New OID 11g Superuser Cannot Perform Administrative Operations Due to Error 'Insufficient Access'

(Doc ID 1076796.1)

Last updated on JANUARY 04, 2018

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.


A new super-user/administrator account has been created in Oracle Internet Directory (OID) 11g with reference to the following documentation:

Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1)
12.5 Creating Another Account With Superuser Privileges

Following the documentation, the new user has been added as member to all the groups that cn=orcladmin user is a member of. ldapsearch with for uniquemember=cn=orcladmin filter has been executed to verify these groups.

ldapsearch -h oidhost -p port -D "cn=orcladmin" -q -b "" -L -s sub "(|(member=cn=orcladmin)(uniquemember=cn=orcladmin))" dn

However the new user is unable to perform any super-user operations. When an attempt is made to create a new schema attribute error 'insufficient access' is returned.

Example: when trying to use the new user to enable debug logging in OID 'insufficient access' error is returned:

ldapmodify -h oidhost -p 3060 -D "cn=adminuser1,cn=users,dc=oracle,dc=com" -q -v -f debugon.ldif
Please enter bind password:
replace orcldebugflag:
replace orcldebugop:
modifying entry cn=oid1,cn=osdldapd, cn=subconfigsubentry
ldap_modify: Insufficient access




Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms