On Thursday 14 October 2004 00:59, Barrett, John wrote: Hi,
> I've written a script (below) that runs on a Unix server and modifies AD > attributes. It works fine if the user I'm binding as is given Domain Admin > privileges. The AD admins don't want to give me that much power (and I > really don't want it) but when they back the privileges off to what they > think should work I get "insufficient access" errors: > > update error: 00002098: SecErr: DSID-03150646, problem 4003 > (INSUFF_ACCESS_RIGHTS), data 0 > > The only thing that seems to work is Domain Admin. The AD admins claim > that I am not "presenting the security context correctly." I'm using > simple bind. Is there anything I can do differently? Would SASL help? Same thing here. AD admin said he gave my bind user permissions to add/modify/delete objects in my base, but it just always gave me exactly the same error. Fortunately for me, AD admin trusted me the Administrator account and it started to work smoothly. -- [EMAIL PROTECTED]
