SBL-SEC-10018: Insufficient access error when attempting a password change with the LDAP Security Adapter (Doc ID 551650.1)

Last updated on AUGUST 21, 2016

Applies to:

Siebel System Software - Version 7.7 [18026] BETA to 8.1.1.14 [IP2014] [Release V7 to V8]
Information in this document applies to any platform.
Reviewed for Currency 13-NOV-2009
***Checked for relevance on 27-SEP-2012***

Symptoms

When attempting a password change from the Siebel application via the LDAP Security Adapter (LDAPSecAdpt), the user is presented with the following error:

"SBL-SEC-10018: Insufficient access error"

This occurs if the PropagateChange parameter is set to true and in both administration and customer facing screens.

If security adapter logging is set to 5 for the impacted  application object manager (AOM), the following information will be noted:

EventContext EvtCtxApplet 4 0 2008-01-28 15:19:11 Change Password Applet (SWE) (WritePassword)
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 LDAP SecuritySetUserInfo8, Security User=116cef88, username=USER1, Security User Info=116785d0.
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Security Adapter User Set User Info. User name=USER1, User Info=116785d0.
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Security Adapter User ChangePassword() user=USER1
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Bind to LDAP server LDAPServer10 with dn=uid=appuser,ou=people,dc=domain1,dc=intranet.
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetLdapHandle
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_init(srvti110, 389) returns c24bf8.
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetLdapHandle returns 0
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: BindAsAppUser
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_simple_bind_s(c24bf8, uid=appuser,ou=people,dc=domain1,dc=intranet, *) returns 0
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: BindAsAppUser succeeded,
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetUserDn. Username=USER1, Attribute=uid, BaseDN=ou=people,dc=domain1,dc=intranet
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_search_s(c24bf8, ou=people,dc=domain1,dc=intranet, LDAP_SCOPE_BASE, (uid=USER1), ...) returns 0.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_count_entries(c24bf8, c27958) returns 1.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_first_entry(c24bf8, c27958) returns c27958.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_get_dn(c24bf8, c27958) returns uid=USER1,ou=People,dc=domain1,dc=intranet.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_memfree (c27cf8)
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_msgfree (c27958)
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: UpdatePassword
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: SetSunOnePassword
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: SetUserAttr
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_search_ext_s(c24bf8, uid=USER1,ou=People,dc=domain1,dc=intranet, LDAP_SCOPE_BASE, (objectclass=*), ..., c27920) returns 0.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_modify_ext_s(c24bf8, uid=USER1,ou=People,dc=domain1,dc=intranet, d4ed0c0, NULL, NULL) returns 50.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 mods d4ed0c0:
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 mods[0]:
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 type=userPassword
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 op=2
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 values=
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 *
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetSunOneUpdatePasswordErr
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetSunOneUserPwdPolicy
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetUserAttr
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_search_ext_s(c24bf8, uid=USER1,ou=People,dc=domain1,dc=intranet, LDAP_SCOPE_BASE, (objectclass=*), ..., c28570) returns 0.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_first_entry(c24bf8, c28570) returns c28570.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_get_values(c24bf8, c28570, passwordpolicysubentry) returns 0.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_msgfree (c28570)
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetUserAttr
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_search_ext_s(c24bf8, cn=Password Policy,cn=config, LDAP_SCOPE_BASE, (objectclass=*), ..., c28770) returns 32.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_msgfree (c28770)
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Ldap Utility: GetUserAttr
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_search_ext_s(c24bf8, cn=config, LDAP_SCOPE_BASE, (objectclass=*), ..., c28770) returns 0.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_first_entry(c24bf8, c28770) returns 0.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_msgfree (c28770)
SecAdptLog API Trace 4 0 2008-01-28 15:19:11 Unbind from LDAP server.
SecAdptLog 3rdpartyTrace 3 0 2008-01-28 15:19:11 ldap_unbind(c24bf8) returns 0.
SecAdptLog Memory Mgmt Trace 5 0 2008-01-28 15:19:11 LDAP SecurityFreeErrMessage8, ErrMessage=11677400.
GenericLog GenericError 1 0 2008-01-28 15:19:11 (secmgr.cpp (3825) err=7010018 sys=0) SBL-SEC-10018: Insufficient access

USER1 is the user whose password you are trying to change.  The "SBL-SEC-10018: Insufficient access"
message is clearly visible at the end of the log segment.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms