4 Replies Latest reply on Nov 6, 2014 2:04 PM by Kevin Pinsky

    Cannot set the user's password in AD LDS without using SSL connection

    user8744020

      Hi,

       

      While i was trying to do a user provisioning, it was stuck in provisioning state. i was trying to provisioning from AD LDS. I see below error message in the log file. Do i need to configure anything in AD LDS ?

       

      [2014-11-04T19:58:27.658-05:00] [oim_server1] [ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: '21' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: surendra.admin] [ecid: 121a40d4b3e0c24d:615a7312:1496cd280c8:-8000-00000000000036ec,0] [APP: oim#11.1.2.0.0] [DSID: 0000K_xSn0Y7ECYjLpyGOA1KLJFN00000M] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user[[

      org.identityconnectors.framework.common.exceptions.ConnectorException: Cannot set the user's password in AD LDS without using SSL connection.

          at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:265)

          at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:262)

          at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$ThrowableHandler.deserialize(CommonObjectHandlers.java:115)

          at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)

          at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)

          at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:417)

          at org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:155)

          at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)

          at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)

          at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:153)

          at org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:101)

          at com.sun.proxy.$Proxy532.create(Unknown Source)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:606)

          at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:107)

          at com.sun.proxy.$Proxy532.create(Unknown Source)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:606)

          at org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:76)

          at com.sun.proxy.$Proxy532.create(Unknown Source)

          at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.create(AbstractConnectorFacade.java:123)

          at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.createObject(ICProvisioningManager.java:277)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:606)  ........ 

      ]]

       

      I read this on the documentation : If you are using Microsoft AD LDS as the target system, then the default communication channel between the Connector Server and target system is not "secure". Therefore, it is mandatory to configure SSL between the Connector Server and Microsoft AD LDS for the password reset functionality to work as expected.


      Right now my AD LDS is configured as default (UseSSL=no).If i don't want to use password reset funtionality, can i leave it as it is ? what should i do to make sure the provisioning job succeeds ?


       

      Thanks