OVD Is Not Updating User Passwords in MS Active Directory (AD) LDAP: error code 50 INSUFF_ACCESS_RIGHTS (Doc ID 1536208.1)

Last updated on JULY 01, 2016

Applies to:

Oracle Virtual Directory - Version 10.1.4.3 to 11.1.1.0
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) is not updating users' passwords via a Microsoft (MS) Active Directory (AD) Adapter using the ActiveDirectory Password Plug-In.  The plugin is configured correctly.

 

At command line when attempting to change a password to a user via OVD, the following error is returned

ldapmodify -h myovdhost.us.oracle.com -p 6502 -D cn=orcladmin -w welcome1 -f pwd.txt
modifying entry cn=testuser1,dc=adusers,dc=oracle,dc=com
ldap_modify: Insufficient access
ldap_modify: additional info: LDAP Error 50 : [LDAP: error code 50 - 00000005: S
ecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

Access.log reports the following:

[2013-06-20T11:40:10.350-04:00] [octetstring] [NOTIFICATION] [OVD-20041] [com.oc
tetstring.accesslog] [tid: 337] [ecid: 0000JxYFZ3iBp2f5TZ1Fic1HkRGT00005K,0] con
n=315 op=1 MOD dn=cn=testuser1,dc=adusers,dc=oracle,dc=com
[2013-06-20T11:40:10.371-04:00] [octetstring] [NOTIFICATION] [OVD-20042] [com.oc
tetstring.accesslog] [tid: 337] [ecid: 0000JxYFZ3iBp2f5TZ1Fic1HkRGT00005K,0] con
n=315 op=1 RESULT err=50 tag=0 nentries=0 etime=21

Diagnostic.log reports the following:

[2013-06-20T11:40:10.370-04:00] [octetstring] [WARNING] [OVD-40082] [com.octetstring.vde.backend.jndi.ConnectionHandle] [tid: 337] [ecid: 0000JxYFZ3iBp2f5TZ1Fic1HkRGT00005K,0] Could not modify entry.[[
javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-031A0F44, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'cn=testuser1,CN=Users,DC=us,DC=oracle,DC=com'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3075)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
        at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1458)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
        at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
        at com.octetstring.vde.backend.jndi.ConnectionHandle.modify(ConnectionHandle.java:311)
        at com.octetstring.vde.backend.jndi.BackendJNDI.modify(BackendJNDI.java:806)

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms