LDAP: error code 50 - The request control with Object Identifier. Cannot be used due to insufficient access rights
search cancel

LDAP: error code 50 - The request control with Object Identifier. Cannot be used due to insufficient access rights

book

Article ID: 280010

calendar_today

Updated On: 11-01-2024

Products

CA Identity Manager

Issue/Introduction

LDAP error code 50 when attempting to modify the IDX endpoint account.  

20240219:150455:TID=001060:Modify    :C602:E598:F:+XXXX: JNDI: [LDAP: error code 50 - The request control with Object Identifier

20240219:150455:TID=001060:Modify    :C602:E598:F:+ (OID) "XXXXX" cannot be used due to insufficient access rights

20240219:150455:TID=001060:Modify    :C602:E598:F:+ights]: failed to modify uid=xxxxxx,ou=xxxx,ou=xxxx,ou=xxxxx,o=xxxxx

This started after upgrade to 14.5

Environment

Standalone 

14.5

Resolution

OUD has a set of Global access control instructions (or lists) -aci / acl- that allow certain users certain functions on the whole directory not necessarily on o=xxxxx.

I added the control in the error to the highlighted acl 

Please have your LDAP Administrators review and add additional control permission to OUD:

(targetcontrol = (version 3.0; acl "Authenticated users control access"; allow (read) userdn = "ldap:///all";)

Where userdn = "ldap:///all", means all authenticated users.

Please have your LDAP Administrators review and adjust the needed permissions to allow access.

If the above steps didn't resolve the issue, please contact the support team, the Engineering Team is working to fix 

Additional Information

There is an HF available to address this issue, please contact the support team.

Reference:

DE618503

Powered by Wolken Software