LDAP Error Code 50
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Crowd is configured with an LDAP user directory. Unable to make changes to the user's account.
Upon trying to configure or change a user's name or properties the following appears in the atlassian-crowd.log:
1
2
3
4
5
6
7
8
9
10
2013-06-19 12:55:15,678 http-bio-8081-exec-1 ERROR [500ErrorPage.jsp] Exception caught in 500 page org.springframework.ldap.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'cn=jira,ou=users,ou=mybusiness,dc=local'
com.atlassian.crowd.exception.runtime.OperationFailedException: org.springframework.ldap.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'cn=jira,ou=users,ou=mybusiness,dc=local'
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.updateUser(CrowdServiceImpl.java:329)
at com.atlassian.crowd.embedded.core.DelegatingCrowdService.updateUser(DelegatingCrowdService.java:90)
at com.atlassian.crowd.embedded.core.FilteredCrowdServiceImpl.updateUser(FilteredCrowdServiceImpl.java:43)
Cause
This error is a permissions configuration issue on the LDAP bind user account.
Resolution
Your LDAP administrator will need to grant the LDAP bind user the permissions required to edit attributes relevant to Crowd (email, display name, etc). Exactly how this is set will vary depending on what type of LDAP server you are using.
Please verify that the LDAP directory was configured with the proper permissions as in Configuring an LDAP Directory Connector
Was this helpful?