OIM Admin User Logged into ODSM Fails to Manage Users in OID or FA OID. Error: Modify Failed. Host='<OID_HOSTNAME>' Details: [LDAP: error code 50 - Insufficient Access Rights] (Doc ID 2239574.1)

Last updated on AUGUST 26, 2021

Applies to:

Symptoms

The Oracle Identity Manager (OIM) administrator account in Oracle Internet Directory (OID), cn=<OIM_ADMIN_USER>,cn=systemids,dc=<COMPANY>,dc=com>, is unable to manager (add/edit/delete) OID users in Oracle Directory Services Manager (ODSM) or from command line.

ODSM error:

Found: Document 2237510.1 - How to Delegate Access or Privileges to Realm Administrators / Admin Users in OID 11g (Similar to 10g OIDDAS Delegation)?

So added the realm group the cn=<OIM_ADMIN_USER> belongs to:

cn=oimAdminGroup,cn=systemids,dc=<COMPANY>,dc=com

As a uniquemember to the Delegated Administration Services (DAS) built-in realm groups:

cn=oracleDASCreateUser,cn=groups,cn=oraclecontext,dc=<COMPANY>,dc=com
cn=oracleDASEditUser,cn=groups,cn=oraclecontext,dc=<COMPANY>,dc=com
cn=oracleDASDeleteUser,cn=groups,cn=oraclecontext,dc=<COMPANY>,dc=com

But the same ODSM error continues.

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.