AnsweredAssumed Answered

Siteminder Unable to change AD LDS user password- unicodePWD attributue

Question asked by Dsarkar1987 on Sep 16, 2016
Latest reply on Sep 16, 2016 by Dsarkar1987

Hi Team,

I have built an Siteminder test environment with AD LDS as the user store connected over SSL. Now if I try to change a user password from WAM UI -> Administration -> Users -> Manage Accounts, it fails with an an exception.
I am not sure if I missed any configuration which leads to this error.

 

Issue-

WAM UI Error-

 

SMPS Log-

[1524/3260][Fri Sep 16 2016 10:45:02][SmDsLdapFunctionImpl.cpp:1374][ERROR][sm-Ldap-00880] (SetUserProp) DN: 'CN=testuser4,OU=people,DC=security,DC=com', PropName: 'unicodePwd', PropValue: '****' . Status: Error 19 . Constraint violation

 

SMAccess log-

[16/Sep/2016:10:45:02 +0530]: Category Admin (100), Event ChangePassword (601),
Username siteminder, SessionId siteminder@6Ap+72blQwMldDTadW7+d0oBvKk=
DirectoryName AD LDS Instance
ObjectName testuser4, ObjectClass , ObjectPath CN=testuser4,OU=people,DC=security,DC=com
Organization security, Role
Description: Modify password
Status: 0393: Failed to change password
ObjectName testuser4, ObjectClass , ObjectPath CN=testuser4,OU=people,DC=security,DC=com

 

Steps followed to setup AD LDS as user store connection over SSL-

1. Root Certificate and server certificate(2048 bit RSA) are installed in cert8.db

2. AD LDS -> dsmgmt - ADAMDisablePasswordPolicies set to 1

3. NameSpace - LDAP

     Directory-> User attribute mapping as-

 

 

Apart from these normal settings, do I have to tweak anything other siteminder settings to be able to change unicodePWD attribute? 

Please help me.

 

Thanks & Regards,

Debasish.

Outcomes