Question & Answer
Question
When a suffix is added after an ISAM environment is configured the LDAP ACLs must be updated to allow access by ISAM. During migration of an SDS server the ACLs may not be copied and must be updated. Operations such as a user create or import may fail with: Error: HPDMG0769E There were insufficient LDAP access privileges to allow Security Access Manager to create and delete entries in the registry. In the software stack the entries could be updated using the ivrgy_tool command shipped with the ISAM C Runtime. This command is no longer shipped when using the appliance. How can the LDAP ACLs be updated?
Cause
The ivgry_tool is no longer shipped. The C Runtime has been deprecated.
Answer
The ACLs may be updated manually using the attached add-aclentry.ldif file and idsldapmodify command. Command syntax is:
idsldapmodify -h ldaphost -p 389 -D cn=root -w ? -i add-aclentry.ldif
Double check the name of the ISAM Management domain and location in SDS. Some different examples are:
secAuthority=Lab
secAuthority=Sales,OU=ISAM_Data
The entries above are the same for all User/Group suffixes and also the secAuthority=Default tree.
Product Synonym
ISAM
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21991821