Il 12/05/2015 07:35, Suresh Ajja ha scritto:
Hi,
I could somehow make my certificates correct in the Ad Server to be
able to connect on SSL port.
Still when I am trying to propagate on SSL, the user is though
created, but it is in disabled state and without password.
Need your help to sort this out, I have been trying this long time now.
Let me know what information you need so as to analyse the problem better.
Hi, *password change mandatory constraint* is automatically specified.
Take a look [1].
Regards,
F.
[1]
https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482#ActiveDirectory%28JNDI%29-Advancedusermanagement*
*
-Suresh
On Mon, May 11, 2015 at 5:56 PM, Don DaRe <[email protected]
<mailto:[email protected]>> wrote:
Ad will not accept a password on port 389. You must use port 636,
and have certificate server installed in your domain (in order for
port 636 to become active)
Don
On Monday, May 11, 2015, Suresh Ajja <[email protected]
<mailto:[email protected]>> wrote:
hi,
Thanks Fabio for the reply. The issue is still not resolved.
To provide u some more info, we have standalone CA setup in AD.
We are trying to propagate users to AD using 389 port of AD.
When we tick the password attribute of Syncope as mandatory
mapping required, propagation fails.
Hernce, we created a separate password string 'pwd' and mapped
with unicodePwd. Sent a 64-bit encoded password. This way at
least the user got created, but password is not propagated. We
were trying to check if password gets propagated by other
means here.
Question:
Do we require SSL connection to send password over the wire
into AD?
We created CA cert and imported in syncope to establish SSL.
Still the SSL connection is not getting established.
Please help.
Regards,
Suresh
On Mon, May 4, 2015 at 1:02 PM, Fabio Martelli
<[email protected]> wrote:
Hi Suresh, why are you using the AD connector 1.1.6. I
suggest you to move to 1.2.3.
Further, the error code "SvcErr: DSID-031A120C" is related
to a password syntax error. Be sure to provide a password
compliant with AD password policies.
Regards,
F.
Il 04/05/2015 08:24, [email protected] ha scritto:
Hi,
We have a AD Server that has a huge list of users.
We configured a connector with AD and synchronized all
the users from AD server to Syncope successfully.
My challenge is while propagating new users from syncope
to AD with a special case.
We can propagate successfully the new user created only
and only if I don't provide the password for the user in
syncope UI.
The requirement is I need the source of truth for
username/password with syncope and not with AD Server.
Following is the error while we propagate with password :
javax.naming.OperationNotSupportedException: [LDAP: error
code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003
(WILL_NOT_PERFORM), data 0
?]; remaining name 'cn=ranu
sharma,OU=IDMTEST,OU=Users,OU=CBD,DC=positivepackaging,DC=local'
Cause: [LDAP: error code 53 - 0000001F: SvcErr:
DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
Please help me understand why are we getting this error.
and How can I propagate password in Ad.
Env:
Syncope - 1.2.3 ver
AD Server - 6.1 ver
ADConnector - 1.1.6 ver
Regards,
Suresh
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
<http://people.apache.org/%7Efmartelli/>
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
