on 12-22-2009 6:19 PM
All
I can create a group or a user in AD through IDM. I cannot modify the group to add a user to it or vice versa. This is the error I get:
u201CException from Modify operation:javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000054F: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0u201D
Any ideas anyone!
Thanks for your time and help.
Thanks
Shabna
Anuj,
As far as I remember the issue was with the format in which the CN was defined and also permissions to modify the group to add a member. I will check in my system and get back.
Thanks
Shabna
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Are you using SSL to connect to your AD server? This might be what is causing this error.
Thanks,
Chris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Chris/Matt,
I'm working on SAP IDM7.2 with SAP PF for ADS. Create AD user task is linked to Create ADS user and Set ADS Password jobs. While creating new ADS user,LDAP error 53 is received in the Set ADS Password job. This job works fine when I disable entry
unicodePwd $FUNCTION.sap_ads_encodePwd(%MX_ENCRYPTED_PASSWORD%)$$ in the destination tab of job. I've tried following conditions without disabiling:
Scenario 1 : With Simple Authentication, no SSL connection to LDAP:
Exception from Modify operation:javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0]; remaining name 'cn=USER028,dc=abc,dc=com'
Scenario 2: With SSL connection to LDAP
ToDSADirect.init got exception, returning false. - URL:ldap://192.168.1.236:636
javax.naming.CommunicationException: simple bind failed: 192.168.1.236:636 [Root exception is java.net.SocketException: Connection reset]
Port 636 is not open on the LDAP server, I believe this is the reason for failure in scenario 2. But I don't know why did password provisioning fail in scenario 1.
Please advise.
Thanks,
Anuj
Any ideas anyone!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Anuj,
If you're getting this error, you're trying to modify an attribute that you can't modify for some reason.
My suggestion is to use the # prefix to disable all of the attributes except for DN, then re run the task enabling one attribute at a time until you have discovered all of the attributes that are giving you problems.
Matt
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.