Explore and Correlate with AD LDS failing post upgrade to 14.4 CP2
search cancel

Explore and Correlate with AD LDS failing post upgrade to 14.4 CP2

book

Article ID: 269875

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

Background: Previously we had 14.3 CP2 and recently upgraded to 14.4 CP2 on June 22. We have CA IDM Provisioning Server configured with '<AD_Custom_Connector>' endpoint type with a '<AD_endpoint>' endpoint that is configured for our AD endpoint. 

After the upgrade in our UAT environment, the explore and correlate is failing with the following error messages:
com.ca.jcs.core

com.ca.jcs.enumeration.ProcessingNamingEnumeration

problem getting next element from target naming enumeration

javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'cn=Users,CN=<userid>,DC=Identity,DC=<domain>'
 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3313)[:1.8.0_345]
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)[:1.8.0_345]
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2998)[:1.8.0_345]

...

We have also enabled logging on the endpoint, and we see this error also occurring:

2023-07-13 10:18:48,506 316744 [ApacheDS Worker-thread-85] <AD_Custom_Connector> (AssocAttributeOpProcessorProxy.java:207) DEBUG  - LOOKUP:Find assoc related attributes in: [objectclass]
2023-07-13 10:18:48,506 316744 [ApacheDS Worker-thread-85] <AD_Custom_Connector> (JNDIAttributeStyleOpProcessor.java:189) ERROR  - [LDAP: error code 32 - 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:
'cn=Users,CN=<userid>,DC=Identity,DC=<domain>'
 ]: failed to lookup ou=Users,CN=<userid>,DC=Identity,DC=<domain>'
2023-07-13 10:18:48,506 316744 [ApacheDS Worker-thread-85] <AD_Custom_Connector> (AssocAttributeOpProcessorProxy.java:392) ERROR  - class com.ca.jcs.jndi.JNDIMetaConnector: <AD_endpoint> [eTDYNDirectoryName=<AD_endpoint>,eTNamespaceName=<AD_Custom_Connector>,dc=im,dc=etasa]: class com.ca.jcs.assoc.AssocAttributeOpProcessorProxy: failed call on public abstract javax.naming.directory.Attributes com.ca.jcs.processor.OpProcessor.doLookUp(com.ca.jcs.ObjectInfo,java.lang.String[]) throws javax.naming.NamingException LOOKUP operation was skipped
org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: JCS@<hostname>: JNDI: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:
 'cn=Users,CN=<userid>,DC=Identity,DC=<domain>'
*NULLCHAR (0x0)*]: failed to lookup ou=Users,CN=<userid>,DC=Identity,DC=<domain>'
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)[:1.8.0_345]
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)[:1.8.0_345]

...

Environment

Release : 14.4

Resolution

For this issue we had to back up the "cache" folder available at "%CONNECTOR SERVER INSTALLED LOCATION%\data" and then delete it.

Powered by Wolken Software