Hi guys, We're bit stuck and so far all our investigation and assumption lead to a dead end. We were hoping maybe somebody has faced a similar situation and has some insights where the issue could be or has a good resource for further information to investigate.
The situation: We use syncope with the Active Directory connector to synch the users in the AD. Most of the create actions work without problem. Special in our case is, that these users are created in Syncope without passwords. Therefore we use the flag "create Password if not provided" and have implemented our own password generator to match the password policy of the Active Directory. Most of the time this works without a problem. The problem: However from time to time we get randomly the LDAP error 53 when creating a user in Syncope and the user is not provisioned in the Active Directory. - core-connid.log reports: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0 Our research: Obviously we suspected a corner case in our password generator as most resources point out that such an error happens when (a) the AC connection is not secured (b) the password does not meet the password policy. To prove this assumption, we enabled the debug logging for the provisioning and decrypted the generated password. The password looked however good and should comply with the password policy. By creating manually a user with the given password we validated that the given password is ok and as suspected the user was properly provisioned into the Active Directory. In the debug log we also validated that the encrypted password was identical. So this seems not to be the problem. Regarding (a) - the connection seems to be properly configured in our eyes. SSL Certificates of the AD are in the truststore of the JVM, the connections point to the secure service port 636... And as most of the case the provisioning works, I assume this should be ok. Or do you know some more caveats which could be related to this? Other load issues? Do you have any other suggestion where we should investigate further? Other reasons which could lead to LDAP error 53? (I couldn't figure out if the HEX code 1F has a special meaning...) Thanks in advanced for any help! Kind regards Lukas
smime.p7s
Description: S/MIME cryptographic signature
