Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to stamp manager DN on 'manager' attribute in AD while provisioning user's AD account

kushalpatadia
New Contributor
New Contributor

‎03/20/2024 05:17 AM - edited ‎03/20/2024 05:21 AM

Saviynt Version: v24.2

Hi Team,

For all users, we are storing their DN value on their AD account customproperty4.
While provisioning AD account for new user, requirement is to store his/her manager's DN value on 'manager' attribute in AD.

Tried using below code in our CREATEACCOUNTJSON for this requirement:
"manager": "${managerAccount==null?'':managerAccount.customproperty4}"

This code works fine when a user's manager is having an AD account with customproperty4 value.

But when user's manager does not have an AD account, New Account and Add access tasks for AD are not getting completed for user with below error message. For the same user if a manager having AD account is added, these tasks get completed successfully.

"Error while creating account in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C091363, comment: Error in attribute conversion operation, data 0, v4563 ]"
"2024-03-20T11:38:20.442+00:00","ecm-worker","","null-t9np2","","javax.naming.directory.InvalidAttributeValueException

Also noticed Creating Account Datamap in logs is not fetching any value for manager attribute when user's manager is not having AD account.

Referring to multiple forum posts for similar issue from other people, tried below combinations within the JSON as well but still get the same error:

(a) "manager":"${managerAccount==null?'':managerAccount?.customproperty4}"

(b) "manager": "${managerAccount!=null?managerAccount.customproperty4:''}"

(c) "manager": "${managerAccount!=null?managerAccount?.customproperty4:''}"

(d) "manager": "${if(managerAccount == null || managerAccount?.customproperty4 == null || managerAccount?.customproperty4 == ''){''} else {managerAccount?.customproperty4}}"

(e) "manager": "${managerAccount?.customproperty4}"

Any help here would be appreciated.

Thanks,
Kushal

0 Kudos
8 REPLIES 8

dgandhi
All-Star
All-Star

‎03/20/2024 09:51 AM

Can you store DN value of the AD account on User's cp and then provision that CP value?

"manager": "${manager.custompropertyXX}", 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
0 Kudos

rushikeshvartak
All-Star
All-Star

‎03/20/2024 10:23 PM

"manager": "${managerAccount != null && managerAccount.customproperty4 != null ? managerAccount.customproperty4 : ''}"


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

kushalpatadia
New Contributor
New Contributor

‎03/21/2024 05:20 AM

Hi @dgandhi 

Thank you for your response.

If a manager is not having an AD account, manager's custompropertyXX (For example lets take customproperty40) on its identity will not be updated with any DN value.
In such a case when we tried passing something like "manager":"${manager?.customproperty40}" and "manager":"${manager.customproperty40}" it throws below error while processing the tasks

"ERROR","Error while creating account in AD - [LDAP: error code 19 - 000020B5: AtrErr: DSID-03153438, #1:"
"2024-03-20T17:29:42.310+00:00","ecm-worker","","null-t9np2",""," 0: 000020B5: DSID-03153438, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager)"
"2024-03-20T17:29:42.310+00:00","ecm-worker","","null-t9np2",""," ]"
"2024-03-20T17:29:42.310+00:00","ecm-worker","","null-t9np2","","javax.naming.directory.InvalidAttributeValueException

Thanks,

Kushal

0 Kudos

kushalpatadia
New Contributor
New Contributor

‎03/21/2024 05:21 AM

Hi @rushikeshvartak 

Thank you for your response.

We tried using below code but still it throws same error as reported in the post.

"manager": "${managerAccount != null && managerAccount.customproperty4 != null ? managerAccount.customproperty4 : ''}"

ERROR:

"ERROR","Error while creating account in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C091363, comment: Error in attribute conversion operation, data 0, v4563 ]"
"2024-03-21T12:08:49.943+00:00","ecm-worker","","null-t9np2","","javax.naming.directory.InvalidAttributeValueException

Thanks,
Kushal

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to kushalpatadia

‎03/21/2024 07:51 PM

Does manager with CP4 works ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

kushalpatadia
New Contributor
New Contributor

‎03/28/2024 05:17 AM

@rushikeshvartak yes it works for a manager who has an AD account and account CP4 is having a DN value.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to kushalpatadia

‎03/28/2024 05:22 AM - edited ‎03/28/2024 05:22 AM

"manager": "${managerAccount != null && managerAccount?.customproperty4 != null && managerAccount?.customproperty4 != '' ? managerAccount?.customproperty4 : ''}"


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Manu269
All-Star
All-Star

‎04/02/2024 02:40 AM

@kushalpatadia try this :

"manager": "${managerAccount==null?'':managerAccount?.customproperty4 }",

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos
Copyright © 2024 Khoros, LLC