Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

AD Provisioning failing intermittently with LDAP: error code 53

piyushm
Regular Contributor II
Regular Contributor II

Hello,

I am trying to provision account to AD with minimum required attributes. The issue is the new account task fails with error "LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM)". The same task then gets completed after few hours/attempts without any change either on AD side or in saviynt.

Below is the createaccountjson.

{"pwdLastSet":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {-1} else {-1}}", "sn":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {} else {user.lastname}}", "userAccountControl": "512", "objectClass":["top","person","organizationalPerson","user"], "sAMAccountName":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {task.accountName} else {user.systemUserName}}" }

3 REPLIES 3

Saathvik
All-Star
All-Star

Are you using SSL connection? From the error it looks like you are using non-ssl connection and AD is not supporting a non-ssl connection


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

rushikeshvartak
All-Star
All-Star

what is Account Type in failing use case .


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

timchengappa
Saviynt Employee
Saviynt Employee

Hi @piyushm 

It looks like you are trying to provision a "New Account" task and based on the error, you are either not passing the required attributes in the format/syntax that AD accepts or you are connected to AD via a non-SSL connection.

If it's an issue with the format/syntax that AD accepts, please validate attributes such as password, etc., and ensure that the Saviynt AD passwords policy meets the AD password policy requirements.

If it's an issue with the latter, please switch your connection from non-SSL to SSL

ldap://(server address):389
Try changing it to:
ldaps://(server address):636