ADS Endpoint: LDAP error code 50 - Insufficient Rights
search cancel

ADS Endpoint: LDAP error code 50 - Insufficient Rights


Article ID: 144044


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite CA API Gateway


When a user attribute is updated on an endpoint via CA Identity Manager (IM) the task reports as failed in the VST (View Submitted Tasks).  Upon closer inspection the global user is updated successfully but one associated account failed.  A deeper review of the Provisioning Server (etatrans) log files, the following error is report

LDAP: error code 50 - Insufficient Rights

Sample Log extract from the Provisioning Server's etatrans log:

20200122:092000:TID=9e8b70:Modify    :C350:C326:F: FAILURE: Child Modify (eTADSAccountName=Test User)
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:     rc:  0x0032 (Insufficient access)
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:     msg: :ETA_E_0008<MAC>, Active Dir. Account 'Test User' on 'DOMAIN
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+' modification failed: Connector Server Modify failed: code 50 (INSUFFICIENT_ACCE
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+SS_RIGHTS): failed to modify entry: eTADSAccountName=Test User,eTADSOrgNa
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+me=MyOrg,eTADSDirectoryName=DOMAIN,eTNamespaceName=ActiveDirectory,dc=im,dc
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+=etasa: JCS@hostname: JNDI: [LDAP: error code 50 - Insufficient Rights]: failed t
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+o modify eTADSAccountName=Test User,eTADSOrgUnitName=MyOrg,eTADSDirectory



All Identity Manager


This error appears if the endpoint attributes cannot be updated due to a permissions issue.


You will need to work with your ADS administrator to ensure that the ID used to acquire the ADS Endpoint has the permissions needed to perform the operations Identity Manager is trying to do. Please also refer to the following product documentation: