ipa-adtrust-install fails with error Insufficient access (50)

Solution Unverified - Updated -

Issue

The AD trust install command fails create sidgen task, debug logs shows the add operation failed with "Insufficient access(50)".

    # ipa-adtrust-install
    .......
    adding new entry "cn=ipa-sidgen-task,cn=plugins,cn=config"

    2013-08-19T12:57:47Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-XXX-EXAMPLE-COM.socket/??base )
    SASL/GSSAPI authentication started
    SASL username: admin@XXX.EXAMPLE.COM
    SASL SSF: 56
    SASL data security layer installed.
    ldap_add: Insufficient access (50)
        additional info: Insufficient 'add' privilege to add the entry 'cn=plugins,cn=config'.
    adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config"

    2013-08-19T12:57:48Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-XXX-EXAMPLE-COM.socket/??base )
    SASL/GSSAPI authentication started
    SASL username: admin@XXX.EXAMPLE.COM
    SASL SSF: 56
    SASL data security layer installed.
    ldap_add: Insufficient access (50)
        additional info: Insufficient 'add' privilege to add the entry 'cn=plugins,cn=config'.

  • Directory sever logs:

    [19/Aug/2013:18:27:47 +051800] conn=564 fd=72 slot=72 connection from local to /var/run/slapd-XXX-EXAMPLE-COM.socket
[19/Aug/2013:18:27:47 +051800] conn=564 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI
[19/Aug/2013:18:27:47 +051800] conn=564 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[19/Aug/2013:18:27:47 +051800] conn=564 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI
[19/Aug/2013:18:27:47 +051800] conn=564 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[19/Aug/2013:18:27:47 +051800] conn=564 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI
[19/Aug/2013:18:27:47 +051800] conn=564 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=xxx,dc=example,dc=com"
[19/Aug/2013:18:27:47 +051800] conn=564 op=3 ADD dn="cn=IPA SIDGEN,cn=plugins,cn=config"
[19/Aug/2013:18:27:47 +051800] conn=564 op=3 RESULT err=50 tag=105 nentries=0 etime=0
[19/Aug/2013:18:27:47 +051800] conn=564 op=4 UNBIND

Environment

  • Red Hat Enterprise Linux 6.4
  • Red Hat Enterprise IdM

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content