Regarding isUniqueLDAPValue to check Uniqueness of Email

Hi Folks,

Does anyone used the variable “isUniqueLDAPValue” for uniqueness check? How this function should be used?

I want to use the below function to check the uniqueness of email and SMTP for new user creation. Both attributes are enabled.

Couple of issues I saw:

• No logs are coming up for this. Sailpoint does not see any logs from their end
  → log.info("xxxxxxxxxxxxxxx isUnique 2222222222 xxxxxxxxxxxxxxxxxxxx: " + isUnique2);

• Getting error while creating a new AD account
  → Unable to generate a unique value for ‘MSxxxx’, action LDAPUniqueValueValidator[mailAttribute=“[email protected]”,app=Uxx-AD-Source] is not retry-able due to InterruptedException: Timeout waiting for response to message 8234 from client dxxxx6-7119-4xxad-8xxc7-1e0exxx51d2 after 30 seconds.

Below is the code I added just to check the variable value:
boolean isUnique2 = idn.isUniqueLDAPValue(IdentityID, AD_SOURCE_ID, “mailAttribute”, newEmail);

boolean isUnique3 = idn.isUniqueLDAPValue(IdentityID, AD_SOURCE_ID, “proxyaddesses”, newEmail);

Does “isUniqueLDAPValue” check and terminate the process if no uniqueness is found?

Please suggest.
Thanks

Hi @msingh39

can you check if any other attribute from the create profile causing the issue for creating account like for me it was manage DN.

also isUniqueLDAPValue will not terminate the process/Code, it will just return false, you will need to handle that in the rule how to proceed if it returns false, Most of the time value(newEmail) for the attribute will be generated within the rule and passed to isUniqueLDAPValue method.

Thanks Rakesh for the reply. I don’t see any other attribute causing it. After removing the code it works fine.

Problems You’re Seeing

1. No logs:

• If you’re not seeing logs like log.info("xxxxxxxxxxxxxxx isUnique 2222222222 xxxxxxxxxxxxxxxxxxxx: " + isUnique2);, make sure:
  • Logging is enabled at the correct level (e.g., INFO). You can also use log.error.
  • The log is placed in the correct context (Java rule or transform).
  • You’re not running this in a context where logs are suppressed or filtered.
  • You’re not hitting an exception before the log is printed.

3. Timeout Error:

• InterruptedException: Timeout waiting for response... indicates a backend timeout, usually due to:
  • LDAP server latency.
  • Misconfigured source (e.g., bad filter or DN).
  • High load or performance issues on the connector server.
• Check:
  • The connectivity and performance of the AD source.
  • If the attribute is indexed in AD.
  • Network issues between connector server and AD.

Recommendations

• Confirm your attributes:
  • "mail" and "proxyAddresses" are correct, but "proxyaddesses" (typo?) is incorrect.
• Use valid attribute names exactly as expected in the LDAP schema.
• Wrap the function in a safe try-catch block for better debugging:

try {
    boolean isUnique = idn.isUniqueLDAPValue(identityID, sourceID, "mail", newEmail);
    log.error("Email uniqueness: " + isUnique);
} catch (Exception e) {
    log.error("Error checking uniqueness: " + e.getMessage(), e);
}

If this won’t work you can try idn.attrSearchCountAccounts method as well to check email uniqueness.

Thanks Sagar, but I think this will not work as I need to check accounts outside of aggregated accounts in AD.

Thanks Dheeraj, I tried that earlier and causing issues. Will change the logger and see how it goes with that. In ISC, the cloud logs are visible to Sailpoint support only and we can’t see in our ccg logs for that. Will try log.error to see.

Hi @msingh39,

If you’d like to, you can raise a ServiceNow ticket to request the logs.

They said its not available.

To be honest, support team is not well aware sometimes on the ask. One member share details, other one ask for PS ticket to open to get it.

Strange… we did raise a SP ticket to get the logs, and they were shared with us.

Hi @msingh39,

Can you give this a try?

idn.isUniqueLDAPValue(identity.getName(), application.getName(), “mail”, generatedEmailValue)