Active Directory AFX Connector Add Account to Group capability fails with 'No Such Attribute' error in RSA Identity Governance & Lifecycle

RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.x

The RSA Identity Governance & Lifecycle Active Directory AFX Connector Add Account to Group capability fails.

The AFX connector log file, $AFX_HOME/esb/logs/esb.AFX-CONN-{connector name}.log, shows the following error message:

2018-08-30 00:00:41.778 [ERROR] org.mule.transport.ldapx.LdapxConnector:337 - 
Error: LDAPException: No Such Attribute (16) No Such Attribute
LDAPException: Matched DN:

Account to Group capability adds an account to the group object by linking the account to the group through a member object. Different LDAP servers use different names for the member object attribute.

This issue occurs if the name of the User membership attribute for Group defined in the connector definition, is incorrect and does not match what the LDAP server uses for the member object attribute.

Modify the User membership attribute for Group defined in the connector definition, to match what the LDAP server uses for the member object attribute.

1. In the user interface, go to AFX > Connectors > {connector-name} > Settings tab.
2. Scroll down to the Group section.
3. Modify the User membership attribute for Group value to match the member object used by your LDAP datastore.

 

.

Consult your vendor to determine the actual name of the member attribute for your directory server. For example, for Oracle Internet Directory Server, the typical value for the member attribute is uniqueMember. 

Note: In some cases the name of the attribute used may be different than published.