• State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 94 subscribers
  • Views 4960 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LDAP provisioning: "discarded due to an invalid combination of attribute and object class"

sayed.ashhad
over 6 years ago

Hi

 

I am getting this error in a RACF sync project when trying to update racfAddressLine1, racfAddressLine2 and racfAddressLine3 attributes. The error also appears if I try to make the change in Target System Browser and hit save.

If I log into an LDAP browser using the exact same credentials, and go to the user object to be updated, I cannot see these attributes but if I add a new attribute for racfAddressLine1 and populate it, then hit save, it saves.

And if I then attempt the sync again, those attributes do get populated - but only for that one row. The next account in the sync also needs these attributes refreshed but it throws the same error.

What could be causing this?

Thanks in advance

Parents
  • 0 over 6 years ago
    Hi,

    As an update I did get this to work eventually, by setting up a two step sync process one which parses the attributes from a memo field into their respective OI fields and another which provisions those attributes back into the target system subject to a sanity check that the auxiliary object class is already contained in ObjectClass on the target system side. If the ObjectClass does not have that value, then we add it, and populate the auxiliary attributes on the next sync run.

    Since the fields we are provisioning are not used by the customer (they're only used by IAM), their values will only change as a consequence of OI write. The use case is, eventually the customer will need to move away from having a single unstructured memo attribute containing personnel number,

    There is one remaining glitch but it isn't related to this issue, and I think it's covered by a hot fix.

    (Target System Browser can see all objects of objectclass=racfuser and objectclass=racfgroup in all containers in the directory tree, but retrievals of objectclass=racfresource only sees resource objects in the first container).
Reply
  • 0 over 6 years ago
    Hi,

    As an update I did get this to work eventually, by setting up a two step sync process one which parses the attributes from a memo field into their respective OI fields and another which provisions those attributes back into the target system subject to a sanity check that the auxiliary object class is already contained in ObjectClass on the target system side. If the ObjectClass does not have that value, then we add it, and populate the auxiliary attributes on the next sync run.

    Since the fields we are provisioning are not used by the customer (they're only used by IAM), their values will only change as a consequence of OI write. The use case is, eventually the customer will need to move away from having a single unstructured memo attribute containing personnel number,

    There is one remaining glitch but it isn't related to this issue, and I think it's covered by a hot fix.

    (Target System Browser can see all objects of objectclass=racfuser and objectclass=racfgroup in all containers in the directory tree, but retrievals of objectclass=racfresource only sees resource objects in the first container).
Children
No Data