Getting error when trying to register new user

31 views
Skip to first unread message

Marlow Leon

unread,
May 14, 2024, 9:48:36 PMMay 14
to pwm-general
Hello All,

Having some issues with the registration portion, I want users to register and create an account but running into an issue if i let the user set a password, i get the error of 
ERROR, newuser.NewUserServlet, {w9VRR} 5049 ERROR_NEW_USER_FAILURE (unexpected ldap error setting user password for new user entry: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03191031, #1: [100.40.208.248] 0: 0000052D: DSID-03191031, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)

If I disable the option for new users to set password on their own on registration i get the following:
ERROR, newuser.NewUserServlet, {bttuW} 5049 ERROR_NEW_USER_FAILURE (unexpected ldap error setting temporary password for new user entry: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A126A, problem 5003 (WILL_NOT_PERFORM), data 0 [100.40.208.248] ])

my ldap is using secure connection to connect to pwm

Jason Rivard

unread,
May 15, 2024, 9:36:26 AMMay 15
to pwm-general
Most likely the password violates the AD password policy.  PWM can only read PSO polices and not group polices, and assumes the policy of the test user is the one for the newly created user.  So you will need to make sure the PWM policy matches what is actually allowed in AD, for when the user creates their own or when PWM random generates one so it can do so according to the policy.  It could be something else though, AD error messages aren't very helpful.  Good luck. 

Nic McHenry

unread,
Jun 24, 2024, 9:15:59 PM (9 days ago) Jun 24
to pwm-general
I'm having the same issue with the same exact error. The password policies match with GPO. The service account is set as owner of the OU. For testing the service account is set as domain admin. The forest is 2019. It creates the account but does not apply the password. I've tested every setting I can think. I'm beginning to think it may be a bug.

INFO , newuser.NewUserUtils, {GF6Au} created user entry: cn=asdfgg asdfgg,OU=Guest,OU=Users,OU=User Accounts,DC=testdomain,DC=com [10.0.0.199]
2024-06-25T01:09:16Z, ERROR, newuser.NewUserServlet, {GF6Au} error during user creation: 5049 ERROR_NEW_USER_FAILURE (unexpected ldap error setting user password for new user entry: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03191072, #1: [10.0.0.199]
        0: 0000052D: DSID-03191072, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
])
2024-06-25T01:09:16Z, ERROR, newuser.NewUserServlet, {GF6Au} 5049 ERROR_NEW_USER_FAILURE (unexpected ldap error setting user password for new user entry: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03191072, #1: [10.0.0.199]
        0: 0000052D: DSID-03191072, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
])
2024-06-25T01:09:16Z, ERROR, http.PwmResponse, {GF6Au} 5049 ERROR_NEW_USER_FAILURE (unexpected ldap error setting user password for new user entry: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03191072, #1: [10.0.0.199]
        0: 0000052D: DSID-03191072, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)

Nic McHenry

unread,
Jun 24, 2024, 10:36:01 PM (8 days ago) Jun 24
to pwm-general
After tooling with it and reading another post. The GPO has to be set to minimum password age to 0 days.
Reply all
Reply to author
Forward
0 new messages