LDAP: error code 53 - Unwilling To Perform
search cancel

LDAP: error code 53 - Unwilling To Perform

book

Article ID: 228633

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager CA Directory

Issue/Introduction

CA IM (Identity Manager) searches are failing with the following error:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'ou=im,ou=ca,o=com


Log Extract:
2021-11-15 12:21:23,672 ERROR [ims.llsdk.directory.jndi.searcher] (default task-8) evaluateSearchUnit has naming exception
2021-11-15 12:21:23,672 ERROR [ims.llsdk.directory.jndi.searcher] (default task-8) javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'ou=im,ou=ca,o=com'
 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3227)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
 at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
 at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
 at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
 at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
 at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
 at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
 at com.netegrity.llsdk6.imsimpl.directory.jndi.LdapOps.search(LdapOps.java:492)
 at com.netegrity.llsdk6.imsimpl.directory.jndi.LdapOps.searchSubTree(LdapOps.java:510)
 at com.netegrity.llsdk6.imsimpl.directory.jndi.JndiSearcher.evaluateSearchUnit(JndiSearcher.java:363)
 at

 

 

Environment

Release : 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Cause

The LDAP search/query from IM is causing the unwilling to perform error.  The IM Userstore alarm logs show the following error.

[6] 20211115.201932.257 WARN : Cannot have substrings filter with integer syntax
[4] 20211115.201932.563 WARN : Cannot have substrings filter with integer syntax
[1] 20211115.201932.762 WARN : Cannot have substrings filter with integer syntax
[3] 20211115.201933.029 WARN : Cannot have substrings filter with integer syntax

This is normal as one cannot perform a wild card search on an integer value.

Reference:
https://knowledge.broadcom.com/external/article?articleId=50697

 

Resolution

Enabling DSA Directory tracing will identify the attributes being searched (for example)

schema set attribute im-UU-attr:213 = {
    name = imInteger03
    ldap-names = imInteger03
    equality = integerMatch
    syntax = integer
};

In the context of CA Identity Manager (IM), this would be referenced via a search screen attached to a task.  To resolve the issue customers need to determine which attributes are involved in the failing search and make the appropriate changes.

Powered by Wolken Software