Environment
NetIQ Access Governance Suite
Situation
Resolution
If an AD/LDAP aggregation shows a JVM-related
exception that leads to a Sailpoint exception:
25 Mar 2011 15:13:57,697 DEBUG sailpoint.connector.LDAPConnector:109
- Throwing hasMore - javax.naming.PartialResultException
[Root exception is javax.naming.CommunicationException: myDomains.gc.myCompany.com:389
[Root exception is java.net.SocketException:
Operation timed out: connect:could be due to invalid address]]
...
25 Mar 2011 15:13:57,947 WARN sailpoint.api.Aggregator:928
- Exception during aggregation. Reason:
java.lang.RuntimeException: java.lang.NullPointerException
java.lang.RuntimeException: java.lang.NullPointerException
at sailpoint.connector.LDAPConnector$ContainerIterator.next(LDAPConnector.java:1844)
...
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by:
java.lang.NullPointerException
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:126)
at com.sun.jndi.ldap.LdapNamingEnumeration.nextAux(LdapNamingEnumeration.java:260)
at com.sun.jndi.ldap.LdapNamingEnumeration.nextImpl(LdapNamingEnumeration.java:251)
at com.sun.jndi.ldap.LdapNamingEnumeration.next(LdapNamingEnumeration.java:199)
at sailpoint.connector.LDAPConnector$ContainerIterator.next(LDAPConnector.java:1825)
... 12 more
The "PartialResultException" occurs if the
(AD) LDAP server does not dovetail with the
(JS2E) JNDI enumeration logic when a resultset
ends on a partial page.Access Governance Suite provides an
(XML-level) application object flag to use
an alternate JVM method for this scenario.
The "debug" page's XML editor feature can
add the setting to the application object:
<Application ... name="Active_Directory" ... >
<Attributes>
<Map>
...
<entry key="useHasMoreElements" value="true"/>
Please note that this solution also applies to Connection Refused caused byPartialResultException.