My Oracle Support Banner

OUD - Can Regular Users Be Given Permission to Search on "cn=config" via the Administration Port? (Doc ID 2030690.1)

Last updated on MARCH 07, 2024

Applies to:

Oracle Unified Directory - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Goal

A regular user entry is assigned the "config-read" privilege...

$> ./ldapsearch -ZX -h <HOST> -p <PORT> -D "<UID>" -b "<SUFFIX>" -T "uid=<UID>" ds-privilege-name
dn: <DN>
ds-privilege-name: bypass-acl
ds-privilege-name: modify-acl
ds-privilege-name: config-read
ds-privilege-name: config-write
ds-privilege-name: ldif-import
ds-privilege-name: ldif-export
ds-privilege-name: backend-backup
ds-privilege-name: backend-restore
ds-privilege-name: server-shutdown
ds-privilege-name: server-restart
ds-privilege-name: disconnect-client
ds-privilege-name: cancel-request
ds-privilege-name: password-reset
ds-privilege-name: update-schema
ds-privilege-name: privilege-change
ds-privilege-name: unindexed-search

The expectation is for the user to be able to search on "cn=config".  However, when attempting to do so, error 49 is returned even though the correct user password is provided...

$> ./ldapsearch -ZX -h <HOST> -p <ADMIN_PORT> -D " DN>" -b "cn=config" -T "objectclass=*"
The simple bind attempt failed
Result Code: 49 (Invalid Credentials)

The following is logged to the OUD DS instance's admin log...

[20/May/2015:19:53:53 +0000] CONNECT conn=4252736 from=<IP>:<PORT> to=<IP>:<PORT> protocol=LDAPS
[20/May/2015:19:53:53 +0000] BIND REQ conn=4252736 op=0 msgID=1 type=SIMPLE dn="<DN>"
[20/May/2015:19:53:53 +0000] BIND RES conn=4252736 op=0 msgID=1 result=49 authFailureID=196826 authFailureReason="Unable to bind to the Directory Server as user <DN> because no such user exists in the server" etime=0
[20/May/2015:19:53:53 +0000] DISCONNECT conn=4252736 reason="Client Disconnect"

So, is it possible for a regular user to search on "cn=config" via the administration port?

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.