Create User Task error - LDAP Naming Violation

book

Article ID: 6131

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

Customer created a DSA in CA Directory with a custom schema, and is using this DSA as IDM User Store.

 

When they try to create a new user from IDM "Create User" task, they get the following error:

 

Create user "Test User (test)" in organization "Users": Failed to execute CreateUserEvent. ERROR MESSAGE: uid=test,ou=people,ou=Users,dc=corp,dc=enterprise,dc=com,dc=do: [LDAP: error code 64 - Naming Violation]

 

The "Roles and Tasks" XML was imported from a different environment.

Cause

Configuration issue. The User category inside the User Store XML is missing a parameter, and several user attributes from the User Store were missing.

Environment

CA Identity Suite 12.6.8 on Windows and WebLogic

Resolution

On the User Store XML file, the line that describes a User object is set to: <ImsManagedObject name="User" description="My Users" objectclass="IDMPerson" pagesize="0" maxrows="0" objecttype="USER"> 

On a default XML file (extracted from the CA Identity Suite Virtual Appliance) the same line is set as: <ImsManagedObject name="User" description="My Users" objectclass="top,imUser" pagesize="0" maxrows="0" objecttype="USER"> 

 

Please note that the "objectclass" parameter is different between them. The native XML has "top," before the custom class. This is an important setting because each schema has its inheritance and, without it, it will cause naming violations (IDM will try to insert data on attributes without building the correct structure for the schema). 

 

Also, on customer's XML we see very few User attributes. We recommended customer to check if maybe the screen form they are using is trying to insert data on an nonexistent attribute, or an attribute with a wrong name, since the XML used to generate the tasks was imported from a different environment.