Unable to manage GroupMembership in Active Directory
Article ID: 132214
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
When previewing/modifying an Active Directory Account Template that maps the multi-valued attribute memberOf the following error appears.
11:04:26,863 ERROR [im.provisioning.accounttemplate] (http-/0.0.0.0:8080-2) Failed to retrieve properties of account template 'Active Directory-AT'
11:04:26,863 ERROR [im.provisioning.accounttemplate] (http-/0.0.0.0:8080-2) String index out of range: -1
11:04:26,864 ERROR [ims.ui] (http-/0.0.0.0:8080-2) com.netegrity.webapp.page.TaskController: [facility=4 severity=3 reason=0 status=6 message=Unrecognized command] String index out of range: -1 at com.ca.identitymanager.provisioning.managedobjectprovider.impl.ProvisioningPolicyProviderImpl.getManagedObject(ProvisioningPolicyProviderImpl.java:186) [identitymanager.jar:] at com.netegrity.llsdk6.imsimpl.managedobject.ManagedObjectImpl._add(ManagedObjectImpl.java:389) [imsapi6.jar:] at com.netegrity.llsdk6.imsimpl.BaseObject.addAttributes(BaseObject.java:2588) [imsapi6.jar:]
11:04:26,863 ERROR [im.provisioning.accounttemplate] (http-/0.0.0.0:8080-2) Failed to retrieve properties of account template 'Active Directory-AT'
11:04:26,863 ERROR [im.provisioning.accounttemplate] (http-/0.0.0.0:8080-2) String index out of range: -1
11:04:26,864 ERROR [ims.ui] (http-/0.0.0.0:8080-2) com.netegrity.webapp.page.TaskController: [facility=4 severity=3 reason=0 status=6 message=Unrecognized command] String index out of range: -1 at com.ca.identitymanager.provisioning.managedobjectprovider.impl.ProvisioningPolicyProviderImpl.getManagedObject(ProvisioningPolicyProviderImpl.java:186) [identitymanager.jar:] at com.netegrity.llsdk6.imsimpl.managedobject.ManagedObjectImpl._add(ManagedObjectImpl.java:389) [imsapi6.jar:] at com.netegrity.llsdk6.imsimpl.BaseObject.addAttributes(BaseObject.java:2588) [imsapi6.jar:]
Environment
Identity Manager 14.1
Resolution
This issue is addressed in 14.1 CP6 or later via the following fixes.
In CP3
https://docops.ca.com/ca-identity-manager/14-1/EN/release-information/release-notes-14-1-cumulative-patches/cp-im-140100-0003-fixed-defects-list
874865 - DE331667 - Unable to export an environment when a rule string is used in eTADSMemberOf attribute, and throws "String index out of range -1" error. eTADSMemberOf attribute expects a groupDN, which definitely contains ",DC=" as a substring. However, if a rule string is used instead of groupDN, it may not have ",DC=" as a substring.
In CP6
https://docops.ca.com/ca-identity-manager/14-1/EN/release-information/release-notes-14-1-cumulative-patches/cp-im-140100-0006-fixed-defects-list
1068902 - DE363361 - Unable to export an environment when a rule string is used in eTADSMemberOf attribute, and throws "String index out of range -1" error. eTADSMemberOf attribute expects a groupDN, which definitely contains ",DC=" as a substring. However, if a rule string is used instead of groupDN, it may not have ",DC=" as a substring.
In CP3
https://docops.ca.com/ca-identity-manager/14-1/EN/release-information/release-notes-14-1-cumulative-patches/cp-im-140100-0003-fixed-defects-list
874865 - DE331667 - Unable to export an environment when a rule string is used in eTADSMemberOf attribute, and throws "String index out of range -1" error. eTADSMemberOf attribute expects a groupDN, which definitely contains ",DC=" as a substring. However, if a rule string is used instead of groupDN, it may not have ",DC=" as a substring.
In CP6
https://docops.ca.com/ca-identity-manager/14-1/EN/release-information/release-notes-14-1-cumulative-patches/cp-im-140100-0006-fixed-defects-list
1068902 - DE363361 - Unable to export an environment when a rule string is used in eTADSMemberOf attribute, and throws "String index out of range -1" error. eTADSMemberOf attribute expects a groupDN, which definitely contains ",DC=" as a substring. However, if a rule string is used instead of groupDN, it may not have ",DC=" as a substring.
Feedback
Yes
No
Powered by
