The search users/groups operation in FEM causes LDAP Error code 53
Resolving the problem
This issue was identified in the following configuration:
- JBoss Application 4.0.5
- P8 Content Engine 4.0.1
- eDirectory 8.7.3 Service Pack 5 (16 replicated servers)
When performing a search users/groups operation within FileNet Enterprise Manager, the eDirectory server returned "LDAP: error code 53 - Unwilling To Perform". The search users/groups operation uses the Server-Side Sort control feature of LDAP.
The LDAP Server must have a copy of all objects within the search scope, in order for the SSS (Server-side sort ) control to work. The LDAP server needs a copy of every replica, if the search scope started at the top of the tree. If it doesn't have a copy of all objects in the search scope, it will return LDAP error 53 when the SSS control is used in a search request.
This issue was identified as a configuration problem on the eDirectory server. This configuration had one of the servers configured as subordinate replica. A subordinate replica does not contain all the objects of master and read/write replicas. The problem was resolved after replica type was changed to Read/Write.