OID Special User with Granted Access Rights by Group Member is Unable to Add Entry in ODSM or Command Line Due to Error: LDAP: error code 50 - Insufficient Access Rights
(Doc ID 2913701.1)
Last updated on DECEMBER 07, 2022
Applies to:Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
When a group member attempts to add user/group entry, it fails with error: LDAP: error code 50 - Insufficient Access Rights
STEPS TO REPRODUCE
Login to ODSM and perform the steps below:
- Create a group
e.g. testgroupA (cn=testgroupA,cn=groups,<realm_DN>)
- Add the special user as member of testgroupA
- Grant "write" access to the parent entry - Access "Data Browser" tab, select parent entry (<realm_DN>), access "Subtree Access" > "Structual Access Control" > Create of new access item
- Tab [By Whom]
- By Whom: A Specific Group
- Group : cn=testgroupA,cn=groups,<realm_DN>
- Tab [Access Rights]
- Browse : Grant
- Add : Grant
- Delete : Grant
After configuring the above setting, login to ODSM with the group member (e.g., user01).
When creating a new user/group, it returns error ; LDAP: error code 50 - Insufficient Access Rights
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document