1

I am using MuleSoft to connect LDAP and provision a user. Connection for Mule 4 LDAP Connector is using LDAPS (SSL Connection using trustStore file + password) over port 636. As mentioned in online documents, I am setting valid userPassword attribute based on Active Directory guidelines. Still it's throwing error:

"OPERATION_NOT_SUPPORTED: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12E8, problem 5003 (WILL_NOT_PERFORM), data 0"

I am able to set this to 546, 544, etc., but 512 never achieved. Please could anyone suggest what may the reason for this error?

Below are the payload for LDAP Add operation :

{
"accountExpires": "0",
"givenName": "First",
"name": "First Last",
"displayName": "First Last",
"cn": "First Last",
"sn": "Last",
"userAccountControl": "512",
"userPassword": "s4mb@r89!DRFnw",
"physicalDeliveryOfficeName": "London",
"dn": "CN=First Last,OU=London,DC=company,DC=co,DC=uk",
"distinguishedName": "CN=First Last,OU=London,DC=company,DC=co,DC=uk",
"manager": "CN=Mgr Name,OU=London,DC=company,DC=co,DC=uk",
"userPrincipalName": "First.Last@company.co.uk",
"sAMAccountName": "First.Last",
"employeeID": "First.Last",
"objectCategory": "CN=Person,CN=Schema,CN=Configuration,DC=company,DC=co,DC=uk",
"objectClass": ["top", "person", "organizationalPerson", "user"]
}

Mule 4 - LDAP Connector Configuration:

<ldap:config name="LDAP_Configuration" doc:name="LDAP Configuration" doc:id="dc616c25-140d-42ef-a72e-575379a81596" >
<ldap:ssl-connection 
    authDn="ldap_user" 
    authPassword="password" 
    url="ldaps://domain:636" 
    trustStorePath="C:\path\src\main\resources\server.truststore" 
    trustStorePassword="mulesoft" >
    <reconnection >
        <reconnect frequency="20000" count="2" />
    </reconnection>
</ldap:ssl-connection>
</ldap:config>
aled
  • 21,330
  • 3
  • 27
  • 34
Sambit Swain
  • 131
  • 1
  • 13
  • Please provide the configuration and operation as XML. The setting provided are corrupted or at least missing many quotes. It should be very clear what values are used in config and operation. – aled Jun 27 '22 at 17:42

1 Answers1

0

It seems that the password used is still not complying with some restriction according to this page: https://ldapwiki.com/wiki/ERROR_PASSWORD_RESTRICTION.

ERROR_PASSWORD_RESTRICTION is an LDAP Result Codes and Microsoft Response Code implying the value provided for the new password does not meet the length, complexity, or history requirements of the domain.

The key code in the string is the Hex Value "0000052D" which is referenced in the Microsoft Response Code

It doesn't seem that there is anything Mule related to this issue. It looks to be purely Active Directory related.

aled
  • 21,330
  • 3
  • 27
  • 34
  • Hi @aled, you are right!, there is no issue with MuleSoft. We discovered that creating user record & login account in AD is forced to be 2 steps execution. I was trying to create an employee record and it's login credentials in same operation i.e., LDAP:ADD, and received error. The correct process is: 1) Create employee record in LDAP 2) Create employee login data in LDAP. – Sambit Swain Feb 23 '23 at 14:30
  • Please feel free to mark the answer as accepted/upvote it to signal to others that it is useful. – aled Feb 23 '23 at 15:45