LDAP: error code 53 - Unwilling To Perform
search cancel

LDAP: error code 53 - Unwilling To Perform

book

Article ID: 228633

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager CA Directory

Issue/Introduction

CA IM (Identity Manager) searches are failing with the following error:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'ou=im,ou=ca,o=com


Log Extract:
2021-11-15 12:21:23,672 ERROR [ims.llsdk.directory.jndi.searcher] (default task-8) evaluateSearchUnit has naming exception
2021-11-15 12:21:23,672 ERROR [ims.llsdk.directory.jndi.searcher] (default task-8) javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'ou=im,ou=ca,o=com'
 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3227)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
 at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
 at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
 at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
 at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
 at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
 at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
 at com.netegrity.llsdk6.imsimpl.directory.jndi.LdapOps.search(LdapOps.java:492)
 at com.netegrity.llsdk6.imsimpl.directory.jndi.LdapOps.searchSubTree(LdapOps.java:510)
 at com.netegrity.llsdk6.imsimpl.directory.jndi.JndiSearcher.evaluateSearchUnit(JndiSearcher.java:363)
 at

 

 

Environment

Release : 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Cause

The LDAP search/query from IM is causing the unwilling to perform error.  The IM Userstore alarm logs show the following error.

[6] 20211115.201932.257 WARN : Cannot have substrings filter with integer syntax
[4] 20211115.201932.563 WARN : Cannot have substrings filter with integer syntax
[1] 20211115.201932.762 WARN : Cannot have substrings filter with integer syntax
[3] 20211115.201933.029 WARN : Cannot have substrings filter with integer syntax

This is normal as one cannot perform a wild card search on an integer value.

Reference:
https://knowledge.broadcom.com/external/article?articleId=50697

 

Resolution

Enabling DSA Directory tracing will identify the attributes being searched (for example)

schema set attribute im-UU-attr:213 = {
    name = imInteger03
    ldap-names = imInteger03
    equality = integerMatch
    syntax = integer
};

In the context of CA Identity Manager (IM), this would be referenced via a search screen attached to a task.  To resolve the issue customers need to determine which attributes are involved in the failing search and make the appropriate changes.

Additional Information

If the above information did not help, see the KB article below:

Error "LDAP: error code 53 - Unwilling To Perform" when trying to create ADS account

 

Powered by Wolken Software