OIM Admin User Logged into ODSM Fails to Manage Users in OID or FA OID. Error: Modify Failed. Host='<OID_HOSTNAME>' Details: [LDAP: error code 50 - Insufficient Access Rights]
(Doc ID 2239574.1)
Last updated on AUGUST 26, 2021
Applies to:
Oracle Internet Directory - Version 11.1.1 and laterInformation in this document applies to any platform.
Symptoms
The Oracle Identity Manager (OIM) administrator account in Oracle Internet Directory (OID), cn=<OIM_ADMIN_USER>,cn=systemids,dc=<COMPANY>,dc=com>, is unable to manager (add/edit/delete) OID users in Oracle Directory Services Manager (ODSM) or from command line.
ODSM error:
Modify Failed. Host='<OID_HOSTNAME>' Details: [LDAP: error code 50 - Insufficient Access Rights]
Found: Document 2237510.1 - How to Delegate Access or Privileges to Realm Administrators / Admin Users in OID 11g (Similar to 10g OIDDAS Delegation)?
So added the realm group the cn=<OIM_ADMIN_USER> belongs to:
cn=oimAdminGroup,cn=systemids,dc=<COMPANY>,dc=com
As a uniquemember to the Delegated Administration Services (DAS) built-in realm groups:
cn=oracleDASCreateUser,cn=groups,cn=oraclecontext,dc=<COMPANY>,dc=com
cn=oracleDASEditUser,cn=groups,cn=oraclecontext,dc=<COMPANY>,dc=com
cn=oracleDASDeleteUser,cn=groups,cn=oraclecontext,dc=<COMPANY>,dc=com
But the same ODSM error continues.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |