Active Directory AFX Connector Add Account to Group capability fails with 'No Such Attribute' error in RSA Identity Governance & Lifecycle
4 years ago
Originally Published: 2018-11-02
Article Number
000040506
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.x
Issue

The RSA Identity Governance & Lifecycle Active Directory AFX Connector Add Account to Group capability fails.

The AFX connector log file, $AFX_HOME/esb/logs/esb.AFX-CONN-{connector name}.log, shows the following error message:

2018-08-30 00:00:41.778 [ERROR] org.mule.transport.ldapx.LdapxConnector:337 - 
Error: LDAPException: No Such Attribute (16) No Such Attribute
LDAPException: Matched DN:
Cause
Account to Group capability adds an account to the group object by linking the account to the group through a member object. Different LDAP servers use different names for the member object attribute.

This issue occurs if the name of the User membership attribute for Group defined in the connector definition, is incorrect and does not match what the LDAP server uses for the member object attribute.
Resolution
Modify the User membership attribute for Group defined in the connector definition, to match what the LDAP server uses for the member object attribute.
  1. In the user interface, go to AFX > Connectors > {connector-name} > Settings tab.
  2. Scroll down to the Group section.
  3. Modify the User membership attribute for Group value to match the member object used by your LDAP datastore.

 

User-added image.

Consult your vendor to determine the actual name of the member attribute for your directory server. For example, for Oracle Internet Directory Server, the typical value for the member attribute is uniqueMember. 

Note: In some cases the name of the attribute used may be different than published. 

Related Articles

Trending Articles

Don't see what you're looking for?