000033996 - Account Collector test connection fails with CA LDAP when collecting dynamic group members, if a group's distinguished name contains one or more spaces.

Document created by RSA Customer Support Employee on Sep 20, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033996
Applies ToRSA Product Set: RSA Governance & Lifecycle (RSA GNL)
RSA Version/Condition: 7.0.1
IssueThis issue is documented in RSA Governance & Lifecycle 7.0.1 as a known issue:
 
When defining an account data collector (ADC) for CA LDAP if you have enabled "collect dynamic Group member" and a group in scope exists that has a space in it's name which results in the CN prefix of the DN having a space, test collection for that collector will fail.  Although the collector test fails the groups are collected when the collector is run.

Here is a sample of what the stack trace would look like in our aveksaServer.log:
  • For a standalone Wildfly configuration this file is located in /home/oracle/wildfly/standalone/log.
  • For a clustered Wildfly configuration this file is located in /home/oracle/wildfly/domain/log.
Collector test failed:
com.aveksa.server.runtime.ServerException: Test request failed with response:
com.aveksa.server.runtime.ServerException:
com.aveksa.common.DataReadException: Error occurred in fetching members of a group.
Caused by javax.naming.PartialResultException: [LDAP: error code 10 - Referral]; remaining name '' Caused By Stack
com.aveksa.common.DataReadException: Error occurred in fetching members of a group at
com.aveksa.collector.accountdata.LdapAccountDataReader.addGroupFromSearchResultToList(LdapAccountDataReader.java:453) at
com.aveksa.collector.accountdata.LdapAccountDataReader.getGroupIterator(LdapAccountDataReader.java:274) at
com.aveksa.collector.accountdata.LdapAccountDataReader.getTestGroupIterator(LdapAccountDataReader.java:310) at
com.aveksa.collector.accountdata.LdapAccountDataReader.getGroupIteratorForTestData(LdapAccountDataReader.java:299) at
com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectData(AccountDataCollector.java:431) at
com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collect(AccountDataCollector.java:302) at
com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectTestData(AccountDataCollector.java:277) at
com.aveksa.client.datacollector.framework.DataCollectorManager.collect(DataCollectorManager.java:532) at
com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:203) at
com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:102) at
com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:60) at
com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67) at
com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377) at
com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364) at
com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58) at
com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275) at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.PartialResultException: [LDAP: error code 10 - Referral]; remaining name '' at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2923) at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840) at
com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332) at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231) at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139) at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127) at
javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) at
javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142) at
javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:137) at
com.aveksa.collector.accountdata.LdapAccountDataReader.addGroupFromSearchResultToList(LdapAccountDataReader.java:390)
...
16 more
End Stack
3.

 
CauseThis is currently listed as a known issue in the 7.0.1 release notes.
ResolutionThis issue is known by RSA Engineering and a fix is not currently available at the time of this KB being authored.

Attachments

    Outcomes