CA Identity ManagerCA Identity GovernanceCA Identity PortalCA Identity Suite
Issue/Introduction
If user tries to Reset User Password the following error message is displayed in the View Submitted Task.
[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0 ]; nested exception is javax.naming.OperationNotSupportedException:[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0]
In the Provisioning Server log file (etatrans) we have the error message:
ERROR [com.netegrity.crypto.PBESHA1RC2CBCPKCS12PBE5128Handler] (default task-61) org.bouncycastle.util.encoders.DecoderException: unable to decode base64 data: invalid characters encountered in base64 data
Environment
Identity Manager 14.5
Cause
The Identity Manager was configured to authenticate with Active Directory, in the Identity Manager Management Console > Environments > <YOUR_ENVIRONMENT> > Advanced Settings > User Console > "Authentication Properties" section, in the Module Properties, the Port was 389 and SSL = FALSE
The Active Directory endpoint, Security tab, was set to SSL
Resolution
As the Active Directory endpoint was configured to use SSL in the Security tab, we must set the SSL in the "Module Properties" too.
In the SERVER field, set the IP or Hostname and the 636 Port, i.e <hostname>:636
In the SSL field, change to TRUE
Click the Save button twice and double-check if the Active Directory is selected, and Restart Environment button.
From Provisioning Server and IM Server machines, run the command below to import the CA certificate to the keystore, and restart Identity Manager service
keytool -importcert -file <the ca cert file> -keystore $JAVA_HOME/jre/lib/security/cacerts
If you have Virtual Appliance, restart Identity Manager using stop_im / start_im alias
Additional Information
For further information, see the documentation below.