This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Access Manager Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by RSA Access Manager experts.

How to create new Microsoft Active Directory administrator to be used with RSA ClearTrust

Article Number

000020046

Applies To

RSA Product Set: ClearTrust, Access Manager
RSA Version/Condition: RSA ClearTrust 4.7 through RSA Access Manager 6.2
Platform: Microsoft Active Directory
O/S Version: Microsoft Windows 2000 through 2012

Issue

When the Entitlements Manager starts and then binds with a login name that does not have the appropriate rights, the following messages are displayed: 
All LDAP connections have been started.
Failed on try 0
Sleep 5 seconds before retry...
Unexpected DataStoreException sirrus.da.exception.DataStoreException: 00002098: SecErr: DSID-03150620,  problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Cause

The user configured with the "cleartrust.data.ldap.directory.activedirectory.binddn" parameter in the LDAP.CONF file and does not have enough privileges for RSA ClearTrust to operate correctly.

Resolution

The following approach is just an example of rights assignment in Microsoft Active Directory. Please consult with your security administrator and with your security policies about rights management before proceeding:
  1. Open the LDAP.CONF file with a text editor and enter the login name of the user the RSA ClearTrust Entitlements Manager (Admin GUI) uses to bind to Active Directory. 
    cleartrust.data.ldap.directory.activedirectory.binddn   :cn=NewAdminUser, cn=users, dc=rsasecurity,dc=com
  2. Enter the corresponding password. 
    cleartrust.data.ldap.directory.activedirectory.password :EnterYourPasswordHere
  3. Assign the required administrative rights to the New Administrator in Active Directory:
    1. Navigate to Start Menu --> Programs --> Administrative Tools --> Active Directory Users and Computers.
    2. Repeat the following steps for each of the following organizational units and/or containers: 
      ou=ctscAdminRepository, ou=ctscApplicationDataRepository, ou=ctscPolicyRepository, and cn=users (or whichever container where you located the ClearTrust users)
      1. Right-click on the OU/CN and select Delegate Control.
      2. Click Add.
      3. Browse and select the new administrator user object.
      4. Click OK and then Next.
      5. Leave the Default "This folder, existing objects in this folder, and creation of new objects in this folder" and click Next.
      6. Under Show these permissions select only General.
      7. Assign the required Permissions as defined in your security policies. For instance, in a LAB environment you can select the "Full Control" permission to allow the new administrator user to add, remove, and modify objects and its attributes.
      8. Click Next and then Finish.
  4. ​​Restart the RSA ClearTrust Entitlements Manager.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 10:41 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.