INSUFF_ACCESS_RIGHTS

[Chirag Darji]

Hi

Getting such error while i unlocking AD user from the PWM portal they are able to change password from the helpdesk section but not able to unlock the user

Error, http.PwmResponse, {iJedw,t testuser} 5015 Error_internal {javax.naming.NoPermissionException: [LDAp: error code 50 - 00002098: SecErr: DSID-031514A0, problem 4003 {INSUFF_ACCESS_RIGHTS}, data 0 ]}

[Jason Rivard]

This is an error from AD.  You can use PWM logs and LDAP wire trace settings to find out what LDAP operation it is occurring on, but why AD is giving this error is something beyond the scope of PWM.  Probably rights related but AD errors are often misleading.