Create User Task error - LDAP Naming Violation

Document ID : KB000006131
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Customer created a DSA in CA Directory with a custom schema, and is using this DSA as IDM User Store.

 

When they try to create a new user from IDM "Create User" task, they get the following error:

 

Create user "Test User (test)" in organization "Users": Failed to execute CreateUserEvent. ERROR MESSAGE: uid=test,ou=people,ou=Users,dc=corp,dc=enterprise,dc=com,dc=do: [LDAP: error code 64 - Naming Violation]

 

The "Roles and Tasks" XML was imported from a different environment.

Environment:
CA Identity Suite 12.6.8 on Windows and WebLogic
Cause:

Configuration issue. The User category inside the User Store XML is missing a parameter, and several user attributes from the User Store were missing.

Resolution:

On the User Store XML file, the line that describes a User object is set to: <ImsManagedObject name="User" description="My Users" objectclass="IDMPerson" pagesize="0" maxrows="0" objecttype="USER"> 

On a default XML file (extracted from the CA Identity Suite Virtual Appliance) the same line is set as: <ImsManagedObject name="User" description="My Users" objectclass="top,imUser" pagesize="0" maxrows="0" objecttype="USER"> 

 

Please note that the "objectclass" parameter is different between them. The native XML has "top," before the custom class. This is an important setting because each schema has its inheritance and, without it, it will cause naming violations (IDM will try to insert data on attributes without building the correct structure for the schema). 

 

Also, on customer's XML we see very few User attributes. We recommended customer to check if maybe the screen form they are using is trying to insert data on an nonexistent attribute, or an attribute with a wrong name, since the XML used to generate the tasks was imported from a different environment.