Hello,
We have integrated IPA with LDAP OOTB connector. Aggregation works fine with the filters, However the provisioning is failing saying no permissions to update memberOf attribute. When we tried through IPA commands it shows the service account which we are using have permissions and was able to remove the entitlement.
Did anyone face the issue?
Thanks,
Shiva
Seems like a gap in required permissions. Could you check if these requirements are met for the service account you’re using?
Hello @sreeram ,
Service account have admin prvileges and have the necessary permissions.
I see below error when i submit the access request.
sailpoint.connector.ConnectorException: [LDAP: error code 50 - Insufficient ‘write’ privilege to the ‘memberOf’ attribute of entry ‘uid=avenkatesh,cn=users,cn=accounts,dc=authqa,dc=vrsn,dc=com’. ]
Thanks,
Shiva
Hi and Hello,
The error indicates a lack of permissions to edit the memberOf attribute in LDAP. Check if the service account has the necessary permissions, verify the ACL in LDAP, and ensure that memberOf is not a system-managed attribute. If the issue persists, try performing the operation with a higher-privileged account.
Regards,
Adam
Hello @AdamVentum,
we have checked the permissions and they look good. The application team can able to run the commands successfully by logging in as same service account which we are using. Does the IPA support ldap connector?
Thanks,
Shiva
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.