I am getting below error when generating user id using usernamegenerator in AD.
Calling getObject for objectType ‘account’ using id ‘XXXX’ and options ‘{cloudConfigOverrides={aggregateTimeout=30, disablePooling=true, timeout=30}}’ on source ‘Test_AD [source]’. Exception: sailpoint.connector.ConnectorException: [ InvalidConfigurationException ] [ Error details ] Required string attribute ‘User’ is not defined.It must have a valid value.
I already have “objectType - User” added in the provisioning policy. I have tried account id as DN, and SamAccountName but the error is same. Any help why its searching for string using “account” instead of “user”
Hi @anandan07 ,
Are you using userNameGenerator for DN or SamAccountName .UsernameGenerator rule has to be used only for the nativeIdentity (accountId in any source) Here it can only be used in DN.Check that in configuration.Try to check the configuration in the source and try to increase the timeout .
Thanks,
Hi @anandan07,
I see the error is for attribute user which seems like a custom attribute. Can you please confirm for which attribute do you need the unique value. If it is a user, then i think you can use it but in order to make the uniqueness check here, you will need to make this attribute searcheable.
I request to provide some more information, so that we can assist you better.
Thank You.
Regards
Vikas.
First i used to generate unique DN using username generator having DN as the account ID. Got the same error. Then tried changing account id to Samaccountname and tried generating samaccountname the error is same.
If I hard code the value in the provisining profile as static and trigger provisioning it works fine.
There is no custom attribute “User”. Only ObjectType attribute has User as the value. and even if i make sourcecheck to false i am getting the same error. I tried with accountid as DN and used the transform dint work and make account id as samaccountname and tested the transform for samaccountname same error “Calling getObject for objectType ‘account’ using id ‘XXXX’ and options ‘{cloudConfigOverrides={aggregateTimeout=30, disablePooling=true, timeout=30}}’ on source ‘Test_AD [source]’. Exception: sailpoint.connector.ConnectorException: [ InvalidConfigurationException ] [ Error details ] Required string attribute ‘User’ is not defined.It must have a valid value.” – not sure from where its getting the objectType account. in provisining profile i have objecttype as user
I did find another post with the same issue:
It seems recreating the source solved this before.
@anandan07 Have you tried using the Create Unique LDAP Attribute instead?
I am using it for both SamAccountName and DN… error is same
I did not create any custom attribute as user… i want to generate unique id for samaccountname as i got this error i tried the same with DN with minor modification still the error is same
Yes i tried user create unique LDAP attribute it worked fine. I tried creating new source still same error
Can you please share your create plan or specifically the transforms for these?
One way to troubleshoot would be to start with a very basic create plan and start adding attributes back in to identify where the error is coming from.
Have you made any changes to the account schema out of the box? According to the connector documentation, it is advised against changing account name and account id from the OOB configuration.
I’ve used the username generator to create DN and then unique ldap attributes for sAMAccountName. Is there a reason Unique LDAP Attribute won’t work for your use case?
Hi @anandan07
Can you please share the screenshot of the create provisioing policy so that we can verify what is the error.
Thank You.
Regards
Vikas
Yes, I tried creating user with some hardcoded value (static) for samaccountname and DN it works fine. When using transform then getting the error
transform for samaccountname –
{
“name”: “sAMAccountName”,
“transform”: {
“type”: “usernameGenerator”,
“attributes”: {
“sourceCheck”: true,
“patterns”: [“$fn$ln”,
“$fn$ln${uniqueCounter}”],
“fn”: {
“type”: “identityAttribute”,
“attributes”: {
“name”: “firstname”
}
},
“ln”: {
“type”: “identityAttribute”,
“attributes”: {
“name”: “lastname”
}
}
}
},
“attributes”: {
“cloudMaxSize”: “12”,
“cloudMaxUniqueChecks”: “2”,
“cloudRequired”: “true”
},
“isRequired”: false,
“type”: “string”,
“isMultiValued”: false
}
Hi
Have you checked your dn value, correct or not?
Thanks
Siva.K
DN value is correct…and if i hard code the samaccountname for ex - making it static and giving a value and tried provisioning it works with the same DN.but if I use uniqueaccount generation transform for samaccount name it failes.
Hi
Have you checked your transform output? write this transform in identity profile and check the value.
thanks,
Siva.K
How long are the values for the first and last name?
You have set “cloudMaxSixe” to 12, so if those values are longer than 11 characters (you need one for the counter) the transform will likely fail
Phil
yes transform is working fine. i have used the transform in identity profile and also in other application to generate some ids.
Actually its not the transform issue. As the transform works fine with other applications. ex OKTA. the issue is only with AD source connector
Better reconfigure with new AD source. it will work.