OpenIDM - How update the UserAccountControl field in AD

Question

I am trying to update the UserAccountControl AD field using a specific value (66048) when I create a managed user on OpenIDM but I am facing an issue. The related stacktrace :

Caused by: org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-03 1A12D2, problem 5003 (WILL_NOT_PERFORM), data 0 ^@]; remaining name 'CN=93ba7d80-b0d3-4af7-b199-66f1b1bd217a,CN=Users,DC=xxx,DC=com' at org.identityconnectors.ldap.modify.LdapCreate.doCreate(LdapCreate.java:187) at org.identityconnectors.ldap.modify.LdapCreate.executeImpl(LdapCreate.java:136) at org.identityconnectors.ldap.modify.LdapCreate.execute(LdapCreate.java:80) at org.identityconnectors.ldap.LdapConnector.create(LdapConnector.java:209) at org.identityconnectors.framework.impl.api.local.operations.CreateImpl.create(CreateImpl.java:88) at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:97) at com.sun.proxy.$Proxy27.create(Unknown Source) at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96) at com.sun.proxy.$Proxy27.create(Unknown Source) at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:98) at com.sun.proxy.$Proxy27.create(Unknown Source) at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.create(AbstractConnectorFacade.java:149) at org.forgerock.openidm.provisioner.openicf.impl.OpenICFProvisionerService$ObjectClassResourceProvider.createInstance(OpenICFProvisionerService.java:1332) ... 151 more

I am using the default LDAP Connector (1.4.0.0). If found on Forgerock (https://bugster.forgerock.org/jira/browse/OPENICF-102) that the UAC Field is read only using this connector.

How can I simply update it?

score 1 · Accepted Answer · edited Mar 26 '15 at 17:25

1

If you know exactly what you're doing you can use the userAccountControl attribute with OpenIDM.

In your case, it looks like you did not provide the password (UTF 16 encoded unicodePwd)

edited Mar 26 '15 at 17:25

chollida

7,834
11
55
85

answered Mar 26 '15 at 17:10

Gael

26
1

It is working.Effectivily this was due to the lake of password during the synchronization. – Spawnrider Mar 30 '15 at 23:27

OpenIDM - How update the UserAccountControl field in AD

1 Answers1