Article Number
000036423
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.x
Issue
When the Access Fulfillment Express (AFX) Connector for Active Directory attempts to create or modify an account, the action fails and the following error is seen in the AFX log files:
The
$AFX_HOME/esb/logs/esb.AFX-MAIN.log has the following error:
2018-05-31 16:29:35.675 [INFO] org.mule.api.processor.LoggerMessageProcessor:193 - returning: -1 ->
LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: 00000005: SecErr: DSID-03152612,
problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
LDAPException: Matched DN
The
$AFX_HOME/esb/logs/esb.AFX-CONN-{connector-name}.log (the connector log for the specific AFX connector that is failing) has the same error:
Root Exception stack trace:
LDAPException: Insufficient Access Rights (50) Insufficient Access Rights
LDAPException: Server Message: 00000005: SecErr: DSID-03152612,
problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
LDAPException: Matched DN:
Cause
The Active Directory AFX connector
Login Distinguished Name account that is being used to access the Microsoft Active Directory does not have administrator access to Active Directory.
Image description
Resolution
Use an Active Directory account with administrator privileges to bind to the Active Directory Server. Enter this username into the Login Distinguished Name field of the Active Directory AFX connector.
Notes