L&G: AFX: java.lang.IllegalArgumentException when Account and CN IDs do not match - LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
Originally Published: 2015-07-14
Article Number
Applies To
RSA Version/Condition: 6.0+
Issue
java.lang.IllegalArgumentException: The Account and CN IDs do not match: Account=hh16 vs. hh 16
Using the 'Create Account' test connector capabilities of an LDAP connector that connects to Active Directory fails with the following error:
Error code = -1
LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: 00002081: NameErr: DSID-03050C42, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:
'CN=hh16,OU=691_Horses_OU,DC=2k8r2-vcloud,DC=local'
LDAPException: Matched DN:
EXAMPLE:
==========
1. Create account:
Account=hh14
CN=hh14
SUCCESS !!
2. Create account:
Account=hh15
CN=hh 15 <--------------add a space (note the Account and CN do not match in this case)
FAILURE !!
Cause
Usually the CN is part of the account name (DN or Distinguished Name in Active Directory). For this reason it has to be the same. This is a common LDAPMODIFY restriction and also applies to Active Directory.
Example (good):
Account name: hh14
cn=hh14
DN: cn=hh14,cn=Users,dc=company,dc=com
Example (bad):
Account name: hh 15
cn=hh15
DN: cn=hh 15,cn=Users,dc=company,dc=com
Resolution
===========
To create an account with the AD connector - Account and CN must match
To create an account with the LDAP connector type=AD - Account and CN must match
To create an account with the LDAP connector type not= AD - Account and CN do not need to match (starting in 6.9.1 P03)
Workaround
Related Articles
Attempts to scrub/hash JSON data elements are not always working in RSA Web Threat Detection Number of Views Supported ODA SMS providers of. Number of Views How to create additional SMS operators Number of Views Browser loses Fragment identifier '#' after redirect in RSA Access Manager 6.x Number of Views Changes to the RSA Authentication Manager 8.1 Public APIs Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
