AD plugin in vco

deepthy · ‎07-28-2014

Hi,

I want to use the AD plugin(1.0.4) to create users in AD. I was able to successfully run the AD configuration workflow (vco 5.5).

When I try to create users in Ad, I get the following error -

"Unable to create a new user: InternalError: Failed to create user account... [LDAP: error code 50 - 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

] (Dynamic Script Module name : createUser#1) (Dynamic Script Module name : createUser#4) "

I think I do not have access to create the users in AD. Is there a way to configure the domain username in the workflow to create the user.

tschoergez · ‎07-28-2014

Hi,

see this article to get some tips about how to troubleshoot these kind of errors:

http://www.vcoportal.de/2011/07/troubleshooting-ldap-erros-in-vco/

Error 50 means "Insufficient Access Rights", so you are on the right track.

You can configure what user is used in the plugin configuration. It's either a "shared session", where you can define any username/password, or you can use "Session per user", then the account who started the workflow is used to connect to AD.

Usually one would use a "shared session" with a service account that has administrative rights in AD.

Cheers,

Joerg

deepthy · ‎07-28-2014

I see the following error when I use shared session :

Connection failed.[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece] (Workflow:Configure Active Directory server / Update Configuration (item1)#10

tschoergez · ‎07-28-2014

If you go through the article I mentioned, you see this link: How LDAP Error Codes Map to JNDI Exceptions (The Java&trade; Tutorials &gt; Java Naming and ...

Error 49 states "Invalid Credential".

So check username, password and/or syntax of the username.

deepthy · ‎07-28-2014

It works with a username, but I still see an error when I try to configure with the service accounts.

All

AD plugin in vco