000033996 - CA LDAP Account Collector test connection fails with ' [LDAP: error code 10 - Referral]' error in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Sep 20, 2016Last modified by RSA Customer Support on Sep 9, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033996
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle 
RSA Version/Condition: 7.0.1
 
IssueThe following known issue is documented in the RSA Identity Governance & Lifecycle 7.0.1 Release Notes:
 
ACM-62893 When collecting groups from a CA LDAP server, collection fails if any of
the Group DNs contain a space in the name and the "Collect dynamic group
member" option is enabled.


 


The Collect Dynamic Group Members option is available under Collectors > Account Collectors > Create Account Collector > Data Source Type: Ldap > {Connection Settings} > toggle Groups > Group Data.


 


 


User-added image




NOTE: The collector test fails but a run of the collector succeeds.

The following error is logged to the aveksaServer.log file ($AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log):

 
Collector test failed:
com.aveksa.server.runtime.ServerException: Test request failed with response: com.aveksa.server.runtime.ServerException: com.aveksa.common.DataReadException: Error occurred in fetching members of a group. Caused by javax.naming.PartialResultException: [LDAP: error code 10 - Referral]; remaining name '' Caused By Stack com.aveksa.common.DataReadException: Error occurred in fetching members of a group
    at com.aveksa.collector.accountdata.LdapAccountDataReader.addGroupFromSearchResultToList(LdapAccountDataReader.java:453)
    at com.aveksa.collector.accountdata.LdapAccountDataReader.getGroupIterator(LdapAccountDataReader.java:274)
    at com.aveksa.collector.accountdata.LdapAccountDataReader.getTestGroupIterator(LdapAccountDataReader.java:310)
    at com.aveksa.collector.accountdata.LdapAccountDataReader.getGroupIteratorForTestData(LdapAccountDataReader.java:299)
    at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectData(AccountDataCollector.java:431)
    at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collect(AccountDataCollector.java:302)
    at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectTestData(AccountDataCollector.java:277)
    at com.aveksa.client.datacollector.framework.DataCollectorManager.collect(DataCollectorManager.java:532)
    at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:203)
    at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:102)
    at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:60)
    at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67)
    at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377)      at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364)
    at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58)
    at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275)
    at java.lang.Thread.run(Thread.java:745) Caused by: javax.naming.PartialResultException: [LDAP: error code 10 - Referral]; remaining name '' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2923)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
    at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
    at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)
    at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)
    at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:137)
    at com.aveksa.collector.accountdata.LdapAccountDataReader.addGroupFromSearchResultToList(LdapAccountDataReader.java:390)
...
16 more
End Stack



Please refer to RSA Knowledge Base Article 000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the aveksaServer.log file for your specific deployment, if you are on a WildFly cluster or a non-WildFly platform. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)
 
CauseThis is a known issue reported in engineering ticket ACM-62893 and the RSA Identity Governance & Lifecycle 7.0.1 Release Notes.
 
ResolutionThis issue is resolved in RSA Identity Governance & Lifecycle 7.0.2.
 

Attachments

    Outcomes