Hello Community,
I am trying to create a user Account in active directory using a rule in IdentityIQ.
I identify a user by their name, in this case, “Test ADuser” and proceed to create a provisioning plan tailored to this user. This plan encompasses the specification of various attributes and their corresponding values for the new user account. I construct attributes like the Common Name (cn), Distinguished Name (dn), sAMAccountName, userPrincipalName (UPN), email (mail), password, first name, last name, and display name. Furthermore, I assign the user to a specific group (“memberOf”).
Here is a snippet of the code:
SailPointContext ctx = SailPointFactory.getCurrentContext();
if ( ctx == null ) {
throw new GeneralException("Unable to get sailpoint context.");
}
String identityName = "Test.ADuser";
Identity identity = context.getObjectByName(Identity.class, identityName);
ProvisioningPlan plan = new ProvisioningPlan();
plan.setIdentity(identity);
AccountRequest accReq = new AccountRequest();
accReq.setApplication("AD");
String firstName = identity.getAttribute("firstname");
String lastName = identity.getAttribute("lastname");
System.out.println("Debugging: firstName = " + firstName);
System.out.println("Debugging: lastName = " + lastName);
String displayName = identity.getAttribute("displayName");
accReq.setOperation(ProvisioningPlan.AccountRequest.Operation.Create);
List attrbReqList = new ArrayList();
AttributeRequest attrReqCN = new AttributeRequest("cn", Operation.Set, displayName);
attrbReqList.add(attrReqCN);
String dn = "CN=" + displayName + ",OU=users,OU=sailpoint_test,OU=chicken,DC=chicken,DC=local";
AttributeRequest attrReqDN = new AttributeRequest("distinguishedName", Operation.Set, dn);
attrbReqList.add(attrReqDN);
String sAMAccountName = firstName + "." + lastName;
System.out.println("Debugging: sAMAccountName = " + sAMAccountName);
AttributeRequest attrsAMA = new AttributeRequest("sAMAccountName", Operation.Set, sAMAccountName);
attrbReqList.add(attrsAMA);
When I run the rule, I don’t receive any Error on the Object browser. I checked the tomcat std.out logs and the provisioning plan was executed successfully despite message related to the “DistinguishedName” attribute, but no user account was created in Active Directory.
Here is the error in the log file:
Debugging: firstName = Testad
Debugging: lastName = Sailpoint
Debugging: DN = CN=Testad Sailpoint,OU=Users,OU=SailPoint_Test,OU=chicken,DC=chicken,DC=LOCAL
Debugging: sAMAccountName = Testad.Sailpoint
Debugging: upn = [email protected]
plan: <?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningPlan>
<AccountRequest application="AD" op="Create">
<AttributeRequest name="cn" op="Set" value="Testad Sailpoint"/>
<AttributeRequest name="distinguishedName" op="Set" value="CN=Testad Sailpoint,OU=Users,OU=SailPoint_Test,OU=chicken,DC=chicken,DC=LOCAL"/>
<AttributeRequest name="sAMAccountName" op="Set" value="Testad.Sailpoint"/>
<AttributeRequest name="userPrincipalName" op="Set" value="[email protected]"/>
<AttributeRequest name="mail" op="Set" value="[email protected]"/>
<AttributeRequest name="password" op="Set" value="Chicken@123"/>
<AttributeRequest name="givenName" op="Set" value="Testad"/>
<AttributeRequest name="sn" op="Set" value="Sailpoint"/>
<AttributeRequest name="displayName" op="Set" value="Testad Sailpoint"/>
<AttributeRequest name="memberOf" op="Add" value="CN=SailPoint_Test_gr,OU=SailPoint_Test,OU=chicken,DC=chicken,DC=LOCAL"/>
</AccountRequest>
</ProvisioningPlan>
2023-10-19T15:55:51,947 ERROR QuartzScheduler_Worker-3 sailpoint.connector.RPCService:554 - Exception occurred while executing the RPCRequest: Errors returned from IQService. "Attribute DistinguishedNamedoes not contain expected character ,. Value supplied : . HRESULT:[0x80131500]"
sailpoint.tools.GeneralException: Errors returned from IQService. "Attribute DistinguishedNamedoes not contain expected character ,. Value supplied : . HRESULT:[0x80131500]"