000025150 - CT 5.5.3/windows 2000/AD/GC is aux store: admingui  does not return any matching results back when a single character or substring search is used to list users

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025150
Applies ToCleartrust Admingui 5.5.3
Microsoft Windows 2000 Server SP3
setup: primary and aux store setup for ad, primary store is a unique branch under the GC, the aux store is the global catalog itself, both are on windows 2000
IssueCT 5.5.3/windows 2000/AD/GC is aux store: admingui  does not return any matching results back when a single character or substring search is used to list users
can see a user when it is entered by its complete id, can see all users when no search criteria is specified, but when a partial string or single character is used to select which user to view or modify, no results are returned

the following exception is thrown:

java.lang.NumberFormatException: null

at java.lang.Integer.parseInt(Integer.java:436)

at java.lang.Integer.parseInt(Integer.java:518)

at sirrus.da.ldap.admin.LDAPUser.getPropertiesFromEntry(LDAPUser.java:590)

at sirrus.da.ldap.admin.LDAPUser.<init>(LDAPUser.java:330)

at sirrus.da.ldap.admin.factory.LDAPSearchFactory$1UserSearchDeferredLoadList.ldapEntryToObject(LDAPSearchFactory.java:784)

at sirrus.da.ldap.util.LDAPAbstractSearchDeferredLoadList.loadObjectFromStore(LDAPAbstractSearchDeferredLoadList.java:295)

at sirrus.da.util.AbstractKeyedObjectDeferredLoadList.fetchNextObject(AbstractKeyedObjectDeferredLoadList.java:80)

at sirrus.da.util.AbstractDeferredLoadList.loadObjectsToIndex(AbstractDeferredLoadList.java:346)

at sirrus.da.util.AbstractDeferredLoadList.get(AbstractDeferredLoadList.java:499)

at sirrus.util.data.CursorListIterator.hasNext(CursorListIterator.java:61)

at sirrus.da.util.MergeListIterator.next(MergeList.java:154)

at sirrus.da.util.MergeList.get(MergeList.java:71)

at sirrus.api.command.read.search.GetInSearchObjByIndexCmd.execute(GetInSearchObjByIndexCmd.java:72)

at sirrus.api.command.APICmdStrategy.executeCmd(APICmdStrategy.java:235)

at sirrus.api.command.APICmdStrategy.executeOn(APICmdStrategy.java:113)

at sirrus.util.strategy.StrategyManager.executeStrategyFor(StrategyManager.java:140)

at sirrus.api.server.APIClientProxy.executeCmd(APIClientProxy.java:1195)

at sirrus.api.server.APIClientProxy.run(APIClientProxy.java:933)

16:21:43:741 [*] [APIClientProxy_0] - Return code is 5 msg is java.lang.NumberFormatException: null

Causenot all users in the GC contain useraccountcontrol attribute
the windows 2000 environment was not a clean install of windows 2000, it was migrated some time before from windows NT, which did not require the useraccountcontrol attribute
ResolutionAll users in both the primary and aux store are required to have the useraccountcontrol attribute present for admingui to function properly. If they do not, no results will be returned when using a substring search to show users in admingui.  This datastore problem needs to be corrected by the active directory administrator by adding the required attribute to any users who are missing it.
Workaround

to verify the useraccountcontrol attribute is missing and is the source of the problem, change cleartrust.data.ldap.user.windows_user :true  to  cleartrust.data.ldap.user.windows_user :false  and bounce the services.

NOTE: This is strictly to see if this is the source of the trouble, it cannot remain this way.

If the users show up at this point in admingui, it proves that the useraccountcontrol attribute is not present in all users

Legacy Article IDa37824

Attachments

    Outcomes