Support Questions

When the wizard generates credentials, it reports Insufficient access (50) ldap error, like this:

/opt/cloudera/cm/bin/gen_credentials_ad.sh failed with exit code 50 and output of <<
+ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin
+ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin
+ KEYTAB_OUT=/var/run/cloudera-scm-server/cmf3782202571582054951.keytab
+ PRINC=HTTP/cradle3302t.priv.cwru.edu@ADS.CASE.EDU
+ USER=PruWGPfsVZ
+ PASSWD=REDACTED
+ DELETE_ON_REGENERATE=true
+ SET_ENCRYPTION_TYPES=false
+ ENC_TYPES_MASK=4
+ USERACCOUNTCONTROL=66048
+ ACCOUNTEXPIRES=0
+ OBJECTCLASSES='objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
'
+ EXTRA_ATTRIBUTES=
+ DIST_NAME='CN=PruWGPfsVZ,OU=cradle33,OU=Hadoop,OU=Research Computing,OU=Information Technology Services,OU=Delegated Departments,DC=ads,DC=case,DC=edu'
+ [[ -z ADS.CASE.EDU ]]
+ echo 'CMF_REALM is: ADS.CASE.EDU'
+ '[' -z /var/run/cloudera-scm-server/krb5125639301910663789.conf ']'
+ echo 'Using custom config path '\''/var/run/cloudera-scm-server/krb5125639301910663789.conf'\'', contents below:'
+ cat /var/run/cloudera-scm-server/krb5125639301910663789.conf
++ mktemp /tmp/cm_ldap.XXXXXXXX
+ LDAP_CONF=/tmp/cm_ldap.jOaAAbDw
+ echo 'TLS_REQCERT never'
+ echo 'sasl_secprops minssf=0,maxssf=0'
+ SIMPLE_PWD_STR=
+ LDAP_URL=
+ '[' REDACTED = '' ']'
+ SIMPLE_PWD_STR='-x -D rcci-hadoop-sa@ADS.CASE.EDU -w REDACTED'
+ LDAP_URL=ldaps://ads.case.edu:636
+ export LDAPCONF=/tmp/cm_ldap.jOaAAbDw
+ LDAPCONF=/tmp/cm_ldap.jOaAAbDw
++ ldapsearch -LLL -H ldaps://ads.case.edu:636 -b 'OU=cradle33,OU=Hadoop,OU=Research Computing,OU=Information Technology Services,OU=Delegated Departments,DC=ads,DC=case,DC=edu' -x -D rcci-hadoop-sa@ADS.CASE.EDU -w REDACTED userPrincipalName=HTTP/cradle3302t.priv.cwru.edu@ADS.CASE.EDU
+ PRINC_SEARCH=
++ echo ''
++ sed -n '1 {h; $ !d}; $ {x; s/\n //g; p}; /^ / {H; d}; /^ /! {x; s/\n //g; p}'
+ RESULTS_UNWRAPPED=
+ echo “”
+ set +e
+ echo
+ grep -q userPrincipalName
+ '[' 1 -eq 0 ']'
+ set -e
+ '[' false = true ']'
+ ldapmodify -H ldaps://ads.case.edu:636 -x -D rcci-hadoop-sa@ADS.CASE.EDU -w REDACTED
++ echo 'objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
'
++ sed /str/d
++ echo HTTP/cradle3302t.priv.cwru.edu@ADS.CASE.EDU
++ sed -e 's/\@ADS.CASE.EDU//g'
++ echo -n '"REDACTED"'
++ iconv -f UTF8 -t UTF16LE
++ base64 -w 0
++ echo ''
ldap_add: Insufficient access (50)
additional info: 00000005: SecErr: DSID-03152E13, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

>>

I know the service account has full access for sure.

Is anyone know the reason why it is failed in this way?