IMPS: LDAP error code 50 - Insufficient Rights
search cancel

IMPS: LDAP error code 50 - Insufficient Rights


Article ID: 144044


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite CA API Gateway


When a user attribute is updated on an endpoint via CA Identity Manager (IM) the task reports as failed in the VST (View Submitted Tasks).  Upon closer inspection the global user is updated successfully but one associated account failed.  A deeper review of the Provisioning Server (etatrans) log files, the following error is report

LDAP: error code 50 - Insufficient Rights

Sample Log extract

20200122:092000:TID=9e8b70:Modify    :C350:C326:F: FAILURE: Child Modify (eTADSAccountName=Test User)
20200122:092000:TID=9efb70:EtaServer :----:----:I: Retrieving common BLS Connectivity Configuration
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:     rc:  0x0032 (Insufficient access)
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:     msg: :ETA_E_0008<MAC>, Active Dir. Account 'Test User' on 'DOMAIN
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+' modification failed: Connector Server Modify failed: code 50 (INSUFFICIENT_ACCE
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+SS_RIGHTS): failed to modify entry: eTADSAccountName=Test User,eTADSOrg
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+UnitName=ProxyFull,eTADSOrgUnitName=<OrgName>,eTADSOrgUnitName=Users,eTADSOrgUnitNa
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+me=Corporate,eTADSDirectoryName=DOMAIN,eTNamespaceName=ActiveDirectory,dc=im,dc
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+=etasa: JCS@hostname: JNDI: [LDAP: error code 50 - Insufficient Rights]: failed t
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+o modify eTADSAccountName=User,eTADSOrgUnitName=ProxyFull,eTADSOrg
20200122:092000:TID=9e8b70:Modify    :C350:C326:F:+UnitName=<OrgName>,eTADSOrgUnitName=Users,eTADSOrgUnitName=Corporate,eTADSDirectory

Gateway Log: 

LDAP error code 50 - Insufficient Rights

2021-12-18T23:55:46.818-0500 WARNING 2968 com.external.assertions.ldapquery.server.ServerLDAPQueryAssertion: 9026: LDAP Query error: Error searching for LDAP entry : [LDAP: error code 50 - Insufficient Access Rights]; remaining name o=user.ldap.comhost

2021-12-18T23:55:43.006-0500 WARNING 2521 com.server.identity.ldap.LdapUserManagerImpl: LDAP error: [LDAP: error code 50 - Insufficient Access Rights]



Release : 14.x



This error appears if the endpoint attributes cannot be updated due to a permissions issue, but there can be several causes for this error, for example 


  • The Connector Server service account has insufficient rights at the endpoint to update attributes.
  • The endpoint attributes are protected and cannot be updated (read-only)
  • Or in some reported cases a firewall rule misconfiguration rule has blocked access.



Resolution to this issue is outside the scope of CA Broadcom Technical Support.  Please work with your system administrators to ensure you have sufficient and unhindered access to the endpoint.