Identity Manager searches are failing with the following error:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'ou=im,ou=ca,o=com

Log Extract:
2021-11-15 12:21:23,672 ERROR [ims.llsdk.directory.jndi.searcher] (default task-8) evaluateSearchUnit has naming exception
2021-11-15 12:21:23,672 ERROR [ims.llsdk.directory.jndi.searcher] (default task-8) javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'ou=im,ou=ca,o=com'
 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3227)

Release : 14.x

Component : Identity Manager. Virtual Appliance

The LDAP search/query from IM is causing the unwilling to perform error.  The IM Userstore alarm logs show the following error.

[6] 20211115.201932.257 WARN : Cannot have substrings filter with integer syntax

This is normal as one cannot perform a wild card search on an integer value.

Reference:

Enabling DSA Directory tracing will identify the attributes being searched (for example)

schema set attribute im-UU-attr:213 = {
    name = imInteger03
    ldap-names = imInteger03
    equality = integerMatch
    syntax = integer
};

This would be referenced via a search screen attached to a task.  To resolve the issue customers need to determine which attributes are involved in the failing search and make the appropriate changes.

If the above information did not help, see the KB article below:

Error "LDAP: error code 53 - Unwilling To Perform" when trying to create ADS account