Thanks. We were able to successfully propagate password now. Following changes done: 1. configured 1.2.1 AD connector 2. Mapped only the bare essential attributes in the mapping section of resource.
Regards, Suresh On Tue, May 12, 2015 at 12:37 PM, Fabio Martelli <[email protected]> wrote: > Il 12/05/2015 07:35, Suresh Ajja ha scritto: > > Hi, > I could somehow make my certificates correct in the Ad Server to be able > to connect on SSL port. > > Still when I am trying to propagate on SSL, the user is though created, > but it is in disabled state and without password. > Need your help to sort this out, I have been trying this long time now. > > Let me know what information you need so as to analyse the problem > better. > > Hi, *password change mandatory constraint* is automatically specified. > Take a look [1]. > > Regards, > F. > > [1] > https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482#ActiveDirectory%28JNDI%29-Advancedusermanagement > > > -Suresh > > On Mon, May 11, 2015 at 5:56 PM, Don DaRe <[email protected]> wrote: > >> Ad will not accept a password on port 389. You must use port 636, and >> have certificate server installed in your domain (in order for port 636 to >> become active) >> >> Don >> >> >> On Monday, May 11, 2015, Suresh Ajja <[email protected]> wrote: >> >>> hi, >>> Thanks Fabio for the reply. The issue is still not resolved. >>> >>> To provide u some more info, we have standalone CA setup in AD. >>> We are trying to propagate users to AD using 389 port of AD. >>> >>> When we tick the password attribute of Syncope as mandatory mapping >>> required, propagation fails. >>> Hernce, we created a separate password string 'pwd' and mapped with >>> unicodePwd. Sent a 64-bit encoded password. This way at least the user got >>> created, but password is not propagated. We were trying to check if >>> password gets propagated by other means here. >>> >>> Question: >>> Do we require SSL connection to send password over the wire into AD? >>> >>> We created CA cert and imported in syncope to establish SSL. Still the >>> SSL connection is not getting established. >>> >>> Please help. >>> >>> Regards, >>> Suresh >>> >>> On Mon, May 4, 2015 at 1:02 PM, Fabio Martelli <[email protected] >>> > wrote: >>> >>>> Hi Suresh, why are you using the AD connector 1.1.6. I suggest you to >>>> move to 1.2.3. >>>> Further, the error code "SvcErr: DSID-031A120C" is related to a >>>> password syntax error. Be sure to provide a password compliant with AD >>>> password policies. >>>> >>>> Regards, >>>> F. >>>> >>>> >>>> Il 04/05/2015 08:24, [email protected] ha scritto: >>>> >>>> Hi, >>>> >>>> We have a AD Server that has a huge list of users. >>>> We configured a connector with AD and synchronized all the users from >>>> AD server to Syncope successfully. >>>> >>>> My challenge is while propagating new users from syncope to AD with a >>>> special case. >>>> We can propagate successfully the new user created only and only if I >>>> don't provide the password for the user in syncope UI. >>>> >>>> The requirement is I need the source of truth for username/password >>>> with syncope and not with AD Server. >>>> >>>> Following is the error while we propagate with password : >>>> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - >>>> 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 >>>> ?]; remaining name 'cn=ranu >>>> sharma,OU=IDMTEST,OU=Users,OU=CBD,DC=positivepackaging,DC=local' >>>> >>>> Cause: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem >>>> 5003 (WILL_NOT_PERFORM), data 0 >>>> >>>> Please help me understand why are we getting this error. and How can I >>>> propagate password in Ad. >>>> >>>> Env: >>>> Syncope - 1.2.3 ver >>>> AD Server - 6.1 ver >>>> ADConnector - 1.1.6 ver >>>> >>>> Regards, >>>> Suresh >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Fabio Martelli >>>> >>>> Tirasa - Open Source Excellencehttp://www.tirasa.net/ >>>> >>>> Apache Syncope PMChttp://people.apache.org/~fmartelli/ >>>> >>>> >>> > > > -- > Fabio Martelli > > Tirasa - Open Source Excellencehttp://www.tirasa.net/ > > Apache Syncope PMChttp://people.apache.org/~fmartelli/ > >
