000021415 - Error: 'NDS error: no additional information available (-306) [Invalid syntax]' when trying to update a Boolean User Property through RSA ClearTrust Entitlements Manager

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021415
Applies ToRSA ClearTrust 5.5 Entitlements Manager (Admin GUI)
Novell eDirectory 8.1.7
IssueError: "NDS error: no additional information available (-306) [Invalid syntax]" when trying to update a Boolean User Property through RSA ClearTrust Entitlements Manager
Cause
Boolean properties used internally by RSA ClearTrust Entitlement Server should not be confused with native LDAP Boolean type. Usually, it is recommended to use a String LDAP types when storing a ClearTrust boolean property value rather than a Boolean LDAP type. ClearTrust uses the string data type for various attribute by design due to the inconsistently in various LDAP servers.

A syntax Error is returned by the eDirectory LDAP server when ClearTrust Entitlements Server attempts to store a Boolean user property in a native LDAP Boolean field. This is caused by the ClearTrust Entitlements Server saving Boolean property types, along with other property types as String types in the backend datastore. eDirectory is not able to handle this format. NOTE For boolean types, the string of "1" or "0" is stored.
ResolutionThis issue is resolved in hot fix 5.5.2.35_RFE for RSA ClearTrust Servers, which adds support for mapping ClearTrust Boolean User Properties to eDirectory based Boolean type attributes. Contact RSA Security Customer Support to request this hot fix, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).

NOTE: The following 2 new ldap.conf parameters were introduced in hot fix 5.5.2.35:

    cleartrust.data.ldap.directory.edirectory.type  :eDirectory
    cleartrust.data.ldap.directory.edirectory-bind.type  :eDirectory

For more details, see the documentation included with hot fix 5.5.2.35.
WorkaroundRSA ClearTrust Boolean type User Property was mapped to a eDirectory native attribute of type Boolean
Legacy Article IDa22860

Attachments

    Outcomes