Security Software

Hello,

I have what seems to be a straight forward problem, but I am not able to determine the fix. We have Novell IDM that uses a Sun LDAP driver to contact
our Sun Directory server for account add/remove/modify etc... This is working in 2 environments, but in the 3rd environment I am seeing this error..

Insufficient access (50) Insufficient 'add' privilege to add the entry 'uid=testid,ou=people,dc=test,dc=mydomain,dc=com'.

This add is being invoked by the IDM service account I have setup cn=IDM,ou=Services,dc=test,dc=mydomain,dc=com
The only requirement that I see if that IDM needs to be a member of the Directory Managers group and I have defined that in Directory Managers entry.

So it currently looks just like the other working environments. The ACI entries are the default ones that come with DS, so I do not think that is the problem.
I have even added a ACI entry to allow IDM account full access and that still shows the above error.

I have enabled ACI logging, but I am not seeing anything when I attempt the ldapmodify using the idm account as the binddn. Everything else in the DS looks to be working fine, no ssl issues, no issues added/removing with Directory Manager credentials.

I have tried the ldapmodify command w/ various debugging, but nothing jumps out as the problem... I am not sure where else to turn... It must be some type of missing perm/access for the IDM account.. But where ?

Any help or insight is appreciated....