Symantec Access Management

Active Directory as policy store

  • 1.  Active Directory as policy store

    Posted 12-23-2019 02:44 PM
    I am trying to use active directory as policy store and want to restrict the permissions granted to the user that connects to the policy store.

    Documentation states that "

    "Privileges to create, read, modify, and delete objects in the LDAP tree underneath the policy store root object.""

    If i grant full control to the OU that hosts the policy store , of course , everything is initialized properly. However, when we retrict the permission i.e. remove full control and grant create\delete permissions , i am getting this error while running xpsddinstall smmaster.xdd

    [3204/4348][Mon Dec 23 2019 13:30:40][SmObjProvider.cpp:188][ERROR][sm-Server-03090] Policy store failed operation 'Save' for object type 'Realm' . LDAP Error creating new Realm object"

    Has anyone done this by restricting permissions ?