cancel
Showing results for 
Search instead for 
Did you mean: 

Error when creating user in LDAP

Former Member
0 Kudos

Hi all,

I am using SAP NW CE 7.3 and configured the UME to point to MS Active Directory LDAP (on Windows Server 2012).

When I'm creating a user in the CE user administration (http://hostname:50000/irj), I'm getting the below error:

Naming exception when trying to create principal USER.CORP_LDAP.test31

[EXCEPTION]

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A129B, problem 5003 (WILL_NOT_PERFORM), data 0

]; remaining name 'cn=test31'

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)

Please note that I'm able to successfully validate the connection to the LDAP server (under Identity Management) and able to see the LDAP groups and able to create new groups as well. The issue is with creating the users. Please help. I can provide the xml data source config file if need be.

regards.

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi ,

Please check the below note .

1788653 - javax.naming.OperationNotSupportedException: LDAP: error code 53 (WILL_NOT_PERFORM)

Thanks

Rishi Abrol

Former Member
0 Kudos

Thanks Andrea & Rishi.

Andrea,

I've been using Microsoft ADS (flat hierarchy) + DB as data source file but later I started using dataSourceConfiguration_adam.xml available from a sap note which is quite similar.

The server config is as follows:

The user has all the rights to create users etc.

Rishi,

The note seems interesting because I'm doubting something regarding security features that causing the problem.

Andrea & Rishi,

1) Do I need to configure SSL so as to be able to create users?

2) If I create a user with password disabled, then I get this error:

LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C48, comment: Error in attribute conversion operation, data 0, v23f0

But the user is created in AD and it is locked there. So I unlock it and then set the password and I'm able to see it under User Administration

So what do you advise? How to resolve this issue?

regards.

Former Member
0 Kudos

Hi Suraj,

Yes  you need to configure ssl

As per note 673824

Specific Limitations

Microsoft Active Directory Server

  • Create User on Microsoft Active Directory

           Due to security reasons it is only possible to create users or user accounts or change a password on Microsoft Active Directory server, if you are using an SSL connection between the Enterprise Portal or SAP J2EE Engine and the directory server.

           Additionally, the "High Encryption Pack" for Windows 2000 to enable a 128 bit SSL encryption must be installed on the Microsoft Active Directory Server.

I think that the issues with the security policy.

please try to assign password that suits the password policy your Active directory.

Please check if you can set these option.

UME Configuration Options for External Data Sources

You have the following options to configure the security policy of the UME, both with different implications:

  • Option 1: Same or stronger policy
  • Option 2: Relaxed policy
  • Option 3: Combination of options 1 and 2

http://help.sap.com/saphelp_nw73/helpdata/en/49/c8477b85d85d5de10000000a421937/frameset.htm

Thanks

Rishi Abrol

Former Member
0 Kudos

Hi Suraj

what data source xml did you configured in ume?

Can you upload the config of ldap server as well?

The user you specified in ldap server has enough grants to create in ldap?

Let me know

Regards

a