Invalid DN string during search Error: findUsersInScope: Exception doing scoped search
Article ID: 94801
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
An error similar to this appears in an identity Manager task
Error: findUsersInScope: Exception doing scoped search: [facility=4 severity=3 reason=0 status=6 message=Unrecognized command] _directoryFindMatchingObjects doing search throws error: [facility=4 severity=2 reason=0 status=38 message=No items found] Organisation OU=Test78,OU=Business Entities,OU=PrePROD,OU=PrePROD,DC=managed,DC=testapps,DC=iam,DC=im does not appear in the directory.
Error: findUsersInScope: Exception doing scoped search: [facility=4 severity=3 reason=0 status=6 message=Unrecognized command] _directoryFindMatchingObjects doing search throws error: [facility=4 severity=2 reason=0 status=38 message=No items found] Organisation OU=Test78,OU=Business Entities,OU=PrePROD,OU=PrePROD,DC=managed,DC=testapps,DC=iam,DC=im does not appear in the directory.
Environment
Release:
Component: IDMGR
Component: IDMGR
Resolution
Check the default search configuration of the task you are running (of "Modify User' for example):
Modify Admin Task > Modify User > Search Tab
The search tab allows you to config both the default user search and the default Organization search.
Also verify the scope rule for the task. Click Role Use and note which admin roles are assigned.
Then you can look at the configuration of the respective admin roles (Modify Admin Roles) to make sure members and administrators have the expected membership and scope rules defined.
For the specifc error above, in the role membership of an admin role it was noted that the whole DN, including a duplicate 'OU=PrePROD,' needed to be removed. The duplicate OU can be seen in the original error:
OU=Test78,OU=Business Entities,OU=PrePROD,OU=PrePROD,DC=managed,DC=testapps,DC=iam,DC=im
Modify Admin Task > Modify User > Search Tab
The search tab allows you to config both the default user search and the default Organization search.
Also verify the scope rule for the task. Click Role Use and note which admin roles are assigned.
Then you can look at the configuration of the respective admin roles (Modify Admin Roles) to make sure members and administrators have the expected membership and scope rules defined.
For the specifc error above, in the role membership of an admin role it was noted that the whole DN, including a duplicate 'OU=PrePROD,' needed to be removed. The duplicate OU can be seen in the original error:
OU=Test78,OU=Business Entities,OU=PrePROD,OU=PrePROD,DC=managed,DC=testapps,DC=iam,DC=im
Feedback
Yes
No
Powered by
