AD LDS Sync Error - CN

naveenkarthikkrk · September 23, 2025, 9:21am

Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.

Hi Everyone ,

I’m trying to update the CN value for AD LDS account during attribute Sync. I understand that CN can’t be directly modified, so I attempted to use the newRDN attribute in a Before Provisioning Rule.

Here’s the logic I used:

accountRequest.add(new AttributeRequest("newRDN", ProvisioningPlan.Operation.Set, newCN));

However, I’m getting the following error during execution:

sailpoint.connector.ConnectorException: [LDAP: error code 16 - 00000057:
LdapErr: DSID-0C091275, comment: Error in attribute conversion operation, data 0, v4563]

Could anyone please advise on how to resolve this? Thanks in advance.

Thanks,

Naveen

pkMishra · September 23, 2025, 9:58am

Hi @naveenkarthikkrk ,

Please change the attribute name from “newRDN” to “AC_NewName”.

Please find the attached link for your reference : Default Provisioning Attributes Reference

naveenkarthikkrk · September 23, 2025, 10:52am

Hi @PrashRV,

I have tried it but it didn’t work . AC_NewName works for AD application but I’m working on AD LDS (LDAP) source.

Thanks,

Naveen

pkMishra · September 23, 2025, 11:15am

Hi @naveenkarthikkrk ,

I thought it’s AD. For AD LDS ( LDAP) we can’t modify CN so we need to change DN value by adjusting CN value.

Find the attached document for your reference - https://documentation.sailpoint.com/connectors/microsoft/lightweight_directory_services/help/integr…

j_place · September 23, 2025, 11:42am

Hi @naveenkarthikkrk If newRDN works the same way as AC_NewName (I dont know, havent tried it) have you ensured that the value is prefixed with “CN=”?

naveenkarthikkrk · September 28, 2025, 4:03am

Hi @j_place , I tried it but it didn’t work.

j_place · September 28, 2025, 10:33am

Hi @naveenkarthikkrk Are you including a new superior attribute as well?

naveenkarthikkrk · September 29, 2025, 5:13am

I tried that too but it didn’t work . I believe there is an order to call newRDN and newSuperior to change the CN.

j_place · September 29, 2025, 7:20am

Can you share the values passed in those attributes?

naveenkarthikkrk · September 29, 2025, 7:31am

I have created a beforeProvisioning Rule for it . I’m passing the below values in the rule.

newCN = “CN=xyz“

accountRequest.add(new AttributeRequest(“newRDN”, ProvisioningPlan.Operation.Set, newCN));

newOU = “OU=test, DC=domain,DC=com“

accountRequest.add(new AttributeRequest(“newSuperior”, ProvisioningPlan.Operation.Set, newOU));

j_place · September 29, 2025, 9:01am

I assume you’ve confirmed the presence of the parent OU, so another thing to check is case sensitivity. Have you tried “cn=“ “ou=“ etc?

j_place · September 29, 2025, 9:44am

Also, maybe deleteOIdRDN is a mandatory attribute for modifyDN.

naveenkarthikkrk · October 7, 2025, 5:53am

Hi Everyone , Rename of CN and OU movement is not supported in ADAM connector.

system · December 6, 2025, 5:54am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Does AD LDS (ADAM/LDAP) connector support AC attributes? ISC Discussion and Questions identity-security-cloud , provisioning	4	97	March 9, 2025
AD Connector - rename account (change CN value) ISC Discussion and Questions identity-security-cloud , provisioning , connectors	3	93	December 7, 2025
AD Provisioning Error - Incorrect DN referenced ISC Discussion and Questions identity-security-cloud , provisioning	5	2088	January 1, 2024
New "AC_NewName" & "AC_NewParent" not aggregating back to ISC ISC Discussion and Questions identity-security-cloud , provisioning	17	345	October 27, 2025
Update LDAP DN in provisioning rule (LDAP Connector) ISC Discussion and Questions rules , identity-security-cloud , provisioning	2	472	April 26, 2024

AD LDS Sync Error - CN

Related topics