1794128 - javax.naming.NoPermissionException: LDAP: error code 50(INSUFF_ACCESS_RIGHTS) | SAP Knowledge Base Article

SAP Knowledge Base Articles - preview

1794128 - javax.naming.NoPermissionException: LDAP: error code 50(INSUFF_ACCESS_RIGHTS)


  • The User Management Engine (UME) is configured to use Active Directory as an LDAP datasource. See LDAP Directory as Data Source for more details.
  • The UME is configured to use a datasource XML file that allows writable access to the Active Directory e.g. dataSourceConfiguration_ads_writeable_db.xml, dataSourceConfiguration_ads_deep_writeable_db.xml etc.
  • There is an SSL connection between the UME and Active Directory. This is a requirement in order to allow the creation of Active Directory users and password resets using the User Administration UIs. See note 673824 for more details.
  • An attempt to create a user or group via the User Administration Identity Management console fails with error message:


  • In the server traces an error such as the following can be found:

Naming exception when trying to create principal USER.CORP_LDAP.ldapuser22
javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'cn=ldapuser22'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3049)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:788)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:178)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:178)
at com.sap.security.core.persistence.datasource.imp.LDAPPersistence.createUserAndAccount(LDAPPersistence.java:3696)



Netweaver AS Java all releases with Active Directory as UME datasource.


SAP Composition Environment all versions ; SAP NetWeaver all versions


User Management Engine UME Active Directory LDAP datasource LDAP: error code 4003 INSUFF_ACCESS_RIGHTS , KBA , BC-JAS-SEC-UME , User Management Engine , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.