IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to threads
Expand all | Collapse all

HPDMG0769E There were insufficient LDAP access privileges to allow Security Verify Access

  • 1.  HPDMG0769E There were insufficient LDAP access privileges to allow Security Verify Access

    Posted Wed March 12, 2025 06:30 AM
    Edited by Piyush Agrawal Wed March 12, 2025 06:31 AM
    Reply

    ldap.conf : 
    [server:exampledomaintest-ad]
    host = T-000-111-999.exampledomain.test
    port = 636
    bind-dn = CN=SVC-ISAM-ADFS,OU=Service Accounts,OU=System Operations,OU=SKALA,DC=exampledomain,DC=test
    ssl-enabled = yes
    basic-user-principal-attribute = sAMAccountName
    ssl-keyfile-dn = mistraltest
    suffix = DC=exampledomain,DC=test

    User : SVC-ISAM-ADFS is a domain admin on Active directory.

    Logged to pd in as sec_master.
    User list shows a user:
    pdadmin sec_master> user list-dn *s-t-gpf-fondskonto* 10
    CN=s-t-gpf-fondskonto,OU=Service Accounts,OU=System Operations,OU=CORP,DC=exampledomain,DC=test

    User Import shows error:

    pdadmin sec_master> user import s-t-gpf-fondskonto "CN=s-t-gpf-fondskonto,OU=Service Accounts,OU=System Operations,OU=CORP,DC=exampledomain,DC=test"

    Could not perform the administration request
    Error: HPDMG0769E There were insufficient LDAP access privileges to allow Security Verify Access to create and delete entries in the registry. (status 0x14c01301)

    The following command works:

    user import s-t-gpf-signportal "CN=s-t-gpf-signportal,OU=ServiceAccounts,OU=DEV,OU=Customers,OU=SKALA,DC=exampledomain,DC=test"

     

    However, the following does not:

    user import s-t-gpf-fondskonto "CN=s-t-gpf-fondskonto,OU=Service Accounts,OU=System Operations,OU=CORP,DC=exampledomain,DC=test"

    Need to understand who has insufficient LDAP access privileges? And how to solve this issue :-(



    ------------------------------
    Piyush Agrawal
    https://www.linkedin.com/in/piyush-norway/
    Gjensidige Norway
    ------------------------------



  • 2.  RE: HPDMG0769E There were insufficient LDAP access privileges to allow Security Verify Access

    Posted Thu March 20, 2025 10:47 AM
    Reply

    Hi,

    Have you solved the issue - I am facing the same.

    Thanks,

    Mita



    ------------------------------
    Mita Mitic
    ------------------------------

    Original Message


  • 3.  RE: HPDMG0769E There were insufficient LDAP access privileges to allow Security Verify Access

    Posted Fri March 21, 2025 09:24 AM
    Reply

    When importing a Federated User the default setting attempt to create a uid attribute in the the federated directory.  This setting in ldap.conf is,

    [ldap]

    # When a user is imported their uid attribute will be added if not present.
    # Setting this option to 'no' will stop the update of the uid attribute.
    import-mod-uid = yes

    The bind-dn from,

    [server:ad_server]

    bind-dn = ...

    Needs permission to create this on the AD user.

    You can either update the perms for the bind-dn service account or disable by setting,

    import-mod-uid = no

    You can set global or per federated directory.



    ------------------------------
    Nick
    IBM Verify Customer Support
    ------------------------------

    Original Message