Hi All,

We have a custom assembly line which update the user records in ISAM LDAP, where we have used ISDI LDAP Connector in update mode. We could see this random users are getting failed with error message : CTGDJQ026E The putEntry method failed because no distinguished name ($dn attribute) was specified in entry

ISDI Version 7.2

can some one help me to resolve the issue. 

Thanks in Advance !

------------------------------
Rahil Anwar
------------------------------

Well - I think it is pretty obvious - supply a correct value of a DN in the $dn work attribute and it will work ;-)

Joking apart - you need to supply a lot more information if you want help on this - there is simply not information enough to give you any meaningful help unless you can use my above statement.
Here is a little guidance - fire up the debugger in ISDI (eventual take a look here https://ibm.biz/Bdjiy3) and nail down when this is happening...
Eddie Hartmann has a general recommend reading in ISDI here : http://www.tdiingoutloud.com/2017/09/tdi-for-newbies.html

HTH

------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------

Original Message:
Sent: Mon February 03, 2020 08:08 AM
From: Rahil Anwar
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Hi All,

We have a custom assembly line which update the user records in ISAM LDAP, where we have used ISDI LDAP Connector in update mode. We could see this random users are getting failed with error message : CTGDJQ026E The putEntry method failed because no distinguished name ($dn attribute) was specified in entry

ISDI Version 7.2

can some one help me to resolve the issue. 

Thanks in Advance !

------------------------------
Rahil Anwar
------------------------------

Hi Franz,

We do not want to Modify or Add the DN Attribute in update mode of LDAP connector, Is dn attribute mandatory while trying to update any data into LDAP for a user ?? 

Our Link criteria is with username attribute.

Please suggest

------------------------------
Rahil Anwar
------------------------------

Original Message:
Sent: Mon February 03, 2020 08:31 AM
From: Franz Wolfhagen
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Well - I think it is pretty obvious - supply a correct value of a DN in the $dn work attribute and it will work ;-)

Joking apart - you need to supply a lot more information if you want help on this - there is simply not information enough to give you any meaningful help unless you can use my above statement.
Here is a little guidance - fire up the debugger in ISDI (eventual take a look here https://ibm.biz/Bdjiy3) and nail down when this is happening...
Eddie Hartmann has a general recommend reading in ISDI here : http://www.tdiingoutloud.com/2017/09/tdi-for-newbies.html

HTH

------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs

Original Message:
Sent: Mon February 03, 2020 08:08 AM
From: Rahil Anwar
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Hi All,

We have a custom assembly line which update the user records in ISAM LDAP, where we have used ISDI LDAP Connector in update mode. We could see this random users are getting failed with error message : CTGDJQ026E The putEntry method failed because no distinguished name ($dn attribute) was specified in entry

ISDI Version 7.2

can some one help me to resolve the issue. 

Thanks in Advance !

------------------------------
Rahil Anwar
------------------------------

You need to show what your are actually doing in your ldap connector - i.e. what is the link criteria is.
You can use any attribute as criteria - but there AFAIK there is no attribute "username" in the standard inetorgperson objectclass (there is one in SDS objectclass for AIXAccount) - you should use either uid (recommended - "unique ID")  or cn ("common name" not recommended as this is a multi value attribute and there is no uniqueness enforced for standard ldap servers outside the residing tree - AD enforces uniqueness).
When you perform the update you must ensure uniqueness unless you want to get into handling multiple accounts in the hook logic (and trust me - you do not want that).
You should also only use indexed attributes - else you performance will be bad...

HTH

------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------

Original Message:
Sent: Mon February 03, 2020 08:46 AM
From: Rahil Anwar
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Hi Franz,

We do not want to Modify or Add the DN Attribute in update mode of LDAP connector, Is dn attribute mandatory while trying to update any data into LDAP for a user ?? 

Our Link criteria is with username attribute.

Please suggest

------------------------------
Rahil Anwar

Original Message:
Sent: Mon February 03, 2020 08:31 AM
From: Franz Wolfhagen
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Well - I think it is pretty obvious - supply a correct value of a DN in the $dn work attribute and it will work ;-)

Joking apart - you need to supply a lot more information if you want help on this - there is simply not information enough to give you any meaningful help unless you can use my above statement.
Here is a little guidance - fire up the debugger in ISDI (eventual take a look here https://ibm.biz/Bdjiy3) and nail down when this is happening...
Eddie Hartmann has a general recommend reading in ISDI here : http://www.tdiingoutloud.com/2017/09/tdi-for-newbies.html

HTH

------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs

Original Message:
Sent: Mon February 03, 2020 08:08 AM
From: Rahil Anwar
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Hi All,

We have a custom assembly line which update the user records in ISAM LDAP, where we have used ISDI LDAP Connector in update mode. We could see this random users are getting failed with error message : CTGDJQ026E The putEntry method failed because no distinguished name ($dn attribute) was specified in entry

ISDI Version 7.2

can some one help me to resolve the issue. 

Thanks in Advance !

------------------------------
Rahil Anwar
------------------------------

Hi Rahil,
The LDAPClient Connector in Update Mode will attempt to perform a Modify if the Link Criteria finds a single matching entry.  It is ok to use the username attribute in Link Criteria as long as the username value exists and is unique. 

The error message : "CTGDJQ026E The putEntry method failed because no distinguished name ($dn attribute) was specified in entry" tells us the custom AL attempted an LDAP Add.  This LDAP Add operation was triggered because the Link Criteria found no matching LDAP objects. The LDAP Add failed due to insufficient conn Entry data to support a successful putEntry. 

This custom AL was possibly designed to only perform LDAP Modifies.  Perhaps a new data condition triggered LDAP Add logic (e.g. deleted LDAP object). 

You can disable the LDAP Add logic by enabling the Override Add hook. No javascript code is required, just enable the Override Add hook.



------------------------------
Michael Long
------------------------------

Original Message:
Sent: Mon February 03, 2020 08:46 AM
From: Rahil Anwar
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Hi Franz,

We do not want to Modify or Add the DN Attribute in update mode of LDAP connector, Is dn attribute mandatory while trying to update any data into LDAP for a user ?? 

Our Link criteria is with username attribute.

Please suggest

------------------------------
Rahil Anwar

Original Message:
Sent: Mon February 03, 2020 08:31 AM
From: Franz Wolfhagen
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Well - I think it is pretty obvious - supply a correct value of a DN in the $dn work attribute and it will work ;-)

Joking apart - you need to supply a lot more information if you want help on this - there is simply not information enough to give you any meaningful help unless you can use my above statement.
Here is a little guidance - fire up the debugger in ISDI (eventual take a look here https://ibm.biz/Bdjiy3) and nail down when this is happening...
Eddie Hartmann has a general recommend reading in ISDI here : http://www.tdiingoutloud.com/2017/09/tdi-for-newbies.html

HTH

------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs

Original Message:
Sent: Mon February 03, 2020 08:08 AM
From: Rahil Anwar
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Hi All,

We have a custom assembly line which update the user records in ISAM LDAP, where we have used ISDI LDAP Connector in update mode. We could see this random users are getting failed with error message : CTGDJQ026E The putEntry method failed because no distinguished name ($dn attribute) was specified in entry

ISDI Version 7.2

can some one help me to resolve the issue. 

Thanks in Advance !

------------------------------
Rahil Anwar
------------------------------

Thanks to all you.

We managed to fix it by adding two conditions below

1) We are calling ISAM PD api function to make sure the user account is created or not before proceeding to update.
After doing the above also we observed reported exception.
2) Then we changed the link criteria (removed uid and used dn). 

Monitored for 6 to 7 days and no exception and users are getting created successfully and attributes are getting updated.

Thanks

------------------------------
Rahil Anwar
------------------------------

Original Message:
Sent: Mon February 03, 2020 04:57 PM
From: Michael Long
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Hi Rahil,
The LDAPClient Connector in Update Mode will attempt to perform a Modify if the Link Criteria finds a single matching entry.  It is ok to use the username attribute in Link Criteria as long as the username value exists and is unique. 

The error message : "CTGDJQ026E The putEntry method failed because no distinguished name ($dn attribute) was specified in entry" tells us the custom AL attempted an LDAP Add.  This LDAP Add operation was triggered because the Link Criteria found no matching LDAP objects. The LDAP Add failed due to insufficient conn Entry data to support a successful putEntry. 

This custom AL was possibly designed to only perform LDAP Modifies.  Perhaps a new data condition triggered LDAP Add logic (e.g. deleted LDAP object). 

You can disable the LDAP Add logic by enabling the Override Add hook. No javascript code is required, just enable the Override Add hook.



------------------------------
Michael Long

Original Message:
Sent: Mon February 03, 2020 08:46 AM
From: Rahil Anwar
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Hi Franz,

We do not want to Modify or Add the DN Attribute in update mode of LDAP connector, Is dn attribute mandatory while trying to update any data into LDAP for a user ?? 

Our Link criteria is with username attribute.

Please suggest

------------------------------
Rahil Anwar

Original Message:
Sent: Mon February 03, 2020 08:31 AM
From: Franz Wolfhagen
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Well - I think it is pretty obvious - supply a correct value of a DN in the $dn work attribute and it will work ;-)

Joking apart - you need to supply a lot more information if you want help on this - there is simply not information enough to give you any meaningful help unless you can use my above statement.
Here is a little guidance - fire up the debugger in ISDI (eventual take a look here https://ibm.biz/Bdjiy3) and nail down when this is happening...
Eddie Hartmann has a general recommend reading in ISDI here : http://www.tdiingoutloud.com/2017/09/tdi-for-newbies.html

HTH

------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs

Original Message:
Sent: Mon February 03, 2020 08:08 AM
From: Rahil Anwar
Subject: Ldap Connector Update Mode is getting failed with error code CTGDJQ026E

Hi All,

We have a custom assembly line which update the user records in ISAM LDAP, where we have used ISDI LDAP Connector in update mode. We could see this random users are getting failed with error message : CTGDJQ026E The putEntry method failed because no distinguished name ($dn attribute) was specified in entry

ISDI Version 7.2

can some one help me to resolve the issue. 

Thanks in Advance !

------------------------------
Rahil Anwar
------------------------------