Register User form sending _AFX_FORCE_REGISTER_USER_CHANGE_PWD in RSA Governance & Lifecycle
a year ago
Article Number
000072100
Applies To
  • RSA Governance & Lifecycle 8.0
Issue

When trying to create a user account in LDAP Active Directory (AD) using Access Fulfillment Express (AFX) and a request form, the creation fails. 

  • When attempting to use the request form, the application throws the below LDAP error in the connector log: 
    error code 16 - 00000057: LdapErr: DSID-0C090F3A, comment: Error in attribute conversion operation, data 0, v3839 . 
  • In order to troubleshoot the issue further, it is recommended to create a tcpdump packet trace while testing creating an AD account using the request form.
  • In the tcpdump trace, it is detected that the application is sending _AFX_FORCE_REGISTER_USER_CHANGE_PWD in the attributes, Which was not the case in older versions.image.png
 
 
Cause
While creating account one extra attribute was coming in payload "AFX_FORCE_REGISTER_USER_CHANGE_PWD" which was stopping the creating process on LDAP server.
Resolution

The issue is fixed in the below versions:

  • RSA Governance & Lifecycle 8.0.0 P02
Notes

To create a tcpdump trace for troubleshooting the above issue, the below command line can be executed with the root Linux user:

tcpdump -i any host <ipaddress_of_remoteservice> and port <port_of_remoteservice> -vv -s0 -w /tmp/test.tcpdump

Where:

<ipaddress_of_remoteservice>: should be replace with the Active Directory hostname or IP address

<port_of_remoteservice>: should be replaced with the Active Directory port number used.

Related Articles

Trending Articles

Don't see what you're looking for?