Unable to create new users in CA Identity Manager due to LDAP: error code 65 - Object Class Violation

book

Article ID: 8361

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

You have an environment with a CA Directory corporate user store, and that user store has custom CA Directory object classes attached to your users. When creating a user in Identity Manager you're providing all of the required attributes for all of your object classes but you're still seeing the following error on screen:

 

Failed to execute CreateUserEvent. ERROR MESSAGE: [LDAP: error code 65 - Object Class Violation] Failed

 

However you are NOT seeing any errors in your CA Directory log during user creation, it does not appear that the user is making it down to CA Directory at all. 

Cause

In your Identity Manager Management Console under Directories -> Corporate User Store, your user object only has inetOrgPerson listed under Object Classes. 

 

Environment

Release:
Component: IDMGR

Resolution

In your Management Console, export your Corporate User Store Directory.xml file. In the file should be a line that looks similar to this: 

<ImsManagedObject name="User" description="My Users" objectclass="inetOrgPerson" pagesize="0" maxrows="0" objecttype="USER">

 

Add your additional custom classes to this line as follows, I added myClass1 and myClass2: 

<ImsManagedObject name="User" description="My Users" objectclass="inetOrgPerson,myClass1,myClass2" pagesize="0" maxrows="0" objecttype="USER">

 

Save the file and reimport it into the environment using the update button. 

Once updated with your custom classes included, normal behavior should resume. 

 

Attachments