My Oracle Support Banner

Changing Passwords in OID 10g After Changing the Userbase Fails With [LDAP: error code 50 - Insufficient Access Rights] (Doc ID 741520.1)

Last updated on FEBRUARY 03, 2019

Applies to:

Oracle Internet Directory - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.

Symptoms

While following the documented method for 'Changing the Location of Users and Groups In The Default Identity Management Realm', where the new naming context is outside the default realm and the Lowest Common User Search Base is the root DSE ('Use case 6' in the documentation), password modification via DAS fails with:

Cannot modify user : [LDAP: error code 50 - Insufficient Access Rights]

 

For example:

Default realm created during install: dc=au,dc=oracle,dc=com
Users under cn=users,dc=au,dc=oracle,dc=com
New directory structure: ou=support,o=oracle,c=au
Users under ou=FMW

 

 Reference:

Oracle Internet Directory Administrator's Guide 10g (10.1.4.0.1) > 23.6.1.1 Changing the Location of Users and Groups In The Default Identity Management Realm

Changes

Applied the ACI to the new user base by using the provided template:

$ORACLE_HOME/ldap/schema/oid/oidUserAdminACL.sbs

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.