000036913 - RSA Identity Governance & Lifecycle LDAP connector fails with "no Such Attribute" error

Document created by RSA Customer Support Employee on Nov 16, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036913
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0

RSA Identity Governance & Lifecycle LDAP connector fails when using the Add Account to Group capability.

The AFX connector log file (/home/oracle/AFX/esb/logs/esb.AFX-CONN-{connector name}-Server.log) shows the following error message:

2018-08-30 00:00:41.778 [ERROR] org.mule.transport.ldapx.LdapxConnector:337 - Error: LDAPException: No Such Attribute (16) No Such Attribute
LDAPException: Matched DN:

This issue occurs if the name of the LDAP attribute that is being modified is incorrect.

The RSA Identity Governance & Lifecycle Add Account to Group capability adds an account to the group object by linking the account to the group through a member object.  Different LDAP servers use different names for the member attribute.

  1. Under the Settings tab for the LDAP connector, scroll down to the Group section.
  2. Modify the User membership attribute for Group value to match the member object used by your LDAP datastore.


User-added image.

Consult your vendor for the actual name of the member attribute for your directory server.    In some cases the name of the attribute used may be different than published.  For example, for Oracle Internet Directory server, the typical value for the member attribute is uniqueMember