Synchronizing Groups via DIP into A New OID Container Outside Default Realm Fails with: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights] (Doc ID 833568.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 9.0.4 to 10.1.4 [Release 10gR1 to 10gR3]
Information in this document applies to any platform.

Symptoms

Using Oracle Internet Directory (OID) Directory Integration Platform (DIP) to sync entries from a 3rd party directory, such as Active Directory (AD) into OID.

The default installed realm is, for example, dc=mycompany,dc=com.

Created a new container dc=myorg,dc=com, and applied the default aci's from the default cn=users,dc=mycompany,dc=com, as per <Note 361512.1>.

Created and enabled an ActiveChgImp type profile to sync to the new container, and started odisrv for sync.  Sync of user entries into the new container works fine. 

However, groups entries fail to sync to the new container, and the trace file shows error:

DN : cn=marketing,cn=users,dc=myorg,dc=com
Searching for entry in Naming context:
Normalized DN : cn=marketing,cn=users,dc=myorg,dc=com
Changetype is ADDRMODIFY
Processing modifyRadd Operation ..
Entry Not Found. Converting to an ADD op..
Processing Insert Operation ..
Performing createEntry..
Exception creating Entry : javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'cn=marketing,cn=users,dc=myorg,dc=com'
[LDAP: error code 50 - Insufficient Access Rights]
javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'cn=marketing,cn=users,dc=myorg,dc=com'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2996)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
        at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
        at oracle.ldap.odip.gsi.LDAPWriter.createEntry(LDAPWriter.java:1214)
        at oracle.ldap.odip.gsi.LDAPWriter.insert(LDAPWriter.java:429)
        at oracle.ldap.odip.gsi.LDAPWriter.modifyRadd(LDAPWriter.java:826)
        at oracle.ldap.odip.gsi.LDAPWriter.writeChanges(LDAPWriter.java:353)
        at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:656)
        at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
        at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
DIP_LDAPWRITER_ERROR_CREATE
Error in executing mapping DIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
        at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:830)
        at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
        at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
DIP_LDAPWRITER_ERROR_CREATE
Setting Change Success Count : 12621
Setting Change Failure Count : 10315
ActiveChgImp:Error in Mapping EngineDIP_LDAPWRITER_ERROR_CREATE
DIP_LDAPWRITER_ERROR_CREATE
        at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:851)
        at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:377)
        at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:238)
ActiveChgImp:about to Update exec status
Updated Attributes
orclodipLastExecutionTime: 20090515112915
orclodipConDirLastAppliedChgNum: 11208312
orclOdipSynchronizationStatus: Mapping Failure, Agent Execution Not Attempted
orclOdipSynchronizationErrors:
Updated Attributes
orclodipLastExecutionTime: 20090515112915
orclodipConDirLastAppliedChgNum: 11208312
orclOdipSynchronizationStatus: Agent Execution Successful, Mapping/IMPORT operation Failure
orclOdipSynchronizationErrors: Agent Execution Successful, Mapping/IMPORT operation Failure
Ending Mapping execution.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms