000025272 - Error: 'PropertyDefinitions can only be created on existing LDAP attributes' when trying to 'add a new property' in RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025272
Applies ToRSA ClearTrust 5.5.x
iPlanet Directory Server
Microsoft Active Directory Application Mode (ADAM)
IssueError: "PropertyDefinitions can only be created on existing LDAP attributes" when trying to "add a new property" in RSA ClearTrust
CauseThe attribute to correspond to this property does not exist in the LDAP directory
The cleartrust.data.ldap.user.objectclass parameter in ldap.conf does not have the objectclass containing this attribute defined.
ResolutionEdit the Directory Server schema using the Admin Console.  Create a new Object Class in the Directory Server, and create an attribute matching the name of the Property into the Object Class.  

Next, you will need to edit the ldap.conf file on the CT Server to add the new association by editing the below line.  Then simply add your attribute to the end and save.

cleartrust.data.ldap.user.objectclass :top, person, organizationalPerson, inetOrgPerson, ctscUserAuxClass

The Entitlements Server will need to be restarted for this change to take effect.
Legacy Article IDa9504