We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Unable to provision entitlements to AD

Nithin_Janagama
New Contributor III
New Contributor III

So, I've created an AD connection and imported an account along with entitlements(groups). Now I want to provision a new account into this AD and I've configured the connection. When provisioning the account with entitlement, two tasks are getting created, one for account creation and one for entitlement. But when running the provisioning job, I am getting error in entitlement task and the entitlements are not getting provisioned. 


CREATEACCOUNTJSON :
{
"objectClass": ["top", "person", "organizationalPerson", "user", "inetOrgPerson"],
"mail": "${user.email}",
"displayName": "${user.displayname}",
"comment": "active",
"co": "${user.country}",
"company": "${user.companyname}",
"employeeID": "${user.employeeid}",
"employeeType": "${user.employeeType}",
"uid": "${user.username}",
"givenName": "${user.firstname}",
"sn":"${user.lastname}",
"name":"${user.username}",
"departmentNumber":"${user.departmentNumber}",
"postalAddress":"India",
"postalCode":"${user.locationnumber}",
"street":"${user.street}",
"l":"${user.city}",
"st":"${user.state}",
"mobile":"${user.phonenumber}",
"employeeNumber": "${user.employeeid}",
"telephoneNumber":"${user.phonenumber}",
"preferredLanguage":"${user.customproperty2}",
"facsimileTelephoneNumber":"${user.phonenumber}",
"title":"${user.title}",
"physicalDeliveryOfficeName":"${user.location}",
"cn": "${cn}",
"manager":"CN=nithin.janagama,OU=users,OU=nithin,OU=OIMTraining,DC=idmtdc,DC=com"
}


error message :
Error while creating account in AD - [LDAP: error code 19 - 00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 57, v1db1]Error while ADD operation for account-employeer to Group-CN=COE,OU=groups,OU=nithin,OU=OIMTraining,DC=idmtdc,DC=com in AD - [LDAP: error code 19 - 00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 57, v1db1]

10 REPLIES 10

rushikeshvartak
All-Star
All-Star
{
"objectClass": ["top", "person", "organizationalPerson", "user"].
"mail": "${user.email}",
"displayName": "${user.displayname}",
"comment": "active",
"co": "${user.country}",
"company": "${user.companyname}",
"employeeID": "${user.employeeid}",
"employeeType": "${user.employeeType}",
"uid": "${user.username}",
"givenName": "${user.firstname}",
"sn":"${user.lastname}",
"name":"${user.username}",
"departmentNumber":"${user.departmentNumber}",
"postalAddress":"India",
"postalCode":"${user.locationnumber}",
"street":"${user.street}",
"l":"${user.city}",
"st":"${user.state}",
"mobile":"${user.phonenumber}",
"employeeNumber": "${user.employeeid}",
"telephoneNumber":"${user.phonenumber}",
"preferredLanguage":"${user.customproperty2}",
"facsimileTelephoneNumber":"${user.phonenumber}",
"title":"${user.title}",
"physicalDeliveryOfficeName":"${user.location}",
"cn": "${cn}",
"manager":"CN=nithin.janagama,OU=users,OU=nithin,OU=OIMTraining,DC=idmtdc,DC=com"
}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi Rushikesh, thanks for the reply. Tried the JSON provided above but still facing the same issue. This is my log file of that particular task:


Try below basic createAccount JSON

{
"cn" : "${cn}",
"givenName" : "${user.firstname}",
"objectclass" : [
"top",
"person",
"organizationalPerson",
"user"
],
"samaccountname" : "${task.accountName}",
"sn" : "${user.lastname}"}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Still facing the same issue. Account is getting created but entitlement is not getting provisioned. 
Error message : Error while creating account in AD - [LDAP: error code 19 - 00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 57, v1db1]Error while ADD operation for account-employeew to Group-CN=COE,OU=groups,OU=nithin,OU=OIMTraining,DC=idmtdc,DC=com in AD - [LDAP: error code 19 - 00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 57, v1db1]

Try for another account&  Entitlement

Entitlement may not be exists in AD.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Tried for many accounts, but still facing the same issue. And the entitlements are imported from the AD itself. 

Are you able to add in ad directly with service account


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

SumathiSomala
All-Star
All-Star

{

 "objectclass":[

      "top",

      "person",

      "organizationalPerson",

      "user"

   ],

"mail": "${user.email}",
"displayName": "${user.displayname}",
"comment": "active",
"co": "${user.country}",
"company": "${user.companyname}",
"employeeID": "${user.employeeid}",
"employeeType": "${user.employeeType}",
"uid": "${user.username}",
"givenName": "${user.firstname}",
"sn":"${user.lastname}",
"name":"${user.username}",
"departmentNumber":"${user.departmentNumber}",
"postalAddress":"India",
"postalCode":"${user.locationnumber}",
"street":"${user.street}",
"l":"${user.city}",
"st":"${user.state}",
"mobile":"${user.phonenumber}",
"employeeNumber": "${user.employeeid}",
"telephoneNumber":"${user.phonenumber}",
"preferredLanguage":"${user.customproperty2}",
"facsimileTelephoneNumber":"${user.phonenumber}",
"title":"${user.title}",
"physicalDeliveryOfficeName":"${user.location}",
"cn": "${cn}",
"manager":"CN=nithin.janagama,OU=users,OU=nithin,OU=OIMTraining,DC=idmtdc,DC=com"
}

 

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

dgandhi
All-Star
All-Star

As per the document below object class needs to be used.

"objectClass": ["top","person","organizationalPerson","user"],

Please check below sample JSON and document link

{
"accountExpires": "0",
"cn": "${cn}",
"co": "${user.country}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeeID": "${user.employeeid}",
"employeenumber": "1",
"employeetype": "${user.employeeType}",
"givenName": "${user.firstname}",
"l": "${user.city}",
"mail": "${user.email}",
"name": "${user.displayname}",
"objectClass": ["top","person","organizationalPerson","user"],
"physicaldeliveryofficename": "${user.employeeid}",
"manager": "${managerAccount.accountID}",
"pwdLastSet": "0",
"sAMAccountName": "${task.accountName}",
"sn": "${user.lastname}",
"st": "${user.customproperty10}",
"streetAddress": "${user.street}",
"title": "${user.title}"
}

https://docs.saviyntcloud.com/bundle/AD-v23x/page/Content/Configuring-the-Integration-for-Provisioni...

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

Nithin_Janagama
New Contributor III
New Contributor III

Hey guys, the problem is solved. The actual issue was with LDAP_or_AD field. I selected LDAP instead of AD. Anyway, thanks for all the replies.