| Deleting a User entry from OID using dbms_ldap [message #228284] |
Mon, 02 April 2007 07:33  |
chillindan
Messages: 17
Registered: November 2006
Location: UK
|
Junior Member |
|
|
Hi I am trying to delete a user from the Internet Directory. The code I am using is below
v_user_base := opf_portal.pkg_opf_utils.get_global_variable('OID_USER_BASE');
v_user_attr := opf_portal.pkg_opf_utils.get_global_variable('OID_USER_ATTR');
--delete user from oid
s_session := DBMS_LDAP.init(portal.wwsec_oid.GET_OID_HOST, portal.wwsec_oid.GET_OID_PORT);
n_retval := DBMS_LDAP.simple_bind_s(s_session, '<dn of user with delete user provilege>', '*******');
n_retval := DBMS_LDAP.delete_s(s_session, v_user_attr || '=' || p_email || ',' || v_user_base);
n_retval := DBMS_LDAP.unbind_s(s_session);
The code is running and not erroring, delete_s returns a value of 50, which I assume means it has been successful as the documentation states any other returned value would be an exception.
The problem is when I log into Directory Administration the user is still there? I'm not sure if I am missing something obvious, but any help would be appreciate.
Many thanks,
Danny
|
|
|
|
|
|
| Re: Deleting a User entry from OID using dbms_ldap [message #228797 is a reply to message #228583] |
Wed, 04 April 2007 04:27  |
chillindan
Messages: 17
Registered: November 2006
Location: UK
|
Junior Member |
|
|
You are right 50 is insufficient privileges, but what is confusing is that the user I am using to perform the operation has the delete user privilege granted. So I am a little confused as to why I cant perform the delete operation, unless there is a less obvious privilege a user needs to be able to delete users?
Any more ideas?
Thanks.
|
|
|
|
|
|
| Re: Deleting a User entry from OID using dbms_ldap [message #228824 is a reply to message #228284] |
Wed, 04 April 2007 06:03 |
tahpush
Messages: 961
Registered: August 2006
Location: Stockholm/Sweden
|
Senior Member |
|
|
found this dont know if you seen it
| Quote: | Problem
LDAP: error code 50 - Insufficient Access Rights.
Solution
The odi agent orclODIPAgentName=IPlanetImport,cn=subscriber profile,cn= changelog subscriber,cn=oracle internet directory does not have full read/write access to the synchronized entries in Oracle Internet Directory. Because the cn=oracleDASCreateUser,cn=groups,cn=oraclecontext,identity_management_realm group will already have the required ACLs defined, this entry should be a member of this group. In this case, <subscriber DN> is set to identity_management_realm. You must add the orclODIPAgentName=IPlanetImport,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory user entry to the cn=oracleDASCreateUser,cn=groups,cn=oraclecontext,identity_management_realm group, so that it will have the required ACL access to perform the updates: In Oracle Directory Manager, navigate through: Entry Management ->dc=com,identity_management_realm,cn=oraclecontext-> cn=groups-> cn=oracleDASCreateUser. From here, against the attribute 'uniquemember' add: orclODIPAgentName=IPlanetImport,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory.
|
source
|
|
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
