DSA unwilling to perform (Legacy_Onyx KB Id: 217731)
search cancel

DSA unwilling to perform (Legacy_Onyx KB Id: 217731)

book

Article ID: 54963

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Now when i try to do a 'test create' task as 'amfam_selfreg' user using the UI, i am getting a 'Task Failed' with the below error in the SMPS log.
Upon checking with our AD folks, they say that the the siteminder superadmin id, configured in the siteminder dir, for which i created this IME, has complete permissions.
Could you please advise what is missing here.

-----------SMPS.log----------------
[2664/1880][Tue Aug 30 2005 15:17:58][IMS6User.cpp:81][ERROR] LoadIMSUser - User not found. Unique Id:cn=JagTest,OU=People,OU=Customers,DC=aaatest,DC=amfam,DC=net
[2664/1880][Tue Aug 30 2005 15:17:58][ImsCommandUtils.cpp:325][ERROR] SmImsCommand (getImsUser) DS Provider call failed
Error Code was: 18
Error Message: IMS DS Provider Error - Unknown Error
[2664/1880][Tue Aug 30 2005 15:17:58][IMS6User.cpp:81][ERROR] LoadIMSUser - User not found. Unique Id:JagTest
[2664/1880][Tue Aug 30 2005 15:17:58][ImsCommandUtils.cpp:325][ERROR] SmImsCommand (getImsUser) DS Provider call failed
Error Code was: 18
Error Message: IMS DS Provider Error - Unknown Error
[2664/1880][Tue Aug 30 2005 15:17:59][SmDsLdapProvider.cpp:5047][ERROR] (SetUserProp) DN: 'cn=JagTest,ou=people,OU=Customers,DC=aaatest,DC=amfam,DC=net', PropName: 'unicodePwd', PropValue: '****' . Status: Error 53 . DSA is unwilling to perform
[2664/1880][Tue Aug 30 2005 15:17:59][IMS6DsLdapProvider.cpp:856][ERROR] (CIMSDsLdapProvider::AddIMSObject) Failed to changed password for 'cn=JagTest,ou=people,OU=Customers,DC=aaatest,DC=amfam,DC=net'
[2664/1880][Tue Aug 30 2005 15:17:59][IMS6DsLdapProvider.cpp:857][ERROR] DS error message: DSA is unwilling to perform
[2664/1880][Tue Aug 30 2005 15:17:59][ImsCommandUtils.cpp:325][ERROR] SmImsCommand (createDSObject) DS Provider call failed
Error Code was: 13
Error Message: IMS DS Provider Error - Failed to change password
--------------------------

Environment

Release:
Component: IDMIND

Resolution

What is most likely missing is an SSL userdirectory connection to the AD userstore. You cannot set password for a user without a secure connection and you will get the above DSA unwilling to perform error. The error 18s are normal as we search for the newly created user to make sure they do not exist already.