My Oracle Support Banner

OVD Is Not Updating User Passwords in MS Active Directory (AD) LDAP: error code 50 INSUFF_ACCESS_RIGHTS (Doc ID 1536208.1)

Last updated on AUGUST 30, 2023

Applies to:

Oracle Virtual Directory - Version and later
Information in this document applies to any platform.


Oracle Virtual Directory (OVD) is not updating users' passwords via a Microsoft (MS) Active Directory (AD) Adapter using the ActiveDirectory Password Plug-In.  The plugin is configured correctly.


At command line when attempting to change a password to a user via OVD, the following error is returned

ldapmodify -h <OVD_HOSTNAME> -p <OVD_PORT> -D cn=orcladmin -w <PASSWORD> -f <FILENAME>
modifying entry cn=<USERNAME>,dc=<AD_USERS>,dc=<COMPANY>,dc=com
ldap_modify: Insufficient access
ldap_modify: additional info: LDAP Error 50 : [LDAP: error code 50 - 00000005: S
ecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Access.log reports the following:

[2013-06-20T11:40:10.350-04:00] [octetstring] [NOTIFICATION] [OVD-20041] [com.octetstring.accesslog] [tid: xx] [ecid: <ECID>] conn=315 op=1 MOD dn=cn=<USERNAME>,dc=<AD_USERS>,dc=<COMPANY>,dc=com
[2013-06-20T11:40:10.371-04:00] [octetstring] [NOTIFICATION] [OVD-20042] [com.octetstring.accesslog] [tid: xxx] [ecid:<ECID>] conn=315 op=1 RESULT err=50 tag=0 nentries=0 etime=21

Diagnostic.log reports the following:

[2013-06-20T11:40:10.370-04:00] [octetstring] [WARNING] [OVD-40082] [com.octetstring.vde.backend.jndi.ConnectionHandle] [tid: xxx] [ecid:<ECID>] Could not modify entry.[[
javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'cn=<USERNAME>,CN=Users,DC=<COUNTRY>,DC=<COMPANY>,DC=com'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(
        at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(
        at com.octetstring.vde.backend.jndi.ConnectionHandle.modify(
        at com.octetstring.vde.backend.jndi.BackendJNDI.modify(



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.