IDM 4.7 - SSPR - OTP enrollment generates -608 error

  • 7022779
  • 26-Mar-2018
  • 26-Mar-2018


Identity Manager 4.7
Self Service Password Reset 4.2


After installing Identity Manager (IDM) 4.7 using the integrated install and using SSPR and OTP enrollment an error: LDAP: error code 65 - NDS error: illegal attribute (-608), is encountered when SSPR attempts to write the OTP secret to the attribute pwmOtpSecret in the Identity Vault.


Add pwmOtpSecret to the optional attribute list on the pwmUser class.

In iManager, Schema Role, Class Information, select pwmUser from the Available classes and click View.   Then click Update optional attribute.

Select pwmOtpSecret from the Available optional attributes list and add it to the Optional attribute(s): then click ok.

Click Close to close the pwmUser class information and test.


The optional attribute pwmOtpSecret, is missing from the Aux Class pwmUser.

The default edirectory-schema.sch file is missing pwmOtpSecret.  
This issue has been reported to IDM / SSPR engineering.