LDAP: error code 50 Returned when Creating User in OIM and LDAPSync to OID (Doc ID 2289120.1)

Last updated on JULY 21, 2017

Applies to:

Identity Manager - Version 11.1.2.3.0 and later
Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

 Setting up LDAPSync between OIM and OID.

Test creating user and find that Compensate Error dialog is shown.

Reviewing OIM Diagnostic log, then the following error is captured when oracle.ods.virtualization is set to TRACE:32:

[2017-07-19T11:16:41.818-06:00] [WLS_OIM1] [TRACE] [] [oracle.ods.virtualization] [tid:...] [userId: xelsysadm] [...] [APP: oim#11.1.2.0.0] [SRC_CLASS: oracle.ods.virtualization.engine.util.VDELogger] [SRC_METHOD: debug] userStateChanges to modify add: orclaccountstatusevent[[
orclaccountstatusevent: 3
-

]]
[2017-07-19T11:16:41.820-06:00] [WLS_OIM1] [TRACE] [] [oracle.ods.virtualization] [tid:...] [userId: xelsysadm] [...] [APP: oim#11.1.2.0.0] [SRC_CLASS: oracle.ods.virtualization.engine.util.VDELogger] [SRC_METHOD: debug] userStateChanges to modify add: orclpwdaccountunlock[[
orclpwdaccountunlock: 1
-

]]
[2017-07-19T11:16:41.829-06:00] [WLS_OIM1] [WARNING] [LIBOVD-40082] [oracle.ods.virtualization.engine.backend.jndi.OIDEMA] [tid:...] [userId: xelsysadm] [ecid: ...] [APP: oim#11.1.2.0.0] Could not modify entry.[[
javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'cn=testuser,cn=Users,dc=...'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3095)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1478)

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms