Failed to update user in Active Directory (using Boomi mapping)

Question

I can create user using Boomi without any SSL(means using port389) and password(for new user to login) but I want to change user's phone number, and I got this error:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00000057: LdapErr: DSID-0C042612, comment: Error in attribute conversion operation, data 0, v4563?]; remaining name ''???at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3332)???at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)???at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)???at java.naming/com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1504)???at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:277)???at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:192)???at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:181)???at java.naming/javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)???at com.boomi.connector.LDAP.LDAPConnection.updateObject(LDAPConnection.java:190)???at com.boomi.connector.LDAP.LDAPUpdateOperation.executeUpdate(LDAPUpdateOperation.java:227)???at com.boomi.connector.util.BaseUpdateOperation.execute(BaseUpdateOperation.java:30)???at com.boomi.connector.generic.GenericConnectorAction.invoke(GenericConnectorAction.java:189)???at com.boomi.connector.generic.GenericConnectorAction.invoke(GenericConnectorAction.java:172)???at com.boomi.connector.base.BaseConnectorAction.invokeBase(BaseConnectorAction.java:368)???at com.boomi.connector.base.BaseConnectorAction.invokeWithReadStore(BaseConnectorAction.java:304)???at com.boomi.connector.base.BaseConnectorAction.invoke(BaseConnectorAction.java:276)???at jdk.internal.reflect.GeneratedMethodAccessor29.invoke(Unknown Source)???

and I googled this error means:

Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons: 
1. The add entry request violates the server's structure rules
2. The modify attribute request specifies attributes that users cannot modify -> I just want to change phone number.
3. Password restrictions prevent the action
4. Connection restrictions prevent the action. -> I think I can create user, so the connection is fine!

If LDAP error Code 53 means I need to do everything with "SSL", why I can create a user? How can I sort this problem out?

Answer 1

It's possible the user actually hasn't been properly provisioned. Maybe it's been created, but the account is not enabled because the password is invalid. Run an LDAP client and try and logon as the new user with the credentials that you supplied. Does it work?

Two suggestions:

1. Please use LDAPS if you're creating users/setting passwords, or basically anything in AD LDAP. There's no excuse not to these days, and Microsoft is in the process of deprecating plain LDAP from non-Windows clients, so you might as well do it now. All you need is to install/trust the issuing CA certificate chain (root and intermediate certs) for whatever CA is signing the DC's LDAPS certificate. You do not need to install any client LDAP cert.

2. Check the password policy of the target domain and ensure the passwords you are trying to set meet the requirements in terms of complexity, length and so on.