Error while Resetting user password

book

Article ID: 194339

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

If user tries to Reset User Password the following error message is displayed in the View Submitted Task.

[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0 ]; 
nested exception is javax.naming.OperationNotSupportedException:[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0]

 

In the Provisioning Server log file (etatrans) we have the error message:

ERROR [com.netegrity.crypto.PBESHA1RC2CBCPKCS12PBE5128Handler] (default task-61) org.bouncycastle.util.encoders.DecoderException: unable to decode base64 data: invalid characters encountered in base64 data

Cause

  • The Identity Manager was configured to authenticate with Active Directory, in the Identity Manager Management Console > Environments > <YOUR_ENVIRONMENT> > Advanced Settings > User Console > "Authentication Properties" section, in the Module Properties, the Port was 389 and SSL = FALSE
  • The Active Directory endpoint, Security tab, was set to SSL

 

Environment

Identity Manager 14.3

Virtual Appliance and On-Premisses versions

Resolution

As the Active Directory endpoint was configured to use SSL in the Security tab, we must set the SSL in the "Module Properties" too.

  • In the SERVER field, set the IP or Hostname and the 636 Port, i.e <hostname>:636
  • In the SSL field, change to TRUE
  • Click the Save button twice and double-check if the Active Directory is selected, and Restart Environment button.
  • From Provisioning Server and IM Server machines, run the command below to import the CA certificate to the keystone, and restart Identity Manager service

             keytool -importcert -file <the ca cert file> -keystore $JAVA_HOME/jre/lib/security/cacerts

  • restart im using im_stop / start_im

Additional Information

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-3/configuring/advanced-settings/manage-authentication-module-properties.html