I have setup an IDM Active Directory driver.
Everything is working fine.

But when the user change his password it will not be synchronized to
the Active Directory account.

I get these error:


DirXML Log Event -------------------
Driver: \IDM-TREE\company\IDMDriver\IDM\AD-IMS
Channel: Subscriber
Object: \IDM-TREE\company\MetaData\username
Status: Error
Message: <message>Password set failed.</message>
<ldap-err ldap-rc="50" ldap-rc-name="LDAP_INSUFFICIENT_RIGHTS">
<client-err ldap-rc="50" ldap-rc-name="LDAP_INSUFFICIENT_RIGHTS">Insufficient Rights</client-err>
<server-err>00000005: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
<server-err-ex win32-rc="5"/>
[10/26/2010 9:35:02.703] AD-Driver ST:Password synchronization event status recorded.


It looks like that the IDM service user has not the enougth rights in
the Active Directory to change the password of the users.

The IDM service user has the right "Change Password" in the Active
Which rights I have to give to the IDM Service user in the Active
Directory that he can change the passwords of the users?


dominicdavid's Profile: http://forums.novell.com/member.php?userid=33244
View this thread: http://forums.novell.com/showthread.php?t=424901