cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Modifying AD Group using IDM 7.1

mubarakshabna_asmi
Participant

on ‎12-22-2009 6:19 PM

0 Kudos

All

I can create a group or a user in AD through IDM. I cannot modify the group to add a user to it or vice versa. This is the error I get:

u201CException from Modify operation:javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000054F: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0u201D

Any ideas anyone!

Thanks for your time and help.

Thanks

Shabna

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

mubarakshabna_asmi
Participant
‎06-27-2012 9:19 PM
0 Kudos

Anuj,

  As far as I remember the issue was with the format in which the CN was defined and also permissions to modify the group to add a member. I will check in my system and get back.

Thanks

Shabna

Show replies
Show replies
Former Member
‎06-26-2012 2:27 PM
0 Kudos

Hi,

Are you using SSL to connect to your AD server?  This might be what is causing this error.

Thanks,

Chris

Show replies
Show replies
Former Member
‎06-27-2012 3:40 AM
0 Kudos

Hi Chris/Matt,

I'm working on SAP IDM7.2 with SAP PF for ADS. Create AD user task is linked to Create ADS user and  Set ADS Password jobs. While creating new ADS user,LDAP error 53 is received in the Set ADS Password job. This job works fine when I disable entry

unicodePwd  $FUNCTION.sap_ads_encodePwd(%MX_ENCRYPTED_PASSWORD%)$$ in the destination tab of job. I've tried following conditions without disabiling:

Scenario 1 : With Simple Authentication, no SSL connection to LDAP:

Exception from Modify operation:javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0]; remaining name 'cn=USER028,dc=abc,dc=com'

Scenario 2: With SSL connection to LDAP


ToDSADirect.init got exception, returning false. - URL:ldap://192.168.1.236:636

javax.naming.CommunicationException: simple bind failed: 192.168.1.236:636 [Root exception is java.net.SocketException: Connection reset]

Port 636 is not open on the LDAP server, I believe this is the reason for failure in scenario 2. But I don't know why did password provisioning fail in scenario 1.

Please advise.

Thanks,

Anuj

Former Member
‎06-27-2012 4:32 AM
0 Kudos

For active directory, setting the password requires an SSL connection.  So you'll need to open up port 636 and set up the SSL connection in order to get this to work.

former_member2987
Active Contributor
‎06-27-2012 1:50 PM
0 Kudos

The framework task does not require SSL and you can therefore connect on 389.

mubarakshabna_asmi
Participant
‎12-23-2009 2:52 PM
0 Kudos

Any ideas anyone!!

Show replies
Show replies
Former Member
‎12-28-2009 10:53 PM
0 Kudos

Have you looked at the standard LDAP pass "AssignUserToADSGroup"? We use this to assign group membership without issue.

mubarakshabna_asmi
Participant
‎12-30-2009 3:26 PM
0 Kudos

Scott,

Thanks for your reply. Could you please reply with what the LDAP pass destination tab looks like.

Thanks

Shabna

Former Member
‎06-26-2012 10:58 AM
0 Kudos

Hi Shabna,

Even I'm facing the same problem. Could you please elaborate how did you solve this problem.

Thanks,

Anuj

former_member2987
Active Contributor
‎06-26-2012 2:26 PM
0 Kudos

Anuj,

If you're getting this error, you're trying to modify an attribute that you can't modify for some reason.

My suggestion is to use the # prefix to disable all of the attributes except for DN, then re run the task enabling one attribute at a time until you have discovered all of the attributes that are giving you problems.

Matt

Ask a Question