Hi,
While provisioning to LDAP, I am getting the error message below. I tried sending the objectclass below, but I still get the same error. Any idea?
top
person
organizationalPerson
userProxyFull
sailpoint. connector.ConnectorException: [LDAP: error code 65 - 000020B4: UpdErr: DSID-03051467, problem 6002 (OBJ_CLASS_VIOLATION), data 0 ]
Thanks,
The application team said that I need to send all the objectClass, and I am sending multiple values in create profile like below, but it is still getting the same error,
Is it the correct way to send multiple values?
{
"attributes": {
"cloudRequired": "true"
},
"isRequired": false,
"multi": true,
"name": "objectClass",
"transform": {
"attributes": {
"value": "userProxyFull, top, person, organizationalPerson"
},
"type": "static"
},
"type": "string"
}
I did add multiple values to the create profile, and the error below is showing. Any idea please.
sailpoint.connector.ConnectorException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839]
sailpoint.connector.ConnectorException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839
Hi @pkumar22,
I can think of 2 things,
Check the schema documentation or schema browser for your LDAP directory to ensure that the âuserProxyFullâ object class is defined and supported. Also, makes sure the SailPoint connector for your LDAP directory is correctly configured with the appropriate schema mappings and object class settings.
Based on the object classes you provided (userProxyFull , top , person , organizationalPerson ), a common order or the best practices would be: top, person, organizationalPerson, userProxyFull. This order places the abstract top object class first, followed by the other abstract object classes (person , organizationalPerson ), and then the structural or custom object class (userProxyFull ) last.
Hope this helps!
Hey @pkumar22, you are missing the cloudDelimiter attribute. This may be what you need:
{
"attributes": {
"cloudDelimiter": ","
},
"isRequired": false,
"multi": true,
"name": "objectClass",
"transform": {
"attributes": {
"value": "userProxyFull,top,person,organizationalPerson"
},
"type": "static"
},
"type": "string"
}
@Sachin_Rajathadri @brennenscott
I added cloudDelimiter and all the attributes into the schema and provisioning basic info, but Iâm still getting the same issue.
Below is the search DN and Filter
Hey @pkumar22, will you try this next? Instead of using the multi value, I changed it to the attribute of isMultiValued.
{
"attributes": {
"cloudDelimiter": ","
},
"isRequired": false,
"isMultiValued": true,
"name": "objectClass",
"transform": {
"attributes": {
"value": "top,person,organizationalPerson,userProxyFull"
},
"type": "static"
},
"type": "string"
}
I also reordered the object classes in the correct order as provided by @Sachin_Rajathadri.
If this works for you, let me know. I can then take that information and work to determine why this attribute works while multi does not. I believe multi was changed to isMultiValued but documentation needs to be updated to reflect that.
Still, the same error and below plan and log.
âProvisioning plan in return : <?xml version='1.0' encoding='UTF-8'?>\n\n<ProvisioningPlan nativeIdentity="801998">\n <AccountRequest application="ADLDS [source]" nativeIdentity="CN=torkflte,CN=TestUsers,DC=lthlds" op="Create">\n <AttributeRequest name="memberOf" op="Add" value="CN=Readers,CN=Roles,DC=lthlds"/>\n <AttributeRequest name="objectSid" op="Add" value="S-1-5-21-515967899-1060284298-682003330-5042650"/>\n <AttributeRequest name="objectguid" op="Add" value="{6c6eebd2-e3df-4291-965f-e1dbeb7895be}"/>\n <AttributeRequest name="Class" op="Add" value="userProxyFull"/>\n <AttributeRequest name="objectclass" op="Add" value="top,person,organizationalPerson,userProxyFull"/>\n <AttributeRequest name="uid" op="Add" value="torkflte"/>\n <ProvisioningResult status="failed">\n \n <Message key="sailpoint.connector.ConnectorException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839]" type="Error"/>\n </Errors>\n </ProvisioningResult>\n </AccountRequest>\n \n \n <entry key="accessRequestType" value="GRANT_ACCESS"/>\n <entry key="identityRequestId" value="6234a7fbfb9f4b40998902dd9cec3fb9"/>\n <entry key="requester" value="Prasantha.Kumar"/>\n <entry key="source" value="LCM"/>\n </Map>\n </Attributes>\n <ProvisioningResult status="failed">\n \n <Message key="sailpoint.connector.ConnectorException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839]" type="Error"/>\n </Errors>\n </ProvisioningResult>\n</ProvisioningPlan>\nâ,
Log
{âexceptionâ:{âstacktraceâ:âsailpoint.connector.ConnectorException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839\u0000]\n\tat sailpoint.connector.LDAPConnector.exceptionBucketing(LDAPConnector.java:3061)\n\tat sailpoint.connector.LDAPConnector.create(LDAPConnector.java:9995)\n\tat sailpoint.connector.LDAPConnector.provision(LDAPConnector.java:9219)\n\tat sailpoint.connector.ConnectorProxy.provision(ConnectorProxy.java:1206)\n\tat com.sailpoint.ccg.cloud.container.Container.provision(Container.java:326)\n\tat com.sailpoint.ccg.cloud.container.ContainerIntegration.provision(ContainerIntegration.java:156)\n\tat com.sailpoint.ccg.handler.ProvisionHandler.invoke(ProvisionHandler.java:190)\n\tat sailpoint.gateway.accessiq.CcgPipelineMessageHandler.handleMessage_aroundBody0(CcgPipelineMessageHandler.java:47)\n\tat sailpoint.gateway.accessiq.CcgPipelineMessageHandler$AjcClosure1.run(CcgPipelineMessageHandler.java:1)\n\tat org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:167)\n\tat com.sailpoint.tracing.otel.TracedAspect.lambda$traceExecution$0(TracedAspect.java:30)\n\tat com.sailpoint.tracing.otel.GlobalTracer.trace(GlobalTracer.java:158)\n\tat com.sailpoint.tracing.otel.GlobalTracer.trace(GlobalTracer.java:137)\n\tat com.sailpoint.tracing.otel.GlobalTracer.trace(GlobalTracer.java:125)\n\tat com.sailpoint.tracing.otel.TracedAspect.traceExecution(TracedAspect.java:32)\n\tat sailpoint.gateway.accessiq.CcgPipelineMessageHandler.handleMessage(CcgPipelineMessageHandler.java:36)\n\tat com.sailpoint.pipeline.server.PipelineServer$InboundQueueListener$MessageHandler.run(PipelineServer.java:369)\n\tat java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\n\tat java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\n\tat java.base/java.lang.Thread.run(Thread.java:829)\nCaused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839\u0000]; remaining name âCN=torkflte,CN=TestUsers,DC=lthldsâ\n\tat java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3280)\n\tat java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)\n\tat java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)\n\tat java.naming/com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:452)\n\tat java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:299)\n\tat java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:217)\n\tat java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:206)\n\tat java.naming/javax.naming.directory.InitialDirContext.bind(InitialDirContext.java:177)\n\tat sailpoint.connector.LDAPConnector.create(LDAPConnector.java:9760)\n\t⌠20 more\nâ,âexception_classâ:âsailpoint.connector.ConnectorExceptionâ,âexception_messageâ:â[LDAP: error code 16 - 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839\u0000]â},âstackâ:âccgâ,âpodâ:âstg07-useast1â,âconnector-loggingâ:â150â,âOperationâ:âCreateâ,âclusterIdâ:â391â,âbuildNumberâ:â955â,âapiUsernameâ:âdfc0e4a3-4789-4bcc-9784-e82ca690d25aâ,âObjectTypeâ:âaccountâ,âorgTypeâ:ââ,âfileâ:âLDAPConnector.javaâ,âencryptionâ:â1266â,âmessageTypeâ:âprovisionâ,âconnector-bundle-identityiqâ:â212â,âline_numberâ:10000,â@versionâ:1,âCB_versionâ:â533â,âcloud-modules-apiâ:â1477â,âlogger_nameâ:âsailpoint.connector.LDAPConnectorâ,âmantis-clientâ:â1400â,âclassâ:âsailpoint.connector.LDAPConnectorâ,âParentOperationâ:âProvisioningOperationâ,âatlas-apiâ:â1823â,âva-gateway-clientâ:â46â,âtracingâ:â1400â,âclientIdâ:âdfc0e4a3-4789-4bcc-9784-e82ca690d25aâ,ârequest_millisecondsâ:â5435â,âsource_hostâ:âc54774fea093â,âmethodâ:âcreateâ,âorgâ:âuch-sbâ,âlevelâ:âERRORâ,âIdentityIQâ:â8.3p4 Build 1527a593753-20230805-223436â,âmessageâ:â372744221 Failed to create object [CN=torkflte,CN=TestUsers,DC=lthlds]: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839\u0000]â,âpipelineâ:â1266â,â@timestampâ:â2024-03-25T19:25:34.540Zâ,âNativeIdentityâ:â801998â,âthread_nameâ:âpool-6-thread-1â,âatlas-utilâ:â1823â,âmetricsâ:â1266â,âregionâ:âu-1â,âAppTypeâ:âADAM - Directâ,âApplicationâ:âADLDS [source]â,}
This looks like an incorrect DN. I think you need to correct this to CN=torkflte,OU=TestUsers,DC=lthlds (where the TestUsers is OU= instead of CN=).
<AttributeRequest name="memberOf" op="Add" value="CN=Readers,CN=Roles,DC=lthlds"/>
Same thing with this. It looks like you are not defining the OU and instead are using CN. It (probably) should be:
CN=Readers,OU=Roles,DC=lthlds
We are using Microsoft Lightweight Directory Services as the connector, and the DN format is correct. The test user is created from the target system and aggregated into sailpoint, and the format is CN only and all the existing users are in CN.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
