L&G: AFX: java.lang.IllegalArgumentException when Account and CN IDs do not match - LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
Originally Published: 2015-07-14
Article Number
Applies To
RSA Version/Condition: 6.0+
Issue
java.lang.IllegalArgumentException: The Account and CN IDs do not match: Account=hh16 vs. hh 16
Using the 'Create Account' test connector capabilities of an LDAP connector that connects to Active Directory fails with the following error:
Error code = -1
LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: 00002081: NameErr: DSID-03050C42, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:
'CN=hh16,OU=691_Horses_OU,DC=2k8r2-vcloud,DC=local'
LDAPException: Matched DN:
EXAMPLE:
==========
1. Create account:
Account=hh14
CN=hh14
SUCCESS !!
2. Create account:
Account=hh15
CN=hh 15 <--------------add a space (note the Account and CN do not match in this case)
FAILURE !!
Cause
Usually the CN is part of the account name (DN or Distinguished Name in Active Directory). For this reason it has to be the same. This is a common LDAPMODIFY restriction and also applies to Active Directory.
Example (good):
Account name: hh14
cn=hh14
DN: cn=hh14,cn=Users,dc=company,dc=com
Example (bad):
Account name: hh 15
cn=hh15
DN: cn=hh 15,cn=Users,dc=company,dc=com
Resolution
===========
To create an account with the AD connector - Account and CN must match
To create an account with the LDAP connector type=AD - Account and CN must match
To create an account with the LDAP connector type not= AD - Account and CN do not need to match (starting in 6.9.1 P03)
Workaround
Related Articles
Attempts to scrub/hash JSON data elements are not always working in RSA Web Threat Detection Number of Views Supported ODA SMS providers of. Number of Views How to create additional SMS operators Number of Views Browser loses Fragment identifier '#' after redirect in RSA Access Manager 6.x Number of Views Supported On-Demand Authentication (ODA) SMS providers for use with RSA Authentication Manager 8.x Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
