Active Directory AFX Connector fails to create or modify accounts due to an 'LDAPException: Insufficient Access Rights' error in RSA Identity Governance & Lifecycle
3 years ago
Originally Published: 2018-06-08
Article Number
000041897
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.x
 
Issue
When the Access Fulfillment Express (AFX) Connector for Active Directory attempts to create or modify an account, the action fails and the following error is seen in the AFX log files:

The $AFX_HOME/esb/logs/esb.AFX-MAIN.log has the following error: 
2018-05-31 16:29:35.675 [INFO] org.mule.api.processor.LoggerMessageProcessor:193 - returning: -1 -> 
LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: 00000005: SecErr: DSID-03152612, 
problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

LDAPException: Matched DN

The $AFX_HOME/esb/logs/esb.AFX-CONN-{connector-name}.log (the connector log for the specific AFX connector that is failing) has the same error: 
Root Exception stack trace:
LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: 00000005: SecErr: DSID-03152612, 
problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

LDAPException: Matched DN:
Cause
The Active Directory AFX connector Login Distinguished Name account that is being used to access the Microsoft Active Directory does not have administrator access to Active Directory.
 
User-added image
Resolution
Use an Active Directory account with administrator privileges to bind to the Active Directory Server. Enter this username into the Login Distinguished Name field of the Active Directory AFX connector.
 
Notes
 
 


 

Related Articles

Trending Articles

Don't see what you're looking for?