Error in removing groups from Active Directory Account Template using User Console
search cancel

Error in removing groups from Active Directory Account Template using User Console

book

Article ID: 261711

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

Error when trying to remove a group from ADS Account Template using the IM User Console with the "Modify Active Directory Account Template". No error if using Provisioning Manager.

Failed to execute UnassignActiveDirectoryGroupFromAccountTemplate. ERROR MESSAGE: JIAMOperationException:javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - :ETA_E_0007, Active Directory Account Template 'MY_TEMPLATE' modification failed: DB Modify failed: No such attribute (ldaps://IMPS_HOST:20391) ]; remaining name 'eTADSPolicyName=MY_TEMPLATE,eTADSPolicyContainerName=Active Directory Policies,eTNamespaceName=CommonObjects,dc=im,dc=eta'

Environment

All Identity Manager

Cause

If using the Provisioning Manager to create an AD Template and set a group value and if the search for a group to set is done by selecting a specific domain to do the search then this will then add a group value to the template in the format such as CN=Administrators,CN=Builtin,DC=XXX,DC=YYY\;DC_HOST which cannot be removed after with the IM User Console.

Note that if you instead did a search with DOMAIN=ALL in the template then the added group value instead would be in the format of CN=Administrators,CN=Builtin,DC=? and that would be allowed to be removed by the IM User Console since that is the same format that adding groups via the IM User Console would use.

Resolution

Engineering has completed their full review and have determined that due to product limitations between the IM and Provisioning layers this cannot be addressed and they will be documenting this in the product documentation. If you use the Provisioning Manager to update the values by using a specific domain search you will only be able to maintain the value via the Provisioning Manager.