[SOLVED] Unable to set userAccountControl to 512 using LDAPS

Unable to set userAccountControl to 512 using LDAPS

I am using MuleSoft to connect LDAP and provision a user. Connection for Mule 4 LDAP Connector is using LDAPS (SSL Connection using trustStore file + password) over port 636. As mentioned in online documents, I am setting valid userPassword attribute based on Active Directory guidelines. Still it's throwing error:

"OPERATION_NOT_SUPPORTED: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12E8, problem 5003 (WILL_NOT_PERFORM), data 0"

I am able to set this to 546, 544, etc., but 512 never achieved. Please could anyone suggest what may the reason for this error?

Below are the payload for LDAP Add operation :

{
"accountExpires": "0",
"givenName": "First",
"name": "First Last",
"displayName": "First Last",
"cn": "First Last",
"sn": "Last",
"userAccountControl": "512",
"userPassword": "s4mb@r89!DRFnw",
"physicalDeliveryOfficeName": "London",
"dn": "CN=First Last,OU=London,DC=company,DC=co,DC=uk",
"distinguishedName": "CN=First Last,OU=London,DC=company,DC=co,DC=uk",
"manager": "CN=Mgr Name,OU=London,DC=company,DC=co,DC=uk",
"userPrincipalName": "First.Last@company.co.uk",
"sAMAccountName": "First.Last",
"employeeID": "First.Last",
"objectCategory": "CN=Person,CN=Schema,CN=Configuration,DC=company,DC=co,DC=uk",
"objectClass": ["top", "person", "organizationalPerson", "user"]
}

Mule 4 - LDAP Connector Configuration:

<ldap:config name="LDAP_Configuration" doc:name="LDAP Configuration" doc:id="dc616c25-140d-42ef-a72e-575379a81596" >
<ldap:ssl-connection 
    authDn="ldap_user" 
    authPassword="password" 
    url="ldaps://domain:636" 
    trustStorePath="C:\path\src\main\resources\server.truststore" 
    trustStorePassword="mulesoft" >
    <reconnection >
        <reconnect frequency="20000" count="2" />
    </reconnection>
</ldap:ssl-connection>
</ldap:config>

Solution

It seems that the password used is still not complying with some restriction according to this page: https://ldapwiki.com/wiki/ERROR_PASSWORD_RESTRICTION.

ERROR_PASSWORD_RESTRICTION is an LDAP Result Codes and Microsoft Response Code implying the value provided for the new password does not meet the length, complexity, or history requirements of the domain.

The key code in the string is the Hex Value "0000052D" which is referenced in the Microsoft Response Code

It doesn't seem that there is anything Mule related to this issue. It looks to be purely Active Directory related.