OUD 12c - Custom HandleBind Plug-in Bind Fails for Users Under cn=root dns,cn=config: [LDAP: error code 50 - The request control with Object Identifier (OID) "1.3.18.0.2.10.15" cannot be used due to insufficient access rights] (Doc ID 2699833.1)

Last updated on SEPTEMBER 29, 2022

Applies to:

Oracle Unified Directory - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Unified Directory (OUD)12c admin user bypasses custom handleBind plug-in.

Clients using several LDAP controls not implemented in OUD (for example admin control 1.3.18.0.2.10.15).

OUD server rejects the user connections with the following message:

[LDAP: error code 50 - The request control with Object Identifier (OID) "1.3.18.0.2.10.15" cannot be used due to insufficient access rights]

To prevent this error, a custom plugin (for Bind and Modify operations) was created that suppresses undesired controls.

This plug in works perfectly with non-root users but not for Bind operation for users created under cn=Root DNs,cn=config (in this case is ds-cfg-alternate-bind-dn: cn=root).

The documentation does not show any restrictions for handleBind and type of users making the requests. Is this a bug or product design?

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

OUD 12c - Custom HandleBind Plug-in Bind Fails for Users Under cn=root dns,cn=config: [LDAP: error code 50 - The request control with Object Identifier (OID) "1.3.18.0.2.10.15" cannot be used due to insufficient access rights] (Doc ID 2699833.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!