Hi Marek,
Indeed it was.

Thanks a lot,
Adrian

On Wed, Dec 2, 2015 at 3:30 PM, Marek Posolda <mposolda@redhat.com> wrote:
I think it's the password policy issue on AD side. See http://ldapwiki.willeke.com/wiki/WILL_NOT_PERFORM and especially the part related to your error code 0000052D

Marek


On 02/12/15 14:02, Adrian Matei wrote:
hi,

has anybody got the following type of error when trying to add/passwords using AD as user federation:

Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=ama,OU=Keycloakmanaged,OU=Test,DC=extnett,DC=xxx,DC=yy'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3160)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1478)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:273)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:190)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:179)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager$6.execute(LDAPOperationManager.java:386)
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager$6.execute(LDAPOperationManager.java:383)
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:519)
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.modifyAttributes(LDAPOperationManager.java:383)
... 64 more


I get the same error when I try to "manually" add theĀ unicodePwd via the ApacheDirectoryStudio for example...
The connection is over SSL and both parties trust each other...

Thanks,
Adrian


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user