[keycloak-user] WILL_NOT_PERFORM update of password in Active Directory

Marek Posolda mposolda at redhat.com
Wed Dec 2 09:30:52 EST 2015


I think it's the password policy issue on AD side. See 
http://ldapwiki.willeke.com/wiki/WILL_NOT_PERFORM and especially the 
part related to your error code 0000052D

Marek

On 02/12/15 14:02, Adrian Matei wrote:
> hi,
>
> has anybody got the following type of error when trying to 
> add/passwords using AD as user federation:
>
>     Caused by: javax.naming.OperationNotSupportedException: [LDAP:
>     error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003
>     *(WILL_NOT_PERFORM)*, data 0
>     ]; remaining name
>     'CN=ama,OU=Keycloakmanaged,OU=Test,DC=extnett,DC=xxx,DC=yy'
>     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3160)
>     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
>     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
>     at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1478)
>     at
>     com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:273)
>     at
>     com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:190)
>     at
>     com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:179)
>     at
>     javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)
>     at
>     javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)
>     at
>     org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager$6.execute(LDAPOperationManager.java:386)
>     at
>     org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager$6.execute(LDAPOperationManager.java:383)
>     at
>     org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:519)
>     at
>     org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.modifyAttributes(LDAPOperationManager.java:383)
>     ... 64 more
>
>
>
> I get the same error when I try to "manually" add the /unicodePwd /via 
> the ApacheDirectoryStudio for example...
> The connection is over SSL and both parties trust each other...
>
> Thanks,
> Adrian
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151202/c38bd420/attachment.html 


More information about the keycloak-user mailing list