Hi,
I want to use the AD plugin(1.0.4) to create users in AD. I was able to successfully run the AD configuration workflow (vco 5.5).
When I try to create users in Ad, I get the following error -
"Unable to create a new user: InternalError: Failed to create user account... [LDAP: error code 50 - 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
] (Dynamic Script Module name : createUser#1) (Dynamic Script Module name : createUser#4) "
I think I do not have access to create the users in AD. Is there a way to configure the domain username in the workflow to create the user.
Hi,
see this article to get some tips about how to troubleshoot these kind of errors:
http://www.vcoportal.de/2011/07/troubleshooting-ldap-erros-in-vco/
Error 50 means "Insufficient Access Rights", so you are on the right track.
You can configure what user is used in the plugin configuration. It's either a "shared session", where you can define any username/password, or you can use "Session per user", then the account who started the workflow is used to connect to AD.
Usually one would use a "shared session" with a service account that has administrative rights in AD.
Cheers,
Joerg
I see the following error when I use shared session :
Connection failed.[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece] (Workflow:Configure Active Directory server / Update Configuration (item1)#10
If you go through the article I mentioned, you see this link: How LDAP Error Codes Map to JNDI Exceptions (The Java™ Tutorials > Java Naming and ...
Error 49 states "Invalid Credential".
So check username, password and/or syntax of the username.
It works with a username, but I still see an error when I try to configure with the service accounts.