Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/31/2024 11:33 PM
Hello everyone,
We are encountering an issue with the updateAccountJson API. When attempting to update the CN of a user, we receive the following error:
UpdErr: DSID-030F14B4, problem 6004 (CANT_ON_RDN), data 0 ] Error while Update operation for account-#### in AD - [LDAP: error code 67 - 000020B1: UpdErr: DSID-030F1087, problem 6004 (CANT_ON_RDN), data 0 ]
We need to update the CN to subsequently update the DN when CN changes. While we can successfully update the DN using a PowerShell script with the same service account, the updateAccountJson method fails.
Below is the powershell script:
Please refer to the updateaccountjson below for your reference.
{
"cn": "${user.displayname!= null ? user.displayname : ''}",
"company": "${user.companyname != null ? user.companyname : ''}",
"department": "${user.departmentname != null ? user.departmentname : ''}",
"displayName": "${user.displayname != null ? user.displayname : ''}",
"givenName": "${user.firstname != null ? user.firstname : ''}",
"info": "${user.costcenter != null ? user.costcenter : ''}",
"l": "${user.city != null ? user.city : ''}",
"mail": "${user.email != null ? user.email : ''}",
"manager": "${user.manager!=null ? managerAccount.accountID : ''}",
"name": "${user.displayname!= null ? user.displayname: ''}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"postalCode": "${user.regioncode != null ? user.regioncode : ''}",
"sn": "${user.lastname != null ? user.lastname : ''}",
"st": "${user.state != null ? user.state : ''}",
"streetAddress": "${user.street != null ? user.street : ''}",
"title": "${user.title != null ? user.title : ''}",
"mailNickname": "${user.customproperty5 != null ? user.customproperty5 : ''}",
"c": "${user.customproperty3 != null ? user.customproperty3 : ''}",
"userPrincipalName": "${user.email != null ? user.email : ''}",
}
Thanks,
Chirag Gupta
Solved! Go to Solution.
08/01/2024 12:49 AM
Hi @Chirag_Gupta , you can change a DN as it a replica of RDN
08/01/2024 01:42 AM
Can you provide a sample JSON configuration that updates the Distinguished Name (DN) whenever there is a change in the CN?
08/01/2024 09:54 PM
In LDAP, the CN (Common Name) is part of the Relative Distinguished Name (RDN). The RDN is the part of the DN that uniquely identifies the entry within its parent context. Therefore, when you attempt to change the CN, you are essentially trying to change the RDN. LDAP does not allow RDN changes through a standard attribute update operation.
08/05/2024 11:14 AM
So essentially we need to update the DN instead of the CN directly if we want to modify the CN value?
08/05/2024 06:10 PM
You're correct. In LDAP, the CN (Common Name) is part of the Relative Distinguished Name (RDN), which is a component of the Distinguished Name (DN). Since the DN uniquely identifies an LDAP entry, changing the CN effectively changes the RDN, and by extension, the DN itself.
Here's how it works:
08/05/2024 11:32 AM
@jralexander137 , yes