OID Accounts Cannot be Unlocked by the Users with "Allow account management" Privilege (Doc ID 455442.1)

Last updated on OCTOBER 04, 2016

Applies to:

Oracle Internet Directory - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.

Symptoms

Creating a user and assigning it "Allow account management" privilege, the locked users cannot be unlocked using the Unlock button from OIDDAS.

Displays an error like: "User <user> could not be unlocked"

LDAP trace logs show:

BEGIN
2007/08/21:15:19:48 * ServerWorker (REG):4 * ConnID:12 * OpId:58 * OpName:modify
INFO : gslfmeADoModify: dn = cn=testlock,cn=users,dc=ro,dc=oracle,dc=com
15:19:48 * gslfmeADoModify: dn (cn=testlock,cn=users,dc=ro,dc=oracle,dc=com)
15:19:48 * gslfmeADoModify: modifications:
15:19:48 * add: orclpwdaccountunlock
...

5:19:48 * gslfacZEvaluate_Attributes: Operation id:(58) Enforcing Server Default Access Policy
15:19:48 * gslfacZEvaluate_Attributes:Operation id:(58) Attribute Access to entry (cn=testlock,cn=users,dc=ro,dc=oracle,dc=com) not allowed
15:19:48 * gslfacDAclCheckMods: Access to attributes not allowed
15:19:48 * INFO : gslfrsASendLdapResult2 RESULT = 50 nentries=0
END

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms