Description

The Policy Servers are experiencing periodic failures inserting records into the SMOBJLOG4 audit table.

The failures are specific to the sm_objoid field. For the requests that fail, SiteMinder is attempting to insert a user DN into this field. These appear to be password changes via API calls. Looking at the Oracle logs, much of the data seems a little off on these requests.

Is this reasonable data to insert into the smobjlog4 table?

Our concern is about the field SM_OBJOID, in this case SiteMinder is logging the user dn NOT the Object ID.

Solution

Smobjlog4 table is used for Object Events. Object events are called whenever SiteMinder objects are created/modified/deleted.

In this scenario your custom application was changing the password for the user "uid=xxxxxxxxxxxxxxxx, ou=xxxxxx ...", but SiteMinder was unable to insert this information into the database because the sm_objoid is greater that the maximum size for the column, in this case 64 characters.

For SiteMinder specific objects, this is an internally defined OID using the format: 0e-668ae540-ad73-1036-a88a-8316e05f304d. However when an admin change is made to a user object (admin password change, admin disable), the OID is the actual DN of the user.

Therefore You will need to expand the field size of the sm_objoid field in the table smobjlog4 to match the largest possible DNs in your User Directory.