New users are not created in a newly LDAP integrated on-premise 2.0+ platform.

Release :

• 2.0
• 2.0.1
• 2.1.0

This can be caused when the bind DN user does not have sufficient permissions to perform a dir sync.  The bind DN user must either be a domain admin or have the Replicating Directory Changes permissions in active directory.

In order to verify the cause, you can inspect the docker logs as follows:

$ docker ps | grep replicated_replicated.1

Sample Output:

0df94ce4fb5d        replicated/replicated:stable-2.49.0                              "/usr/bin/entrypoint…"   6 weeks ago         Up 6 weeks          9874/tcp, 9876-9877/tcp, 9879/tcp             replicated_replicated.1.n1nul7swhvc2uvsit33kim3vi

Take the container ID from your output as highlighted above, and use it for the following command:

$ docker logs 0df94ce4fb5d 2>&1 | grep "dir sync: LDAP Result Code 50"

If the following output is seen, then the bind DN user does not have the necessary access:

WARN 2021-03-30T17:22:08+00:00 identity/sync.go:170 Failed to sync identity source for config host=server.company.com, dn=dc=users,dc=company,dc=com: active directory: dir sync: LDAP Result Code 50 "Insufficient Access Rights": 00002105: LdapErr: DSID-0C09098A, comment: Error processing control, data 0, v4563

Perform one of the following actions:

• Grant domain admin rights to the bind DN user
• Grant "Replicating Directory Changes" (SE_SYNC_AGENT_NAME) permissions to the bind DN user

keywords: agile central Insufficient Access Rights