In IDM401 there is an LDAP extension, GetNamedPasswordRequest and
GetNamedPasswordResponse, OID 2.16.840.1.113719. and
2.16.840.1.113719., that should be able to read a named password.
When I try to use it I get a -672 no access error.
Does anybody know which rights it requires?

I have Supervisor rights to the driver objects.

00:36:27 7F4B4BA0 LDAP: ( DoExtended on
connection 0x15dd6780
00:36:27 7F4B4BA0 LDAP: ( DoExtended:
Extension Request OID: 2.16.840.1.113719.
00:36:27 7F4B4BA0 LDAP: ( Sending
operation result 50:"":"no access (-672)" to connection 0x15dd6780