"LDAP ERROR: 53 Unwilling to Perform" When Trying to Modify the RDN Value of an Entry in OID

(Doc ID 1369177.1)

Last updated on AUGUST 08, 2017

Applies to:

Oracle Internet Directory - Version and later
Information in this document applies to any platform.


Modifying RDN/DN value of any entry fails  with "ldap_rename_s: DSA is unwilling to perform" error.

Steps to reproduce the issue.

1.Create a user in OID.
2.Create a password policy and add the created user as a member of effective sub tree list.
Then this user will have "pwdpolicysubentry" value.

Run the below ldapsearch command to verify whether the user has a pwdpolicysubentry or not.

ldapsearch -h localhost -p 3060 -D cn=orcladmin -w welcome1 -b "cn=Ramesh123,cn=Users,dc=vm,dc=oracle,dc=com" -s sub "objectclass=*" pwdpolicysubentry

3.Now create a mod.ldif file like this:

[oracle@infra bin]$ cat mod.ldif

4.Run the ldapmodify command like this:

[oracle@infra bin]$ ldapmodify -h localhost -p 3060 -D cn=orcladmin -w welcome1 -f mod.ldif
modifying rdn of entry cn=Ramesh123,cn=Users,dc=vm,dc=oracle,dc=com
ldap_rename_s: DSA is unwilling to perform

Try using ODSM to change the RDN value of this entry, the below error message will display:
LDAP ERROR: 53 Unwilling to Perform

Log file shows the Following:

ConnID:321 mesgID:86 OpID:85 OpName:modrdn ConnIP:<ip_address> ConnDN:cn=orcladmin
INFO : gslfmrADoModRdn * dn (Ramesh123,cn=Users,dc=vm,dc=oracle,dc=com) newrdn (cn=ramesh12) deloldrdn (-1)
2011-09-12T09:39:42 * gslfmrADoModRdn: conn=321 op=85 MODRDN dn="Ramesh123,cn=Users,dc=vm,dc=oracle,dc=com"
2011-09-12T09:39:42 * Deleting attribute:cn value:Ramesh123 in gslsbmDeleteAttributeValue()
2011-09-12T09:39:42 * gslsfpvPLoadPwdPolicyEntry: Internal Error



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms