OID 12c Users Deleted from OID Not recreated after update in AD "LDAP: error code 50 - Insufficient Access Rights"
(Doc ID 2453869.1)
Last updated on SEPTEMBER 10, 2019
Applies to:
Oracle Internet Directory - Version 12.2.1.3.180413 and laterInformation in this document applies to any platform.
Symptoms
Syncing AD into OID using DIP
Users that are manually deleted in OID and then updated in AD are not being recreated/synced into OID as expected
NOTE: Users/Groups and profiles were migrated from OID 11g to OID 12c via ldifwrite/bulkload
<Aug 30, 2018 4:12:12,586 PM EDT> <Error> <oracle.dip.MyADprofile> <DIP-10219> <Exception creating entry : cn=<USERNAME>,cn=users,<REALM_DN>.>
<Aug 30, 2018 4:12:12,586 PM EDT> <Error> <oracle.dip.MyADprofile> <DIP-10005> <Error in applying map rule.
ODIException: Error Creating Entry in Directory
at oracle.ldap.odip.gsi.LDAPWriter.createEntry(LDAPWriter.java:1593)
at oracle.ldap.odip.gsi.LDAPWriter.insert(LDAPWriter.java:694)
at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:1131)
at oracle.ldap.odip.gsi.LDAPWriter.performWriteChanges(LDAPWriter.java:600)
at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:271)
at oracle.ldap.odip.web.DIPSyncWriterThread.run(DIPSyncWriterThread.java:72)
Caused By: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'cn=<USERNAME>,cn=users,dc=<COMPANY>,dc=comv'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3162)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
and
[2018-08-29T10:39:12.636212-04:00] [OID] [TRACE:16] [] [OIDLDAPD] [host: <OID_HOSTNAME>] [pid: 26861] [tid: 15] [ecid: <ECID>] ServerWorker (WRT):[[
BEGIN
ConnID:59191 mesgID:6 OpID:5 OpName:add ConnIP:<IP_ADDRESS>:<PORT> ConnDN:orclodipagentname=<AD_PROFILE_NAME>,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory
gslfadADoAdd:conn=59191 op=5 ADD dn="cn=<USERNAME>,cn=users,dc=<COMPANY>,dc=com"
2018-08-29T10:39:12.636854 * gslaudegGetNearestACP:Parsing the node cn=users,dc=<COMPANY>,dc=com
2018-08-29T10:39:12.636874 * gslaudegGetNearestACP:Parsing the node dc=<COMPANY>,dc=com
2018-08-29T10:39:12.636885 * gslaudegGetNearestACP:Parsing the node ou=dc=com
2018-08-29T10:39:12.636897 * gslaudeeEntryEvaluation:Operation id:(5) Entry DN: (cn=users,dc=<COMPANY>,dc=com)
2018-08-29T10:39:12.636910 * gslaudeeEntryEvaluation: Operation id:(5) User DN: (orclodipagentname=<AD_PROFILE_NAME>,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory)
2018-08-29T10:39:12.636922 * gslaudeeEntryEvaluation:Op id:(5) Visiting ACP at: (cn=users,dc=<COMPANY>,dc=com)
2018-08-29T10:39:12.636955 * gslaudeeEntryEvaluation:Op id:(5) Visiting ACP at: (dc=<COMPANY>,dc=com)
2018-08-29T10:39:12.636966 * gslaudeeEntryEvaluation:Op id:(5) Visiting ACP at: (dc=com)
2018-08-29T10:39:12.636976 * gslaudeeEntryEvaluation:Op id:(5) Visiting ACP at: (cn=root)
2018-08-29T10:39:12.636987 * Adding access=c00008, Available access: c00008, Requested access=40
2018-08-29T10:39:12.636998 * Available access: c00008, Requested access=40 Result=Not Allowed
2018-08-29T10:39:12.637008 * gslaudeeEntryEvaluation:Operation id:(5) Access to Entry (cn=users,dc=<COMPANY>,dc=com) not allowed by ACP at: (cn=root)
2018-08-29T10:39:12.637443 * gslusrnWriteToRemNodes: Sent uid;1:<USERNAME>@<COMPANY>.com change notification to node <OID_HOSTNAME>
2018-08-29T10:39:12.637596 * gslusrnWriteToRemNodes: Sent mail;2:<USERNAME>@<COMPANY>.com change notification to node <OID_HOSTNAME>
2018-08-29T10:39:12.637736 * gslusrnWriteToRemNodes: Sent cn;2:<USERNAME>change notification to node <OID_HOSTNAME>
2018-08-29T10:39:12.637793 * INFO:gsleswrASndResult OPtime=1739 micro sec Qtime=16 micro sec DBtime=0 micro sec RESULT=50 tag=105 nentries=0
END
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |