Error 503 Will Not Perform when Adding a Group Entry using UnboundID

https://stackoverflow.com/questions/15972168

03-04-2022
|

Question

I'm trying to add a Group to my Active Directory service using the UnboundID LDAP SDK, and keep getting error 503: Will Not Perform.

I have verified I'm using an SSL connection, and that I'm connecting with a user that belongs to the Administrators group, which -unless I'm mistaken - gives him the right to create new entries.

I have also raised the logging level of the LDAP Interface Events all the way to 5, and the event viewer registers a number of events, none of which are useful in explaining why the service is unwilling to perform my create entry operation.

Any ideas on what can be causing this problem?

Below is a sample of the scala code I'm using:

val connection = connect("MyAdminUser", "MyAdminPass")

val addGroupResult = connection.add("CN=TestGroup2,OU=Groups,OU=mydomain,DC=mydomain,DC=local",
    new Attribute("objectClass", "top", "group"),
    new Attribute("name","TestGroup2"),
    new Attribute("sAMAccountName","TestGroup2"),
    new Attribute("sAMAccountType","268435456"),
    new Attribute("objectCategory","CN=Group,CN=Schema,CN=Configuration,DC=mydomain,DC=local"),
    new Attribute("cn","TestGroup2"),
    new Attribute("distinguishedName","CN=TestGroup2,OU=Groups,OU=mydomain,DC=mydomain,DC=local"),
    new Attribute("instanceType","4"),
    new Attribute("groupType","-2147483646")
    )

private def connect(user: String, pass: String) = {
    val options = new LDAPConnectionOptions()
    options.setFollowReferrals(true)
    val sslUtil = new SSLUtil(new TrustAllTrustManager())
    val socketFactory = sslUtil.createSSLSocketFactory()
    new LDAPConnection(socketFactory, options, host, securePort, DN(user), pass)
}

And here's the error message I'm getting:

Exception in thread "main" LDAPException(resultCode=53 (unwilling to perform), errorMessage='0000209A: SvcErr: DSID-031A104A, problem 5003 (WILL_NOT_PERFORM), data 0', diagnosticMessage='0000209A: SvcErr: DSID-031A104A, problem 5003 (WILL_NOT_PERFORM), data 0')

Solution

My error was including too many attributes in the Add operation, some of which are not supposed to be set manually but rather by the SAM (Security Account Manager).

The correct code is as follows:

val addGroupResult = connection.add("CN=TestGroup2,OU=Groups,OU=simpleBI,DC=domain,DC=local",
            new Attribute("objectClass", "top", "group"),
            new Attribute("name","TestGroup2"),
            new Attribute("sAMAccountName","TestGroup2"),
            new Attribute("objectCategory","CN=Group,CN=Schema,CN=Configuration,DC=domain,DC=local")
            )

Note that I've removed a few attributes, including sAMAccountType, which were rejected by AD. I've also removed some redundant ones. I believe what I have is the minimal attribute set that fulfills my needs.

The connection code was unchanged.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow