"LDAP: error code 19 ": AD Provisioning Fails If Manager Dn Is Having Backslash (\) Followed by a Comma(,) (Doc ID 1437867.1)

Last updated on SEPTEMBER 26, 2016

Applies to:

Identity Manager - Version 11.1.1.5.1 and later
Information in this document applies to any platform.
**Checked for Relevance on 06-Dec-2013**

Symptoms


AD provisioning is failing if the Manager DN value, which is pre-populated in UD_ADUSER_MANAGER is having backslash(\) and comma.

1.Create a user (user1) in AD whose distinguishedName contains backslash(\) and comma (,) in it.
Eg: CN=Test\,user,OU=Employees,OU=User,OU=Houston,OU=AGLNG,OU=Offices,DC=dev,DC=bg
2.Attach a pre-populate adapter for UD_ADUSER_MANAGER field in AD process form so that it will pre-poulate the manager's distinguishedName in the user's process form.
3.Create user2 in OIM with user1 as his manager.
4.Provision AD to user2.
5.Make sure that manager's distinguishedName is pre-populated in user2 AD process from.
6.Check the status of AD provisioning.
7.AD should be in Provisioning status and the log shows following errors.

[userId: oiminternal] [ecid: df361f071c891b1f:56994f08:1348942a08f:-8000-000000000001f4f5,0] [APP: oim#11.1.1.3.0] Description : Error in attribute conversion operation:[LDAP: error code 19 - 000020B5: AtrErr: DSID-03152395, #1:[[
0: 000020B5: DSID-03152395, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager)
]

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms