My Oracle Support Banner

OID Changelog Adapter in OVD Generates Ldap Error 50 Insufficient Access After Completing OAM-OIM Integration Steps (Doc ID 1373421.1)

Last updated on FEBRUARY 03, 2022

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Oracle Virtual Directory - Version and later
Information in this document applies to any platform.


After completing the steps for Oracle Access Manager (OAM) integration with Oracle Identity Manager (OIM) with a full Oracle Virtual Directory (OVD) installation, search of the OID change log using the OVD changelog adapter fails with LDAP Error 50 'Insufficient Access'.

The changelog adapter is configured with Pass-through Mode: Always.

The OIM Advanced Administration -> Resource Management -> Manage IT Resource -> IT Resource Type: Directory Server -> Admin Login value is set to the OIM Administrator user DN as specified when idmConfigTool script was run for the integration.

Admin Login: cn=<OIM_ADMIN_USER>,cn=users,dc=<COMPANY>,dc=com

It is expected that the -prepareIDstore step will configure the cn=changelog Access Control List (ACL) in OID so that the OIM Administrator user can search the OID change log.

Steps to reproduce

1. Configure OAM-OIM integration.
2. Access Oracle Directory Services Manager (ODSM) and connect to OVD as the OIM Administrator user  e.g. n=<OIM_ADMIN_USER>,cn=users,dc=<COMPANY>,dc=com
3. Click the Data Browser tab.
4. Click on the cn=changelog entry, the following error popup is shown:


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.