My Oracle Support Banner

OID Special User with Granted Access Rights by Group Member is Unable to Add Entry in ODSM or Command Line Due to Error: LDAP: error code 50 - Insufficient Access Rights (Doc ID 2913701.1)

Last updated on DECEMBER 07, 2022

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Symptoms

When a group member attempts to add user/group entry, it fails with error: LDAP: error code 50 - Insufficient Access Rights


STEPS TO REPRODUCE 

Login to ODSM and perform the steps below:

  1. Create a group
    e.g. testgroupA (cn=testgroupA,cn=groups,<realm_DN>)
  2. Add the special user as member of testgroupA
    e.g. user01(cn=user01,cn=users,<realm_DN>)
  3. Grant "write" access to the parent entry - Access "Data Browser" tab, select parent entry (<realm_DN>), access "Subtree Access" > "Structual Access Control" > Create of new access item

RESULT

After configuring the above setting, login to ODSM with the group member (e.g., user01).
When creating a new user/group, it returns error ; LDAP: error code 50 - Insufficient Access Rights

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.