000030756 - L&G: AFX: java.lang.IllegalArgumentException when Account and CN IDs do not match - LDAPException: Invalid DN Syntax (34) Invalid DN Syntax

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030756
Applies ToRSA Product Set: RSA Via Lifecycle and Governance (L&G)
RSA Version/Condition: 6.0+
 
IssueUsing the 'Create Account' test connector capabilities of an Active Directory (AD) connector fails with the following error:
java.lang.IllegalArgumentException: The Account and CN IDs do not match: Account=hh16 vs. hh 16

Using the 'Create Account' test connector capabilities of an LDAP connector that connects to Active Directory fails with the following error:
Error code = -1 
LDAPException: Invalid DN Syntax (34) Invalid DN Syntax 
LDAPException: Server Message: 00002081: NameErr: DSID-03050C42, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of: 
'CN=hh16,OU=691_Horses_OU,DC=2k8r2-vcloud,DC=local' 
LDAPException: Matched DN: 


EXAMPLE:
==========

1. Create account: 
Account=hh14 
CN=hh14 
SUCCESS !! 
2. Create account: 
Account=hh15 
CN=hh 15 <--------------add a space (note the Account and CN do not match in this case)
FAILURE !! 
 



 
CauseThe Account Name and CN ID must match, else the create account command will fail.

Usually the CN is part of the account name (DN or Distinguished Name in Active Directory). For this reason it has to be the same. This is a common LDAPMODIFY restriction and also applies to Active Directory. 
Example (good): 
Account name: hh14
cn=hh14
DN: cn=hh14,cn=Users,dc=company,dc=com 
Example (bad):
Account name: hh 15
cn=hh15 
DN: cn=hh 15,cn=Users,dc=company,dc=com 
ResolutionIn summary:
===========

To create an account with the AD connector - Account and CN must match 
To create an account with the LDAP connector type=AD - Account and CN must match 
To create an account with the LDAP connector type not= AD - Account and CN do not need to match (starting in 6.9.1 P03) 
WorkaroundThis is expected behavior. To rectify this error, make sure the Account name and CN IDs match.
 

Attachments

    Outcomes