My Oracle Support Banner

LDAP Synchronization Privileges Error when Creating Large Numbers of Users in OIM 11.1.2.1.0 with OUD 11.1.2.x.x (Doc ID 1550753.1)

Last updated on JULY 21, 2020

Applies to:

Identity Manager - Version 11.1.2.1.0 and later
Oracle Unified Directory - Version 11.1.2.1.0 to 11.1.2.2.0 [Release 11g]
Information in this document applies to any platform.

Symptoms

Configured in OIM 11.1.2.1.0 with LDAP synchronization with OUD (11.1.2.1.0).

Able to load of about 4,000 users in OIM, then started showing the following error:
"LDAP: error code 50 - You do not have sufficient privileges to perform an unindexed search",

Believed that it was the attribute" orclguid ", indexed this attribute, restarted the instance of OUD.
Now the error is:
"IAM -2050243: Orchestration process with id 4438, failed with error message IAM-3010021: An error occurred while creating the user in LDAP. "


Oim_server logs show the following flow:
----------------------

1. The user is created in OUD. This is consistent with the user present in OUD:

[2013...] [SERVER_NAME] [TRACE]
Entry to add received from client:
displayName: <DISPLAY_NAME>[[
userPassword:: ******
orclAccountLocked: 0
uid: <USER_ID>
givenname: User
employeeType: Full-Time
orclPwdExpirationDate: 20130824143210z
sn: <SN>
orclpwdchangerequired: 1
cn: <DISPLAY_NAME>
objectclass: orclIDXPerson

 
2. A search is performed, and the result is ok:

[2013...] [SERVER_NAME] [TRACE]
Entry to be returned: cn=<DISPLAY_NAME>,cn=Users,cn=oracleAccounts,dc=<DOMAIN>,dc=com[[
orclguid: <GUID>
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: orclIDXPerson
objectClass: top

 
3. Just after that, a search is performed using orclguid as filter:

[2013...] [SERVER_NAME] [TRACE]
JNDI Adapter Search using:[[
BindDN:
Base: dc=<DOMAIN>,dc=com
Scope: 2
Attributes: [orclguid, objectClass]
Filter: orclguid=<GUID>

 
4. Thus giving the error:

[2013...] [SERVER_NAME] [ERROR]
An error occurred while looking up the entity in LDAP, and the corresponding error is - {0}[[
java.lang.NullPointerException

 

In OUD logs, the cause of this error:


[30/Apr/2013:...] SEARCH RES conn=39 op=4 msgID=5 result=50 message="You do not have sufficient privileges to perform an unindexed search" nentries=0 etime=1

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.