Hi, I could somehow make my certificates correct in the Ad Server to be able to connect on SSL port.
Still when I am trying to propagate on SSL, the user is though created, but it is in disabled state and without password. Need your help to sort this out, I have been trying this long time now. Let me know what information you need so as to analyse the problem better. -Suresh On Mon, May 11, 2015 at 5:56 PM, Don DaRe <[email protected]> wrote: > Ad will not accept a password on port 389. You must use port 636, and > have certificate server installed in your domain (in order for port 636 to > become active) > > Don > > > On Monday, May 11, 2015, Suresh Ajja <[email protected]> wrote: > >> hi, >> Thanks Fabio for the reply. The issue is still not resolved. >> >> To provide u some more info, we have standalone CA setup in AD. >> We are trying to propagate users to AD using 389 port of AD. >> >> When we tick the password attribute of Syncope as mandatory mapping >> required, propagation fails. >> Hernce, we created a separate password string 'pwd' and mapped with >> unicodePwd. Sent a 64-bit encoded password. This way at least the user got >> created, but password is not propagated. We were trying to check if >> password gets propagated by other means here. >> >> Question: >> Do we require SSL connection to send password over the wire into AD? >> >> We created CA cert and imported in syncope to establish SSL. Still the >> SSL connection is not getting established. >> >> Please help. >> >> Regards, >> Suresh >> >> On Mon, May 4, 2015 at 1:02 PM, Fabio Martelli <[email protected]> >> wrote: >> >>> Hi Suresh, why are you using the AD connector 1.1.6. I suggest you to >>> move to 1.2.3. >>> Further, the error code "SvcErr: DSID-031A120C" is related to a password >>> syntax error. Be sure to provide a password compliant with AD password >>> policies. >>> >>> Regards, >>> F. >>> >>> >>> Il 04/05/2015 08:24, [email protected] ha scritto: >>> >>> Hi, >>> >>> We have a AD Server that has a huge list of users. >>> We configured a connector with AD and synchronized all the users from AD >>> server to Syncope successfully. >>> >>> My challenge is while propagating new users from syncope to AD with a >>> special case. >>> We can propagate successfully the new user created only and only if I >>> don't provide the password for the user in syncope UI. >>> >>> The requirement is I need the source of truth for username/password with >>> syncope and not with AD Server. >>> >>> Following is the error while we propagate with password : >>> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - >>> 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 >>> ?]; remaining name 'cn=ranu >>> sharma,OU=IDMTEST,OU=Users,OU=CBD,DC=positivepackaging,DC=local' >>> >>> Cause: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem >>> 5003 (WILL_NOT_PERFORM), data 0 >>> >>> Please help me understand why are we getting this error. and How can I >>> propagate password in Ad. >>> >>> Env: >>> Syncope - 1.2.3 ver >>> AD Server - 6.1 ver >>> ADConnector - 1.1.6 ver >>> >>> Regards, >>> Suresh >>> >>> >>> >>> >>> >>> >>> -- >>> Fabio Martelli >>> >>> Tirasa - Open Source Excellencehttp://www.tirasa.net/ >>> >>> Apache Syncope PMChttp://people.apache.org/~fmartelli/ >>> >>> >>
