TEWS call with error LDAP: error code 67 - Not Allowed On RDN
search cancel

TEWS call with error LDAP: error code 67 - Not Allowed On RDN

book

Article ID: 276592

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

Make a TEWS call to create a copy of a group and get an error:  SmApiWrappedException:[LDAP: error code 67 - Not Allowed On RDN].  A similar call works fine to just create a group (not from a copy)

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
   <soapenv:Header/>
   <soapenv:Body>
      <wsdl:TaskContext>
         <wsdl:admin_id>XXXXX</wsdl:admin_id>
         <wsdl:admin_password>XXXXX</wsdl:admin_password>
      </wsdl:TaskContext>
      <wsdl:CreateGroup>
         <wsdl:CreateGroupSearch>
            <wsdl:CreateCopy>TRUE</wsdl:CreateCopy>
            <wsdl:Filter index="0">
               <wsdl:Field>%GROUP_NAME%</wsdl:Field>
               <wsdl:Op>EQUALS</wsdl:Op>
               <wsdl:Value>Group_Name_User</wsdl:Value>
            </wsdl:Filter>
         </wsdl:CreateGroupSearch>
         <wsdl:CreateGroupProfileTab>
      <wsdl:_PCT_ORG_MEMBERSHIP_PCT_>ou=External,ou=users,o=company</wsdl:_PCT_ORG_MEMBERSHIP_PCT_>
            <wsdl:_PCT_GROUP_NAME_PCT_>Group_Name_User</wsdl:_PCT_GROUP_NAME_PCT_>
         </wsdl:CreateGroupProfileTab>
      </wsdl:CreateGroup>
   </soapenv:Body>
</soapenv:Envelope>

 


Here is the call that works to just create a group (not from a copy):

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
   <soapenv:Header/>
   <soapenv:Body>
      <wsdl:TaskContext>
         <wsdl:admin_id>XXXXXX</wsdl:admin_id>
         <wsdl:admin_password>XXXXXX</wsdl:admin_password>
      </wsdl:TaskContext>
      <wsdl:CreateGroup>
       <wsdl:CreateGroupSearch>
        <wsdl:CreateNew>TRUE</wsdl:CreateNew>
 </wsdl:CreateGroupSearch>
          <wsdl:CreateGroupProfileTab>
            <wsdl:_PCT_ORG_MEMBERSHIP_PCT_>ou=External,ou=users,o=company</wsdl:_PCT_ORG_MEMBERSHIP_PCT_>
            <wsdl:_PCT_GROUP_NAME_PCT_>Group_Name_User</wsdl:_PCT_GROUP_NAME_PCT_>
            <wsdl:_BAR_GroupSubscription_BAR_>false</wsdl:_BAR_GroupSubscription_BAR_>
            <wsdl:_PCT_SELF_SUBSCRIBING_PCT_>0</wsdl:_PCT_SELF_SUBSCRIBING_PCT_>
          </wsdl:CreateGroupProfileTab>
      </wsdl:CreateGroup>
   </soapenv:Body>
</soapenv:Envelope>

Environment

Standalone Identity Manager 14.4 CP2 

Database is SQL Server 2017 / 2019 Enterprise Edition

WebSphere 8.5.x Cluster with 6 nodes 

Cause

Wrong TEWS call format

Resolution

Replace filter with subject section

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
   <soapenv:Header/>
   <soapenv:Body>
      <wsdl:TaskContext>
         <wsdl:admin_id>imadmin</wsdl:admin_id>
         <wsdl:admin_password>password</wsdl:admin_password>
      </wsdl:TaskContext>
      <wsdl:CreateGroup>
         <wsdl:CreateGroupSearch>
            <wsdl:CreateCopy>TRUE</wsdl:CreateCopy>
            <wsdl:Subject index="0">
               <wsdl:UniqueName>TGroup1</wsdl:UniqueName>
            </wsdl:Subject>
         </wsdl:CreateGroupSearch>
         <wsdl:CreateGroupProfileTab>
            <wsdl:_PCT_ORG_MEMBERSHIP_PCT_>ou=im,ou=ca,o=company</wsdl:_PCT_ORG_MEMBERSHIP_PCT_>
            <wsdl:_PCT_GROUP_NAME_PCT_>TGroup1Copy</wsdl:_PCT_GROUP_NAME_PCT_>
         </wsdl:CreateGroupProfileTab>
      </wsdl:CreateGroup>
   </soapenv:Body>
</soapenv:Envelope>

Powered by Wolken Software