Active Directory Account SearchDN resetting

milinaphalke · December 15, 2023, 6:12am

Which IIQ version are you inquiring about?

Version 8.2

Please share any other relevant files that may be required (for example, logs).

Share all details related to your problem, including any error messages you may have received.

Team, we’ve identified an unusual issue where, upon executing the Provisioner_API (file attached) code, the account search DN is being reset as the baseDN for the Active Directory application. We’ve observed this behavior consistently across all environments. Could you please investigate and provide guidance on what might be causing this issue?

  Identity drIdent = context.getObjectByName(Identity.class, identityName);

  ProvisioningPlan adPlan = new ProvisioningPlan();
  adPlan.setIdentity(drIdent);

  if(null != adPlan)
  { 
    AccountRequest acctReq = new AccountRequest();
    acctReq.setOperation(AccountRequest.Operation.Modify);
    acctReq.setApplication("IIQ");
    acctReq.setNativeIdentity(identityName);

    acctReq.add(new AttributeRequest("assignedRoles",ProvisioningPlan.Operation.Add,"SAP-EMP-BR"));

    adPlan.add(acctReq);
  }

  custLog.debug("END Nav-CustomLCM-CreateUpdateDealer Workflow V1 :Provision New Account : AD PLAN TO XML ***##### :"+adPlan.toXml() ); 

  Provisioner provisioner = new Provisioner(context); 
  provisioner.setNoLocking(true);
  provisioner.setOptimisticProvisioning(true);
  ProvisioningProject project =  provisioner.compile(adPlan);
  provisioner.execute(adPlan);

kjakubiak · December 15, 2023, 3:31pm

Hi Milina,
Do you have any provisioning policy in the assigned role or in the AD app definition?

Jarin_James · December 16, 2023, 3:05pm

Hi @milinaphalke ,

The code snippet you shared is for provisioning a Role in IIQ. It doesn’t have any direct relation to the attributes of AD. As @kjakubiak mentioned check the provisioning policy or if there is any logic in Before Provisioning Rule which is causing this.

milinaphalke · December 21, 2023, 1:21pm

Thank for your inputs.
Yes a provisioning policy is associated which had a rule causing the issue.

milinaphalke · December 21, 2023, 1:21pm

Thanks for your inputs.
It helped to resolve the issue.

system · February 19, 2024, 1:22pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Active Directory Account Provisioning on Identity Cube Creation IIQ Discussion and Questions identityiq , provisioning	14	614	January 15, 2024
Error with Active Directory User creation IIQ Discussion and Questions identityiq , provisioning	6	661	October 27, 2023
Active Directory Provisioning issue IIQ Discussion and Questions identityiq , provisioning	5	83	April 16, 2024
Issues on Provisioning All Attributes to AD ISC Discussion and Questions identity-security-cloud , provisioning	7	783	November 20, 2023
AD-IQService Provisioning issue IIQ Discussion and Questions identityiq , provisioning	10	63	April 22, 2024

Active Directory Account SearchDN resetting

Which IIQ version are you inquiring about?

Please share any other relevant files that may be required (for example, logs).

Share all details related to your problem, including any error messages you may have received.

Related Topics