[midPoint] Re. Permission error when modifying entry using LDAP Connector (OpenDJ)

Deepak Natarajan dnataraj at gmail.com
Wed Mar 26 18:50:01 CET 2014

Hi -

On my local environment I use OpenDJ as the identity store (mainly to
test various configurations before moving to a proper test environment
which runs Midpoint against Active Directory etc.).

While testing the outward provisioning of changes to OU's, I run into a
permission error (I've attached the relevant log (This works quite well
with the AD connector, btw) :

Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 -
The entry uid=lonfo-apos,ou=Vuggestuen Regnbuen -
Valmuen,ou=Daginstitutioner,ou=Dagtilbud,ou=Børne- og
Ungeforvaltningen,ou=Vejle Kommune,ou=apos,dc=vejle,dc=dk cannot be
renamed due to insufficient access rights]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3095) ~[na:1.7.0_45]
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
	at com.sun.jndi.ldap.LdapCtx.c_rename(LdapCtx.java:726) ~[na:1.7.0_45]
	at javax.naming.InitialContext.rename(InitialContext.java:443)
	... 54 common frames omitted

I have followed the instructions to set the ACI's etc for
Midpoint+OpenDJ (as in the Wiki) and creating, updating user attributes
etc works correctly. The error occurs when I try to modify anything
related to the OU (i.e move the user to a different org).

Thanks for any suggestions.


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: idm-ldap-error-local.log
URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20140326/a8cc1ec9/attachment-0001.ksh>

More information about the midPoint mailing list