The following known issue is documented in the
RSA Identity Governance & Lifecycle 7.0.1 Release Notes:
ACM-62893 When collecting groups from a CA LDAP server, collection fails if any of
the Group DNs contain a space in the name and the "Collect dynamic group
member" option is enabled.
The Collect Dynamic Group Members option is available under Collectors > Account Collectors > Create Account Collector > Data Source Type: Ldap > {Connection Settings} > toggle Groups > Group Data.
Image description
NOTE: The collector test fails but a run of the collector succeeds.
The following error is logged to the
aveksaServer.log file (
$AVEKSA_HOME/wildfly/standalone/log/aveksaServer.log😞
Collector test failed:
com.aveksa.server.runtime.ServerException: Test request failed with response: com.aveksa.server.runtime.ServerException: com.aveksa.common.DataReadException: Error occurred in fetching members of a group. Caused by javax.naming.PartialResultException: [LDAP: error code 10 - Referral]; remaining name '' Caused By Stack com.aveksa.common.DataReadException: Error occurred in fetching members of a group
at com.aveksa.collector.accountdata.LdapAccountDataReader.addGroupFromSearchResultToList(LdapAccountDataReader.java:453)
at com.aveksa.collector.accountdata.LdapAccountDataReader.getGroupIterator(LdapAccountDataReader.java:274)
at com.aveksa.collector.accountdata.LdapAccountDataReader.getTestGroupIterator(LdapAccountDataReader.java:310)
at com.aveksa.collector.accountdata.LdapAccountDataReader.getGroupIteratorForTestData(LdapAccountDataReader.java:299)
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectData(AccountDataCollector.java:431)
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collect(AccountDataCollector.java:302)
at com.aveksa.client.datacollector.collectors.accountdatacollectors.AccountDataCollector.collectTestData(AccountDataCollector.java:277)
at com.aveksa.client.datacollector.framework.DataCollectorManager.collect(DataCollectorManager.java:532)
at com.aveksa.client.component.collector.DefaultCollectorManager.actUpon(DefaultCollectorManager.java:203)
at com.aveksa.client.component.collector.DefaultCollectorManager.handle(DefaultCollectorManager.java:102)
at com.aveksa.client.component.event.DefaultEventManager.handle(DefaultEventManager.java:60)
at com.aveksa.client.datacollector.framework.SimpleEventSource.notifyListeners(SimpleEventSource.java:67)
at com.aveksa.client.component.communication.DefaultCommunicationManager.notifyEvent(DefaultCommunicationManager.java:377) at com.aveksa.client.component.communication.ChangeListHandler.applyChanges(ChangeListHandler.java:364)
at com.aveksa.client.component.communication.ChangeListHandler.access$300(ChangeListHandler.java:58)
at com.aveksa.client.component.communication.ChangeListHandler$ChangeApplyingRunnable.run(ChangeListHandler.java:275)
at java.lang.Thread.run(Thread.java:745) Caused by: javax.naming.PartialResultException: [LDAP: error code 10 - Referral]; remaining name '' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2923)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)
at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)
at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:137)
at com.aveksa.collector.accountdata.LdapAccountDataReader.addGroupFromSearchResultToList(LdapAccountDataReader.java:390)
...
16 more
End Stack
Please refer to RSA Knowledge Base Article
000030327 -- Artifacts to gather in RSA Identity Governance & Lifecycle to find the location of the
aveksaServer.log file for your specific deployment, if you are on a WildFly cluster or a non-WildFly platform. The
aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (
Admin >
System >
Server Nodes tab > under
Logs.)
This is a known issue reported in engineering ticket ACM-62893 and the
RSA Identity Governance & Lifecycle 7.0.1 Release Notes.
This issue is resolved in RSA Identity Governance & Lifecycle 7.0.2.