[Freeipa-users] Active Directory Sync user rights?
gflwqs gflwqs
gflwqs at gmail.com
Tue Nov 12 08:29:42 UTC 2013
Hi,
I have created the sync user with:
- *Replicating directory changes* rights to the synchronized Active
Directory subtree.
- A member of the *Account Operator* and *Enterprise Read-Only Domain
controller* groups.
The user attribute syncronization is working fine, however the passync from
IPA to AD does not work, i get this error message when i change a password
for a user from IPA:
(00000005: SecErr: DSID-031A121F, problem 4003 (INSUFF_ACCESS_RIGHTS), data
0 ) for modify operation
If i add the sync user to the Domain Admins group it works, however
according to the docs this should not be necessary?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131112/da9d85ec/attachment.htm>
More information about the Freeipa-users
mailing list