Error inserting user to the group in the Modify Group task
search cancel

Error inserting user to the group in the Modify Group task

book

Article ID: 209866

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

When the user tries to add a new user to the Identity Manager Group, "Modify Group", the task fails.

 

In the Identity Manager log we can see the error:

----------------------------------

2021-02-26 11:52:51,511 ERROR [ims.llsdk.directory.jndi] (Thread-1429 (HornetQ-client-global-threads-937809293)) Failed to add attribute imGroupsMemberOf = cn=myGroup,ou=groups,ou=im,ou=ca,o=com to managedObject  uid=myUser,ou=people,ou=im,ou=ca,o=com
2021-02-26 11:52:51,514 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-1429 (HornetQ-client-global-threads-937809293)) Exception: : [facility=6 severity=3 reason=0 status=0 message=Wrapped Exception: [LDAP: error code 65 - Object class check failed]]
[LDAP: error code 65 - Object class check failed]
 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3185) [rt.jar:1.8.0_212]

...

2021-02-26 11:52:51,528 ERROR [com.netegrity.ims.exception.EventExecuteStateException] (Thread-1429 (HornetQ-client-global-threads-937809293)) Execution of event: AddToGroupEvent failed.  Exception encountered: SmApiWrappedException:[LDAP: error code 65 - Object class check failed]
2021-02-26 11:52:51,528 ERROR [com.netegrity.ims.businessprocess.IMSEventController] (Thread-1429 (HornetQ-client-global-threads-937809293)) Error during event execution [ded3e30f-53e5f6b3-44cccd83-daee15d0] AddToGroupEvent

----------------------------------

Environment

Identity Manager 14.x

Cause

In the UserStore.xml file the "User" ImsManagedObject is set to objectClass = "inetOrgPersonObject" instead of "top,imUser"

Resolution

To fix that, export the UserStore.xml file and change the line below

From

<ImsManagedObject name="User" description="My Users" objectclass="inetOrgPerson" pagesize="0" maxrows="0" objecttype="USER">

 

To

<ImsManagedObject name="User" description="My Users" objectclass="top,imUser" pagesize="0" maxrows="0" objecttype="USER">

 

After that, change all users ObjectClass to "top,imUser" to match the configuration above

 

Restart IdM service

 

Note: Also, make sure the lines below in the UserStore.xml file is defined.

  <ImsManagedObjectAttr physicalname="imGroupsMemberOf" description="Cached Group Membership" displayname="Cached Group Membership" valuetype="String" multivalued="true" wellknown="%MEMBER_OF%" maxlength="0" hidden="true" system="true">
   <DataClassification name="ignore_on_copy"/>
  </ImsManagedObjectAttr>

 

 

Powered by Wolken Software