We are facing the LDAP error code 65 - attribute not allowed when making an entry to object class “sudoRole” or “nismailalias”. We have added the ‘sudoRole’ into the object class.
Can any one please help on how to fix this.
Below is the error:
LDAP error code 65 -atribute “sudoRole” not allowed.
Thanks,
Suresh
Hi Suresh,
You need to make object class multi type using below functionality first and add all attributes you need in these transform and make sure all these are case sensitive.
Attributes you might need to add in this multivalued may contain below.
inetOrgPerson
organizationalPerson
person
top
shadowAccount
posixAccount
sudoRole
Let me know if you have further questions. However, i can see you have mentioned sudoRole in your question but provisioning error show sudorole(be mindful of case).
Hi Gautham,
Thanks for your response!
Followed below sequence of steps
-
We have below object classes
account
inetOrgPerson
inetUser
posixAccount
ipUser
mailRecipient
organizationalPerson
person
shadowAccount
top
nismailalias
sudoRole -
Created new schema on a LDAP source.
Objecttype:sudoRole
nativeObjectType:sudoRole
-
Created below new Attributes in account schema
Attribute Name Type Entitlement Multi-Valued
sudoRole sudoRole Entitlement Multi-Valued
sudoUser string Multi-Valued
-
Ran the entitlement aggregation and verified that all sudoRoles are aggregated to SailPoint as an entitlement with type as “sudoRole”
-
Raised an access request to one sudoRole entitlement and we are seeing the LDAP error code 65 attribute not allowed.
-
I don’t find any string with “sudorole” in the LDAP source and group schemas.
-
Please see attached sudoRole schema and screenshots.
Regards,
Suresh
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.