LDAP Synchronization Privileges Error when Creating Large Numbers of Users in OIM 11.1.2.1.0 with OUD 11.1.2.x.x (Doc ID 1550753.1)

Last updated on MARCH 08, 2017

Applies to:

Identity Manager - Version 11.1.2.1.0 and later
Oracle Unified Directory - Version 11.1.2.1.0 to 11.1.2.2.0 [Release 11g]
Information in this document applies to any platform.

Symptoms

Configured in OIM 11.1.2.1.0 with LDAP synchronization with OUD (11.1.2.1.0).

Able to load of about 4,000 users in OIM, then started showing the following error:
"LDAP: error code 50 - You do not have sufficient privileges to perform an unindexed search",

Believed that it was the attribute" orclguid ", indexed this attribute, restarted the instance of OUD.
Now the error is:
"IAM -2050243: Orchestration process with id 4438, failed with error message IAM-3010021: An error occurred while creating the user in LDAP. "


Oim_server logs show the following flow:
----------------------

1. The user is created in OUD. This is consistent with the user present in OUD:

[2013...] [oim_server1] [TRACE]
Entry to add received from client:
displayName: User Test7[[
userPassword:: ******
orclAccountLocked: 0
uid: usertest7
givenname: User
employeeType: Full-Time
orclPwdExpirationDate: 20130824143210z
sn: Test7
orclpwdchangerequired: 1
cn: User Test7
objectclass: orclIDXPerson

 
2. A search is performed, and the result is ok:

[2013...] [oim_server1] [TRACE]
Entry to be returned: cn=User Test7,cn=Users,cn=oracleAccounts,dc=example,dc=com[[
orclguid: 04d76e93ee6f4...
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: orclIDXPerson
objectClass: top

 
3. Just after that, a search is performed using orclguid as filter:

[2013...] [oim_server1] [TRACE]
JNDI Adapter Search using:[[
BindDN:
Base: dc=example,dc=com
Scope: 2
Attributes: [orclguid, objectClass]
Filter: orclguid=04d76e93ee6f4...

 
4. Thus giving the error:

[2013...] [oim_server1] [ERROR]
An error occurred while looking up the entity in LDAP, and the corresponding error is - {0}[[
java.lang.NullPointerException

 

In OUD logs, the cause of this error:


[30/Apr/2013:...] SEARCH RES conn=39 op=4 msgID=5 result=50 message="You do not have sufficient privileges to perform an unindexed search" nentries=0 etime=1

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms