I think it's the password policy issue on AD side. See http://ldapwiki.willeke.com/wiki/WILL_NOT_PERFORM and especially the part related to your error code 0000052D
Marek
On 02/12/15 14:02, Adrian Matei wrote:
hi,
has anybody got the following type of error when trying to add/passwords using AD as user federation:
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0]; remaining name 'CN=ama,OU=Keycloakmanaged,OU=Test,DC=extnett,DC=xxx,DC=yy'at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3160)at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1478)at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:273)at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:190)at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:179)at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager$6.execute(LDAPOperationManager.java:386)at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager$6.execute(LDAPOperationManager.java:383)at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:519)at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.modifyAttributes(LDAPOperationManager.java:383)... 64 more
I get the same error when I try to "manually" add theĀ unicodePwd via the ApacheDirectoryStudio for example...The connection is over SSL and both parties trust each other...
Thanks,Adrian
_______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user