SecurID® Governance & Lifecycle Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.
Article Number
000036423
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.x
RSA Version/Condition: 7.0.x, 7.1.x
Issue
When the Access Fulfillment Express (AFX) Connector for Active Directory attempts to create or modify an account, the action fails and the following error is seen in the AFX log files:
The $AFX_HOME/esb/logs/esb.AFX-MAIN.log has the following error:
The $AFX_HOME/esb/logs/esb.AFX-CONN-{connector-name}.log (the connector log for the specific AFX connector that is failing) has the same error:
The $AFX_HOME/esb/logs/esb.AFX-MAIN.log has the following error:
2018-05-31 16:29:35.675 [INFO] org.mule.api.processor.LoggerMessageProcessor:193 - returning: -1 ->
LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: 00000005: SecErr: DSID-03152612,
problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
LDAPException: Matched DN
The $AFX_HOME/esb/logs/esb.AFX-CONN-{connector-name}.log (the connector log for the specific AFX connector that is failing) has the same error:
Root Exception stack trace:
LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: 00000005: SecErr: DSID-03152612,
problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
LDAPException: Matched DN:
Cause
The Active Directory AFX connector Login Distinguished Name account that is being used to access the Microsoft Active Directory does not have administrator access to Active Directory.
Image description
Image descriptionResolution
Use an Active Directory account with administrator privileges to bind to the Active Directory Server. Enter this username into the Login Distinguished Name field of the Active Directory AFX connector.
Notes
In this article
