Environment
Identity Manager 4.7
Self Service Password Reset 4.2
Situation
After installing Identity Manager (IDM) 4.7 using the integrated install and using SSPR and OTP enrollment an error: LDAP: error code 65 - NDS error: illegal attribute (-608), is encountered when SSPR attempts to write the OTP secret to the attribute pwmOtpSecret in the Identity Vault.
Resolution
Add pwmOtpSecret to the optional attribute list on the pwmUser class.
In iManager, Schema Role, Class Information, select pwmUser from the Available classes and click View. Then click Update optional attribute.
Select pwmOtpSecret from the Available optional attributes list and add it to the Optional attribute(s): then click ok.
Click Close to close the pwmUser class information and test.
In iManager, Schema Role, Class Information, select pwmUser from the Available classes and click View. Then click Update optional attribute.
Select pwmOtpSecret from the Available optional attributes list and add it to the Optional attribute(s): then click ok.
Click Close to close the pwmUser class information and test.
Cause
The optional attribute pwmOtpSecret, is missing from the Aux Class pwmUser.
The default edirectory-schema.sch file is missing pwmOtpSecret.
This issue has been reported to IDM / SSPR engineering.
The default edirectory-schema.sch file is missing pwmOtpSecret.
This issue has been reported to IDM / SSPR engineering.