New OID 11g Superuser Cannot Perform Administrative Operations Due to Error 'Insufficient Access'
Last updated on JANUARY 04, 2018
Applies to:Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
A new super-user/administrator account has been created in Oracle Internet Directory (OID) 11g with reference to the following documentation:
Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1)
12.5 Creating Another Account With Superuser Privileges
Following the documentation, the new user has been added as member to all the groups that cn=orcladmin user is a member of. ldapsearch with for uniquemember=cn=orcladmin filter has been executed to verify these groups.
ldapsearch -h oidhost -p port -D "cn=orcladmin" -q -b "" -L -s sub "(|(member=cn=orcladmin)(uniquemember=cn=orcladmin))" dn
However the new user is unable to perform any super-user operations. When an attempt is made to create a new schema attribute error 'insufficient access' is returned.
Example: when trying to use the new user to enable debug logging in OID 'insufficient access' error is returned:
ldapmodify -h oidhost -p 3060 -D "cn=adminuser1,cn=users,dc=oracle,dc=com" -q -v -f debugon.ldif
Please enter bind password:
modifying entry cn=oid1,cn=osdldapd, cn=subconfigsubentry
ldap_modify: Insufficient access
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms