[midPoint] Active Directory: LDAP error during DirSync search: insufficientAccessRights

Ivan Noris ivan.noris at evolveum.com
Tue May 5 13:34:02 CEST 2020


Hi Tom,

thanks, I have added this information to the wiki page.

Best regards,

Ivan

On 5. 5. 2020 11:51, Tom Seeley wrote:
>
> I didn't see this documented anywhere, so just for the next person who
> searches for this problem:
>
> When configuring a live sync with your Active Directory, you might get
> the above error (LDAP error during DirSync search:
> insufficientAccessRights)
>
>
> The problem is that your service account (the AD account that midpoint
> is using to sync the AD) needs the special permission "Replicating
> Directory Changes"(*), this can be added using ADUC(**)
>
> Ideally this would be an update to here:
> https://wiki.evolveum.com/display/midPoint/Active+Directory+with+LDAP+connector
>
> Thanks,
>
> Tom.
>
>
> *:
> https://support.microsoft.com/en-ae/help/891995/how-to-poll-for-object-attribute-changes-in-active-directory-on-window
> **: https://support.microsoft.com/en-us/help/303972
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com




More information about the midPoint mailing list