Monday, February 06, 2012

LDAP Provisioning - Error code 50 with Active Directory

I've been testing Express Provisioning with our product and was getting a console error from our application server:

ERROR [LdapExpressProvisioningProcessor] There was an error provisioning the user. Insufficient privileges provided: javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'CN=john,CN=Users,DC=dev,DC=global'

I had to do some queries on Google but found that I had to change the permissions for the user I logged in with to the LDAP datastore.

For Active Directory I had add the user to Administrators. That was accomplished by right-clicking on the user, selecting Properties and then selecting Member Of. I typed in Administrators and added that group to the user and then was able to accomplish provisioning to LDAP accounts on the Active Directory server.