Resetting Password for LDAP Directory Server User in the Cloud Console Fails With Error “Unable to reset password! Please contact your administrator”
2 years ago
Article Number
000068228
Applies To
RSA Product Set: RSA SecurID Access
RSA Product/Service Type: Cloud Authentication Service
Issue

After generating a one-time password (OTP) for an LDAP user from the Cloud Administration Console to reset their password, it fails with error: 
“Unable to reset password! Please contact your administrator” 

image.png

When setting the Identity Router's logging level to 'Debug', the below error has been recorded in the /var/log/symplified directory:  

2023-07-17/12:51:40.413/UTC [pool-4-thread-6] ERROR com.rsa.aae.ldap.impl.LDAPPasswordAuthenticationMethod[314] - LDAPException - Failed to update the password of user: CN=aaa,OU=bb,OU=cc,DC=dd,DC=ee
LDAPException(resultCode=50 (insufficient access rights), diagnosticMessage='00000005: SecErr: DSID-031A11ED, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
 ', ldapSDKVersion=4.0.14,

 

Cause
The user designated to verify the connection to the LDAP directory server lacks sufficient privileges to execute a Password Reset operation on the LDAP server. It is required that this user be a domain administrator to perform the task.
Resolution
  1. Login to the Cloud Administration Console
  2. Navigate to Users, and then Identity Sources
  3. Edit the Identity Source
  4. Edit the Directory Server
  5. In the Username field, enter the username for the directory server administrator account that handles the connection to SecurID
  6. In the Password field, enter the password for the directory server administrator account.
  7. Save and Test Connection. 
  8. Publish Changes.
  9. Synchronize the Identity Source. 

Related Articles

Trending Articles

Don't see what you're looking for?