|Applies To||RSA Product Set: Identity Management and Governance (IMG), Aveksa|
RSA Product/Service Type: Access Fulfillment Express (AFX)
RSA Version/Condition: 6.9.1
|Issue||The provisioning rule for new users fails when the AFX Connector attempts to create Microsoft Active Directory accounts.|
The aveksaServer.log logs an error similar to the following:
11/09/2015 07:57:13.200 ERROR (http-0.0.0.0-8080-6) [com.aveksa.gui.components.table.special.SQLTable] Error getting Object List. SQL=select * from (select AV_DATA_ROWS.*, rownum AV_DATA_ROW_NUMBER from (select * from (select pcrd.ID,
The following exception is subsequently thrown:
com.aveksa.server.db.PersistenceException: Executing JDBC query failed [select * from (select AV_DATA_ROWS.*, rownum AV_DATA_ROW_NUMBER from (select * from (select pcrd.ID,
Caused by: java.sql.SQLException: ORA-22835: Buffer too small for CLOB to CHAR or BLOB to RAW conversion (actual: 5081, maximum: 4000)
|Cause||The ORA-22835 exception occurs when a SQL "TO_CHAR" statement attempts to convert a CLOB object to a CHAR object and the CLOB object exceeds 4000 bytes. The 4000 byte limit is a hard limit and is not configurable. ORA-22835 is a new exception, in older (Oracle 10.x and earlier) versions of Oracle SQL if the BLOB object was to large the object would be truncated without any error message.|
When this error occurs during an AFX provisioning event it is caused by an attempt to convert the SQL statement used to define the attributes to be added to the AD user to a string. This can occur if the Account Template used to define the AD user contains a very large number of user attributes.
Note that the number of attributes you can add before encountering this error depends on the size of the SQL used to define them so there is no hard limit. Typically this problem only occurs when 20 or more attributes are defined.
|Workaround||Reduce the number of user attributes defined in the "Account Template" (Under Requests/Configuration under the Templates tab) assocated with the Account until the error no longer occurs. |
Typically RSA Aveksa should be able to support about 20 attributes.