Dp* commands failed w/ SMSLdapObject: insufficient access rights to access

Similar Messages

• SMSLdapObject: insufficient access rights to access

  The dpadmin command failed w/ SMSLdapObject: insufficient access rights to access. The amSMS log is below. What aci did I lose? Any help is appreciated.
  Regards
  11/20/2005 03:17:15:659 AM MST: Thread[main,5,main]
  SMSEntry: cache enabled: true
  11/20/2005 03:17:16:023 AM MST: Thread[main,5,main]
  SMSLdapObject: LDAP Initialized successfully
  11/20/2005 03:17:16:349 AM MST: Thread[main,5,main]
  Initialized LDAPEvent listner
  11/20/2005 03:17:16:412 AM MST: Thread[main,5,main]
  CachedSubEntries::getInstance DN: ou=DAI,ou=services,dc=sun,dc=com
  11/20/2005 03:17:16:432 AM MST: Thread[main,5,main]
  CachedSMSEntry::getInstance: ou=DAI,ou=services,dc=sun,dc=com
  11/20/2005 03:17:16:441 AM MST: Thread[main,5,main]
  SMSLdapObject.read() retry: 0
  11/20/2005 03:17:16:451 AM MST: Thread[main,5,main]
  WARNING: SMSLdapObject: insufficient access rights to access DN=ou=DAI,ou=services,dc=sun,dc=com
  11/20/2005 03:17:16:461 AM MST: Thread[main,5,main]
  ERROR: CachedSubEntries: unable to register for notifications:
  Message:The user does not have permission to perform the operation.
  at com.sun.identity.sm.ldap.SMSLdapObject.read(SMSLdapObject.java:231)
  at com.sun.identity.sm.SMSEntry.read(SMSEntry.java:334)
  at com.sun.identity.sm.SMSEntry.read(SMSEntry.java:326)
  at com.sun.identity.sm.SMSEntry.<init>(SMSEntry.java:162)
  at com.sun.identity.sm.CachedSMSEntry.getInstance(CachedSMSEntry.java:307)
  at com.sun.identity.sm.CachedSubEntries.<init>(CachedSubEntries.java:72)
  at com.sun.identity.sm.CachedSubEntries.getInstance(CachedSubEntries.java:204)
  at com.sun.identity.sm.ServiceManager.getVersions(ServiceManager.java:409)
  at com.sun.identity.sm.ServiceManager.serviceDefaultVersion(ServiceManager.java:42 7)
  at com.sun.identity.sm.ServiceConfigManager.<init>(ServiceConfigManager.java :94)
  at com.iplanet.am.sdk.AMCommonUtils.populateManagedObjects(AMCommonUtils.java:497)
  at com.iplanet.am.sdk.AMCommonUtils.<clinit>(AMCommonUtils.java:113)
  at com.iplanet.am.sdk.AMStoreConnection.<clinit>(AMStoreConnection.java:141)
  at com.sun.portal.desktop.context.DSAMEConnection.<init>(DSAMEConnection.jav a:89)
  at com.sun.portal.desktop.context.DSAMEAdminDPContext.init(DSAMEAdminDPContext.jav a:110)

  - what's the complete command ?
  - which user is used ?
  /ulf

• You do not have sufficient access rights, pls help

  Hi folks,
  I'm getting the "You do not have sufficient access rights" error accessing the Identity System Console. The same admin account can access User/Group/Org Manager screen, however, for some reasons user and group searches return no results. This is the second OIS install against the same ldap dir (ovd to sun 6.3), so I had to specify Id server was not the first one to avoid profile conflict with oblix DBAgents. The admin user had been selected during prev install, and exists under o=Oblix in both cn=Web Masters and cn=Directory Administrators.
  I have LDAPMaxNoOfRetries set to the number of dir servers +1 in all globalparams.xml on OIS. I also can modify ldap dir via both ldapmodify and ldap browser binding to OVD as same user. Turning the TRACE on didn't showed any errors except for the following:
  DB_RUNTIME WARNING 0x00000504 ldap_config_db.cpp:187 "Exception during DB runtime code" function^LDAPConfigDB::Open() status^17
  DB_RUNTIME WARNING 0x00000504 ldap_config_db.cpp:355 "Exception during DB runtime code" function^LDAPConfigDB::ReadOblixDBConfig()status^17
  SCHEDULER_FRAMEWORK ERROR 0x00000501 ../obschedulerthread.cpp:316 "ObError exception caught" ObScheduledTaskLiaison::LoadTasks^ObWFScheduledTaskLiaison
  PPP INFO 0x000008C7 obeventcatalog.cpp:183
  Cannot find the action
  function^ObEventCatalog::GetActionEntry2Modify()
  actionName^front_page_admin_klogin_post
  APP_BASE WARNING 0x00000833 oblixbasecommon2.cpp:1235
  Login failed
  Error^You do not have sufficient access rights
  numLoginFailures^1
  There's nothing in the ldap logs either. The only warning I get per that user is in the ovd log:
  DoSManager: Found unbound connection from active ip addresses
  DoSManager: Found unbound connection from active users
  The Oracle Support is clueless, please help.
  Thank you, Roman

  Hi Vinod,
  Thanks for the post. OK, if I got it right, I have two entries under obcontainerId=DBAgents for each of my primary Id servers. For the one I currently use, I have this towards the bottom:
  obname=oblixConfig-OIS_mdi-oamlx-3
  obname=default-OIS_mdi-oamlx-3
  Both entries have obdbusedby set to OIS_mdi-oamlx-3 which is my OIS id. The obsearchbasestr is different: o=Oblix,o=paychex inc for the oblixConfig, and o=paychex inc,c=us for the default one. Is that's the way it should be?
  Thanks Roman
  P.S: I've noticed I get same error accessing My profile under User Manager.

• AD - SunDS 5.2 minumal access rights required to set passwords in DS

  Hi,
  I am doing Identity Integration for one of our clients with MIIS 2003.
  Among other connections we will have:
  MS Active Directory -> Sun DS 5.2
  I have already set up password synchronization pushed out from AD to DS and it works just fine.
  What I need to accomplish though, is to state minimum access requirements for access to DS.
  Client will not give us a user with administrative priveleges so we need to recommend a user with minumum access rights.
  Obviously this user must have a 'write' for userPassword.
  What else?

  I found out the answer:
  Basic access rights resulting from standard SunDS behaviour (from Sun manuals):
  All users have anonymous access to the directory for search, compare, and read operations.
  Bound users can modify their own entry in the directory, but not delete it. They cannot modify the aci, nsroledn,and passwordPolicySubentry attributes, nor any of their resource limit attributes, password policy state attributes or account lockout state attributes.
  In order to be able to synchronize passwords we must have (in addition to standard access rights):
  �Write� access right for �userPassword� attribute for a particular dc.
  In order to make password synchronization more secure, we can limit workstations (by selecting IP pool), which can originate password synchronization.

• Set-aduser : Insufficient access rights to perform the operation

  I am a domain admin, enterprise admin, exchange admin, domain user, and others.
  While running a PS on a DC as the administrator, The commands I'm running are ...
  $expdate = get-date -date '01/01/2014'
  set-aduser -identity testmail5 -accountexpirationdate $expdate
  I get the following error ...
  set-aduser : Insufficient access rights to perform the operation
  At line:1 char:1
  + set-aduser -identity testmail5 -accountexpirationdate $expdate
      + CategoryInfo          : NotSpecified: (testmail5:ADUser) [Set-ADUser], ADException
      + FullyQualifiedErrorId : Insufficient access rights to perform the operation,Microsoft.ActiveDirectory.Management.Comm
     ands.SetADUser
  I then switch to a different DC, the command 'might' work once, but will never run again in the same window.
  Then I tried this ...
  start-process powershell -verb runas
  That gave me an additional PS window, and I then tried running the commands again.
  Same error message.
  So I tried the following command ...
  $expdate = get-date -date '01/01/2014'
  set-aduser -server XXDC03 -identity testmail5 -accountexpirationdate $expdate
  Same error message.
  Is there any way that I can get around this problem?
  Please help.

  Keep in mind that the account used to open the PowerShell session must be the same account you're using to open ADUC. The error message means that Set-ADUser is trying to set the attribute for the account, but it's failing. Make sure to test with multiple
  different accounts, in case the access control list of the object you're trying to modify is the cause of the problem.
  Your PowerShell syntax is valid, so this isn't really a scripting question but a security/directory services question.
  -- Bill Stewart [Bill_Stewart]

• Insufficient Access Rights when trying to modify send as permissions on a public folder

  Where I work, we have 2 mailbox database servers and 2 cas servers on Exchange 2010, upgraded from Exchange 2003. We are finding that when trying to grant a user send as rights to a publlic folder we are getting an Insufficient Access Rights error. The
  bizzare thing is for one particluar folder we can amend the send as rights with no issue on one of the cas servers but not the other cas or either db servers.
  You would have thought if it was a user permissions issue i.e the adminsitrator not having sufficent rights it would fail on every server and likewise if it was a problem with the folder itself, why is it working on one of the cas servers? Also on
  the one server this particluar folder does allow us to amend the rights, when we try to amend others we get the same error 
  If anyone has come accross this before and knows a fix please share it.
  Thanks

  Hi,
  Please check the ownership of the affected public folder to make sure it points to the right server.
  Here is a similar thread which may help you, please following the suggests in this thread to check result.
  https://social.technet.microsoft.com/Forums/office/en-US/0960b944-82b2-42f1-b438-a7d57b7ab783/insuffaccessrights?forum=exchangesvrgenerallegacy
  Best regards,
  Belinda Ma
  TechNet Community Support

• Public folder migration 2010 to 2013 insufficient access rights

  Hi,
  I'm having a frustrating time with trying to migrate public folders. I've migrated all the mailboxes with no problems but when trying to migrate public folders with the same account it fails with this message;
  Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003
  (INSUFF_ACCESS_RIGHTS), data 0
   --> The user has insufficient access rights.
  The account is in the organisation management and recipient management group.
  I've tried ticking the inherit permission box in AD security.
  I've tried creating a brand new account with the same permissions.
  Nothing works. I'm tempted just to export to pst and import it to the public folder mailbox.
  Any help would be much appreciated.
  Thanks

  Hi Nick,
  ensure that the new admin account has the allow inheritance permission included
  Also ensure that the account has full rights to all the public folders in Ex2010
  Go to the application log and there would be an event triggered for the same with some description. YOu can find  that it might be failing permission on a particular public folder if so grant them access.
  And also check if the permission failed public folder is mail enabled. If so please disable the mail enable on that PF cancel the migration request and start a new migration request with the below cmd
  New-publicfoldermigrationrequest -sourcedatabase (Get-publicfolderdatabase -server servername -csvdata (get-content c:\contents.csv -encoding byte) -BadItemLimit 5000 -AcceptLargeDataLoss
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you.
  Regards, 
  Sathish

• Error while configuring SSL in OID 11g - LDAP 50 Insufficient Access rights

  HI,
  I am trying to configure SSL in OID 11g.As per the doc http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10029/ssl.htm#CBHGBGAF ,i tried creating a Self-Signed Wallte using Fusion Middleware control,But i am getting an error LDAP 50: Insufficient access rights".I logged into Fusion Middle Ware control as Weblogic user.Is anybody faced this issue?.Thanks in advance.

  I am not sure how you tried, but I would recommend to do the following...
  1. Add the 'user1' to "OU=Franchisees,ou=People,dc=company,dc=com"
  2. Delete the 'user1' from 'OU=Internal,ou=People,dc=company,dc=com'

• Orcladmin: "Insufficient access right to perform action" using oidadmin

  After sucessfully installing OID from 8.1.7 CD on Sun Solaris 8
  (SPARC) I can start the monitor and the oidldap. After
  sucessfully connecting with orcladmin using oidadmin I always get
  the same error (either using oidadmin on windows or solaris) when
  accessing "entry management", "schema management" or "audit log
  management":
  Insufficient access right to perform action.
  but the default ACP allows everyone (browse add delete)
  anyone else had the same problem?
  I tried to create the name server with OID with netca which
  obviously does not work either.

  Hi Christian:
  You say that you conencted to OID as "oidadmin". Since OID does
  not have any user account called "oidadmin" you were probably
  conencted as an anonymous user. If you are trying to connect as
  the administrator of OID the correct user account name is
  "orcladmin" with a default password of welcome. Try this and let
  me know if you sitll have troubles.
  Thanks,
  Jay Tomlinson

• Insufficient access rights registering Oracle Directory Integration Server

  Hi all!
  following steps I´ve done to use the Oracle Directory Integration Server.(I´ve installed Oracle 10g infrastructure - OID is running - I´m also able to apply successful with ODM and orcladmin account)
  - oidctl connect=mydb1 server=odisrv instance=1 stop
  - odisrvreg -h localhost -p 389 -D cn=orcladmin,cn=Users,dc=localhost;dc=com -w ,pass
  where pass is the password of orcladmin.
  -> now I get the following error:
  registering..
  Error javax.naming.NoPermissionException [LDAP:error code 50: Insufficient Access Rights]; remaining name 'cn=odisrv+orclhostname=maschine,cn=odi,cn=oracle internet directory' !
  Any idea ??
  Thanks for all help & comments.

  I have gone through the documentation for creating the script. But there is one thing which I am not able to understand i.e. Subscription Parameters.
  Can anyone tell me the use of subscription parameters? What is the role of subscription parameters in Oracle Lite and External Authentication.
  Regards
  Kapil

• Keep Receiving: Error is: 'Insufficient access rights to perform the operation' When running script

  Hello. I have a powershell script I run in our domain to disable AD accounts. Part of that also removes the users from all AD groups. That part of my script however keeps throwing up this Error is: 'Insufficient access rights to perform the operation'
  error. 
  Now from our Exchange server if I run this script with powershell, things work fine. But running it on the domain controller is when I get this error. Thoughts? 

  Thanks Anna!
  I was able to add this code below in to the script where it kept erroring out and it then worked. I had to point it to a different DC then it was running on. 
  –Server comp1.test.server.com
  Thanks again!

• La commande STAT à échoué: failed to lock or parse or multiple access

  Hi,
  I installed Thunderbird 24.4.0 and configured an account in IMAP and everything went fine. Then I configured that same account in POP3 and I'm having the message: "La commande STAT a échoué. Erreur lors de la récupération des tailles et du nombre de messages. Le serveur de courrier XXX a répondu: failed to lock or parse or multiple access." I've been searching the web for an answer and did not find any. I'm just about to remove Thunderbird.
  I configured some other IMAP accounts on the same provider and everything works fine. It looks like only the POP3 doesn't work.
  I installed Thunderbird 24.4.0 on a Windows 7 x64 computer. I also installed all recent patch in case, but it did not solve the problem.
  Hope you can help me. Thanks for any suggestions.

  Paramètres de base de l'application
  Nom: Thunderbird
  Version: 24.4.0
  Agent utilisateur: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
  Dossier de profil: Ouvrir le dossier correspondant
  (Lecteur local)
  Identifiant de compilation de l'application: 20140316131045
  Plugins activés: about:plugins
  Configuration de compilation: about:buildconfig
  Rapports de plantage: about:crashes
  Utilisation mémoire: about:memory
  Comptes courrier et groupes
  account1:
  INCOMING: account1, , (none) Local Folders, plain, passwordCleartext
  account2:
  INCOMING: account2, , (imap) imap-mail.outlook.com:993, SSL, passwordCleartext
  OUTGOING: smtp-mail.outlook.com:587, alwaysSTARTTLS, passwordCleartext, true
  account9:
  INCOMING: account9, , (pop3) 207.134.105.7:110, plain, passwordCleartext
  OUTGOING: relais.videotron.ca:587, plain, passwordCleartext, true
  Extensions
  Préférences modifiées importantes
  Nom: Valeur
  browser.cache.disk.capacity: 358400
  browser.cache.disk.smart_size.first_run: false
  browser.cache.disk.smart_size.use_old_max: false
  browser.cache.disk.smart_size_cached_value: 358400
  extensions.lastAppVersion: 24.4.0
  font.name.monospace.el: Consolas
  font.name.monospace.tr: Consolas
  font.name.monospace.x-baltic: Consolas
  font.name.monospace.x-central-euro: Consolas
  font.name.monospace.x-cyrillic: Consolas
  font.name.monospace.x-unicode: Consolas
  font.name.monospace.x-western: Consolas
  font.name.sans-serif.el: Calibri
  font.name.sans-serif.tr: Calibri
  font.name.sans-serif.x-baltic: Calibri
  font.name.sans-serif.x-central-euro: Calibri
  font.name.sans-serif.x-cyrillic: Calibri
  font.name.sans-serif.x-unicode: Calibri
  font.name.serif.el: Cambria
  font.name.serif.tr: Cambria
  font.name.serif.x-baltic: Cambria
  font.name.serif.x-central-euro: Cambria
  font.name.serif.x-cyrillic: Cambria
  font.name.serif.x-unicode: Cambria
  font.name.serif.x-western: Cambria
  font.size.fixed.el: 14
  font.size.fixed.tr: 14
  font.size.fixed.x-baltic: 14
  font.size.fixed.x-central-euro: 14
  font.size.fixed.x-cyrillic: 14
  font.size.fixed.x-unicode: 14
  font.size.fixed.x-western: 14
  font.size.variable.el: 17
  font.size.variable.tr: 17
  font.size.variable.x-baltic: 17
  font.size.variable.x-central-euro: 17
  font.size.variable.x-cyrillic: 17
  font.size.variable.x-unicode: 17
  font.size.variable.x-western: 12
  mail.openMessageBehavior.version: 1
  mailnews.database.global.datastore.id: 655e8821-60e3-4b55-887b-e0a2779889e
  network.cookie.prefsMigrated: true
  places.database.lastMaintenance: 1398527739
  places.history.expiration.transient_current_max_pages: 49654
  plugin.importedState: true
  plugin.state.java: 0
  Accélération graphique
  Description de la carte: Intel(R) HD Graphics 4000
  ID du vendeur: 0x8086
  ID du périphérique: 0x0166
  RAM de la carte: Unknown
  Pilotes de la carte: igdumd64 igd10umd64 igd10umd64 igdumd32 igd10umd32 igd10umd32
  Version du pilote: 8.15.10.2712
  Date du pilote: 3-26-2012
  Direct2D activé: false
  DirectWrite activé: false (6.2.9200.16571)
  Paramètres ClearType: Paramètres ClearType introuvables
  Rendu WebGL: false
  Fenêtres avec accélération graphique: 0
  AzureCanvasBackend: skia
  AzureFallbackCanvasBackend: cairo
  AzureContentBackend: none
  JavaScript
  Ramasse-miettes incrémentiel: 1
  Accessibilité
  Activée: 0
  Empêcher l'accessibilité: 0
  Versions des bibliothèques
  Version minimale attendue
  Version utilisée
  NSPR
  4.10.2
  4.10.2
  NSS
  3.15.4 Basic ECC
  3.15.4 Basic ECC
  NSS Util
  3.15.4
  3.15.4
  NSS SSL
  3.15.4 Basic ECC
  3.15.4 Basic ECC
  NSS S/MIME
  3.15.4 Basic ECC
  3.15.4 Basic ECC

• Trying to add a user to a Group thru JNDI. Insuffficient Access Rights

  I am trying to add a user to a group using JNDI with,
  DirContext.modifyAttributes()
  I have set up the tree structure outside the default cn=Users setup and defined the Group as auxiliary class.
  I haven't set up any Access Controls. But it fails with "Ldap Error code 50. Insufficient Access Rights".
  If I try to add the same user using the uniquemember attribute to the group I am interested in, it works fine in Directory Manager and Generic Ldap browser. I even tried setting up the JNDI user credentials to "orcladmin" still doesn't work. Any idea??

  Maybe the example code from OID developers guide gives an idea
  http://download-west.oracle.com/docs/cd/A97329_03/manage.902/a95193/smplcode.htm#637267
  --Olaf                                                                                                                                                                                                                                                                                                                                       

• How do i change the access rights for every file in every sub-folder?

  I have an external drive that was shared between my PC and my iMac (running Snow Leopard 10.6.5).
  Some of the files created by my PC have the following access rights (privileges):
  Me: Custom
  staff: Custom
  everyone: Custom
  I want every file to have the following access rights (privileges):
  Me: Read & Write
  staff: Read & Write
  everyone: Read & Write
  I presume that I need to go into the terminal and run some command line program, but I have no idea what program or what options (or even where to look for such a program). Can someone tell me how to do this, so that every file in every sub-folder has the same access rights?

  Well, that's different. Most people do not install anything on their PC to read an HFS+ disk, so I assumed it was formatted for the PC. [See my above post|http://discussions.apple.com/thread.jspa?messageID=12843313#12843313].
  Note that it is the same as what you asked about, except with numbers instead of the letter equivalents.
  Posix permissions are for User;Group;Other (ugo) and each one can have read/write/execute permissions. Read = 4, Write = 2, and Execute = 1. So, for rwx you set 421=7.
  I try to make it safe by not typing in the file path. If you do what you posted, you will change the startup volume's permissions. The path to your external is /Volumes/ext hd mount point. If you start typing the path and accidentally hit return before finishing the full path, you could fubar something you didn't want to. So, I type the command, leave a space, and then drag the target to the Terminal window.
  You might also consider the GUI based permission changing program, [BatChmod|http://www.macchampion.com/arbysoft/BatchMod/Welcome.html].
  Message was edited by: Barney-15E

• When trying to start my Windows server 2008 R2 Data Center, I am getting "ramdisk device creation failed due to insufficient memory",

  I have the following:-
  VMWare workstation version 9 , with windows server 2008 R2 data center installed.
  - I have installed the windows 2008 R2 inside the VM using an iso image.
  - The host is windows 7.
  I use to work well with the VM, but after adding a new VM to the same workstation . I start getting the following error when starting my old VM
  ramdisk device creation failed sue to insufficient memory.
  And on the windows boot manger screen they mentioned to :-
  inset my windows installation dis and restart my PC.
  click “repair your computer”
  but not sure if this will fix the problem , baring in mind that the RAM assigned to the VM
   is 24 GB & 80 GB hard disk.
  The error is 
  Link.
  so can any one advice what is causing this error?
  Thanks

  You might start by checking the RAM.
  http://windows.microsoft.com/en-US/windows7/Diagnosing-memory-problems-on-your-computer
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.