When managing a JNDI CA Directory LDAP repository through CA Identity Manager, search operations or user account access fail with the following error if an attribute (e.g., 'testAttribute') is empty or null in the repository:

ETA_E_0020<RAC>, User Account '<USER_ID>' on '<DIRECTORY>' read failed: Connector Server Read failed: code 21 (INVALID_ATTRIBUTE_SYNTAX): failed on search operation: eTDYNAccountName=<ACCOUNT>,eTDYNContainerName=<CONTAINER>,eTDYNDirectoryName=<DIRECTORY>,eTNamespaceName=<NAMESPACE>,dc=im,dc=etasa: JCS@TEST: eTDYNAccountName=<ACCOUNT>,eTDYNContainerName=<CONTAINER>,eTDYNDirectoryName=<DIRECTORY>,eTNamespaceName=<NAMESPACE>,dc=im,dc=etasa: attrId 'eTDYN-str-multi-01'=[class java.lang.String] '' is bad as it has no value / an empty string value / an illegal type (not String or byte[]) (ldaps://xxx.xxx.xx.xx:20411)

CA Identity Manager (Virtual Appliance) 14.5
JNDI CA Directory LDAP Connector

The error 'INVALID_ATTRIBUTE_SYNTAX' (LDAP Code 21) is triggered because the Java Connector Server (JCS) is attempting to process an empty string for an attribute that the underlying LDAP schema requires to have a valid value, or because the connector metadata incorrectly marks the attribute as mandatory.

We identified that certain fields contained spaces instead of empty strings, so we configured trimming for the affected attributes.

Additionally, we encountered an issue with the data type, so we changed the data type to string to resolve the problem.