L&G: AFX: java.lang.IllegalArgumentException when Account and CN IDs do not match - LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
Originally Published: 2015-07-14
Article Number
Applies To
RSA Version/Condition: 6.0+
Issue
java.lang.IllegalArgumentException: The Account and CN IDs do not match: Account=hh16 vs. hh 16
Using the 'Create Account' test connector capabilities of an LDAP connector that connects to Active Directory fails with the following error:
Error code = -1
LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: 00002081: NameErr: DSID-03050C42, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:
'CN=hh16,OU=691_Horses_OU,DC=2k8r2-vcloud,DC=local'
LDAPException: Matched DN:
EXAMPLE:
==========
1. Create account:
Account=hh14
CN=hh14
SUCCESS !!
2. Create account:
Account=hh15
CN=hh 15 <--------------add a space (note the Account and CN do not match in this case)
FAILURE !!
Cause
Usually the CN is part of the account name (DN or Distinguished Name in Active Directory). For this reason it has to be the same. This is a common LDAPMODIFY restriction and also applies to Active Directory.
Example (good):
Account name: hh14
cn=hh14
DN: cn=hh14,cn=Users,dc=company,dc=com
Example (bad):
Account name: hh 15
cn=hh15
DN: cn=hh 15,cn=Users,dc=company,dc=com
Resolution
===========
To create an account with the AD connector - Account and CN must match
To create an account with the LDAP connector type=AD - Account and CN must match
To create an account with the LDAP connector type not= AD - Account and CN do not need to match (starting in 6.9.1 P03)
Workaround
Related Articles
Attempts to scrub/hash JSON data elements are not always working in RSA Web Threat Detection Number of Views Supported ODA SMS providers of. Number of Views How to create additional SMS operators Number of Views Browser loses Fragment identifier '#' after redirect in RSA Access Manager 6.x Number of Views Archive Requests Utility Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
