Pulling data in pages from Windows Active Directory

  • 7011172
  • 06-Jul-2010
  • 02-Nov-2012

Environment

NetIQ Access Governance Suite

Situation

Due to a common Windows issue that occurs after applying security upgrade MS08-003 on a Windows Server 2003-based computer, it is common that only the first page of users is retrieved when trying to pull data in pages from the Active Directory. Visit the MS Support Center for Microsoft'sarticleon this error.

Resolution

¢ For less than 10,000 users, increasing the buffer size may resolve this issue.

¢ Verify whether the LDAP server supports the paging control being used. The debug output of the LDAPConnector can provide this information.

Example:
DEBUG sailpoint.connector.LDAPConnector$ContainerIterator:101 - Exiting getIterateMode = PAGED_RESULTS 
DEBUG sailpoint.connector.LDAPConnector$ContainerIterator:101 - Exiting getIterateMode = VIRTUAL_LIST_VIEW 

If both the PAGED_RESULTS and VIRTUAL_LIST_VIEW do not appear, then the environment is most likely not supporting paging or the control is not installed on the server. Try adding the following to the application definition:

<entry key="iterateModeOverride" value="PAGED_RESULTS"/>

If PAGED_RESULTS appears in the debug, and it still is not resolving the issue then try changing it to:

<entry key=" iterateModeOverride" value="VIRTUAL_LIST_VIEW"/>

This method has been successful on Windows 2003.