SelfService PKI Error - Insufficient access

[Mr. J]

New install of WebADM, running latest of of Feb 22, 2021.  Logging in with a non-admin account into the User Self-Service Desk.  When clicking PKI -> Add new certificate, I get a message that says failed.  In the webadm.log, I get this error.

[SelfDesk:WFRUYS3F] Could not modify LDAP object 'CN=User,DC=example,DC=local' (Insufficient access - 00002098: SecErr: DSID-03150F94, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0)

Clearly, an AD permissions error, but I am not sure what attributes this user account is supposed to have write access to to set the PKI configuration.  

Thanks,

 Mr. J

[Yoann Traut]

Hello,

You need to give to your proxy user account the read/write permission on userCertificate attribute. 

Regards

On 21 Feb 2021, at 02:20, Mr. J <j...@nnbfn.net> wrote:

New install of WebADM, running latest of of Feb 22, 2021.  Logging in with a non-admin account into the User Self-Service Desk.  When clicking PKI -> Add new certificate, I get a message that says failed.  In the webadm.log, I get this error.

--
You received this message because you are subscribed to the Google Groups "RCDevs Security Solutions - Technical" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rcdevs-technic...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rcdevs-technical/46ac0a62-a371-4f85-bd5f-2844ea20fc9cn%40googlegroups.com.

[Mr. J]

Thank you,

  The resolved the issue.  Note that attribute is not included on the Proxy User Rights page.  https://www.rcdevs.com/docs/howtos/proxy_user/proxy_user_rights/

Cheer,

J

[Yoann Traut (RCDevs)]

You right, thank you for the feedback, it has been added and will be published in the next release of our docsite.

Regards