IBM Verify

 View Only
Back to discussions
Expand all | Collapse all

HPDMG0769E There were insufficient LDAP access privileges to allow Security Verify Access

  • 1.  HPDMG0769E There were insufficient LDAP access privileges to allow Security Verify Access

    Posted Wed March 12, 2025 06:30 AM
    Edited by Piyush Agrawal Wed March 12, 2025 06:31 AM

    ldap.conf : 
    [server:exampledomaintest-ad]
    host = T-000-111-999.exampledomain.test
    port = 636
    bind-dn = CN=SVC-ISAM-ADFS,OU=Service Accounts,OU=System Operations,OU=SKALA,DC=exampledomain,DC=test
    ssl-enabled = yes
    basic-user-principal-attribute = sAMAccountName
    ssl-keyfile-dn = mistraltest
    suffix = DC=exampledomain,DC=test

    User : SVC-ISAM-ADFS is a domain admin on Active directory.

    Logged to pd in as sec_master.
    User list shows a user:
    pdadmin sec_master> user list-dn *s-t-gpf-fondskonto* 10
    CN=s-t-gpf-fondskonto,OU=Service Accounts,OU=System Operations,OU=CORP,DC=exampledomain,DC=test

    User Import shows error:

    pdadmin sec_master> user import s-t-gpf-fondskonto "CN=s-t-gpf-fondskonto,OU=Service Accounts,OU=System Operations,OU=CORP,DC=exampledomain,DC=test"

    Could not perform the administration request
    Error: HPDMG0769E There were insufficient LDAP access privileges to allow Security Verify Access to create and delete entries in the registry. (status 0x14c01301)

    The following command works:

    user import s-t-gpf-signportal "CN=s-t-gpf-signportal,OU=ServiceAccounts,OU=DEV,OU=Customers,OU=SKALA,DC=exampledomain,DC=test"

     

    However, the following does not:

    user import s-t-gpf-fondskonto "CN=s-t-gpf-fondskonto,OU=Service Accounts,OU=System Operations,OU=CORP,DC=exampledomain,DC=test"

    Need to understand who has insufficient LDAP access privileges? And how to solve this issue :-(



    ------------------------------
    Piyush Agrawal
    https://www.linkedin.com/in/piyush-norway/
    Gjensidige Norway
    ------------------------------



  • 2.  RE: HPDMG0769E There were insufficient LDAP access privileges to allow Security Verify Access

    Posted Thu March 20, 2025 10:47 AM

    Hi,

    Have you solved the issue - I am facing the same.

    Thanks,

    Mita



    ------------------------------
    Mita Mitic
    ------------------------------

    Original Message


  • 3.  RE: HPDMG0769E There were insufficient LDAP access privileges to allow Security Verify Access

    Posted Fri March 21, 2025 09:24 AM

    When importing a Federated User the default setting attempt to create a uid attribute in the the federated directory.  This setting in ldap.conf is,

    [ldap]

    # When a user is imported their uid attribute will be added if not present.
    # Setting this option to 'no' will stop the update of the uid attribute.
    import-mod-uid = yes

    The bind-dn from,

    [server:ad_server]

    bind-dn = ...

    Needs permission to create this on the AD user.

    You can either update the perms for the bind-dn service account or disable by setting,

    import-mod-uid = no

    You can set global or per federated directory.



    ------------------------------
    Nick
    IBM Verify Customer Support
    ------------------------------

    Original Message