Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

NameNotFoundException error while importing and provisioning accounts into a particular OU in AD

savuser17
New Contributor II
New Contributor II

Hi community,

We have created a separate OU for test users and are trying to import from and provision test users to it.

However, when we try both those jobs, it gives similar errors:

IMPORTING ACCOUNT ERROR:

"SearchFilter-OU=TEST,OU=People,DC=***,DC=*****,DC=com"
"2024-05-23T09:57:22.385+00:00","ecm-worker","services.AdImportService","quartzScheduler_Worker-2-zw9hj","DEBUG","Object Class-(&(objectClass=person)(objectClass=user)(sAMAccountName=*)), searchControls-javax.naming.directory.SearchControls@265e2a9f"
"2024-05-23T09:57:22.385+00:00","ecm-worker","services.AdImportService","quartzScheduler_Worker-2-zw9hj","DEBUG","Calling the LDAP search"
"2024-05-23T09:57:22.455+00:00","ecm-worker","services.AdImportService","quartzScheduler_Worker-2-zw9hj","ERROR","Got Exception while performing ctx.search: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028C, problem 2001 (NO_OBJECT), data 0, best match of:"
"2024-05-23T09:57:23.245+00:00","ecm-worker","","null-zw9hj",""," 'OU=People,DC=***,DC=*****,DC=com'"

CREATE ACCOUNT ERROR:

"ERROR","Error while creating account in AD - [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028C, problem 2001 (NO_OBJECT), data 0, best match of:"
"2024-05-23T10:14:10.244+00:00","ecm-worker","","null-zw9hj",""," 'OU=People,DC=***,DC=*****,DC=com'"
"2024-05-23T10:14:10.244+00:00","ecm-worker","","null-zw9hj",""," ]"
"2024-05-23T10:14:10.244+00:00","ecm-worker","","null-zw9hj","","javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028C, problem 2001 (NO_OBJECT), data 0, best match of:"
"2024-05-23T10:14:10.244+00:00","ecm-worker","","null-zw9hj",""," 'OU=People,DC=***,DC=*****,DC=com'"

I should point out that these usecase have been tested thoroughly in our usual OU (DC=***,DC=*****,DC=com for import and OU=Staging,OU=People,DC=***,DC=*****,DC=com that is used for normal users and no such error comes. It is only when we use this OU.

Does it point to an error from AD side or is there something wrong with the connector design?

Also, for reference, the ACCOUNT_ATTRIBUTE code:

[CUSTOMPROPERTY1::cn#String,
STATUS::userAccountControl#number,
CUSTOMPROPERTY30::userAccountControl#String,
CUSTOMPROPERTY2::userPrincipalName#String,
LASTLOGONDATE::lastLogon#millisec,
DISPLAYNAME::displayName#String,
CUSTOMPROPERTY25::company#String,
CUSTOMPROPERTY20::employeeID#String,
CUSTOMPROPERTY3::sn#String,
COMMENTS::distinguishedName#String,
LASTPASSWORDCHANGE::pwdLastSet#millisec,
CUSTOMPROPERTY5::co#String,
CUSTOMPROPERTY6::employeeNumber#String,
CUSTOMPROPERTY7::givenName#String,
CUSTOMPROPERTY8::title#String,
CUSTOMPROPERTY9::telephoneNumber#String,
CUSTOMPROPERTY10::c#String,
DESCRIPTION::description#String,
VALIDTHROUGH::accountExpires#millisec,
CUSTOMPROPERTY13::physicalDeliveryOfficeName#String,
UPDATEDATE::whenChanged#date,
CUSTOMPROPERTY16::streetAddress#String,
CUSTOMPROPERTY17::mailNickname#String,
CUSTOMPROPERTY18::department#String,
CUSTOMPROPERTY19::countryCode#String,
NAME::sAMAccountName#String,
CUSTOMPROPERTY21::manager#String,
CUSTOMPROPERTY22::homePhone#String,
CUSTOMPROPERTY23::mobile#String,
CREATED_ON::whenCreated#date,
ACCOUNTCLASS::objectClass#String,
ACCOUNTID::distinguishedName#String,
CUSTOMPROPERTY24::userAccountControl#String,
CUSTOMPROPERTY27::objectSid#Binary,
RECONCILATION_FIELD::CUSTOMPROPERTY26,
CUSTOMPROPERTY26::objectGUID#Binary,
CUSTOMPROPERTY29::st#String,
CUSTOMPROPERTY31::employeeType#String,
CUSTOMPROPERTY32::middleName#String,
CUSTOMPROPERTY33::name#String,
CUSTOMPROPERTY34::postalCode#String,
CUSTOMPROPERTY35::axppbuildingName#String,
CUSTOMPROPERTY36::axppmanageremail#String,
CUSTOMPROPERTY37::l#String,
CUSTOMPROPERTY38::departmentNumber#String,
CUSTOMPROPERTY39::axppdepartment#String,
CUSTOMPROPERTY40::axppleaderindicator#String,
CUSTOMPROPERTY28::Axppstartdate#String,
CUSTOMPROPERTY4::mail#String,
CUSTOMPROPERTY11::otherHomePhone#String,
CUSTOMPROPERTY12::axppemploymentstatus-cd#String,
CUSTOMPROPERTY14::axppjobcode#String,
CUSTOMPROPERTY15::extensionAttribute1#String,
CUSTOMPROPERTY41::gbtWorkdayEmployeeID#String,
CUSTOMPROPERTY42::axppnotesfullname#String,
CUSTOMPROPERTY43::axppmail#String,
CUSTOMPROPERTY44::axppmanagerID#String,
CUSTOMPROPERTY45::extensionAttribute3#String
]

 

 

2 REPLIES 2

NM
Valued Contributor
Valued Contributor

Hi @savuser17 , it is mostly related to OU not found.. check the DN once

savuser17
New Contributor II
New Contributor II

Hi,

This is the AccountNamerule logic to generate DN logic: CN=${requestAccessAttributes.get('AccountName')},OU=TEST,OU=People,DC=***,DC=*****,DC=com

It works with this OU: CN=${requestAccessAttributes.get('AccountName')},OU=Staging,OU=People,DC=***,DC=*****,DC=com