Background: Previously we had 14.3 CP2 and recently upgraded to 14.4 CP2 on June 22. We have CA IDM Provisioning Server configured with '<AD_Custom_Connector>' endpoint type with a '<AD_endpoint>' endpoint that is configured for our AD endpoint.
After the upgrade in our UAT environment, the explore and correlate is failing with the following error messages:
com.ca.jcs.core
com.ca.jcs.enumeration.ProcessingNamingEnumeration
problem getting next element from target naming enumeration
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'cn=Users,CN=<userid>,DC=Identity,DC=<domain>'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3313)[:1.8.0_345]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)[:1.8.0_345]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2998)[:1.8.0_345]
...
We have also enabled logging on the endpoint, and we see this error also occurring:
2023-07-13 10:18:48,506 316744 [ApacheDS Worker-thread-85] <AD_Custom_Connector> (AssocAttributeOpProcessorProxy.java:207) DEBUG - LOOKUP:Find assoc related attributes in: [objectclass]
2023-07-13 10:18:48,506 316744 [ApacheDS Worker-thread-85] <AD_Custom_Connector> (JNDIAttributeStyleOpProcessor.java:189) ERROR - [LDAP: error code 32 - 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:
'cn=Users,CN=<userid>,DC=Identity,DC=<domain>'
]: failed to lookup ou=Users,CN=<userid>,DC=Identity,DC=<domain>'
2023-07-13 10:18:48,506 316744 [ApacheDS Worker-thread-85] <AD_Custom_Connector> (AssocAttributeOpProcessorProxy.java:392) ERROR - class com.ca.jcs.jndi.JNDIMetaConnector: <AD_endpoint> [eTDYNDirectoryName=<AD_endpoint>,eTNamespaceName=<AD_Custom_Connector>,dc=im,dc=etasa]: class com.ca.jcs.assoc.AssocAttributeOpProcessorProxy: failed call on public abstract javax.naming.directory.Attributes com.ca.jcs.processor.OpProcessor.doLookUp(com.ca.jcs.ObjectInfo,java.lang.String[]) throws javax.naming.NamingException LOOKUP operation was skipped
org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: JCS@<hostname>: JNDI: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:
'cn=Users,CN=<userid>,DC=Identity,DC=<domain>'
*NULLCHAR (0x0)*]: failed to lookup ou=Users,CN=<userid>,DC=Identity,DC=<domain>'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)[:1.8.0_345]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)[:1.8.0_345]
...
Release : 14.4
For this issue we had to back up the "cache" folder available at "%CONNECTOR SERVER INSTALLED LOCATION%\data" and then delete it.