Skip to Content
avatar image
Former Member

Create Active directory groups with SAP IDM

Hi expert,

We are trying to create group in active directory with SAP IDM, these groups have some Exchange attribute as msexchrequireauthtosendto, it accept only a boolean value.

The problem is this attribute doesn't accept the value True/False sent by SAP IDM. We have try to modify directly in active directory with the appropriate value and it works. or when we send True/False, 1/0 from sap IDM the group creation failed. Alaso, we made some troubleshouting and it shows that all values sent from SAP IDM are not accepted on this attribute. We got the error code 21, attribute data conversion failed.

Does anyone got the same issue before, any workaround, or recommandation will be very appreciated.

Best regards,

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Mar 07, 2018 at 02:09 PM

    Hi Elmehdhi,

    This should not be an issue for IDM. There would be two ways to consider this.

    1. Look in AD via ADUC and maybe another tool such as Apache Directory Explorer or Softerra LDAP Browser. See what the raw data is that is being written to AD, while it might say True or False, there could be some other value as you noted.

    2. The second possiblility is to read a template of the entry directly into IDM so that you can see this. You might find some information on this in the To/From LDAP pass documentation, but I'll try and write something up today.


    Add comment
    10|10000 characters needed characters exceeded

  • Apr 04, 2018 at 03:19 PM

    Just put big caps TRUE or FALSE to toLDAP pass.

    Add comment
    10|10000 characters needed characters exceeded