DSA unwilling to perform (Legacy_Onyx KB Id: 217731)

Document ID : KB000054963
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Now when i try to do a 'test create' task as 'amfam_selfreg' user using the UI, i am getting a 'Task Failed' with the below error in the SMPS log.
Upon checking with our AD folks, they say that the the siteminder superadmin id, configured in the siteminder dir, for which i created this IME, has complete permissions.
Could you please advise what is missing here.

-----------SMPS.log----------------
[2664/1880][Tue Aug 30 2005 15:17:58][IMS6User.cpp:81][ERROR] LoadIMSUser - User not found. Unique Id:cn=JagTest,OU=People,OU=Customers,DC=aaatest,DC=amfam,DC=net
[2664/1880][Tue Aug 30 2005 15:17:58][ImsCommandUtils.cpp:325][ERROR] SmImsCommand (getImsUser) DS Provider call failed
Error Code was: 18
Error Message: IMS DS Provider Error - Unknown Error
[2664/1880][Tue Aug 30 2005 15:17:58][IMS6User.cpp:81][ERROR] LoadIMSUser - User not found. Unique Id:JagTest
[2664/1880][Tue Aug 30 2005 15:17:58][ImsCommandUtils.cpp:325][ERROR] SmImsCommand (getImsUser) DS Provider call failed
Error Code was: 18
Error Message: IMS DS Provider Error - Unknown Error
[2664/1880][Tue Aug 30 2005 15:17:59][SmDsLdapProvider.cpp:5047][ERROR] (SetUserProp) DN: 'cn=JagTest,ou=people,OU=Customers,DC=aaatest,DC=amfam,DC=net', PropName: 'unicodePwd', PropValue: '****' . Status: Error 53 . DSA is unwilling to perform
[2664/1880][Tue Aug 30 2005 15:17:59][IMS6DsLdapProvider.cpp:856][ERROR] (CIMSDsLdapProvider::AddIMSObject) Failed to changed password for 'cn=JagTest,ou=people,OU=Customers,DC=aaatest,DC=amfam,DC=net'
[2664/1880][Tue Aug 30 2005 15:17:59][IMS6DsLdapProvider.cpp:857][ERROR] DS error message: DSA is unwilling to perform
[2664/1880][Tue Aug 30 2005 15:17:59][ImsCommandUtils.cpp:325][ERROR] SmImsCommand (createDSObject) DS Provider call failed
Error Code was: 13
Error Message: IMS DS Provider Error - Failed to change password
--------------------------


Solution:

What is most likely missing is an SSL userdirectory connection to the AD userstore. You cannot set password for a user without a secure connection and you will get the above DSA unwilling to perform error. The error 18s are normal as we search for the newly created user to make sure they do not exist already.