cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Getting "NAME ALREADY BOUND EXCEPTION" while IDM is trying to recreate the user in AD

Ckumar
Contributor

on ‎11-11-2013 5:15 AM

0 Kudos

Hi,

I pushed some users from AD to SAP IDM 7.2 and after few days i assigned a role to user which also contains privilege to create AD account.

As soon as i assigned the role it throw an error "NAME ALREADY BOUND EXCEPTION" in IDM and after that users data (mail ID and address) appeared in capital letter in IDM.

please help me what should i do to prevent this and what is the root cause of this issue. I have to assign that role to the user and i can't modify the role.

Thanks & Regards,

Chandan Kumar 

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
‎11-26-2013 7:58 PM
0 Kudos

a good way to get close to those issues is having a look at the job log (the file, not the view in Identity Center).

If I got you right, you've uploaded users from AD to IDM. After that you've assigned a role containing the AD account privilege. So I think IDM tries to assign the account privilege and triggers a create, but this can't work if it is already created in AD.

best regards

Matthias

Show replies
Show replies
Ckumar
Contributor
‎11-27-2013 5:03 AM
0 Kudos

Thanx all 4 your reply and suggestion...

now i have fixed this issue by adding a check weather AD account exist or not.

if AD account exist then system will not trigger those task which are responsible for creation of AD account.

Former Member
‎11-27-2013 6:51 AM
0 Kudos

Hi,

I think this is a good approach. But you should also consider giving the account privilege to the identities uploaded from AD. Otherwise you won't have the right privileges assigned and I think you might run into trouble when it comes to deactivation or deletion of AD accounts. Adding a privilege with the modifier {DIRECT_PROVISION=1} adds the privilege without triggering the MX_ADD/DEL_MEMBER_TASK.

best regards

Matthias

Former Member
‎11-27-2013 7:19 AM
0 Kudos

Hi Matthias,

For the identities uploaded from AD i.e loaded from AD via initial load, i believe the account privilege is added during the time of initial load. Isn't it ?

By the way, thanks for sharing the info on DIRECT_PROVISION=1.

~Krishna.

Former Member
‎11-27-2013 7:45 AM
0 Kudos

Hi Krishna,

I think this should be done, but I'd check this for some identities - just to make sure

Especially it's important that the link has the correct link state.

DIRECT_PROVISION=1 is very helpful when it comes to cleanup and/or repair situaitons.

Another helpful modifier is  - BYPASS_VALIDATE_TASK=1 which skips the VALIDATE* tasks - see http://help.sap.com/saphelp_nwidmic72/en/managing_passes/to_passes/dse_specifying_attribute_properti...for details

best regards

Matthias

Ckumar
Contributor
‎11-12-2013 7:26 AM
0 Kudos

Hi matt & peter,

i have also attached the job log of NAME ALREADY BOUND EXCEPETION error in jpeg format.

please find the attachment.

Show replies
Show replies
former_member2987
Active Contributor
‎11-12-2013 1:48 PM
0 Kudos

This one was much more interesting.  I did not know this code off of the top of my head and had to look it up.

This error, 68 has the generic name of LDAP Already Exists (Obviiously your LDAP or JAVA implementation is causing a differently worded error to be thrown)

From what I can tell you're trying to force an ADD operation on a DN that already exists.  Please search your LDAP DIT and see if you have another entry with the same DN already.

If you're still getting the error, please post a screenshot of the Destination tab of this Pass so we can try and figure this out. 

Can you also tell us what version of AD you are using, along with the version of Java and Windows Server? 

Thanks,

Matt

Ckumar
Contributor
‎11-12-2013 7:26 AM
0 Kudos

Hi matt & peter,

i have also attached the job log of NAME ALREADY BOUND EXCEPETION error in jpeg format.

please find the attachment.

Show replies
Show replies
Former Member
‎11-11-2013 7:57 PM
0 Kudos

Can you also post the job information for the job thats throwing the error.

Thanks

Peter

Show replies
Show replies
Ckumar
Contributor
‎11-12-2013 4:18 AM
0 Kudos

Hi Peter,

thanks for your reply.

i have attached the error job log information. please check.

Thaks & Regards,

C Kumar

former_member2987
Active Contributor
‎11-11-2013 2:26 PM
0 Kudos

Hello,

Can you please post the complete log entry showing this error?

Thanks,

Matt

Show replies
Show replies
Ckumar
Contributor
‎11-12-2013 4:12 AM
0 Kudos

Hi Matt,

Thanks for your reply. Even we are having the same issue if the system throws NameNotFoundException. i have attached the jpeg file of that error.

waiting for your response.

Thanks

chandan kumar

former_member2987
Active Contributor
‎11-12-2013 1:43 PM
0 Kudos

Peeking through the thread it looks like you're throwing 2 different LDAP errors, 32 and 68.  I'll address 32 in this reply and see what we can do with 68 in a separate reply.

LDAP Error 32 is a "No such object" Error.  This means that some object in the DN you are creating does not yet exist.

Make sure that you have typed in the DN correctly to the dn value of the pass or the constant holding the value. Usually this occurs due to a typing error or transposing a part of the DN (usually the OU structure)

When I have errors like this, I usually like to go to my LDAP Browser and examine the OU/Container I wish to provision to.  I then use the browser to grab the DN and then copy it into the MMC console.

Hope this helps!

Matt

Ckumar
Contributor
‎11-14-2013 1:19 PM
0 Kudos

Thanx matt

i got the idea and now i am trying to implement that.

Regards,

C Kumar

former_member2987
Active Contributor
‎11-14-2013 5:23 PM
0 Kudos

Great, please mark as helpful or resolved so others can take advantage of this knowledge!

Matt

Ckumar
Contributor
‎11-15-2013 12:59 PM
0 Kudos

yaa matt, sure....

now i am working on this issue... if any above solution will work then i will mark that as correct answer or helpful depending on the result and if i will get any another solution that also i will put here.

Regards,

C Kumar

former_member2987
Active Contributor
‎11-15-2013 3:09 PM
0 Kudos

Fantastic, let us know what we can do to help!

Ask a Question