Quote Originally Posted by stevewdj View Post
On 5/14/19 5:24 AM, sma wrote:
> Hi,
> I'm also trying to setup the AD Ldap fulfillment and get the error :
> Item 'REMOVE_PERMISSION_ASSIGNMENT' does not contain all required
> provisioning attributes (permProvAttr, permProvId, accountProvId).
> Fix Retry Terminate
> Does anyone as some information how to configure ?
> Thanks
> Sylvain

In your AD Application Collector, do you have both and AD permission
Collector and an AD Account collector? So that the flow goes:

AD Permission -> AD Account -> Identity in the Catalog?

As I outlined in 23-April the error seen for Removing or Adding a
permission with the eDir or AD fulfillment happens because the Account
is not known. The Account has to be known. Therefore, within the eDir
or AD Application Collector you must have the AD/eDir permission
collector and the AD/eDir Account collector and the mapping for the
Holder of the permission goes to the Account. The Account will then
(when possible and when not that makes it an unmapped account) go to an

Steven Williams
Principal Enterprise Architect
Micro Focus

No I don't have the account collector as the AD directory is the Identity source.

Yes, it make sense that the account is required and I will make some tries with the account.

BTW, I found a bit redondant to get also account from AD, if this is the Identity source, do you have any suggestion about that ?