To my knowledge, the only thing AD requires secured LDAP connections for is changing passwords. How did your AD admin "back off the privileges"?
Have your AD admin run the delegation wizard at the root of your domain, and give you full control over all objects. See if that works. -----Original Message----- From: Chris Ridd [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 12:15 AM To: Barrett, John; [EMAIL PROTECTED] Subject: Re: AD Authentication On 13/10/04 10:59 pm, Barrett, John <[EMAIL PROTECTED]> wrote: > I've written a script (below) that runs on a Unix server and modifies > AD attributes. It works fine if the user I'm binding as is given > Domain Admin privileges. The AD admins don't want to give me that > much power (and I really don't want it) but when they back the > privileges off to what they think should work I get "insufficient > access" errors: > > update error: 00002098: SecErr: DSID-03150646, problem 4003 > (INSUFF_ACCESS_RIGHTS), data 0 > > The only thing that seems to work is Domain Admin. The AD admins > claim that I am not "presenting the security context correctly." I'm > using simple bind. Is there anything I can do differently? Would SASL > help? Possibly. Using SSL might help too. Cheers, Chris
