AC_NewName Error

GOKUL_ANANTH_M · May 29, 2024, 10:52am

Hi all,

Our team has developed a Before Provisioning Rule for Active Directory (AD). This rule updates the ‘AC_NewName’ and ‘displayName’ attributes in case of a name change scenario, and the ‘AC_NewParent’ attribute in case of an OU change scenario. In scenarios where both a name change and an OU change occur, the rule updates the ‘AC_NewName’, ‘displayName’, and ‘AC_NewParent’ attributes.

While working on a scenario involving both a name change and an OU change, we received the following error: [“Failed to update attribute ‘AC_NewName’. Error - An invalid DN syntax has been specified.”]

Here is the part of Before provisioning rule for reference,

if (plan!=null) {
List accountRequests = plan.getAccountRequests();

if (accountRequests!=null) {
for (AccountRequest accountRequest : accountRequests) {
    AccountRequest.Operation op = accountRequest.getOperation();

    Identity identity = plan.getIdentity();
    String applicationName = application.getName();
    String nativeIdentity = accountRequest.getNativeIdentity();

    String firstName, lastName, middleinitial, defaultOU, lcs;

    if(identity.getAttribute("oudetails")!=null) {defaultOU = (String) identity.getAttribute("oudetails");}
    if(identity.getAttribute("firstname")!=null) {firstName = (String) identity.getAttribute("firstname");}
    if(identity.getAttribute("lastname")!=null) {lastName = (String) identity.getAttribute("lastname");}
    if(identity.getAttribute("middleInitial")!=null) {middleinitial = (String) identity.getAttribute("middleInitial");}
    if(identity.getAttribute("cloudLifecycleState")!=null) {lcs = (String) identity.getAttribute("cloudLifecycleState");}
    log.error("Before Rule: Values -> Operation:" + op + " | Identity:" + identity + " | Application:" + applicationName + " | Native Identity:" + nativeIdentity + " | OU Details" + defaultOU + " | First Name:" + firstName + " | Last Name:" + lastName + " | Middle Initial:" + middleinitial + " | LCS:" + lcs);

    List attributeRequests = accountRequest.getAttributeRequests();
    boolean nameChanged = false, ouChanged = false;

    if(attributeRequests!=null) {
        log.error("Before Rule: Fetching the values from Attr Req and comparing. Finding a match");
        for (AttributeRequest attributeRequest : attributeRequests) {
            String nameAttrReq = attributeRequest.getName();
            if (nameAttrReq.equalsIgnoreCase("givenName") || nameAttrReq.equalsIgnoreCase("sn") || nameAttrReq.equalsIgnoreCase("initials")) {
                nameChanged = true;
            }
            if (nameAttrReq.equalsIgnoreCase("company")) {
                ouChanged = true;
            }
        }
    }

    if (null!=op && null!=nativeIdentity && op.equals(AccountRequest.Operation.Modify)) {
        String name = generateName(firstName, lastName, middleinitial);
        String newCN = generateCN(applicationName, name, defaultOU, nativeIdentity);
        String newDN = "CN=" + newCN + "," + defaultOU;
        
        if (null!=newCN && nameChanged) {
            accountRequest.add(new AttributeRequest("AC_NewName", ProvisioningPlan.Operation.Set, newCN));
            accountRequest.add(new AttributeRequest("displayName", ProvisioningPlan.Operation.Set, newCN));
        }
        if(null!=newDN && ouChanged) {
            accountRequest.add(new AttributeRequest("AC_NewParent", ProvisioningPlan.Operation.Set, newDN));
        }
        log.error("Before Rule: Modify Operation Triggered -> CN:" + newCN + " | DN:" + newDN + " | Provisioning STATUS_COMMITED");
    }
}

Karthikeyan_U · May 29, 2024, 11:00am

Hi Gokul,

Can you share the sample dn value that was framed for AC_NewName attribute?

ipobeidi · May 29, 2024, 12:33pm

Hey!

Instead of trying to apss the Whole DN , try using just the new Name. Iqservice should me able to solve the rest

Best!

varshini303 · May 30, 2024, 6:12am

Based on my understanding, If your new CN is John Doe, while trying to set AC_NewName, shouldn’t we set it something like CN=John Doe and not just John Doe which is what is returned by generateCN() function? Try appending CN= in front of the name and set it.

If you still face some other issues further, One more thing I noticed is in the AC_NewParent, you are trying to set the whole DN but shouldn’t it be just the OU without the CN something like OU=Services,OU=Users,DC=acme,DC=com?
Please clarify if I’m wrong.

Thanks!

GOKUL_ANANTH_M · May 30, 2024, 9:04am

DN value → CN=Bary N. Michele,OU=SailpointTest1,OU=Br****,OU=C****,DC=,DC=

system · July 29, 2024, 9:05am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AD Account Creation and Update ISC Discussion and Questions provisioning	5	1255	August 7, 2023
AC_NewName being updated many times ISC Discussion and Questions	8	2945	July 19, 2023
Issues on Provisioning All Attributes to AD ISC Discussion and Questions identity-security-cloud , provisioning	7	1172	November 20, 2023
Error with Active Directory User creation IIQ Discussion and Questions identityiq , provisioning	6	958	October 27, 2023
AD before provisioning rule to move OU on disable ISC Discussion and Questions identity-security-cloud	1	1243	July 19, 2023

AC_NewName Error

Related Topics