Changing Passwords in OID 10g After Changing the Userbase Fails With [LDAP: error code 50 - Insufficient Access Rights] (Doc ID 741520.1)

Last updated on SEPTEMBER 15, 2016

Applies to:

Oracle Internet Directory - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.

Symptoms

While following the documented method for 'Changing the Location of Users and Groups In The Default Identity Management Realm', where the new naming context is outside the default realm and the Lowest Common User Search Base is the root DSE ('Use case 6' in the documentation), password modification via DAS fails with:

Cannot modify user : [LDAP: error code 50 - Insufficient Access Rights]

 

For example:

Default realm created during install: dc=au,dc=oracle,dc=com
Users under cn=users,dc=au,dc=oracle,dc=com
New directory structure: ou=support,o=oracle,c=au
Users under ou=FMW

 

 Reference:

Oracle Internet Directory Administrator's Guide 10g (10.1.4.0.1) > 23.6.1.1 Changing the Location of Users and Groups In The Default Identity Management Realm

Changes

Applied the ACI to the new user base by using the provided template:

$ORACLE_HOME/ldap/schema/oid/oidUserAdminACL.sbs

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms