OpenDJ Password Synchronization Plugin 1.0.3 install fails on OpenDJ 3.x
The purpose of this article is to provide assistance when the OpenDJ Password Synchronization Plugin 1.0.3 install fails on OpenDJ 3.x with an "ADD operation failed Result Code: 53 (Unwilling to Perform)" message. This plugin is available as a separate download for OpenIDM to enable password synchronization between OpenIDM and OpenDJ.
Archived
This article has been archived and is no longer maintained by ForgeRock.
Symptoms
The following message is shown when adding the plugin configuration using the ldapmodify command:
Processing ADD request for cn=OpenIDM Notification Handler,cn=Account Status Notification Handlers,cn=config ADD operation failed Result Code: 53 (Unwilling to Perform) Additional Information: The Directory Server is unwilling to add configuration entry cn=OpenIDM Notification Handler,cn=Account Status Notification Handlers,cn=config because one of the add listeners registered with the parent entry cn=Account Status Notification Handlers,cn=config rejected this change with the message: An error occurred while trying to initialize an instance of class org.forgerock.openidm.agent.accountchange.OpenidmAccountStatusNotificationHandler as an account status notification handler as defined in configuration entry cn=OpenIDM Notification Handler,cn=Account Status Notification Handlers,cn=config: PropertyException: The value "org.forgerock.openidm.agent.accountchange.OpenidmAccountStatusNotificationHandler" is not a valid value for the "java-class" property, which must have the following syntax: CLASS <= org.opends.server.api.AccountStatusNotificationHandler (PropertyException.java:103 ClassPropertyDefinition.java:349 ClassPropertyDefinition.java:329 ClassPropertyDefinition.java:284 AccountStatusNotificationHandlerConfigManager.java:392 AccountStatusNotificationHandlerConfigManager.java:259 AccountStatusNotificationHandlerConfigManager.java:59 ServerManagedObjectAddListenerAdaptor.java:90 ConfigAddListenerAdaptor.java:245 ConfigFileHandler.java:960 LocalBackendAddOperation.java:473 LocalBackendAddOperation.java:173 LocalBackendWorkflowElement.java:737 LocalBackendWorkflowElement.java:1024 LocalBackendWorkflowElement.java:895 AddOperationBasis.java:506 TraditionalWorkerThread.java:158)Recent Changes
Upgraded to OpenDJ 3.x.
Causes
The OpenDJ Password Synchronization Plugin 1.0.3 is not compatible with OpenDJ 3.x following significant changes to the extension API in OpenDJ 3. This is noted in OpenIDM Release Notes › Before You Install OpenIDM Software › Supported Connectors, Connector Servers, and Plugins.
Solution
This issue can be resolved by upgrading to OpenDJ Password Sync Plugin 1.1.1 if you are using OpenDJ 3.0 or OpenDJ Password Sync Plugin 3.5.0 if you are using OpenDJ 3.5 Enterprise Edition; you can download these from BackStage.
The installation process for this plugin has changed slightly from previous versions as follows:
- When unzipping the zip file, the plugin binaries are no longer located within an /opendj sub-directory. You should either unzip the zip file directly within the OpenDJ 3 installation directory, or unzip it to a temporary directory and then copy the contents of this directory to the OpenDJ 3 installation directory. See OpenIDM Integrator's Guide › Managing Passwords › Installing the OpenDJ Password Synchronization Plugin for instructions on installing this plugin.
- The SubjectDN for the self-signed certificate bundled with OpenDJ 3 has changed from previous releases and is now: CN=localhost, O=OpenDJ RSA Self-Signed Certificate See OpenIDM Integrator's Guide › Managing Passwords › To Import OpenDJ's Certificate into the OpenIDM Truststore for instructions on importing the self-signed certificate into OpenIDM.
See Also
OpenIDM Integrator's Guide › Managing Passwords › Password Synchronization
Related Training
N/A
Related Issue Tracker IDs
OPENDJ-2742 (Build IDM account change handler plugin within OpenDJ build)
OPENIDM-4491 (Account Status Notification Handlers configuration fails using OpenDJ-3.0.0)