[midPoint] Active Directory: LDAP error during DirSync search: insufficientAccessRights
Tom Seeley
midpoint at tomseeley.co.uk
Tue May 5 11:51:46 CEST 2020
I didn't see this documented anywhere, so just for the next person who
searches for this problem:
When configuring a live sync with your Active Directory, you might get
the above error (LDAP error during DirSync search:
insufficientAccessRights)
The problem is that your service account (the AD account that midpoint
is using to sync the AD) needs the special permission "Replicating
Directory Changes"(*), this can be added using ADUC(**)
Ideally this would be an update to here:
https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector
Thanks,
Tom.
*:
https://support.microsoft.com/en-ae/help/891995/how-to-poll-for-object-attribute-changes-in-active-directory-on-window
**: https://support.microsoft.com/en-us/help/303972
More information about the midPoint
mailing list