WSO2 identity server cannot manage Active Directory users

Question

I currently have an installation of WSO2 (5.7.0) configured with a user store to connect to an active directory (Windows Server 2012 R2).

The users can be listed in the WSO2 IS user listing, roles for specific user can be modified.

On the other hand users cannot be modified or created. When i try to create a user i get this error

While trying to update an existing user, i also get this error

User store configuration

Answer 1

javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D50, comment: Error in attribute conversion operation, data 0, v3839

This error occurs when the claim mapping is not properly configured against the AD attributes via Claim Management UI.

You need to make sure that all the attributes mapped are valid and existing in Active Directory. Different user stores uses different attributes. In [2] you can find a reference to the set of attributes supported by active directory. The default WSO2 claims are mapped to some generic attributes, the Firstname is mapped to the nickname attribute but active directory does not have a nickname attribute. The Full Name is mapped to the cn attribute, in active directory cn has other semantic meanings.

Similarly in your claim configuration you need to make sure that all the attributes defined there are supported by Active Directory. If it is not supported you can add an additional mapped attribute in claim configuration for the local claim that is supported by AD.

Refer [3] for more information regarding this.

[ 1] https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes

[2] http://www.kouti.com/tables/userattributes.htm

[3] https://docs.wso2.com/display/IS540/Managing+User+Attributes