If user tries to Reset User Password the following error message is displayed in the View Submitted Task.

[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0 ]; 
nested exception is javax.naming.OperationNotSupportedException:[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0]

In the Provisioning Server log file (etatrans) we have the error message:

ERROR [com.netegrity.crypto.PBESHA1RC2CBCPKCS12PBE5128Handler] (default task-61) org.bouncycastle.util.encoders.DecoderException: unable to decode base64 data: invalid characters encountered in base64 data

Identity Manager 14.3

Virtual Appliance and On-Premisses versions

• The Identity Manager was configured to authenticate with Active Directory, in the Identity Manager Management Console > Environments > <YOUR_ENVIRONMENT> > Advanced Settings > User Console > "Authentication Properties" section, in the Module Properties, the Port was 389 and SSL = FALSE
• The Active Directory endpoint, Security tab, was set to SSL

As the Active Directory endpoint was configured to use SSL in the Security tab, we must set the SSL in the "Module Properties" too.

• In the SERVER field, set the IP or Hostname and the 636 Port, i.e <hostname>:636
• In the SSL field, change to TRUE
• Click the Save button twice and double-check if the Active Directory is selected, and Restart Environment button.
• From Provisioning Server and IM Server machines, run the command below to import the CA certificate to the keystone, and restart Identity Manager service

             keytool -importcert -file <the ca cert file> -keystore $JAVA_HOME/jre/lib/security/cacerts

• restart im using im_stop / start_im

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-3/configuring/advanced-settings/manage-authentication-module-properties.html