My Oracle Support Banner

LDAP: error code 50 - Insufficient Access Rights Error Setting up LDAP Sync with Config.sh to OimAdminUser (Doc ID 1557873.1)

Last updated on MARCH 08, 2017

Applies to:

Identity Manager - Version 11.1.2 and later
Information in this document applies to any platform.

Symptoms

When setting up LDAP Sync to OID, then config.sh failing to connect with LDAP Error 50

Documentation shows that we should use 'cn=oimAdminUser,cn=systemids,dc=mycompany,dc=com' for 'Server User'.
- This fails with the error below

If cn-orcladmin is used, then the connection is made, but this is not the recommended user for LDAP Sync.

Refer to
Oracle® Fusion Middleware Installation Guide for Oracle Identity and Access Management
11g Release 2 (11.1.2)

Part Number E27301-04
http://docs.oracle.com/cd/E27559_01/install.1112/e27301/oim.htm#CIHCCECI

5.7 Configuring Oracle Identity Manager Server
Section 5.7.4 -Step 16


Error seen in config log is:
------------

oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.fetchObje
ctAttributes(LDIdentityStoreFactory.java:889)
  at oracle.security.idm.providers.stdldap.LDIdentityStoreFactory.getObject
AttributeCache(LDIdentityStoreFactory.java:923)
  at oracle.security.idm.providers.stdldap.LDIdentityStore.getObjectAttribu
teCache(LDIdentityStore.java:849)
  at oracle.security.idm.providers.stdldap.LDConfiguration.(LDConfigu
ration.java:127)
  at oracle.security.idm.providers.iplanet.IPConfiguration.(IPConfigu
ration.java:51)
  at oracle.security.idm.providers.openldap.OLdapConfiguration.(OLdapConfiguration.java:39)
  at oracle.security.idm.providers.openldap.OLdapIdentityStore.getConfigurationInstance(OLdapIdentityStore.java:55)
  at oracle.security.idm.providers.stdldap.LDIdentityStore.setupStore(LDIdentityStore.java:155)
  at oracle.security.idm.providers.openldap.OLdapIdentityStoreFactory.getIdentityStoreInstance(OLdapIdentityStoreFactory.java:58)
  at oracle.as.install.oim.validation.ValidateLdapConnection.validateLdapConnection(ValidateLdapConnection.java:175)
  at oracle.as.install.oim.validation.ValidateLdapConnection.executeHandler(ValidateLdapConnection.java:439)
  at oracle.as.install.engine.modules.handler.engine.HandlerLauncher$LaunchHelper.execute(HandlerLauncher.java:487)
  at oracle.as.install.engine.modules.handler.engine.HandlerLauncher$LaunchHelper.launch(HandlerLauncher.java:413)
  at oracle.as.install.engine.modules.handler.engine.HandlerLauncher.execute(HandlerLauncher.java:178)
  at oracle.as.install.engine.modules.handler.engine.HandlerEngine.execute(HandlerEngine.java:137)
  at oracle.as.install.engine.modules.handler.HandlerModule.performOperation(HandlerModule.java:455)
  at oracle.as.install.engine.modules.handler.HandlerModule.performInputValidations(HandlerModule.java:413)
  at oracle.as.install.engine.modules.handler.HandlerModule.processModuleEvent(HandlerModule.java:332)
  at oracle.as.install.engine.modules.util.PartnerModuleImpl.processEvent(PartnerModuleImpl.java:118)
  at oracle.as.install.engine.InstallEngine.notifyListeners(InstallEngine.java:626)
  at oracle.as.install.engine.InstallEngine.processEvent(InstallEngine.java:584)
  at oracle.as.install.engine.modules.util.PartnerModuleImpl.notifyAllEventListenersHelper(PartnerModuleImpl.java:227)
  at oracle.as.install.engine.modules.util.PartnerModuleImpl.notifyListeners(PartnerModuleImpl.java:191)
  at oracle.as.install.engine.modules.presentation.PresentationModule.executeModifiedDWizardEvent(PresentationModule.java:717)
  at oracle.as.install.engine.modules.presentation.ui.common.wizard.ModifiedDWizard.fireValidationEvent(ModifiedDWizard.java:3214)
  at oracle.as.install.engine.modules.presentation.ui.common.wizard.ModifiedDWizard.doNext(ModifiedDWizard.java:937)
  at oracle.bali.ewt.wizard.BaseWizard$Action.actionPerformed(Unknown Source)
  at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2018)
  at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2341)
  at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
  at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
  at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252)
  at java.awt.Component.processMouseEvent(Component.java:6505)
  at javax.swing.JComponent.processMouseEvent(JComponent.java:3321)
  at java.awt.Component.processEvent(Component.java:6270)
  at java.awt.Container.processEvent(Container.java:2229)
  at java.awt.Component.dispatchEventImpl(Component.java:4861)
  at java.awt.Container.dispatchEventImpl(Container.java:2287)
  at java.awt.Component.dispatchEvent(Component.java:4687)
  at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4832)
  at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4492)
  at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4422)
  at java.awt.Container.dispatchEventImpl(Container.java:2273)
  at java.awt.Window.dispatchEventImpl(Window.java:2719)
  at java.awt.Component.dispatchEvent(Component.java:4687)
  at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:729)
  at java.awt.EventQueue.access$200(EventQueue.java:103)
  at java.awt.EventQueue$3.run(EventQueue.java:688)
  at java.awt.EventQueue$3.run(EventQueue.java:686)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
  at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:87)
  at java.awt.EventQueue$4.run(EventQueue.java:702)
  at java.awt.EventQueue$4.run(EventQueue.java:700)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.security.ProtectionDomain$1.doIntersectionPrivilege(ProtectionDomain.java:76)
  at java.awt.EventQueue.dispatchEvent(EventQueue.java:699)
  at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:242)
  at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:161)
  at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
  at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:146)
  at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:138)
  at java.awt.EventDispatchThread.run(EventDispatchThread.java:91)
Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'cn=subschemasubentry'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3095)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
  at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1849)
  at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
  at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
  at oracle.security.idm.providers.stdldap.Connection.search(Connection.java:604)
  at oracle.security.idm.providers.stdldap.util.LDAPObjectAttributes.refresh(LDAPObjectAttributes.java:114)
  ... 64 more

 

Changes

 New install.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
 5.7 Configuring Oracle Identity Manager Server
Section 5.7.4 -Step 16
Changes
Cause
Solution


This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.