My Oracle Support Banner

OID Accounts Cannot be Unlocked by the Users with "Allow account management" Privilege (Doc ID 455442.1)

Last updated on MARCH 08, 2019

Applies to:

Oracle Internet Directory - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.


Creating a user and assigning it "Allow account management" privilege, the locked users cannot be unlocked using the Unlock button from OIDDAS.

Displays an error like: "User <user> could not be unlocked"

LDAP trace logs show:

2007/08/21:15:19:48 * ServerWorker (REG):4 * ConnID:12 * OpId:58 * OpName:modify
INFO : gslfmeADoModify: dn = cn=testlock,cn=users,dc=company,dc=com
15:19:48 * gslfmeADoModify: dn (cn=testlock,cn=users,dc=company,dc=com)
15:19:48 * gslfmeADoModify: modifications:
15:19:48 * add: orclpwdaccountunlock

5:19:48 * gslfacZEvaluate_Attributes: Operation id:(58) Enforcing Server Default Access Policy
15:19:48 * gslfacZEvaluate_Attributes:Operation id:(58) Attribute Access to entry (cn=testlock,cn=users,dc=company,dc=com) not allowed
15:19:48 * gslfacDAclCheckMods: Access to attributes not allowed
15:19:48 * INFO : gslfrsASendLdapResult2 RESULT = 50 nentries=0


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.