Issue with Password Policy Validation Module

When enabling the Password Policy Validation Module I was receiving the following.


<03/07/2015 7:32:40 AM AEST> <Error> <oracle.oam.user.identity.provider> <OAMSSA-20092> <Could not modify user attribute for user : uid=weblogic,cn=users,dc=example,dc=com, attributes : OUD, for idstore oracle.igf.ids.AuthorizationException: Insufficient Access rights to perform the operation: entity=uid=weblogic,cn=users,dc=example,dc=com op=modify AdditionalInfo: LDAP Error 50 : [LDAP: error code 50 - The entry uid=weblogic,cn=users,dc=example,dc=com cannot be modified due to insufficient access rights] with exception {3}.> [/code]

Seems that I forgot to run the idmconfigtool for OAM Configuration, but here is the quick way to resolve.

  1. Create an OAM Administration Group in your directory.
    1. For example cn=OAMAdministrators,cn=groups,dc=example,dc=com
    2. Add a uniquemember that matches the Bind DN in the User Identity Store you are using. [code]dn: cn=OAMAdministrators,cn=groups,dc=example,dc=com objectClass: top objectClass: groupofUniqueNames cn: OAMAdministrators uniquemember: uid=oamadmin,cn=users,dc=example,dc=com uniquemember: uid=oamldap,cn=systemids,dc=example,dc=com[/code]
    3. Add using ldapadd [code]/u01/app/oracle/fmw/asinst_1/OUD/bin/ldapmodify -h localhost -p 1389 -D"cn=Directory Manager" -w Passw0rd -f /tmp/oamadmin.ldif[/code]
  2. Create an ACI file suitable for an ldapmodify command
    1. Create a file containing [code] dn: dc=example,dc=com changetype: modify add: aci aci: (targetattr="*")(version 3.0; acl "Allow OAMAdminGroup add, read and write access to all attributes"; allow(add,read,search,compare,write,delete,import,export) groupdn="ldap:///cn=OAMAdministrators,cn=groups,dc=example,dc=com";) [/code]
    2. Add using ldapmodify [code]/u01/app/oracle/fmw/asinst_1/OUD/bin/ldapmodify -h localhost -p 1389 -D"cn=Directory Manager" -w Passw0rd -f /tmp/oamadmin.ldif[/code]
  3. Confirm that the error has gone away.
Loading Google+ Comments ...