Adding a group to a user via TEWS for active directory
Article ID: 144292
Updated On:
Products
Issue/Introduction
We are calling modify AD group task via TEWS. When the group to be modified has special char like & or (), it errors out with unknown processing error. Please see the example below. It work fine with other DLs
REQUEST
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
<soapenv:Header></soapenv:Header>
<soapenv:Body>
<wsdl:TaskContext>
<wsdl:admin_id>uid=tewsadmin,ou=CorpStore,dc=<company name>,dc=com</wsdl:admin_id>
</wsdl:TaskContext>
<wsdl:ModifyActiveDirectoryGroup>
<wsdl:ModifyActiveDirectoryGroupSearch>
<wsdl:EndpointGroupSearch>
<wsdl:ContainerHandle>EndPoint=<company name> AD Endpoint,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:ContainerHandle>
<wsdl:ExploreMethod>FULL SUB-TREE</wsdl:ExploreMethod>
</wsdl:EndpointGroupSearch>
<wsdl:Filter index="?">
<wsdl:Field>%ENDPOINT_CAPABILITY_NAME%</wsdl:Field>
<wsdl:Op>EQUALS</wsdl:Op>
<wsdl:Value>companyname</wsdl:Value>
</wsdl:Filter>
</wsdl:ModifyActiveDirectoryGroupSearch>
<wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupGroupTab>
<wsdl:HistoryEntry>
<wsdl:Message>Parent task ID 18ccccf0-150fc46f-66fb30d1-1fdc8e0 </wsdl:Message>
</wsdl:HistoryEntry>
</wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupGroupTab>
<wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>
<wsdl:AccountMemberList>
<wsdl:add index="0">
<UniqueName>Account=Username1 (<company name>),ADSOrgUnit=Users,ADSOrgUnit=<ads org unit>,ADSOrgUnit=<ADSOrgunit1>,EndPoint=<company name AD Endpoint>,Namespace=ActiveDirectory,Domain=im,Server=Server</UniqueName>
</wsdl:add>
<wsdl:add index="1">
<UniqueName>Account=Username2 (<company name>),ADSOrgUnit=Users,ADSOrgUnit=<ads org unit>,ADSOrgUnit=<ADSOrgunit1>,EndPoint=<company name AD Endpoint>,Namespace=ActiveDirectory,Domain=im,Server=Server</UniqueName>
</wsdl:add>
<wsdl:add index="2">
<UniqueName>Account=Username3 (<company name>),ADSOrgUnit=Users,ADSOrgUnit=<ads org unit>,ADSOrgUnit=<ADSOrgunit1>,EndPoint=<company name AD Endpoint>,Namespace=ActiveDirectory,Domain=im,Server=Server</UniqueName>
</wsdl:add>
</wsdl:AccountMemberList>
</wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>
</wsdl:ModifyActiveDirectoryGroup>
</soapenv:Body>
</soapenv:Envelope>
RESPONSE
<soapenv:Envelope xsi:schemaLocation="http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tews="http://tews6/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>Unknown processing error.</faultstring>
<detail>
<tews:ImsException version="6.0">
<tews:exception>
<tews:name>com.netegrity.ims.exception.IMSException</tews:name>
<tews:code>700</tews:code>
<tews:description>java.util.NoSuchElementException error: No subjects returned for task: Modify Active Directory Group</tews:description>
<tews:transaction>20e3c264-#####-d1b96cb3-3c28</tews:transaction>
</tews:exception>
</tews:ImsException>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
Environment
Release : 12.6.8
Component : IdentityMinder(Identity Manager)
Resolution
Here are the calls that will work 14.x
Create Call: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl"> <soapenv:Header/> <soapenv:Body> <wsdl:TaskContext> <wsdl:admin_id>imadmin</wsdl:admin_id> <wsdl:admin_password>#####</wsdl:admin_password> </wsdl:TaskContext> <wsdl:CreateActiveDirectoryGroup> <wsdl:CreateActiveDirectoryGroupSearch> <wsdl:CreateNew>TRUE</wsdl:CreateNew> <wsdl:EndpointGroupSearch> <wsdl:ContainerHandle>ADSOrgUnit=<Org Unit>,EndPoint=<endpoint>,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:ContainerHandle> <wsdl:ExploreMethod>ONE LEVEL</wsdl:ExploreMethod> </wsdl:EndpointGroupSearch> </wsdl:CreateActiveDirectoryGroupSearch> <wsdl:CreateActiveDirectoryGroupActiveDirectoryGroupGroupTab> <wsdl:_PCT_ENDPOINT_CAPABILITY_NAME_PCT_>TEWS</wsdl:_PCT_ENDPOINT_CAPABILITY_NAME_PCT_> <wsdl:ntAccountId>TEWS</wsdl:ntAccountId> <wsdl:ADSdescription>GroupFromTEWS</wsdl:ADSdescription> <wsdl:groupScopeInternal>Global</wsdl:groupScopeInternal> <wsdl:groupTypeInternal>Security</wsdl:groupTypeInternal> <wsdl:info>TEST</wsdl:info> </wsdl:CreateActiveDirectoryGroupActiveDirectoryGroupGroupTab> </wsdl:CreateActiveDirectoryGroup> </soapenv:Body> </soapenv:Envelope> Modify Call: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl"> <soapenv:Header/> <soapenv:Body> <wsdl:TaskContext> <wsdl:admin_id>imadmin</wsdl:admin_id> <wsdl:admin_password>######</wsdl:admin_password> </wsdl:TaskContext> <wsdl:ModifyActiveDirectoryGroup> <wsdl:ModifyActiveDirectoryGroupSearch> <wsdl:Subject> <wsdl:UniqueName>ADSGroup=<AD Group>,ADSOrgUnit=<org Unit>,EndPoint=<endpoint>,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName> </wsdl:Subject> </wsdl:ModifyActiveDirectoryGroupSearch> <wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab> <wsdl:AccountMemberList> <wsdl:add index="0"> <wsdl:UniqueName>Account=Username,ADSOrgUnit=<Org unit>,EndPoint=ADserver,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName> </wsdl:add> </wsdl:AccountMemberList> </wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab> </wsdl:ModifyActiveDirectoryGroup> </soapenv:Body> </soapenv:Envelope>
Feedback
