CA Identity ManagerCA Identity GovernanceCA Identity Portal
Issue/Introduction
When a search for a group or user is not returning any results although it should, and the IM log shows an error: ERROR [ims.llsdk.directory.jndi.searcher] (default task-14) javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=im,ou=ca,o=com' at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:446) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146) at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:111) at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104) at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:548) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
Environment
Identity Portal 14.2
Cause
The cause is a membership role attribute which needs to be removed
Resolution
Remove the membership attribute. For user search the org membership and for group, the group membership. The attribute should be made not searchable in the Portal Admin UI under Setup => Managed Object Attributes. For group and user uncheck the searchable checkbox for membership attributes.