Add Account to Group capability for the Active Directory Connector is failing when group names include '*' & '/' in RSA Governance & Lifecycle

6 months ago

Originally Published: 2025-05-19

Article Number

000073388

Applies To

RSA Governance & Lifecycle 8.0.0
SecurID Governance Lifecycle 7.5.2

Issue

When using the Add Account to Group Active Directory Connector Capability, for groups with names including * & /, the Change Request fails. It throws the below error code in the connector's log:

Error code = -1 Unexpected Exception

 Cause: 

javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0
]; remaining name 'CN=test*char/,OU=vcloud Users,DC=2k8r2-vcloud,DC=local'

Stack Trace:
javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0]; remaining name 'CN=test*char/,OU=vcloud Users,DC=2k8r2-vcloud,DC=local'	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3301)	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2998)	at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1061)	at com.sun.jndi.toolkit.ctx.ComponentContext.c_resolveIntermediate_nns(ComponentContext.java:168)	at com.sun.jndi.toolkit.ctx.AtomicContext.c_resolveIntermediate_nns(AtomicContext.java:359)	at com.sun.jndi.toolkit.ctx.ComponentContext.p_resolveIntermediate(ComponentContext.java:397)	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:270)	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:192)	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:181)	at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)	at com.aveksa.LdapOperationsImpl.addAccountToGroup(LdapOperationsImpl.java:141)	at com.aveksa.LdapComponent.processVerb(LdapComponent.java:72)	at sun.reflect.GeneratedMethodAccessor301.invoke(Unknown Source)	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)	at java.lang.reflect.Method.invoke(Method.java:498)	at org.mule.extensions.java.internal.util.MethodInvoker.doInvoke(MethodInvoker.java:99)	at org.mule.extensions.java.internal.util.MethodInvoker.invokeMethod(MethodInvoker.java:85)	at org.mule.extensions.java.internal.util.MethodInvoker.invokeMethod(MethodInvoker.java:49)	at org.mule.extensions.java.internal.operation.JavaInvokeOperations.invoke(JavaInvokeOperations.java:175)	at org.mule.extensions.java.internal.operation.JavaInvokeOperations$invoke$MethodComponentExecutor_AFX_CONN_Active_DirectoryConnector.execute(Unknown Source)	at org.mule.runtime.module.extension.internal.runtime.execution.GeneratedMethodComponentExecutor.execute(GeneratedMethodComponentExecutor.java:94)	at org.mule.runtime.module.extension.internal.runtime.execution.CompletableMethodOperationExecutor.doExecute(CompletableMethodOperationExecutor.java:26)	at org.mule.runtime.module.extension.internal.runtime.execution.AbstractCompletableMethodOperationExecutor.execute(AbstractCompletableMethodOperationExecutor.java:61)	at org.mule.runtime.module.extension.internal.runtime.operation.DefaultExecutionMediator.executeCommand(DefaultExecutionMediator.java:254)	at org.mule.runtime.module.extension.internal.runtime.operation.DefaultExecutionMediator.executeWithInterceptors(DefaultExecutionMediator.java:237)	at org.mule.runtime.module.extension.internal.runtime.operation.DefaultExecutionMediator.lambda$execute$1(DefaultExecutionMediator.java:144)	at org.mule.runtime.module.extension.internal.runtime.operation.DefaultExecutionMediator.lambda$new$0(DefaultExecutionMediator.java:80)	at org.mule.runtime.module.extension.internal.runtime.operation.DefaultExecutionMediator.withExecutionTemplate(DefaultExecutionMediator.java:335)	at org.mule.runtime.module.extension.internal.runtime.operation.DefaultExecutionMediator.execute(DefaultExecutionMediator.java:143)	at org.mule.runtime.module.extension.internal.runtime.operation.ComponentMessageProcessor.executeOperation(ComponentMessageProcessor.java:579)	at org.mule.runtime.module.extension.internal.runtime.operation.ComponentMessageProcessor.prepareAndExecuteOperation(ComponentMessageProcessor.java:823)	at org.mule.runtime.module.extension.internal.runtime.operation.ComponentMessageProcessor.lambda$onEventSynchronous$16(ComponentMessageProcessor.java:481)	at org.mule.runtime.module.extension.internal.runtime.operation.ComponentMessageProcessor.onEventSynchronous(ComponentMessageProcessor.java:488)	at org.mule.runtime.module.extension.internal.runtime.operation.ComponentMessageProcessor.lambda$createOuterFlux$6(ComponentMessageProcessor.java:397)	at reactor.core.publisher.FluxPeekFuseable$PeekFuseableConditionalSubscriber.onNext(FluxPeekFuseable.java:489)	at reactor.core.publisher.FluxMapFuseable$MapFuseableConditionalSubscriber.onNext(FluxMapFuseable.java:299)	at reactor.core.publisher.FluxPeekFuseable$PeekFuseableConditionalSubscriber.onNext(FluxPeekFuseable.java:503)	at org.mule.runtime.core.privileged.processor.chain.AbstractMessageProcessorChain$2.onNext(AbstractMessageProcessorChain.java:625)	at org.mule.runtime.core.privileged.processor.chain.AbstractMessageProcessorChain$2.onNext(AbstractMessageProcessorChain.java:620)	at reactor.core.publisher.FluxHide$SuppressFuseableSubscriber.onNext(FluxHide.java:137)	at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onNext(FluxPeekFuseable.java:210)	at reactor.core.publisher.FluxOnAssembly$OnAssemblySubscriber.onNext(FluxOnAssembly.java:539)	at reactor.core.publisher.FluxSubscribeOnValue$ScheduledScalar.run(FluxSubscribeOnValue.java:181)	at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:68)	at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:28)	at java.util.concurrent.FutureTask.run(FutureTask.java:266)	at org.mule.service.scheduler.internal.AbstractRunnableFutureDecorator.doRun(AbstractRunnableFutureDecorator.java:180)	at org.mule.service.scheduler.internal.RunnableFutureDecorator.run(RunnableFutureDecorator.java:55)	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)	at java.lang.Thread.run(Thread.java:750)

When using Test Capability, a Group name including * & / leads to the failure below:

Cause

This issue was caused by not handling the special characters properly while creating the Account Group, and other capabilities for the Active Directory Connector.

Resolution

These special characters will be appropriately escaped before being sent to the LDAP server. This issue is resolved in the following versions:

RSA Governance & Lifecycle 8.0.0 P07

Notes

The special characters affected by this issue are:

Underscore _
Forward slash /
Asterisk *

Other special characters may work without escaping, and the above require explicit escaping to be accepted by the endpoint.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles