Issue With Create Ldap unicodePwd

Questions
,
1

I Have an issue with create Active directory with LDAP

When i create it using ldap node , then add
unicodePwd like : Password@123465
userAccountControl : 512 or 66048

Give me this error

0000001F: SvcErr: DSID-031A126C, problem 5003 (WILL_NOT_PERFORM), data 0 Code: 0x35

My Workflow

  • Running n8n via (Docker):
  • Operating system: Windows
2
  1. Use LDAPS (SSL/TLS) – plain LDAP won’t accept unicodePwd
  • In your LDAP credential, set the host to ldaps://your-dc:636 or enable “Use TLS”/StartTLS.
  • AD only allows unicodePwd over an encrypted channel.
  1. Format unicodePwd correctly
  • It must be a quoted UTF-16LE string.
  • Example JavaScript to generate it:

js

CopyEdit

const pwd = 'Password@123465';
// wrap in quotes, convert to UTF-16LE bytes, then base64
const buf = Buffer.from('"' + pwd + '"', 'utf16le');
return buf.toString('base64');
  • In the LDAP node’s Attributes section:

php

CopyEdit

unicodePwd: {{ $binaryPwd }}  // if you used a Preceding Function to create binaryPwd
  1. Set userAccountControl to a single valid flag
  • For a normal user: 512
  • Don’t OR it with other values unless you know they’re needed (e.g. 66048 = NORMAL_ACCOUNT + DONT_EXPIRE_PASSWORD).
  1. Example Workflow Steps
  • Function node (before LDAP) to compute unicodePwd:

js

CopyEdit

const pwd = 'Password@123465';
const buf = Buffer.from('"' + pwd + '"', 'utf16le');
return [{ binary: { pwd: buf } }];
  • LDAP node → Operation: Create

yaml

CopyEdit

Distinguished Name: CN=John Doe,OU=Users,DC=example,DC=com
Object Class: user
Attributes:
  sAMAccountName: jdoe
  userPrincipalName: [email protected]
  unicodePwd: {{$binary.pwd.data}}
  userAccountControl: 512
  • Ensure “Use TLS” is checked or use ldaps://.

With those three changes—encrypted connection, correct UTF-16LE quoted unicodePwd, and a single valid userAccountControl—the “WILL_NOT_PERFORM” error will disappear and the AD user will be created successfully.

3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.