LDAP: error code 50 - Insufficient Access Rgiths

Hi,
I am newbie at Oracle Internet Directory. I hope you help me to resolve the following problem:
When I signed in the Oracle Director Manager with user "cn=orcladmin,cn=Users,dc=localhost,dc=com" and blank password
to create an entry (or attribute). I got error: [LDAP: error code 50 - Insufficient Access Rgiths]
How do I resolve this problem?
Thanks,
QuanND

Connecting as orcladmin requires using a password. The password has been established during installation of OID. By default from (9.0.4) on it is set to be the same password as the ias_admin password you provided during installation of the Oracle Infrastructure installation.
Notice that there are two (2) orcladmin entries in OID.
One cn=orcladmin is the OID superuser (same as root on UNIX) the other one is cn=orcladmin, cn=users,dc=your.default.domain
When you login to OID using ODM and specify only orcladmin ODM assumes by default this will be cn=orcladmin (aka root)
regards,
--Olaf

Similar Messages

Error when performing search: getExtendedProperties [LDAP: error code 50

Hi there,
We are currently running OAS 10.1.2. We have an application which is running Oracle Forms. To get access to these forms, the authenication is a combination of the user logging on to their windows domain, (AD SSO) and having the correct username and groups within Oracle OID and DAS.
We have a major problem at the moment in Production where every so often a user will get rejected for having insufficient access rights, and the UserID in the logs being Null. Yet if they try again it works.
Does anyone know why this might be happening for?
Here is the Forms log :
09/07/31 06:59:32 Forms session <967> runtime process id = 10,780
09/07/31 07:02:27 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:02:27 at oracle.ldap.util.User.getExtendedProperties(User.java:365)
09/07/31 07:02:27 at oracle.forms.servlet.FormsOIDContext.getUserCredentials(Unknown Source)
09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.getUserId(Unknown Source)
09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.doRequest(Unknown Source)
09/07/31 07:02:27 at oracle.forms.servlet.FormsServlet.doGet(Unknown Source)
09/07/31 07:02:27 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
09/07/31 07:02:27 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
09/07/31 07:02:27 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
09/07/31 07:02:27 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
09/07/31 07:02:27 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
09/07/31 07:02:27 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
09/07/31 07:02:27 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
09/07/31 07:02:27 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192
09/07/31 07:02:27 at java.lang.Thread.run(Thread.java:534)
09/07/31 07:02:27 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:02:27 In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: ge
tExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
09/07/31 07:02:27 In doRequest method in ue.isNamingException
09/07/31 07:02:27 Redirecting to DAS to update the resviewer list
09/07/31 07:02:27 UserID is NULL redirecting to DAS
09/07/31 07:02:27 Forms Group DNcn=Logical Application Group, orclApplicationCommonName=formsApp_dras03.workcover.qld.gov.au_63A
36930655911DBBF37F32F8ED7FD07, cn=forms, cn=Products, cn=OracleContext
09/07/31 07:02:27 The DAS URL generated: http://prinfds.workcover.qld.gov.au:7777/oiddas/ui/oracle/ldap/das/mypage/AppCreateReso
urceInfo?resKey=prcar_sso&resType=oracleDB&resViewer=cn%3DLogical+Application+Group%2C+orclApplicationCommonName%3DformsApp_dras
03.workcover.qld.gov.au_63A36930655911DBBF37F32F8ED7FD07%2C+cn%3Dforms%2C+cn%3DProducts%2C+cn%3DOracleContext&doneURL=http%3A%2F
%2Fdras03.workcover.qld.gov.au%3A7778%2Fforms%2Ffrmservlet%3Fconfig%3Dprcar_sso%26form%3DSY0001.fmx&cancelURL=
09/07/31 07:05:26 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:05:26 at oracle.ldap.util.User.getExtendedProperties(User.java:365)
09/07/31 07:05:26 at oracle.forms.servlet.FormsOIDContext.getUserCredentials(Unknown Source)
09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.getUserId(Unknown Source)
09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.doRequest(Unknown Source)
09/07/31 07:05:26 at oracle.forms.servlet.FormsServlet.doGet(Unknown Source)
09/07/31 07:05:26 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
09/07/31 07:05:26 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
09/07/31 07:05:26 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
09/07/31 07:05:26 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
09/07/31 07:05:26 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
09/07/31 07:05:26 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
09/07/31 07:05:26 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
09/07/31 07:05:26 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192
09/07/31 07:05:26 at java.lang.Thread.run(Thread.java:534)
09/07/31 07:05:26 oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: er
ror code 50 - Insufficient Access Rights]
09/07/31 07:05:26 In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: ge
tExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
09/07/31 07:05:26 In doRequest method in ue.isNamingException

I fixed it in my environment.
formweb.cfg has oid_formsid and formsid_group_dn. Verify if these values are correct.
Also ensure that formsid_group_dn has no blank spaces after ',' (commas)
formsid_group_dn=cn=Logical Application Group,orclApplicationCommonName=formsApp_xyzhost_1224C3F0A73B11DBBFC783346A955D8F,cn=forms,cn=Products,cn=OracleContext

LDAP: error code (s) library ???

Where will I get the list of all LDAP errors and the explanation about the error. Any document OR webpage is available with such list ???
Example: Assume I got a error, "[LDAP: error code 65 - Object Class Violation]", where will I check for the exact explanation about this error.
Please help...

Hi Guy's
Here you go,
Code
(decimal) Error code (string) Description
0 LDAP_SUCCESS Success
1 LDAP_OPERATIONS_ERROR Operations error
2 LDAP_PROTOCOL_ERROR Protocol error
3 LDAP_TIMELIMIT_EXCEEDED Timelimit exceeded
4 LDAP_SIZELIMIT_EXCEEDED Sizelimit exceeded
5 LDAP_COMPARE_FALSE Compare false
6 LDAP_COMPARE_TRUE Compare true
7 LDAP_STRONG_AUTH_NOT_SUPPORTED Strong authentication not supported
8 LDAP_STRONG_AUTH_REQUIRED Strong authentication required
9 LDAP_PARTIAL_RESULTS Partial results
16 LDAP_NO_SUCH_ATTRIBUTE No such attribute
17 LDAP_UNDEFINED_TYPE Undefined attribute type
18 LDAP_INAPPROPRIATE_MATCHING Inappropriate matching
19 LDAP_CONSTRAINT_VIOLATION Constraint violation
20 LDAP_TYPE_OR_VALUE_EXISTS Type or value exists
21 LDAP_INVALID_SYNTAX Invalid syntax
32 LDAP_NO_SUCH_OBJECT No such object
33 LDAP_ALIAS_PROBLEM Alias problem
34 LDAP_INVALID_DN_SYNTAX Invalid DN syntax
35 LDAP_IS_LEAF Object is a leaf
36 LDAP_ALIAS_DEREF_PROBLEM Alias dereferencing problem
48 LDAP_INAPPROPRIATE_AUTH Inappropriate authentication
49 LDAP_INVALID_CREDENTIALS Invalid credentials
50 LDAP_INSUFFICIENT_ACCESS Insufficient access
51 LDAP_BUSY DSA is busy
52 LDAP_UNAVAILABLE DSA is unavailable
53 LDAP_UNWILLING_TO_PERFORM DSA is unwilling to perform
54 LDAP_LOOP_DETECT Loop detected
64 LDAP_NAMING_VIOLATION Naming violation
65 LDAP_OBJECT_CLASS_VIOLATION Object class violation
66 LDAP_NOT_ALLOWED_ON_NONLEAF Operation not allowed on nonleaf
67 LDAP_NOT_ALLOWED_ON_RDN Operation not allowed on RDN
68 LDAP_ALREADY_EXISTS Already exists
69 LDAP_NO_OBJECT_CLASS_MODS Cannot modify object class
70 LDAP_RESULTS_TOO_LARGE Results too large
80 LDAP_OTHER Unknown error
81 LDAP_SERVER_DOWN Can't contact LDAP server
82 LDAP_LOCAL_ERROR Local error
83 LDAP_ENCODING_ERROR Encoding error
84 LDAP_DECODING_ERROR Decoding error
85 LDAP_TIMEOUT Timed out
86 LDAP_AUTH_UNKNOWN Unknown authentication method
87 LDAP_FILTER_ERROR Bad search filter
88 LDAP_USER_CANCELLED User cancelled operation
89 LDAP_PARAM_ERROR Bad parameter to an ldap routine
90 LDAP_NO_MEMORY Out of memory
questions please contact me @ [email protected]
Thanks
srinivasa

Install OCS 10.1.2 Infra DB failed with LDAP: error code 16 on Workspaces

during install OCS Infrastructure DB OCS have error:
... processed key-value: logfile=/oracle/product/dbocs/workspaces/logs/cw_config_backend.log
... processed key-value: action=setup_backend
... processed key-value: oh=/oracle/product/dbocs
... processed key-value: oid=oid.domain
... processed key-value: oid_port=389
... processed key-value: oid_user_dn=cn=orcladmin
... processed key-value: oid_passwd=xxxxxx
... processed key-value: db_sn=ocs.domain
... processed key-value: dba_user=sys
... processed key-value: dba_passwd=xxxxxx
... processed key-value: cw_db_passwd=xxxxxx
Attempting to set logfile to: /oracle/product/dbocs/workspaces/logs/cw_config_backend.log
Processed oh=/oracle/product/dbocs
BACKEND installation ...
... Trying to lookup database dn
... Obtain OID connection
...... Can not obtain OID ssl port.
...... OID port = "389"
...... Trying to establish a non-ssl connection. OID host "oid.domain", OID port "389", OID user dn "cn=orcladmin".
... OID connection created.
...... You must specify either db_dn or db_sn.
...... ldap search filter "(&(objectclass=orcldbserver)(orcldbglobalname=ocs.domain))"
...... Succesfully located database dn "cn=ocs,cn=OracleContext".
...... Database dn = "cn=ocs,cn=OracleContext"
... Validating existence and version of CW schema: "CWSYS" in database: "cn=ocs,cn=OracleContext".
... Obtain JDBC connect string
... JDBC connect string = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
...derived: "jdbc_str=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))".
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
Unlocking schema and setting passwd: "CWSYS/xxxxxx".
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
... Checking Workspaces container.
... Container "cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext" already exist.
... Finish checking Workspaces container.
... Trying to create backend application entity in OID
...... Database dn = "cn=ocs,cn=OracleContext"
...... Backend entity name = "ocs"
...... Backend entity dn = "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext"
... Backend entries already exist. Cleanup old entries.
deregisterProvisioningListener ...
app dn = orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext
subscriber = dc=domain,dc=com
... Trying to remove entity "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext".
... Deleting "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext"
Adding Workspaces application entity to: cn=Service Registry Viewers,cn=Groups,cn=OracleContext
Adding Workspaces application entity to: cn=Service Registry Admins,cn=Groups,cn=OracleContext
... Insufficient privilege to create application entity "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext". Please check the user DN and password.
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
oracle.workspaces.install.CwCAException: Error while executing action: "setup_backend"
Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]
at oracle.workspaces.install.CwConfig.run(CwConfig.java:639)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
... 1 more
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
What should i do?
help.
Thanks

closed
Re: Install OCS 10.1.2 Infra DB failed with LDAP: error code 16 on Workspac

OID - OperationalNotSupportedException: [LDAP: error code 53 - Server ... ]

Hi,
I'm using JNDI (Java Native Directory Interface) accessing OID, and I received a javax.naming.OperationalNotSupportedException: [LDAP: error code 53 - Server currently in read only mode. Update operations not allowed];
I am not sure what's wrong.
I tried the following command
"./ldapsearch -b "" -s base "objectclass=*" orclservermode" The returned result is "orclservermode=rw"
So it is in read-write mode. I'm not sure what's wrong.
This started happen after I apply the 10.1.4.2.0 patch.

Unfortunately I am not an OID expert so I can't really comment on the OID server part of the problem.
What I actually have plenty of experience of is the JNDI package and there has been a number of times when the error messages produced by JNDI have been cryptic or simply wrong. I would recommend sniffing the LDAP connection and check what error messages are actually created by the OID server.
Good luck!
/M

LDAP: error code 65

i am trying to connect to the LDAP using the JNDI
and i am getting the following error i was unable to solve it
here i am posting my sample slapd.cof file as well as my source program and the error
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class MakeRoot {
final static String ldapServerName = "localhost";
final static String rootdn = "cn=Manager, o=jndiTest";
final static String rootpass = "secret";
final static String subContext = "o=jndiTest";
public static void main( String[] args ) {
// set up environment to access the server
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory" );
env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );
try {
// obtain initial directory context using the environment
DirContext ctx = new InitialDirContext( env );
// now, create the root context, which is just a subcontext
// of this initial directory context.
ctx.createSubcontext( subContext );
} catch ( NameAlreadyBoundException nabe ) {
System.err.println( subContext + " has already been bound!" );
} catch ( Exception e ) {
System.err.println( e );
slapd.cof
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
ucdata-path     ./ucdata
include          ./schema/core.schema
include          ./schema/cosine.schema
include          ./schema/inetorgperson.schema
include          ./schema/java.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral     ldap:/root.openldap.org
pidfile          ./run/slapd.pid
argsfile     ./run/slapd.args
# Load dynamic backend modules:
# modulepath     ./libexec/openldap
# moduleload     back_bdb.la
# moduleload     back_ldap.la
# moduleload     back_ldbm.la
# moduleload     back_passwd.la
# moduleload     back_shell.la
# Sample security restrictions
#     Require integrity protection (prevent hijacking)
#     Require 112-bit (3DES or better) encryption for updates
#     Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
#     Root DSE: allow anyone to read it
#     Subschema (sub)entry DSE: allow anyone to read it
#     Other DSEs:
#          Allow self write access
#          Allow authenticated users read access
#          Allow anonymous users to authenticate
#     Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#     by self write
#     by users read
#     by anonymous auth
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
# rootdn can always read and write EVERYTHING!
# BDB database definitions
#database     bdb
#suffix          "o=jndiTest"
#rootdn          "cn=Manager,o=jndiTest"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
#directory     ./data
# Indices to maintain
#index     objectClass     eq
database bdb
#suffix "dc=stooges,dc=org"
suffix "o=jndiTest"
rootdn "cn=Manager,o=jndiTest"
rootpw secret
directory ./data
defaultaccess read
schemacheck off
lastmod on
error:
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - object class 'javaContainer' requires attribute 'cn']; remaining name 'o=jndiTest'

I have updated the ldap java.schema with below entries, it is working fine
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
     NAME 'javaContainer'
     DESC 'Container for a Java object'
     SUP top
     STRUCTURAL
     MAY ( o $ cn))

Javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21

I have collected the following code from "http://www.concentric.net/~adhawan/tutorial/"
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.*;
import java.util.*;
public class MakeRoot {
        final static String ldapServerName = "localhost";
        final static String rootdn = "cn=Manager, o=jndiTest";
        final static String rootpass = "secret";
        final static String rootContext = "o=jndiTest";
        public static void main( String[] args ) {
                // set up environment to access the server
                Properties env = new Properties();
                env.put( Context.INITIAL_CONTEXT_FACTORY,
                         "com.sun.jndi.ldap.LdapCtxFactory" );
                env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + "/" );
                env.put( Context.SECURITY_PRINCIPAL, rootdn );
                env.put( Context.SECURITY_CREDENTIALS, rootpass );
                try {
                        // obtain initial directory context using the environment
                        DirContext ctx = new InitialDirContext( env );
                        // now, create the root context, which is just a subcontext
                        // of this initial directory context.
                        ctx.createSubcontext( rootContext );
                } catch ( NameAlreadyBoundException nabe ) {
                        System.err.println( rootContext + " has already been bound!" );
                } catch ( Exception e ) {
                        System.err.println( e );
}I am using the ldap server at here:
http://download.bergmans.us/openldap/openldap-2.2.29/openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
My slap.conf is:database     bdb
suffix          "dc=jndiTest"
rootdn          "cn=Manager,dc=jndiTest"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory     ./data
# Indices to maintain
index     objectClass     eqWhile running this code:
ldap://localhost:389/
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - ob
jectClass: value #0 invalid per syntax]; remaining name 'dc=jndiTest'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
        at com.sun.jndi.toolkit.ctx.ComponentContext.p_createSubcontext(Unknown
Source)
        at com.sun.jndi.toolkit.ctx.PartialCompositeContext.createSubcontext(Unk
nown Source)
        at com.sun.jndi.toolkit.ctx.PartialCompositeContext.createSubcontext(Unk
nown Source)
        at javax.naming.InitialContext.createSubcontext(Unknown Source)
        at MakeRoot.main(MakeRoot.java:35)It's obviously connecting with the given credentials and provider url. But then why is it not working?
Any help would highly appreciated. Thanks in advance.

That is right I agree. And I guess that happened because I was trying to doing different permutation-combination with the naming scheme and I forgot to update slapd.conf. And even after made that change it was showing the same error. The poster forgot to mention to include java.schema. That change made it work finally.
Thanks for your reply.

SGD-AD "LDAP error code 49"

Dear all,
I saw the following error in the server-login log file:
2007/07/24 15:15:03.098 (pid 2698) server/login/moreinfo #1185261303098
Loaded class com.sco.tta.server.login.LdapLoginAuthority: {
LDAPRoot=.../_ldapmulti/forest/
accountEnabledChecked=false
anonLogin=false
attemptPasswordChange=true
generalLdapProfileName=.../_ens/o=Tarantella System Objects/cn=LDAP Profile
mustChangePasswordResult[0]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
mustChangePasswordResult[1]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[2]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 773
mustChangePasswordResult[3]=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 773
name=com.sco.tta.server.login.LdapLoginAuthority
propAccEnabled=scottaaccountenabled
userMustChangePasswordResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 773
userPasswordExpiredResult=LDAP: error code 49 - 80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 701
version=4.31.905
What should i do in my SGD server ?
What should i do in my AD server ?
What is the solution to resolve the error ?
Appreciate any help given.

Hi,
I am also getting the same error. Please let me explain what i have encountered.
In the active directory (version 2003), the administrator has limited the user to login to only his workstation. This has been set by putting his workstation host name or IP (which is allowed to accessed by the user) into a "log on to" list (at the user level) in Active Directory.There is another option if the administrator allow the user to be able to log on to any workstation, that is by checking the "log on to all computer" check box at that particular user id.
When my user has been set to "log on to all computer", i don't encounter the error message i.e. error code 49, as mentioned in the subject of this topic. However, when a particular user has been limited to only access to his own workstation, the error appears. However, if the Active Directory server host name or IP has been added into the "log on to" list, the authentication is successful.
My application is actually running on an application server and the user is using Internet Explorer to login to my application from his workstation. And also, the application server has been joined to the same domain as the Active Directory server. My question is, is it a must that the Active Directory server name be added to the "log on to" list of that particular user in order for it to be authenticated by Active Directory? Does anyone has any ideas why this is happening? I definitely don't want to add the AD server name into the list as this will give the user rights to login to the AD server. Any advise would be of great help. Thanks a million in advance.

LDAP: error code 53 - 0000055E: SvcErr: DSID-031A0FC0, problem 5003

Hi,
I Am trying to add an User(whose Primary Group is'Domian users') to a Group called "CN=DS_Disabled_IG,OU=Common,OU=Access Management,OU=Security Groups,OU=BAND,dc=something,DC=com" by using the below code:
LdapContext ctx = null;
ctx = new InitialLdapContext(env, null);
String groupDn = "CN=DS_Disabled_IG,OU=Common,OU=Access Management,etc....";
String completeDnOfUser = "This will be the current DN of the user";
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("member", completeDnOfUser));
ctx.modifyAttributes(groupDn, mods); ------- line A
At 'line A' exception is being throwed as below:
In Exception catch block [LDAP: error code 53 - 0000055E: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000055E: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
remaining name 'CN=DS_Disabled_IG,OU=Common,OU=Access Mana etc......'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3114)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at goes on ......
But the same code is working for me in Lower environment but not in one of the upper environment.
It would of great help, if anyone can suggest solution on this.

Hi Colin,
I am talking about adding the user to a Disabled Group using the below code :
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("member", completeDnOfUser));
ctx.modifyAttributes(groupDn, mods);
But what i suspect here is we should use ADD_ATTRIBUTE instead of REPLACE_ATTRIBUTE. Is that so?
This code success rate in local environment is 70% or 80%(around 70 users passed out of 100 users) but whereas in one of the Upper environment during initial days the same success rate was >70% and then nowadays suddenly it started failing for all the users completely 0%. So I have a confusion here ???
Yes, Domain Users is not a real Ldap group here but what i was conveying here is all created users will be assigned to this group.
Colin, what are those LDP or third party Applications and how useful it will be here??
Regards,
kiran

UMU gives LDAP: error code 32

when i run umu phase=one then i get following message:
Directory error::[LDAP: error code 32 - No Such Object]
Here the content of my parfile:
DBADMIN=system:******
DBLOCATION=dwh12.pdp.postbank.nl:1521:tadm
DIRLOCATION=dwh14.pdp.postbank.nl:3130
ENTADMIN=cn=orcladmin:******
USERS=LIST
USERSLIST=lcornelis
CONTEXT="dc=Users, dc=dwh, dc=postbank, dc=nl"
It looks like there is a problem in the context ..but thats how it is in oid. Does anybody know what is going on.
thanks

That is the "no such Object" message in the LDAP protocol, maybe you should take a look at the rfc2251 before going on with LDAP. Maybe you are trying to access an unexisting entry in the ldap server.
hope it helps

Keep Receiving: Error is: 'Insufficient access rights to perform the operation' When running script

Hello. I have a powershell script I run in our domain to disable AD accounts. Part of that also removes the users from all AD groups. That part of my script however keeps throwing up this Error is: 'Insufficient access rights to perform the operation'
error.
Now from our Exchange server if I run this script with powershell, things work fine. But running it on the domain controller is when I get this error. Thoughts?

Thanks Anna!
I was able to add this code below in to the script where it kept erroring out and it then worked. I had to point it to a different DC then it was running on.
–Server comp1.test.server.com
Thanks again!

Invalid ID store configuration LDAP : Error code 32- No Such object

Followed note : Integrating Oracle E-Business Suite Release 12.1.3 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate [ID 1484024.1
Completed all these steps:
Integrate Oracle Internet Directory with Oracle E-Business Suite
Configure Oracle Internet Directory to return operational attributes
Install Oracle Access Manager
Install and Configure WebGate on the WebTier
Register the WebGate Agent with Oracle Access Manager
Test your WebGate.
we stuck at the stage of Configure Identity Store .
section 4.3.2.1: Create User Identity Store
In the OAM Console, navigate to System Configuration > Common Configuration > Data Sources > User Identity Stores.
Highlight the User Identity Stores node, and click the "*" (Create) icon.
In the window that opens, enter the attributes for your new identity store, for example:
•Store Name = EBSIdStore
•Store Type = OID: Oracle Internet Directory
•Location = oraoidprd1.guc.loc:3060
•Bind DN = cn=orcladmin
•Password =
•User Name Attribute = uid
•User Search Base = cn=users,dc=us,dc=oraoidprd1,dc=com,dc=guc,dc=loc
•Group Search Base = cn=groups,dc=us,dc=oraoidprd1,dc=com,dc=guc,dc=loc
when we click test conenction it fails with
Invalid ID store configuration. User search base specified is invalid
LDAP : Error code 32- No Such object
Any help is greatly appreciated.
Thanks!

Yes.. i am passign the correct values..
Here are the registration steps we did.. as a pre-requisite:
1. Register instance:
[apdevebs@oraebsdev1 bin]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registerinstance=yes
You are registering ORACLE HOME only.
Enter the host name where Oracle iAS Infrastructure database is installed ? oraoidprd1
Enter the LDAP Port on Oracle Internet Directory server ? 3060
Enter SSL LDAP Port on Oracle Internet Directory server ? 3131
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter Oracle E-Business apps database user password ?
2. Register OID:
Register OID
2. [apdevebs@oraebsdev1 bin]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registeroid=yes
You are registering this instance with OID Server.
Enter LDAP Host name ? oraoidprd1
Enter the LDAP Port on Oracle Internet Directory server ? 3060
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter the instance password that you would like to register this application instance with ? test123
Enter Oracle E-Business apps database user password ?
3.. Configure Oracle Internet Directory to return operational attributes
cd /mnt/oidprd_app/app/middleware/Oracle_IDM1/bin
[apprdoid@oraoidprd1 bin]$ cat change_attrs.ldif
dn: cn=dsaconfig, cn=configsets,cn=oracle internet directory
changetype: modify
add: orclallattrstodn
orclallattrstodn:cn=orcladmin
[apprdoid@oraoidprd1 bin]$ export ORACLE_HOME=/mnt/oidprd_app/app/middleware/Oracle_IDM1
[apprdoid@oraoidprd1 bin]$ export PATH=$ORACLE_HOME/bin:$PATH
[apprdoid@oraoidprd1 bin]$ echo $ORACLE_HOME
/mnt/oidprd_app/app/middleware/Oracle_IDM1
[apprdoid@oraoidprd1 bin]$ $ORACLE_HOME/bin/ldapmodify -h oraoidprd1.guc.loc -p 3060 -D cn=orcladmin -w orcladminguprd0id -v -f change_attrs.ldif
add orclallattrstodn:
cn=orcladmin
modifying entry cn=dsaconfig, cn=configsets,cn=oracle internet directory
modify complete
All these pre-req steps compelted successfully.

LDAP: error code 19 - Two realms cannot reference the same DN in orclcommon

Hi,
In Oracle IDM provisioning console I have created a new Realm.
When I try to create a new user it is not asking for where the users needs to be created. That is in which realm it should be created.
I went to configuration and tried to add the DN of the new realm in the user search base.
I gives the following error.
--LDAP: error code 19 - Two realms cannot reference the same DN in orclcommonusersearchbase
Can any one tell me how to create users in different realms.
Thanks,
Vasanth

In my knowledge a registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service registry entry, or if the driver name cannot be obtained from the service registry entry.
As far as I know Microsoft provides these solution options:
Click Uninstall, and then click Scan for hardware changes to load a usable driver.
Restart the computer in Safe Mode, and then select Last Known Good Configuration. This rolls back to the most recent successful registry configuration.
Furthermore you could try to remove the Upperfilters and LowersFilters from this registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Class\{4 D36E965-E325-11CE-BFC1-08002BE10318}
If it doesnt help then access the device manager reinstalls the primary and secondary channel from the IDE ATA/ATAPI Controller section and reboot.
Good luck and Bye

The system failed to merge, error code : General Access denied

The system failed to merge, error code : General Access denied. Could anyone help me on this

Hi,
It could be several things, I think it could be a good start with the following page:
https://blogs.technet.com/b/chrad/archive/2009/10/02/differencing-disks-merging-80070005-error-just-one-persons-lesson-learned.aspx
If that doesn't help you could check out the following technet page to see if it is a permission problem. (it is not exactly the same problem but one of our customers once had the same problem and we solved it with the follwing KB:http://support.microsoft.com/kb/2249906/en-us
Hope this helps you out.

SSIS BULK INSERT unsing UNC inside of ForEach Loop Container Failed could not be opened. Operating system error code 5(Access is denied.)

Hi,
I am trying to figure out how to fix my problem
Error: Could not be opened. Operating system error code 5(Access is denied.)
Process Description:
Target Database Server Reside on different Server in the Network
SSIS Package runs from a Remote Server
SSIS Package use a ForEachLoop Container to loop into a directory to do Bulk Insert
SSIS Package use variables to specified the share location of the files using UNC like this
\\server\files
Database Service accounts under the Database is runing it has full permission on the share drive were the files reside.
In the Execution Results tab shows the prepare SQL statement for the BULK insert and I can run the same exact the bulk insert in SSMS without errors, from the Database Server and from the server were SSIS package is executed.
I am on a dead end and I don’t want to re-write SSIS to use Data Flow Task because is not flexible to update when metadata of the table changed.
Below post it has almost the same situation:
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/8de13e74-709a-43a5-8be2-034b764ca44f/problem-with-bulk-insert-task-in-foreach-loop?forum=sqlintegrationservices

Insteresting how I fixed the issue, Adding the Application Name into the SQL OLAP Connection String Fixed the issue. I am not sure why SQL Server wasn't able to open the file remotely without this.

LDAP: error code 50 - Insufficient Access Rgiths

Similar Messages

Maybe you are looking for