Adding a group to a user via TEWS for active directory

book

Article ID: 144292

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

We are calling modify AD group task via TEWS. When the group to be modified has special char like & or (), it errors out with unknown processing error. Please see the example below. It work fine with other DLs


REQUEST

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">

    <soapenv:Header></soapenv:Header>

    <soapenv:Body>

        <wsdl:TaskContext>

            <wsdl:admin_id>uid=tewsadmin,ou=CorpStore,dc=citco,dc=com</wsdl:admin_id>

        </wsdl:TaskContext>

        <wsdl:ModifyActiveDirectoryGroup>

            <wsdl:ModifyActiveDirectoryGroupSearch>

                <wsdl:EndpointGroupSearch>

                    <wsdl:ContainerHandle>EndPoint=Citco AD Endpoint,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:ContainerHandle>

                    <wsdl:ExploreMethod>FULL SUB-TREE</wsdl:ExploreMethod>

                </wsdl:EndpointGroupSearch>

                <wsdl:Filter index="?">

                    <wsdl:Field>%ENDPOINT_CAPABILITY_NAME%</wsdl:Field>

                    <wsdl:Op>EQUALS</wsdl:Op>

                    <wsdl:Value>Walmart (NL)</wsdl:Value>

                </wsdl:Filter>

            </wsdl:ModifyActiveDirectoryGroupSearch>

            <wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupGroupTab>

                <wsdl:HistoryEntry>

                    <wsdl:Message>Parent task ID 18ccccf0-150fc46f-66fb30d1-1fdc8e0 </wsdl:Message>

                </wsdl:HistoryEntry>

            </wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupGroupTab>

            <wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>

                <wsdl:AccountMemberList>

                    <wsdl:add index="0">

                        <UniqueName>Account=Daly\, Suzanne (Citco),ADSOrgUnit=Users,ADSOrgUnit=CRK CTM,ADSOrgUnit=CTM,EndPoint=Citco AD Endpoint,Namespace=ActiveDirectory,Domain=im,Server=Server</UniqueName>

                    </wsdl:add>

                    <wsdl:add index="1">

                        <UniqueName>Account=Manuel\, Jeffrey (Citco),ADSOrgUnit=Users,ADSOrgUnit=CLK CTM,ADSOrgUnit=CTM,EndPoint=Citco AD Endpoint,Namespace=ActiveDirectory,Domain=im,Server=Server</UniqueName>

                    </wsdl:add>

                    <wsdl:add index="2">

                        <UniqueName>Account=Santos\, Kim Aldous (Citco),ADSOrgUnit=Users,ADSOrgUnit=MNL CTM,ADSOrgUnit=CTM,EndPoint=Citco AD Endpoint,Namespace=ActiveDirectory,Domain=im,Server=Server</UniqueName>

                    </wsdl:add>

                </wsdl:AccountMemberList>

            </wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab>

        </wsdl:ModifyActiveDirectoryGroup>

    </soapenv:Body>

</soapenv:Envelope>



RESPONSE

<soapenv:Envelope xsi:schemaLocation="http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tews="http://tews6/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

   <soapenv:Body>

      <soapenv:Fault>

         <faultcode>soapenv:Server</faultcode>

         <faultstring>Unknown processing error.</faultstring>

         <detail>

            <tews:ImsException version="6.0">

               <tews:exception>

                  <tews:name>com.netegrity.ims.exception.IMSException</tews:name>

                  <tews:code>700</tews:code>

                  <tews:description>java.util.NoSuchElementException error: No subjects returned for task: Modify Active Directory Group</tews:description>

                  <tews:transaction>20e3c264-d058b7ea-d1b96cb3-3c28</tews:transaction>

               </tews:exception>

            </tews:ImsException>

         </detail>

      </soapenv:Fault>

   </soapenv:Body>

</soapenv:Envelope>

Environment

Release : 12.6.8

Component : IdentityMinder(Identity Manager)

Resolution

Here are the calls that will work 14.x

Create Call: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl"> <soapenv:Header/> <soapenv:Body> <wsdl:TaskContext> <wsdl:admin_id>imadmin</wsdl:admin_id> <wsdl:admin_password>[email protected]</wsdl:admin_password> </wsdl:TaskContext> <wsdl:CreateActiveDirectoryGroup> <wsdl:CreateActiveDirectoryGroupSearch> <wsdl:CreateNew>TRUE</wsdl:CreateNew> <wsdl:EndpointGroupSearch> <wsdl:ContainerHandle>ADSOrgUnit=MANOJ,EndPoint=ManojADserver,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:ContainerHandle> <wsdl:ExploreMethod>ONE LEVEL</wsdl:ExploreMethod> </wsdl:EndpointGroupSearch> </wsdl:CreateActiveDirectoryGroupSearch> <wsdl:CreateActiveDirectoryGroupActiveDirectoryGroupGroupTab> <wsdl:_PCT_ENDPOINT_CAPABILITY_NAME_PCT_>(G)[email protected]$143TEWS</wsdl:_PCT_ENDPOINT_CAPABILITY_NAME_PCT_> <wsdl:ntAccountId>(G)[email protected]$143TEWS</wsdl:ntAccountId> <wsdl:ADSdescription>GroupFromTEWS</wsdl:ADSdescription> <wsdl:groupScopeInternal>Global</wsdl:groupScopeInternal> <wsdl:groupTypeInternal>Security</wsdl:groupTypeInternal> <wsdl:info>TEST</wsdl:info> </wsdl:CreateActiveDirectoryGroupActiveDirectoryGroupGroupTab> </wsdl:CreateActiveDirectoryGroup> </soapenv:Body> </soapenv:Envelope> Modify Call: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl"> <soapenv:Header/> <soapenv:Body> <wsdl:TaskContext> <wsdl:admin_id>imadmin</wsdl:admin_id> <wsdl:admin_password>[email protected]</wsdl:admin_password> </wsdl:TaskContext> <wsdl:ModifyActiveDirectoryGroup> <wsdl:ModifyActiveDirectoryGroupSearch> <wsdl:Subject> <wsdl:UniqueName>ADSGroup=(G)[email protected]$143TEWS,ADSOrgUnit=MANOJ,EndPoint=ManojADserver,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName> </wsdl:Subject> </wsdl:ModifyActiveDirectoryGroupSearch> <wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab> <wsdl:AccountMemberList> <wsdl:add index="0"> <wsdl:UniqueName>Account=dmkusr126,ADSOrgUnit=MANOJ,EndPoint=ManojADserver,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName> </wsdl:add> </wsdl:AccountMemberList> </wsdl:ModifyActiveDirectoryGroupActiveDirectoryGroupMembersTab> </wsdl:ModifyActiveDirectoryGroup> </soapenv:Body> </soapenv:Envelope>