Anonymous_User Absent Member.
Absent Member.
708 views

IDM 3.6.1 Could not set password via platform call. Err=5 (access denied)

I used tom have it working, but now I get way too many of these errors to
treat it as a working solution:

How to tackle it?

Message 39:
Mon Apr 08 08:19:16 BST 2013
Error
<status event-id="pwd-subscribe" level="error" type="driver-general">Could
not set password via platform call. Err=5 (access denied)<operation-data>
<password-subscribe-status>
<association>a1533d87d424524296ec5cff5fe36233</association>
</password-subscribe-status>
</operation-data>
<application>DirXML</application>
<module>AD-driver</module>
<object-dn>\TREE\UK\*****\*************\***********</object-dn>
<component>Subscriber</component>
</status>
\TREE\UK\*****\*************\***********






Labels (1)
0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: IDM 3.6.1 Could not set password via platform call. Err=5 (access denied)


Check that the account the driver logs in with can set the passwords.
My guess is that someone has been modifying group policies or rights in
the AD.

The error you get is what it sounds like, you don't have rights to set
the password.


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=47528

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: IDM 3.6.1 Could not set password via platform call. Err=5 (access denied)

I followed:

https://forums.netiq.com/showthread.php?1959-User-are-not-synchronize-in-Active-Directory-using-RL&p=8056#post8056

1. Clear out the Authentication Context field. It is not needed when
the RL is on the DC since there is no other box with which the driver
must communicate. This is the best setup possible, so congratulations.

2. Set the username correctly, either as domaoin\addriver_idm or just
addriver_idm (the former is better, in my experience).

I had the user in user@domain format. Changed to domain\user format & it
seems to work fine again (how odd)

BEFORE:

ADDriver: Connect using ldap_bind: user=administrator@domain.local, domain=,
password=***, method=negotiate, server=domain.local, sign=no, seal=no ssl=no

AFTER:

ADDriver: Connect using ldap_bind: user=administrator, domain=domain,
password=***, method=negotiate, server=localhost, sign=no, seal=no ssl=no


Seb



"joakim ganse" <joakim_ganse@no-mx.forums.netiq.com> wrote in message
news:joakim_ganse.5tmre0@no-mx.forums.netiq.com...
>
> Check that the account the driver logs in with can set the passwords.
> My guess is that someone has been modifying group policies or rights in
> the AD.
>
> The error you get is what it sounds like, you don't have rights to set
> the password.
>
>
> --
> joakim_ganse
> ------------------------------------------------------------------------
> joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
> View this thread: https://forums.netiq.com/showthread.php?t=47528
>



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: IDM 3.6.1 Could not set password via platform call. Err=5 (accessdenied)

On 4/11/2013 7:33 AM, Sebastian Cerazy wrote:
> I had the user in user@domain format. Changed to domain\user format & it
> seems to work fine again (how odd)
>
> BEFORE:
>
> ADDriver: Connect using ldap_bind: user=administrator@domain.local, domain=,
> password=***, method=negotiate, server=domain.local, sign=no, seal=no ssl=no
>
> AFTER:
>
> ADDriver: Connect using ldap_bind: user=administrator, domain=domain,
> password=***, method=negotiate, server=localhost, sign=no, seal=no ssl=no
>
>
> Seb
>
>


That is because the negotiate method specifies that the user must be provided in domain\account
format. While other values do in fact work, if you look at the M$ spec it says to use
domain\account at all times.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.