Environment
NetIQ Access Governance Suite 6
NetIQ Access Governance Suite 6.1
NetIQ eDirectory 8.8 for All Platforms
Resolution
There is a known issue in the interaction between Novell eDirectory and the LDAP connector which can result in the connector returning 0 records even when the connection itself tests fine. The issue is that there are two available control choices for iteration: the PagedResults and the VirtualListView controls. When the LDAP connector queries the Novell eDirectory server for the available controls, it does not detect the VLV control and returns the PagedResults control instead. The PagedResults control, however, does not work correctly to return the records for aggregation.
If you are using Access Governace version 6.0, use this app attribute override to force the connector into a mode rather than relying on the query to return the desired control.
<entry key='iterateModeOverride' value='VIRTUAL_LIST_VIEW'/>
This attribute cannot be specified through the Access Governance Suite user interface; it can be added through debug pages or can be added to the XML export of the application and re-imported.
The Virtual List View Iteration Mode Override was broken in the LDAP Connector that ships with AGS 6.1 and later. Due to this problem, the aggregation will go into an endless loop and process only the first entries received (determined by the page size) over and over.
If you need to aggregate information from eDirectory with AGS 6.1 or later, use this parameter instead:
<entry key='iterateModeOverride' value='DEFAULT'/>