problem 5003 (WILL_NOT_PERFORM) when export passwords OID->AD
295495Aug 10 2007 — edited Sep 26 2007Hi All
Having:
1. SSL is configured in AD (windows 2003 server SP2):
ldapbind -p 636 -h win2003ad.test.local -P *** -W file:C:/Oracle/Wallet -U 2
bind successful
2. SSL is configured in OID 10.1.2.1.0:
ldapbind -D cn=orcladmin -w *** -h 192.168.9.2 -p 13133 -W "file:C:\Oracle\Wallet" -P *** -U 2
bind successful
3. OrclPwdPolicyEnable and orclpwdEncryptionEnable in OID are set to 1
4. SSL is configured in DIP:
odisrvreg -D cn=orcladmin -w *** -h win2003srv -p 13133 -W "file:C:\Oracle\Wallet\ewallet" -P *** -U 2
Already Registered...Updating DIS password...
DIS registration successful.
5. Export profile activeexp2 containing:
Userpassword: : :inetorgperson:unicodepwd: :user
6. Starting instance:
oidctl server=odisrv connect=develop instance=2 configset=2 flags="host=win2003srv port=13133 sslauth=2" start
7. Trc file of export is increasing with:
...
Updated Attributes
orclodipLastExecutionTime: 20070810125036
orclLastAppliedChangeNumber: 3801
orclOdipSynchronizationStatus: Synchronization Successful
orclodipLastSuccessfulExecutionTime: 20070810125036
...
8. Trying to add user to OID from user11a.ldif WITHOUT PASSWORD:
dn: cn=user11,cn=users,dc=win2003srv,dc=com
krbprincipalname: user11@TEST.LOCAL
givenname: user11
sn: user11
mail: user11@test.local
objectclass: inetorgperson
objectclass: orcladuser
objectclass: orcluser
objectclass: orcluserv2
objectclass: organizationalperson
objectclass: person
objectclass: top
cn: user11
orcluserprincipalname: user11@test.local
orclisenabled: ENABLED
middlename: user11
orclsamaccountname: test.local$user11
displayname: user11
uid: user11
ldapadd -U 2 -h 192.168.9.2 -W "file:C:\Oracle\Wallet" -P *** -p 13133 -D "cn=orcladmin" -w *** -f "C:\user11a.ldif"
adding new entry cn=user11,cn=users,dc=win2003srv,dc=com
After a time the user is created by export in AD.
9. Then deleting the user from OID, user is deleted from AD.
10. Ok, trying to add user to OID from user11a.ldif WITH PASSWORD:
dn: cn=user11,cn=users,dc=win2003srv,dc=com
krbprincipalname: user11@TEST.LOCAL
givenname: user11
sn: user11
mail: user11@test.local
objectclass: inetorgperson
objectclass: orcladuser
objectclass: orcluser
objectclass: orcluserv2
objectclass: organizationalperson
objectclass: person
objectclass: top
cn: user11
orcluserprincipalname: user11@test.local
orclisenabled: ENABLED
middlename: user11
orclsamaccountname: test.local$user11
displayname: user11
uid: user11
userpassword: mytestpassword1
ldapadd -U 2 -h 192.168.9.2 -W "file:C:\Oracle\Wallet" -P *** -p 13133 -D "cn=orcladmin" -w *** -f "C:\user11a.ldif"
adding new entry cn=user11,cn=users,dc=win2003srv,dc=com
In trace file getting error:
Exception creating Entry : javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00000
]; remaining name 'cn=user11,cn=users,dc=test,dc=local'
[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
]
...
Password policy in AD:
Enforce password history: 24 passwords remembered
Maximum password age: 42 days
Minimum password age: 1 days
Minimum password length: 5 characters
Password must meet complexity requirements: Enabled
Store passwords using reversible encryption: Enabled
Any help?