LDAP: error code 50 - Insufficient Access Rights Error Setting up LDAP Sync with Config.sh to OimAdminUser (Doc ID 1557873.1)

Last updated on MARCH 08, 2017

Applies to:

Identity Manager - Version 11.1.2 and later
Information in this document applies to any platform.

Symptoms

When setting up LDAP Sync to OID, then config.sh failing to connect with LDAP Error 50

Documentation shows that we should use 'cn=oimAdminUser,cn=systemids,dc=mycompany,dc=com' for 'Server User'.
- This fails with the error below

If cn-orcladmin is used, then the connection is made, but this is not the recommended user for LDAP Sync.

Refer to
Oracle® Fusion Middleware Installation Guide for Oracle Identity and Access Management
11g Release 2 (11.1.2)

Part Number E27301-04
http://docs.oracle.com/cd/E27559_01/install.1112/e27301/oim.htm#CIHCCECI

5.7 Configuring Oracle Identity Manager Server
Section 5.7.4 -Step 16


Error seen in config log is:
------------

oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.fetchObje
ctAttributes(LDIdentityStoreFactory.java:889)
  at oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.getObject
AttributeCache(LDIdentityStoreFactory.java:923)
  at oracle.security.idm.providers.stdldap.LDIdentityStore.getObjectAttribu
teCache(LDIdentityStore.java:849)
  at oracle.security.idm.providers.stdldap.LDConfiguration.(LDConfigu
ration.java:127)
  at oracle.security.idm.providers.iplanet.IPConfiguration.(IPConfigu
ration.java:51)
  at oracle.security.idm.providers.openldap.OLdapConfiguration.(OLdapConfiguration.java:39)
  at oracle.security.idm.providers.openldap.OLdapIdentityStore.getConfigurationInstance(OLdapIdentityStore.java:55)
  at oracle.security.idm.providers.stdldap.LDIdentityStore.setupStore(LDIdentityStore.java:155)
  at oracle.security.idm.providers.openldap.OLdapIdentityStoreFactory.getIdentityStoreInstance(OLdapIdentityStoreFactory.java:58)
  at oracle.as.install.oim.validation.ValidateLdapConnection.validateLdapConnection(ValidateLdapConnection.java:175)
  at oracle.as.install.oim.validation.ValidateLdapConnection.executeHandler(ValidateLdapConnection.java:439)
  at oracle.as.install.engine.modules.handler.engine.HandlerLauncher$LaunchHelper.execute(HandlerLauncher.java:487)
  at oracle.as.install.engine.modules.handler.engine.HandlerLauncher$LaunchHelper.launch(HandlerLauncher.java:413)
  at oracle.as.install.engine.modules.handler.engine.HandlerLauncher.execute(HandlerLauncher.java:178)
  at oracle.as.install.engine.modules.handler.engine.HandlerEngine.execute(HandlerEngine.java:137)
  at oracle.as.install.engine.modules.handler.HandlerModule.performOperation(HandlerModule.java:455)
  at oracle.as.install.engine.modules.handler.HandlerModule.performInputValidations(HandlerModule.java:413)
  at oracle.as.install.engine.modules.handler.HandlerModule.processModuleEvent(HandlerModule.java:332)
  at oracle.as.install.engine.modules.util.PartnerModuleImpl.processEvent(PartnerModuleImpl.java:118)
  at oracle.as.install.engine.InstallEngine.notifyListeners(InstallEngine.java:626)
  at oracle.as.install.engine.InstallEngine.processEvent(InstallEngine.java:584)
  at oracle.as.install.engine.modules.util.PartnerModuleImpl.notifyAllEventListenersHelper(PartnerModuleImpl.java:227)
  at oracle.as.install.engine.modules.util.PartnerModuleImpl.notifyListeners(PartnerModuleImpl.java:191)
  at oracle.as.install.engine.modules.presentation.PresentationModule.executeModifiedDWizardEvent(PresentationModule.java:717)
  at oracle.as.install.engine.modules.presentation.ui.common.wizard.ModifiedDWizard.fireValidationEvent(ModifiedDWizard.java:3214)
  at oracle.as.install.engine.modules.presentation.ui.common.wizard.ModifiedDWizard.doNext(ModifiedDWizard.java:937)
  at oracle.bali.ewt.wizard.BaseWizard$Action.actionPerformed(Unknown Source)
  at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2018)
  at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2341)
  at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
  at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
  at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252)
  at java.awt.Component.processMouseEvent(Component.java:6505)
  at javax.swing.JComponent.processMouseEvent(JComponent.java:3321)
  at java.awt.Component.processEvent(Component.java:6270)
  at java.awt.Container.processEvent(Container.java:2229)
  at java.awt.Component.dispatchEventImpl(Component.java:4861)
  at java.awt.Container.dispatchEventImpl(Container.java:2287)
  at java.awt.Component.dispatchEvent(Component.java:4687)
  at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4832)
  at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4492)
  at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4422)
  at java.awt.Container.dispatchEventImpl(Container.java:2273)
  at java.awt.Window.dispatchEventImpl(Window.java:2719)
  at java.awt.Component.dispatchEvent(Component.java:4687)
  at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:729)
  at java.awt.EventQueue.access$200(EventQueue.java:103)
  at java.awt.EventQueue$3.run(EventQueue.java:688)
  at java.awt.EventQueue$3.run(EventQueue.java:686)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
  at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:87)
  at java.awt.EventQueue$4.run(EventQueue.java:702)
  at java.awt.EventQueue$4.run(EventQueue.java:700)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
  at java.awt.EventQueue.dispatchEvent(EventQueue.java:699)
  at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:242)
  at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:161)
  at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
  at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:146)
  at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:138)
  at java.awt.EventDispatchThread.run(EventDispatchThread.java:91)
Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'cn=subschemasubentry'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3095)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
  at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1849)
  at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
  at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
  at oracle.security.idm.providers.stdldap.Connection.search(Connection.java:604)
  at oracle.security.idm.providers.stdldap.util.LDAPObjectAttributes.refresh(LDAPObjectAttributes.java:114)
  ... 64 more

 

Changes

 New install.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms