Hi guys,

I've got a problem getting our new IDM install to synchronize passwords
over to our AD driver. Adds and modifications work fine, the changes are
accurately reflected in AD when we make a change in eDir/IDM but anytime
there's a sync on the password the trace comes back with the following:

[07/23/14 19:29:31.294]:Active Directory Driver ST:Start transaction.
[07/23/14 19:29:31.295]:Active Directory Driver ST:type(modify-entry)entry-id(63577) dn(\T=EE\O=EE\OU=STD\CN=testidmuser14) class-id(435) class-name(User)
[07/23/14 19:29:31.296]:Active Directory Driver ST:type(remove-value)<value suppressed>
[07/23/14 19:29:31.302]:Active Directory Driver ST:type(add-value)<value suppressed>
[07/23/14 19:29:31.306]:Active Directory Driver ST:Processing events for transaction.
[07/23/14 19:29:31.319]:Active Directory Driver STriver object has insufficient rights to read \EE\EE\STD\testidmuser14#nspmDistributionPassword.
[07/23/14 19:29:31.323]:Active Directory Driver ST:

We've triple checked the security equivalence of the AD driver, it's
currently set as the tree admin. (admin.EE). The driver doesn't seem to
have an issue with any other attribute during adds and modifications.


goverd's Profile: https://forums.netiq.com/member.php?userid=4695
View this thread: https://forums.netiq.com/showthread.php?t=51403