Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000031737 - PersistenceException caused by ORA-22835 when AFX provisioning rule attempts to add a new user in RSA IMG 6.9.1

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000031737
Applies To	RSA Product Set: Identity Management and Governance (IMG), Aveksa RSA Product/Service Type: Access Fulfillment Express (AFX) RSA Version/Condition: 6.9.1
Issue	The provisioning rule for new users fails when the AFX Connector attempts to create Microsoft Active Directory accounts. The aveksaServer.log logs an error similar to the following: 11/09/2015 07:57:13.200 ERROR (http-0.0.0.0-8080-6) [com.aveksa.gui.components.table.special.SQLTable] Error getting Object List. SQL=select * from (select AV_DATA_ROWS., rownum AV_DATA_ROW_NUMBER from (select from (select pcrd.ID, The following exception is subsequently thrown: com.aveksa.server.db.PersistenceException: Executing JDBC query failed [select * from (select AV_DATA_ROWS., rownum AV_DATA_ROW_NUMBER from (select from (select pcrd.ID, The "caused" message below is also thrown. Caused by: java.sql.SQLException: ORA-22835: Buffer too small for CLOB to CHAR or BLOB to RAW conversion (actual: 5081, maximum: 4000)
Cause	The ORA-22835 exception occurs when a SQL "TO_CHAR" statement attempts to convert a CLOB object to a CHAR object and the CLOB object exceeds 4000 bytes. The 4000 byte limit is a hard limit and is not configurable. ORA-22835 is a new exception, in older (Oracle 10.x and earlier) versions of Oracle SQL if the BLOB object was to large the object would be truncated without any error message. When this error occurs during an AFX provisioning event it is caused by an attempt to convert the SQL statement used to define the attributes to be added to the AD user to a string. This can occur if the Account Template used to define the AD user contains a very large number of user attributes. Note that the number of attributes you can add before encountering this error depends on the size of the SQL used to define them so there is no hard limit. Typically this problem only occurs when 20 or more attributes are defined.
Workaround	Reduce the number of user attributes defined in the "Account Template" (Under Requests/Configuration under the Templates tab) assocated with the Account until the error no longer occurs. Typically RSA Aveksa should be able to support about 20 attributes.

Attachments

Outcomes

0 Comments

Recommended Content