How to fix a PartialResultException error from JNDI

  • 7100013
  • 29-Mar-2011
  • 07-Aug-2013


NetIQ Access Governance Suite


How to fix a PartialResultException error from JNDI


If an AD/LDAP aggregation shows a JVM-related
exception that leads to a Sailpoint exception:

25 Mar 2011 15:13:57,697 DEBUG sailpoint.connector.LDAPConnector:109
- Throwing hasMore - javax.naming.PartialResultException
[Root exception is javax.naming.CommunicationException:
[Root exception is
Operation timed out: connect:could be due to invalid address]]
25 Mar 2011 15:13:57,947 WARN sailpoint.api.Aggregator:928
- Exception during aggregation. Reason:
java.lang.RuntimeException: java.lang.NullPointerException
java.lang.RuntimeException: java.lang.NullPointerException
at sailpoint.connector.LDAPConnector$
at org.quartz.simpl.SimpleThreadPool$
Caused by:
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(
at com.sun.jndi.ldap.LdapNamingEnumeration.nextAux(
at com.sun.jndi.ldap.LdapNamingEnumeration.nextImpl(
at sailpoint.connector.LDAPConnector$
... 12 more

The "PartialResultException" occurs if the
(AD) LDAP server does not dovetail with the
(JS2E) JNDI enumeration logic when a resultset
ends on a partial page.Access Governance Suite provides an
(XML-level) application object flag to use
an alternate JVM method for this scenario.
The "debug" page's XML editor feature can
add the setting to the application object:

<Application ... name="Active_Directory" ... >
<entry key="useHasMoreElements" value="true"/>

Please note that this solution also applies to Connection Refused caused byPartialResultException.