Error when adding identities to an Active Directory source

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

I have a problem when adding accounts to an Active Directory source in our demo tenant. When I try to add them it sends the next error:

undefined
undefined895×241 7.8 KB

The weird thing is that it worked for 2 identities (one of them was mine), but It hasn’t worked ever again.

1 Like
2

Hi @rcgalvez ,

Please share your “Create Account” configuration that was set for the “displayName” attribute.

What could also be useful is providing the account activity available from Search

Thanks,

1 Like
3

DisplayName attribute that you have on Create Profile of Active Directory there’s the issue. If you are using the generator to create the display name then, the format that it is using to generate the Display name was already found in the AD application so it went ahead and generated a new one did this same thing 50 times and then failed to generate. So if you are still needing the generator for DisplayName then check the format.

Secondly, to see what was sent to AD, goto Search, and search for this user.
Click on account activity, and look for the failed request where AD account creation was failed. Now, check the attribute Display Name, you will see what it tried to sent.

Hope this helps…

1 Like
4

Thank you for your answer. We fixed that problem, but we’re still having trouble.

1 Like
5

We have this usernamegenerator transform and this is what is creating the problem. We can’t get it to work.

 {
            "name": "externalEmailAddress",
            "transform": {
                "type": "usernameGenerator",
                "attributes": {
                    "sourceCheck": true,
                    "patterns": [
                        "$inicial_ln"
                    ],
                    "inicial_ln": {
                        "type": "static",
                        "attributes": {
                            "name": "lastname_test"
                        }
                    }
                }
            },
1 Like
6

Okay, so i see that in patterns you have defined only one pattern and no counter to create a unique new value, which means that whatever you are sending from $inicial_ln it will always take that and because everytime it is checking the same value it is failing to create a new unique value.
Under patterns add another pattern something like this

"patterns":[
"$inicial_ln",
"$inicial_ln${uniqueCounter}"
]

So eventually if the first pattern is not unique, it will move to second and create a unique pattern
Ex: if the inicial_ln is coming as N, and same is present in AD, then 2nd pattern template will be followed and N1 will be tried if it is also present, then next counter will be added i.e N2, and continued until get a unique value.

You can add other patterns as well attaching the document for reference: Username Generator | SailPoint Developer Community

Hope this helps…

3 Likes
7

We already tried that and still doesn’t work. We even tried with a static value and still gives out an error when adding the identity to AD.

8

Can you paste the screenshot of the error in here,
You can get it from Search->Search the test user->Account Activity-> Failed account activity with error.

That can help to deduce the issue further.

1 Like
9

Hi Raul,
I am not sure if you can use a static value for the transform in a pattern.
Can you please use any identity attribute as a value ? Below is example for DN calculation transform.

{
“attributes”: {
“cloudMaxSize”: “100”,
“cloudMaxUniqueChecks”: “5”,
“cloudRequired”: “true”
},
“isRequired”: false,
“multi”: false,
“name”: “distinguishedName”,
“transform”: {
“type”: “usernameGenerator”,
“attributes”: {
“sourceCheck”: true,
“patterns”: [
“CN=$fi$ln,$ou”,
“CN=$fn$ln,$ou”,
“CN=$fn$mi$ln,$ou”,
“CN=$fn$mi$ln${uniqueCounter},$ou”
],
“fn”: {
“type”: “identityAttribute”,
“attributes”: {
“name”: “firstNameLower”
}
},
“ln”: {
“type”: “identityAttribute”,
“attributes”: {
“name”: “lastNameLower”
}
},
“ou”: {
“type”: “identityAttribute”,
“attributes”: {
“name”: “ou”
}
},
“fi”: {
“type”: “substring”,
“attributes”: {
“input”: {
“type”: “identityAttribute”,
“attributes”: {
“name”: “firstNameLower”
}
},
“begin”: 0,
“end”: 1
}
},
“mi”: {
“type”: “substring”,
“attributes”: {
“input”: {
“type”: “identityAttribute”,
“attributes”: {
“name”: “middleNameLower”
}
},
“begin”: 0,
“end”: 1
}
}
}
}

}

1 Like
10

@rauls hey just got why this could be happening.

So i see the transform that you have pasted in the chat, is of type static but the value is not given

{
            "name": "externalEmailAddress",
            "transform": {
                "type": "usernameGenerator",
                "attributes": {
                    "sourceCheck": true,
                    "patterns": [
                        "$inicial_ln"
                    ],
                    "inicial_ln": {
                        "type": "static", 
                        "attributes": {
                            //"name": "lastname_test" //if you want to use identity attribute then will have to change the type to identityAttribute
                            "value":"N" //if you are using static then value should be the key
                        }
                    }
                }
            },

Can you try this out and letme know if the issue still exists…

2 Likes
11

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.