Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Provisioning failing intermittently with LDAP: error code 53

piyushm
Regular Contributor II
Regular Contributor II

‎02/10/2023 05:06 AM

Hello,

I am trying to provision account to AD with minimum required attributes. The issue is the new account task fails with error "LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM)". The same task then gets completed after few hours/attempts without any change either on AD side or in saviynt.

Below is the createaccountjson.

{"pwdLastSet":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {-1} else {-1}}", "sn":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {} else {user.lastname}}", "userAccountControl": "512", "objectClass":["top","person","organizationalPerson","user"], "sAMAccountName":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {task.accountName} else {user.systemUserName}}" }

0 Kudos
3 REPLIES 3

sk
All-Star
All-Star

‎02/10/2023 05:29 AM - edited ‎02/10/2023 05:31 AM

Are you using SSL connection? From the error it looks like you are using non-ssl connection and AD is not supporting a non-ssl connection


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

rushikeshvartak
All-Star
All-Star

‎02/10/2023 07:40 PM

what is Account Type in failing use case .


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

timchengappa
Saviynt Employee
Saviynt Employee

‎04/03/2023 11:26 AM

Hi @piyushm 

It looks like you are trying to provision a "New Account" task and based on the error, you are either not passing the required attributes in the format/syntax that AD accepts or you are connected to AD via a non-SSL connection.

If it's an issue with the format/syntax that AD accepts, please validate attributes such as password, etc., and ensure that the Saviynt AD passwords policy meets the AD password policy requirements.

If it's an issue with the latter, please switch your connection from non-SSL to SSL

ldap://(server address):389
Try changing it to:
ldaps://(server address):636

0 Kudos
Copyright © 2024 Khoros, LLC