22/2022

Hi Avinash,

The recommended JSON is throwing JSON Parse exception. Not able to rectify it as its expecting String Syntax. Could you please check and provide valid solution if possible.

Regards,

Prashanth.s.v

avinashchhetri · ‎06/22/2022

Please copy the shared JSON in a an editor like a note pad before you add them in your connector.

If the issue still persists, please share the error logs from the Provisioning run.

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

prashanth_sv · ‎06/22/2022

Hi Avinash,

The JSON is throwing parser exception in JSON Validator itself. Please find the screenshot.

Regards,

Prashanth.s.v

avinashchhetri · ‎06/23/2022

Thats fine, its not in a standard format hence. Please share the logs from the connector once you run the Provisining Jobs.

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

rushikeshvartak · ‎06/23/2022

{
Map map1 = new HashMap();
if (user.customproperty5 == 'Active') map1.put("objectclass", ['top', 'person', 'organizationalPerson', 'user']);

"cn": "${user.displayname}";
"sn": "${user.lastname}";
"mail": "${user.email}";
"telephonenumber": "${user.phonenumber}";
jsonBuilder = new groovy.json.JsonBuilder(map1);
return jsonBuilder.toString();
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

prashanth_sv · ‎06/24/2022

Hi Team,

We tried the below logic and its working fine now. Thanks Avinash and Rushikesh for your valuable help.

"objectClass": ${user.employeeclass=='Employee'?'[\"top\",\"person\",\"organizationalPerson\",\"ntUser\",\"inetOrgPerson\",\"hpPerson\",\"hpEmployee\"]':'[\"top\",\"person\",\"organizationalPerson\",\"ntUser\",\"inetOrgPerson\",\"hpPerson\",\"hpContingentWorker\"]'},

Regards,

Prashanth.s.v

Saviynt Forums

LDAP objectClass condition in CreateAccount Json