000025848 - RSA ClearTrust Entitlements Server cannot find user-defined object classes in LDAP datastore

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025848
Applies ToRSA ClearTrust 5.5 Entitlements Server (EServer)
RSA ClearTrust 5.0.1 Entitlements Server (EServer)
LDAP datastore
IssueRSA ClearTrust Entitlements Server cannot find user-defined object classes in LDAP datastore
Error: sirrus.da.exception.OperationNotSupportedException: PropertyDefinitions can only be created on existing LDAP attributes
CauseWhen creating RSA ClearTrust user properties with the Entitlements Manager, the property will first need to exist as an LDAP attribute accessible by ClearTrust. ClearTrust will be able to access any attribute that is in one of the object classes specified by the ldap.conf parameter cleartrust.data.ldap.user.objectclass. By default, for example when using the SunONE directory server, this includes the following object classes: top, person, organizationalPerson, inetOrgPerson, ctscUserAuxClass.
ResolutionIf your goal is to use a custom attribute for a ClearTrust user property, that attribute will either need to be allowed under on of the object classes listed in the cleartrust.data.ldap.user.objectclass parameter, or its object class will need to be added to the ldap.conf parameter cleartrust.data.ldap.user.objectclass.

For example, in your LDAP console, you could create a new object class called myCustomObjectClass and an attribute called myCustomAttribute. Add myCustomAttribute as an allowable attribute to the myCustomObjectClass, and add myCustomObjectClass to the list of object classes of ldap.conf parameter cleartrust.data.ldap.user.objectclass.

Alternately, you could simply create the new attribute and add it as an allowable attribute under the default object classes top, person, organizationalPerson, inetOrgPerson, ctscUserAuxClass.
Legacy Article IDa17869

Attachments

    Outcomes