OIM Admin User (oimAdminUser) Logged into ODSM Fails to Manage Users in OID or FA OID 11g. Error: Modify Failed. Host='<oidhost>' Details: [LDAP: error code 50 - Insufficient Access Rights] (Doc ID 2239574.1)

Last updated on MARCH 01, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Symptoms

The Oracle Identity Manager (OIM) administrator account in Oracle Internet Directory (OID) 11g, cn=oimAdminUser,cn=systemids,<realm, e.g., dc=mycompany,dc=com>, is unable to manager (add/edit/delete) OID users in Oracle Directory Services Manager (ODSM) or from command line.

ODSM error:

(x) Error
 
Modify Failed. Host='<oidhost>' Details: [LDAP: error code 50 - Insufficient Access Rights]


Found: Document 2237510.1 - How to Delegate Access or Privileges to Realm Administrators / Admin Users in OID 11g (Similar to 10g OIDDAS Delegation)?

So added the realm group the oimAdminUser belongs to:

cn=oimAdminGroup,cn=systemids,dc=mycompany,dc=com

As a uniquemember to the Delegated Administration Services (DAS) built-in realm groups:

cn=oracleDASCreateUser,cn=groups,cn=oraclecontext,dc=mycompany,dc=com
cn=oracleDASEditUser,cn=groups,cn=oraclecontext,dc=mycompany,dc=com
cn=oracleDASDeleteUser,cn=groups,cn=oraclecontext,dc=mycompany,dc=com

But the same ODSM error continues.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms