search cancel

Groups Tab in User Creation/Modification

book

Article ID: 113220

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

When a search for a group or user is not returning any results although it should, and the IM log shows an error:
ERROR [ims.llsdk.directory.jndi.searcher] (default task-14) javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=im,ou=ca,o=com'
    at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:446)
    at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146)
    at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741)
    at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
    at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:111)
    at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741)
    at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
    at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
    at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:548)
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)

Cause

The cause is a membership role attribute which needs to be removed
 

Environment

Identity Portal 14.2

Resolution

Remove the membership attribute.
For user search the org membership and for group, the group membership.
The attribute should be made not searchable in the Portal Admin UI under Setup => Managed Object Attributes.
For group and user uncheck the searchable checkbox for membership attributes.