OID Changelog Adapter in OVD Generates Ldap Error 50 Insufficient Access After Completing OAM-OIM Integration Steps (Doc ID 1373421.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Oracle Virtual Directory - Version 11.1.1.1.0 and later
Information in this document applies to any platform.
***Checked for relevance on 11-April-2013***

Symptoms

After completing the steps for Oracle Access Manager (OAM) integration with Oracle Identity Manager (OIM) 11.1.1.5 with a full Oracle Virtual Directory (OVD) installation, search of the OID change log using the OVD changelog adapter fails with LDAP Error 50 'Insufficient Access'.

The changelog adapter is configured with Pass-through Mode: Always.

The OIM Advanced Administration -> Resource Management -> Manage IT Resource -> IT Resource Type: Directory Server -> Admin Login value is set to the OIM Administrator user DN as specified when idmConfigTool script was run for the integration.

e.g.
Admin Login: cn=oimadmin,cn=users,dc=oracle,dc=com


It is expected that the idmConfigTool.sh -prepareIDstore step will configure the cn=changelog Access Control List (ACL) in OID so that the OIM Administrator user can search the OID change log.

Steps to reproduce

1. Configure OAM-OIM integration.
2. Access Oracle Directory Services Manager (ODSM) and connect to OVD as the OIM Administrator user  e.g. cn=oimadmin,cn=users,dc=oracle,dc=com
3. Click the Data Browser tab.
4. Click on the cn=changelog entry, the following error popup is shown:

LDAPException: other (50) Insufficient Access Rights LDAP Exception: Server Message: Insufficient Access Rights





Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms