Password Authority Outage: java.sql.SQLException: ORA-22835: Buffer too small for CLOB to CHAR or BLOB to RAW conversion

book

Article ID: 130687

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

 An issue with Cloakware Password Authority which causes an outage.  The account summary list is not presented to the users. 

The catalina.out file has the following error:

SEVERE: AnsiSQLSummaryDAO.getAccountSummaryList sql exception java.sql.SQLException: ORA-22835: Buffer too small for CLOB to CHAR or BLOB to RAW conversion (actual: 4021, maximum: 4000) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:439) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:395) at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:802) 

Cause

A field in the database exceeded the 4000 characters allowed for a CLOB

Environment

Password Authority 4.5.3 using Oracle for the repository cspm database.

Resolution

Run the following SQL query commands to find the problem record in the database:

-- 1. Identify all objects that have attributes that are > 4000 characters 
select classid, objectid, name, length(value), value from attribute where length(value) > 4000; 
-- 2. Run one of the following 3 queries depending on the classid returned from the above query. Note that you will have to change '<objectid> to the object id returned by the previous query. If the query in 1 returns multiple results please repeat this step for each. 
-- 2a. classid='c.cw.m.ac': 
select accountusername, name, hostname from account 
inner join targetapplication on targetapplication.targetapplicationid = account.targetapplicationid 
inner join targetserver on targetapplication.targetserverid = targetserver.targetserverid 
where accountid=<objectId>; 
-- 2b. classid='c.cw.m.tp': 
select name, hostname from targetapplication 
inner join targetserver on targetapplication.targetserverid = targetserver.targetserverid 
where targetapplicationid=<objectId>; 
-- 2c. classid='c.cw.m.ts': 
select hostname from targetserver where targetserverid=<objectid>;
--3.  remove characters from the problem field 

Additional Information

Sometimes the descriptor 2 field of a target server is used to store a lot of data.   This has been the reason the last two times this outage has happened.