OID Changelog Adapter in OVD Generates Ldap Error 50 Insufficient Access After Completing OAM-OIM Integration Steps
(Doc ID 1373421.1)
Last updated on FEBRUARY 03, 2022
Applies to:
Oracle Internet Directory - Version 11.1.1 and laterOracle Virtual Directory - Version 11.1.1.1.0 and later
Information in this document applies to any platform.
Symptoms
After completing the steps for Oracle Access Manager (OAM) integration with Oracle Identity Manager (OIM) 11.1.1.5 with a full Oracle Virtual Directory (OVD) installation, search of the OID change log using the OVD changelog adapter fails with LDAP Error 50 'Insufficient Access'.
The changelog adapter is configured with Pass-through Mode: Always.
The OIM Advanced Administration -> Resource Management -> Manage IT Resource -> IT Resource Type: Directory Server -> Admin Login value is set to the OIM Administrator user DN as specified when idmConfigTool script was run for the integration.
e.g.
Admin Login: cn=<OIM_ADMIN_USER>,cn=users,dc=<COMPANY>,dc=com
It is expected that the idmConfigTool.sh -prepareIDstore step will configure the cn=changelog Access Control List (ACL) in OID so that the OIM Administrator user can search the OID change log.
Steps to reproduce
1. Configure OAM-OIM integration.
2. Access Oracle Directory Services Manager (ODSM) and connect to OVD as the OIM Administrator user e.g. n=<OIM_ADMIN_USER>,cn=users,dc=<COMPANY>,dc=com
3. Click the Data Browser tab.
4. Click on the cn=changelog entry, the following error popup is shown:
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |