My Oracle Support Banner

OUD 12c Admin User Bypasses HandleBind Plug-in / Custom PlugIn Bind Fails for Users Under cn=root dns,cn=config: [LDAP: error code 50 - The request control with Object Identifier (OID) "1.3.18.0.2.10.15" cannot be used due to insufficient access rights] (Doc ID 2699833.1)

Last updated on AUGUST 14, 2020

Applies to:

Oracle Unified Directory - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Unified Directory (OUD)12c admin user bypasses custom handleBind plug-in.

Clients using several LDAP controls not implemented in OUD (for example admin control 1.3.18.0.2.10.15).

OUD server rejects the user connections with the following message:

[LDAP: error code 50 - The request control with Object Identifier (OID) "1.3.18.0.2.10.15" cannot be used due to insufficient access rights]

To prevent this error, a custom plugin (for Bind and Modify operations) was created that suppresses undesired controls.

This plug in works perfectly with non-root users but not for Bind operation for users created under cn=Root DNs,cn=config (in this case is ds-cfg-alternate-bind-dn: cn=root).

The documentation does not show any restrictions for handleBind and type of users making the requests. Is this a bug or product design?

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.