After a parallel upgrade of Identity Manager, user creation or modification events fail with an "Object Class Violation." While the configuration functions correctly in legacy environments, the new setup fails to update the Common Name (CN) attribute, triggering the following error in the logs:

The error we see in LDAP is CN is not getting updated, hence the error.

21:24:14,642 ERROR [ims.llsdk.directory.jndi] Failed to create managed object ObjectType::USER with unique name uid=p******,ou=people,dc=****,dc=com Error message from the directory: [LDAP: error code 65 - Object Class Violation]
21:24:14,644 ERROR [im.provisioning] [LDAP: error code 65 - Object Class Violation]
21:24:14,644 ERROR [com.netegrity.ims.exception.EventExecuteStateException] Execution of event: CreateUserEvent failed. Exception encountered: [LDAP: error code 65 - Object Class Violation]

• Product: Identity Manager (IdentityMinder)
• Release: 14.x
• Component: Identity Manager Management Console / Object Store

The error is typically caused by a failure in the FullName Logical Attribute Handler (LAH). Even if the handler appears enabled in the Management Console, it may fail to fire due to corruption in the LAH definition within the Object Store. When the LAH fails to execute, required attributes like the Common Name (CN) are not properly formatted or sent to the LDAP server, resulting in an Object Class Violation (Error Code 65) because the LDAP entry fails to meet the structural requirements of its defined objectClass

To resolve the corruption and restore the FullName attribute functionality, perform a clean re-registration of the Logical Attribute:

1. Log in to the Identity Manager Management Console.
2. Navigate to the affected environment and delete the FullName Logical Attribute Handler.
3. Restart the Identity Manager Environment to clear cached object definitions.
4. Re-add the FullName Logical Attribute via the Management Console.
5. Restart the Environment again to initialize the new handler definition.