|Applies To||RSA Product Set: Identity Management and Governance|
RSA Product/Service Type: Appliance
RSA Version/Condition: 6.9
Platform (Other): null
O/S Version: Suse Linux
Product Name: RSA-0018000
Product Description: Access Certification Manager
|Issue||The Identity Management and Governance (IMG) server Account Data Collection failes in the step "Account Data Processing"|
The IMG server.log shows the following error:
2015-06-11 15:03:31,481 ERROR [com.aveksa.server.db.persistence.PersistenceServiceProvider] Executing Procedure: java.sql.SQLException: ORA-30004: when using SYS_CONNECT_BY_PATH function, cannot have separator as part of column value
ORA-06512: at "AVUSER.ADC_GROUPS", line 428
ORA-06512: at "AVUSER.ADC_GROUPS", line 89
|Cause||The Account Data Collection may fail during the collection of the Group Data on Microsoft Active Directory(AD) datastore if the group names contain the tilde character(~) (ASCII character 126). This occurs because the tilde character(~) is used internally as a column delimiter in a temporary query used to validate nested AD groups.|
|Workaround||Identify the AD group that contains the problem tilde character(`) and rename the group so that it does not contain this character.|
Alternately, modify the query for the collected groups to exclude collection of groups with this character.
Rerun the collection.