Identity Manager Active Directory connector: proxyAddresses smtp value already in use by another object

book

Article ID: 188194

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

The following error occurred when adding proxyAddresses to Active Directory user using Provisioning Role and AD/Exchange account Template.

Connector Server Modify failed: code 16 (NO_SUCH_ATTRIBUTE): failed to modify entry: eTADSAccountName=***,eTADSOrgUnitName=***,eTADSDirectoryName=***,eTNamespaceName=ActiveDirectory,dc=etasa: [email protected]***: JNDI: [LDAP: error code 16 - proxyAddresses smtp value already in use by another object]: 

Cause

This can happen if there are multiple AD Provisioning Roles assigned to the user which generate multiple AD Accounts at the AD Endpoint and there is duplicate E-mail addresses (proxyAddresses attribute) in Account Templates.
With this kind of proxyAddresses duplication, Provisioning Server attempt to set the same proxyAddresses value into multiple AD Accounts, hence the "proxyAddresses smtp value already in use by another object" error.

Environment

Release : 14.x

Component : IdentityMinder(Identity Manager)

Resolution

Active Directory restricts use of the same proxyAddresses value by more than one user account.

Please make sure there is no duplication of E-mail addresses (proxyAddresses) settings in involved Account Templates.


This is not IM AD connector restriction, and the connector cannot override Microsoft Active Directory/Exchange enforced rules.

Attachments