2

when I create a user using JNDI to communicate to active directory , I am now getting LDAP Error 53 (WILL_NOT_PERFORM).

I'm trying set password for the created user. Also I've disabled the 'User must change password at next logon' option.

attrs.put("unicodePwd", "\"Test123\"".getBytes("UTF-16LE") );
String newValue = Integer.toString(-1);  
ModificationItem mods[] = new ModificationItem[2];  
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
                               new BasicAttribute("pwdLastSet"));  
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
                               new BasicAttribute("pwdLastSet",  
                               newValue));  
ctx.modifyAttributes(userName, mods);

Problem creating object:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0

Any ideas as to what I am doing wrong or missing?

user207421
  • 305,947
  • 44
  • 307
  • 483
ANU
  • 29
  • 1
  • 1
  • 5
  • Terrible tagging here. [tag:creation] is both vague and pointless; [tag:lda] is just a mis-spelling; and no [tag:java] or [tag:jndi]. – user207421 Jul 26 '18 at 01:10

1 Answers1

3

You don't show how you're connecting to the Active Directory server, but you will get this error if you try to set a password over a connection that is not SSL/TLS.

Currently the URL to your A/D server probably looks like this:

ldap://(server address):389

Try changing it to:

ldaps://(server address):636

snookerdoodle
  • 31
  • 3
  • 1
    more specifically, this error indicates that the complexity set on the server side is not met ( at least in 389 Directory Server ). If the setting is say 256 and the clients uses 128 bit, this error occurs. Check the complexity setting on the server side and the documentation. Also, AD is not LDAP, be aware of the differences. – Vincent Gerris Feb 14 '22 at 15:43