This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

RSA Authentication Manager 8.1 and 8.2 show a system message that administrator "trustedapp" attempted to update a principal, Failure Unexpected directory operation failure

Article Number

000034265

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0, 8.1.1, 8.2.0

Issue

Authentication Manager 8.1 SP1 and 8.2 display the following system messages:

Description:  Administrator "trustedapp" attempted to update a principal
Activity Result Key:  Failure,
Result:  Unexpected directory operation failure
Component Key: system.com.rsa.ims.admin.dal.ldap.BaseAccessLDAP
Arg1: AD
Arg2: cn=riddick\, rena a.,ou=endusers,ou=div17,ou=hqhq,dc=fbi,dc=gov
Exception: javax.naming.NoPermissionsException: [LDAP: error code 50 - 00000005: SecErr: DSID-031A1256, problem 4003 (INSUFF_ACCESS_RIGHTS)
 
Image descriptionImage description

 

Cause

These errors will display if,
  • An Authentication Manager administrator attempted to change an LDAP user's password in the Security Console, or
  • A user attempted to change their own LDAP password through the agent, but the external identity source directory user ID does not have write permissions into LDAP.
 
Image descriptionImage description

Resolution

If you want your deployment to allow updates to Windows passwords through the RSA Security Console or through Windows agents,
  1. From the Operations Console, navigate to Deployment Configuration > Identity Sources > Manage Existing and click on the identity source that you wish to update.  
  2. Select Edit.  Scroll to the Identity Source Directory Connection and define an external identity source user ID account, also called a binding account, that has write permissions to the AD.
  3. Use LDAPS (with a certificate) for the identity source directory connection (Deployment Configuration > Identity Source Certificates > Add New).  For more information, please review this article on Identity Source SSL Certificates.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-13 06:06 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.