OID Special User with Granted Access Rights by Group Member is Unable to Add Entry in ODSM or Command Line Due to Error: LDAP: error code 50 - Insufficient Access Rights
(Doc ID 2913701.1)
Last updated on DECEMBER 07, 2022
Applies to:
Oracle Internet Directory - Version 11.1.1 and laterInformation in this document applies to any platform.
Symptoms
When a group member attempts to add user/group entry, it fails with error: LDAP: error code 50 - Insufficient Access Rights
STEPS TO REPRODUCE
Login to ODSM and perform the steps below:
- Create a group
e.g. testgroupA (cn=testgroupA,cn=groups,<realm_DN>) - Add the special user as member of testgroupA
e.g. user01(cn=user01,cn=users,<realm_DN>) - Grant "write" access to the parent entry - Access "Data Browser" tab, select parent entry (<realm_DN>), access "Subtree Access" > "Structual Access Control" > Create of new access item
- Tab [By Whom]
- By Whom: A Specific Group
- Group : cn=testgroupA,cn=groups,<realm_DN>
- Tab [Access Rights]
- Browse : Grant
- Add : Grant
- Delete : Grant
RESULT
After configuring the above setting, login to ODSM with the group member (e.g., user01).
When creating a new user/group, it returns error ; LDAP: error code 50 - Insufficient Access Rights
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |