Register User form sending _AFX_FORCE_REGISTER_USER_CHANGE_PWD in RSA Governance & Lifecycle

10 months ago

Article Number

000072100

Applies To

RSA Governance & Lifecycle 8.0

Issue

When trying to create a user account in LDAP Active Directory (AD) using Access Fulfillment Express (AFX) and a request form, the creation fails.

When attempting to use the request form, the application throws the below LDAP error in the connector log:

error code 16 - 00000057: LdapErr: DSID-0C090F3A, comment: Error in attribute conversion operation, data 0, v3839 .

In order to troubleshoot the issue further, it is recommended to create a tcpdump packet trace while testing creating an AD account using the request form.
In the tcpdump trace, it is detected that the application is sending _AFX_FORCE_REGISTER_USER_CHANGE_PWD in the attributes, Which was not the case in older versions.

Cause

While creating account one extra attribute was coming in payload "AFX_FORCE_REGISTER_USER_CHANGE_PWD" which was stopping the creating process on LDAP server.

Resolution

The issue is fixed in the below versions:

RSA Governance & Lifecycle 8.0.0 P02

Notes

To create a tcpdump trace for troubleshooting the above issue, the below command line can be executed with the root Linux user:

tcpdump -i any host <ipaddress_of_remoteservice> and port <port_of_remoteservice> -vv -s0 -w /tmp/test.tcpdump

Where:

<ipaddress_of_remoteservice>: should be replace with the Active Directory hostname or IP address

<port_of_remoteservice>: should be replaced with the Active Directory port number used.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles