Ldap reconciliation fail.

Hi gurus,
I need to do a full reconciliation on Ldap resource in order recreate some accounts that have been deleted on the resource.
IdM users are more than 10000 and the reconciliation process fails with the following error: "Error iterating accounts for resource RES-LDAP: com.waveset.util.WavesetException: There was a problem enumerating accounts javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]".
Looking into Ldap access log I see:
SRCH base="dc=univr,dc=it" scope=2 filter="(&(objectClass=inetorgperson))" attrs="uid" - RESULT err=4 tag=101 nentries=2000 etime=2 notes=U
It seems to me that IdM is asking for no more than 2000 entries and it wrongly interprets the Ldap return code (4).
How could I workaround this limit?
THIA

Have a look at this. It will help you
http://www.ldapadministrator.com/forum/viewtopic.php?t=14
Rgds,
Suren

Similar Messages

ERROR: Ldap Authentication failed for dap during installation of iAS 6.0 SP3

I am attempting to install ias Enterprise Edition (6.0 SP3) on solaris 2.8 using typical in basesetup. I am trying to install new Directory server as I don't have an existing one.
During the installation I got the following error.
ERROR: Ldap Authentication failed for url ldap://hostname:389/o=NetScape Root user id admin (151: Unknown Error)
Fatal Slapd did not add Directory server information to config Server.
Warning slapd could'nt populate with ldif file Yes error code 151.
ERROR:Failure installing iPlanet Directory Server.
Do you want to continue: ( I entered yes )
Configuring Administration Server Segmentation fault core dumped.
Error: Failure installing Netscape Administration Server.
Do you want to continue:( I responded with yes).
And during the Extraction I got the following
ERROR:mple_bind: Can't connect to the LDAP server - No route to host
ERROR: Unable to connect to LDAP Directory Server
Hostname: hostname
Port: 389
User: cn=Directory Manager
Password: <password-for-cn=Directory Manager
Please make sure this Directory Server is currently running.
You might need to run 'stop-slapd' and then
'start-slapd' in the Directory Server home directory, in order to restart
LDAP. When finished, press ENTER to continue, or S to skip this step:
Start registering Bootstrap EJB...
javax.naming.NameNotFoundException
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled > Code)
at javax.naming.NamingException.<init>(NamingException.java:114)
at javax.naming.NameNotFoundException.<init>(NameNotFoundException.java: 48)
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
"ldaperror" 76 lines, 2944 characters
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at javax.naming.InitialContext.bind(InitialContext.java:371)
at com.netscape.server.deployment.EjbReg.deployToNaming(Unknown Source)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled Code)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled Code)
at com.netscape.server.deployment.EjbReg.run(Compiled Code)
at com.netscape.server.deployment.EjbReg.main(Unknown Source)
Start registering iAS 60 Fortune Application...
Start iPlanet Application Server
Start iPlanet Application Server
Start Web Server iPlanet-WebServer-Enterprise/6.0SP1 B08/20/200100:58
warning: daemon is running as super-user
[LS ls1] http://gedemo1.plateau.com, port 80 ready
to accept requests
startup: server started successfully.
After completion of installation, I tried to start the console. But I got the following error;
"Cant connect ot the admin server. The url is not correct or the server is not running.
Finally,when I started the admintool(iASTT),it shows the iAS1
was registered( marked with a red cross mark) and says "cant login. make sure the user
name & passwdord are correct" when i click on it.
Thanks in advance for any help
Madhavi

Hi,
Make sure that the directory server is installed first. If it is running
ok, then you can try adding an admin user, please check the following
technote.
http://knowledgebase.iplanet.com/ikb/kb/articles/4106.html
regards
Swami
madhavi korupolu wrote:
I am attempting to install ias Enterprise Edition (6.0 SP3) on
solaris 2.8 using typical in basesetup. I am trying to install new
Directory server as I don't have an existing one.
During the installation I got the following error.
ERROR: Ldap Authentication failed for url
ldap://hostname:389/o=NetScape Root user id admin (151: Unknown
Error)
Fatal Slapd did not add Directory server information to config
Server.
Warning slapd could'nt populate with ldif file Yes error code 151.
ERROR:Failure installing iPlanet Directory Server.
Do you want to continue: ( I entered yes )
Configuring Administration Server Segmentation fault core dumped.
Error: Failure installing Netscape Administration Server.
Do you want to continue:( I responded with yes).
And during the Extraction I got the following
ERROR:mple_bind: Can't connect to the LDAP server - No route to host
ERROR: Unable to connect to LDAP Directory Server
Hostname: hostname
Port: 389
User: cn=Directory Manager
Password: <password-for-cn=Directory Manager
Please make sure this Directory Server is currently running.
You might need to run 'stop-slapd' and then
'start-slapd' in the Directory Server home directory, in order to
restart
LDAP. When finished, press ENTER to continue, or S to skip this
step:
Start registering Bootstrap EJB...
javax.naming.NameNotFoundException
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled > Code)
at javax.naming.NamingException.<init>(NamingException.java:114)
at
javax.naming.NameNotFoundException.<init>(NameNotFoundException.java:
48)
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
"ldaperror" 76 lines, 2944 characters
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at javax.naming.InitialContext.bind(InitialContext.java:371)
at com.netscape.server.deployment.EjbReg.deployToNaming(Unknown
Source)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled
Code)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled
Code)
at com.netscape.server.deployment.EjbReg.run(Compiled Code)
at com.netscape.server.deployment.EjbReg.main(Unknown Source)
Start registering iAS 60 Fortune Application...
Start iPlanet Application Server
Start iPlanet Application Server
Start Web Server iPlanet-WebServer-Enterprise/6.0SP1 B08/20/200100:58
warning: daemon is running as super-user
[LS ls1] http://gedemo1.plateau.com, port 80 ready
to accept requests
startup: server started successfully.
After completion of installation, I tried to start the console. But I
got the following error;
"Cant connect ot the admin server. The url is not correct or the
server is not running.
Finally,when I started the admintool(iASTT),it shows the iAS1
was registered( marked with a red cross mark) and says "cant login.
make sure the user
name & passwdord are correct" when i click on it.
Thanks in advance for any help
Madhavi
Try our New Web Based Forum at http://softwareforum.sun.com
Includes Access to our Product Knowledge Base!

Receipt Reconciliation Fails With APP-AR-999967188

Hi,
I am facing the below error while reconciling my remittance batch with the bank statement.
Receipt Reconciliation Fails With APP-AR-999967188 The Receipt is in the Process Of Funds Capture Settlement.
As per Oracle metalink note we applied the Patch 10389524:R12.AR.B
But still we are not able to reconcile the existing bank statement line with the remittance batch.
Please advise how resolve this issue.
Regards,
Sivakumar

user9312135 wrote:
Hi,
I am facing the below error while reconciling my remittance batch with the bank statement.
Receipt Reconciliation Fails With APP-AR-999967188 The Receipt is in the Process Of Funds Capture Settlement.
As per Oracle metalink note we applied the Patch 10389524:R12.AR.B
But still we are not able to reconcile the existing bank statement line with the remittance batch.
Please advise how resolve this issue.
Regards,
SivakumarPlease see these docs.
Receipt Reconciliation Fails With APP-AR-999967188 The Receipt is in the Process Of Funds Capture Settlement [ID 1283597.1]
Upgrade issue: APP-AR-999967188 Receipt Number Is In Process Of Funds Capture Settlement (Paypal) [ID 1402665.1]
Thanks,
Hussein

How to resolve "Connection to LDAP server failed." error?

Hello,
I have installed Coldfusion8 on one of my server that was having ColdFusionMX earlier.
The ColdFusionMX admin settings are automatically transferred to the new Coldfusion8 admin page after installation.
Also I have configured all my websites at the time of installation.
After all when I am trying to login into one of my website system is throwing the below error.
"Connection to LDAP server failed."
Prevously it was working well with coldfusionMX. After installed Coldfusion8 I am facing this problem.
Is there anything to do more with cf admin settings page or is this problem is with the code? (Infact I havent modified my cfm code)
Please find the piece of code that I am using.
<cfldap action="QUERY" server="#application.LDAPServer#" port="#application.LDAPPort#" start="#application.LDAPBase#" name="search" attributes="alias, dn, uid, technicalCareerLevel, locationorgunit, givenName, sn" filter="#filter#" scope="SUBTREE" maxRows="2">
Anybody can assist me on this?
Thanks in advance.
Manoz.

I have fixed this problem successfully.
The problem was with the referral attribute of the cfldap tag.
After adding this (referral="yes") attribute to my code I am able to login into my website.
<cfldap action="QUERY" server="#application.LDAPServer#" port="#application.LDAPPort#" start="#application.LDAPBase#" name="search" attributes="alias, dn, uid, technicalCareerLevel, locationorgunit, givenName, sn" filter="#filter#" scope="SUBTREE" maxRows="2" referral="yes">
Any way thanks for your assistance!!!!!

Connection to LDAP Server failed

OK, I have an application that has been working for years.
Yesterday it stopped working and my error trapping started sending
me messages with the cfcatch.message of " Connection to LDAP Server
failed" The code hasn't been touch in over three years. Any ideas
what is going on? I have attached the code but changed some
information for security reasons.

CF_contractor wrote:
> OK, I have an application that has been working for
years. Yesterday it
> stopped working and my error trapping started sending me
messages with the
> cfcatch.message of " Connection to LDAP Server failed"
The code hasn't been
> touch in over three years. Any ideas what is going on? I
have attached the
> code but changed some information for security reasons.
>
> <cfldap
> action="QUERY"
> name="qryResults"
> attributes="distinguishedname"
> start=""
> scope="SUBTREE"
> filter = "(cn=#txtxNO#)"
> username="testuser"
> password="test"
> server="server.com"
> >
>
An LDAP administrator change the password for or removed the
'testuser'
account? Happened to me last week.

Error during LDAP reconciliation (initial load)

Hi,
We are using IDM 7.1. We are trying to do initial load of accounts to Identity Manager using reconciliation with LDAP (Sun Directory Server 5.2). Reconciliation is consistently failing with the following error:
Error iterating accounts for resource CalNetDirectory:
javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Sort Response Control]
Any inputs would be highly appreciated.
Thanks,
kIDMan.

Hello Rupam,
Abort the load of that object in txn:R3AM1.
Also, delete the queue entries like R3AI_<OBJECT_NAME> in txn:SMQ2.
This would let you to restrart the load again.
If again it goes to WAIT state , then it means that you do not have enough number of work processes to handle this load.
It happens if several other load are running.So you have to wait till other loads get finished or you need to increase the work process, if your hardware supports.
Hope this helps!
Best Regards,
Shanthala Kudva.

LDAP Authentication Failed :user is not a member in any of the mapped group

Hi,
I tried to set up the LDAP Authentication but I failed.
LDAP Server Configuration Summary seems to be well filled.
I managed to add a Mapped LDAP member Group: This group appears correctly in the Group list.
But itu2019s impossible to create a User. Although this user is a member of the mapped group (checked with LDAP Brower) , an error message is displayed when I tried to create it (There was an error while writing data back to the server: Creation of the user User cannot complete because the user is not a member in any of the mapped groups)
LDAP Hosts: ldapserverip:389
LDAP Server Type: Custom
Base LDAP Distinguished Name: dc=vds,dc=enterprise
LDAP Server Administration Distinguished Name: CN=myAdminUser,OU=System Accounts,OU=ZZ Group Global,ou=domain1,dc=vds,dc=enterprise
LDAP Referral Distinguished Name:
Maximum Referral Hops: 0
SSL Type: Basic (no SSL)
Single Sign On Type: None
CMS Log :
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=vds, dc=enterprise, scope: 2, filter: (samaccountname=KR50162), attribute: dn objectclass
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 2453 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
trace message: GetParents from plugin for cn=huh\,chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise.
trace message: LDAP: De-activating query cache
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 89
trace message: LdapQueryForEntries: incr. retries to 1
trace message: LDAP: Updating the graph
trace message: LDAP: Starting Graph Update...
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 89
trace message: LdapQueryForEntries: incr. retries to 1
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (&(cn=gp-asia)(objectclass=group)(member=cn=huh
, chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise)), attribute: objectclass
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (cn=gp-asia), attribute: member objectclass samaccountname cn
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 3109 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 0
trace message: Failed to commit user 'KR50162'. Reason: user is not a member in any of the mapped groups.
trace message: [UID=0;USID=0;ID=79243] Update object in database failed
trace message: Commit failed.+
Can you please help?
Joffrey

Please do this after you verify all permission settings for all the groups the account is associated with. Also, make sure you check the NTFS folder permissions before doing this as well.
Since the same result happens on multiple computers, it is not the profile.
I am recommending you delete the AD account (or rename to backup the account).
It will not effect the users Exchange account, but you will need to link it back to the new AD user account.
You can also delete her profile just to remove it, for the "just in case" scenario.
Don't forget to mark the post that solved your issue as "Answered." By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional

Delete Reconciliation fails when a Composite Key is used

Hi Guys ,
Problem Statement :-
I am facing problem in performing delete reconciliation when a composite key is used.It fails whenever we have more than one attribute as key
in reconciliation field mappings.
I am using prepareDeleteReconData() ..etc Api's to perform delete reconciliation. I am not using CreateDeleteReconciliationEvent() as i dont know which users are deleted.
UseCase
For eg . Consider Oracle DataBase UM connector , where you have composite key defined as (UserID and ITResource), it fails to generate a delete reconciliation event.
Have anybody faced this ?? Any workarounds ?
Thanks
Surendra Singh

Hey Surendra,
This is what you can do to get rid of this problem. I kow you cannot use the 'createDeleetReconciliationEvent' API, but just to let you know that this works absolutely fine. Now The approach which you might be using has the following flow-
- provideDeletionDetectionData()
- getMissingAccounts()
- deleteDetectedAccounts()
Now you must be aware that getMissingAccounts() returns a ResultSet for all the instances which needs to be revoked in OIM. If you see the contents of this ResultSet, here is what it contains (4 columns):
Objects.Key, Objects.Name, Structure Utility.Table Name, Process Instance.Key
Now what I suggest is do not use the deleteDetectedAccounts API as of now. And Revoke the object instance using API call. Follow the following steps:
1) Just iterate through the ResultSet *(deletedUsers)* obtained from 'getMissingAccounts()' to fetch the value 'Process Instance.Key' and store it in an Array.
2) You must be passing the Object Name as a Task Attribute. Use this attribute to fetch the 'Object Key'. Once you get this value, use the 'getAssociatedUsers' API of objectOperationsIntf to find all the users associated with this object. This API will return a ResultSet. Let's name it as *'AssoUsers'*.
3) Iterate the above ResultSet(AssoUsers) and fetch the *'Process Instance.Key'* column from its rows. Compare this value to the already created Array in step-1. If there is a match then you will know that this resource instance needs to be revoked.
4) Now fetch the following two values from the ResultSet(AssoUsers):
- Users.Key
- Object Instance.Key
5) Once you get the User Key, you will have to find its corresponding resources. Do it by using *'getObjects'* API of userOperationsIntf. This will again return a resultSet *(userObjects)*.
6) Iterate through all the rows and check the value of column *'Objects.Name'*. If this value equals to your resource, then fetch the value of column- Users-Object Instance For User.Key from this row.
7) This will give you the 'Object instnace for User key'.
8) Call the revokeObject API of userOperationsIntf interface.
Below is a sample code snippet for your reference.
          Array DeletedUsers = {Your Deleted User List Array};
          String ObjectName = "Your Object Name as it comes from Task Attribute";
          long ObjectKey = 1; // Fetch it from Object Name above using API
          HashMap dummy = new HashMap();
          tcResultSet AssoUsers = objectOperationsIntf.getAssociatedUsers(ObjectKey, dummy);
          for (int i=0 ; i<AssoUsers.getRowCount() ; i++) {
               AssoUsers.goToRow(i);
               String piKey = AssoUsers.getStringValue("Process Instance.Key");
               if("Your Array DeletedUsers contains piKey"){
                    long userKey = AssoUsers.getLongValue("Users.Key");
                    long obiKey = AssoUsers.getLongValue("Object Instance.Key");
                    logger.debug("userKey extracted is : " + userKey);
                    logger.debug("obiKey extracted is : " + obiKey);
                    tcResultSet userObjects = userOperationsIntf.getObjects(userKey);
                    for(int j=0 ; j<userObjects.getRowCount() ; j++) {
                         userObjects.goToRow(j);
                         if(ObjectName.equalsIgnoreCase(userObjects.getStringValue("Objects.Name"))) {
                              long obiuKey = userObjects.getLongValue("Users-Object Instance For User.Key");
                              userOperationsIntf.revokeObject(userKey, obiuKey);
                              logger.debug("Resource has been revoked");
This should work. I know this looks quiet complex but have to do it. Give it a try.
Thanks
Sunny

Access Enforcer 5.2 - LDAP connexion fail

Hello everybody,
We realised an upgrade Access Enforcer 5.1 VP1 to Access Enforcer 5.2 with SP03 but we can't connect LDAP to AE. Before, the connexion to LDAP was ok.
However, when we test the connexion in AE 5.2, the message " Connexion successfull" appears but the connexion fails when we try to authentificate to AE for a request or when we try to search user data fo example (the AE message is "action failed").
Do you have the same error with AE5.2 ?
Thank you very much for your assistance,
Best regards,
David Heang

There is a query below that you need to list in the SQL box, but this address varies based upon your support pack. If you're up to date (or close to) on SPs, enter the following address into your web browser AFTER logging into AE: http://<server>:<port>/AE/opensql_test.jsp.
Paste the following query into the SQL box:
SELECT DISTINCT
WPHST.REQNO,
WPHST.REQPATHID,
WPHST.PATHNAME,
WPHST.STATUS AS REQUEST_STATUS,
TBLPATHSTAGE.STAGENAME
FROM
(VIRSA_AE_RQD_WPHST AS WPHST INNER JOIN VIRSA_AE_WF_PTSTG AS TBLPATHSTAGE ON (WPHST.PATHNAME = TBLPATHSTAGE.PATHNAME) AND (WPHST.CURRENTAPPRVRSEQ = TBLPATHSTAGE.STAGESEQ)) INNER JOIN VIRSA_AE_RQD_WPTRN AS WPTRN ON (TBLPATHSTAGE.STAGENAME = WPTRN.STAGE_NAME) AND (WPHST.REQNO = WPTRN.REQNO)WHERE
(WPHST.ISCURRENTFLAG = 1) AND ((WPHST.STATUS='OPEN') OR (WPHST.STATUS='HOLD'))

LDAP Reconciliation

I've seen in a couple of posts that limiting the resource schema improves reconciliation performance. Now I'm assuming this is because the attributes that are brought back during a the list users process is limited to the attributes defined in the schema.
However I restricted my LDAP resource schema to four attributes that were needed for correlation, but a level 4 trace on the com.waveset.adapter.LDAPResourceAdapterBase class during the recon process shows that it's still retrieving all the attributes for all the users...In my trace i see multiple occurances of the getAttributes method returning all the attributes for a given user from LDAP. Has anyone else noticed this?

I've seen in a couple of posts that limiting the resource schema improves reconciliation performance. Now I'm assuming this is because the attributes that are brought back during a the list users process is limited to the attributes defined in the schema.
However I restricted my LDAP resource schema to four attributes that were needed for correlation, but a level 4 trace on the com.waveset.adapter.LDAPResourceAdapterBase class during the recon process shows that it's still retrieving all the attributes for all the users...In my trace i see multiple occurances of the getAttributes method returning all the attributes for a given user from LDAP. Has anyone else noticed this?

OID Trusted reconciliation failed

Hi,
I am trying to do trusted reconciliation from OID. Reconciliation task is failed and following are the error logs found:
ERROR QuartzWorkerThread-1 XL_INTG.OID - ====================================================
ERROR QuartzWorkerThread-1 XL_INTG.OID - Exception at com.thortech.xl.integration.OID.schedule.tasks.tcTskOIDUserReconciliationprocessBatch(): [B cannot be cast to java.lang.String
ERROR QuartzWorkerThread-1 XL_INTG.OID - ====================================================
I am trying to reconcile the OOTB fields (cn,sn,givenName,userPassword) and 2 user defined fields (text based).
Can anyone let us know when this casting exception will be thrown?
- Kalyan Mutya

Yep mappings are poor, I created an entity adapter for the EMP_TYPE & USR_TYPE, users are reconciling.
There is still an issue with the reconciliation.
I can provision all attributes on the OIM user account to their coresponding OID attributes, but when I reconcile I process all attributes, but the xellerate user only links the default ones
LastName
Organization
First Name
User ID
Xellerate Type
Email
Role
I have checked and rechecked the mappings, This is on 9.0.3.1672 using the 9.0.4.1 connector.
Any ideas?

AD Reconciliation Failed

Hi All,
We are using Sun IDM 8.0 and configured AD adapter (Windows 2003).I tried to perform "Full Reconciliation" and it failed with an error :
Error iterating Accounts for Resource AD:
Java.net.SocketException: Connection reset
The gateway service automatically goes down after the above error.
Can anyone please help me find out the root cause of the issue?

Is test connection successful? how many users are there to be reconciled?

AD/LDAP reconciliation using paging

A couple of weeks ago my AD admins suddenly decided to change the maximum query size from 30 000 to 1 000 without telling me in advance I had to quickly upgrade my extraction scripts to support paging.
In case someone else has a need to do the same I thought I should publish the code:
http://iamreflections.blogspot.com/2010/10/adldap-reconciliation-using-paging.html
Hope this helps someone
/Martin

Hi,
Below is the configuration for UME-LDAP. In configtool you have to do this configuration.
ume.ldap.access.server_name : <servername>
ume.ldap.access.server_port         : <enter the port>
ume.ldap.access.user                    : <user>
ume.ldap.access.password           : <password>
ume.ldap.access.base_path.user :
Ume.ldap.access.base_path.grup :
Refer the link for more info on LDAP configuration.
http://help.sap.com/saphelp_nw70/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/frameset.htm
Thanks
R.Murali

Problems with LDAP Server fail-over

Our Xsan installed with 12 FCP, 2 MDC Xserve and 2 LDAP Xserver for fail-over.
The 2 MDC fail-over runs well but the 2 LDAP fail-over got problems.
The first time we up-plug the powercode of 1 xserve and the other LDAP takes over successfully but FCP users re-login takes 15 minutes. That's unacceptable.
The fail-over never succeed after that.
That means once the LDAP down and the backup LDAP will not take the job, we will lose everything related to user login.
Anybody can help? Thanks a lot.

I believe you can enter both LDAP servers in the client configuration for LDAP access. (Even though you shouldn't have to)
IP failover is not the issue, your LDAP configuration is.
Start at page 90 and work throught this document to make sure you have the clients setup properly.
http://manuals.info.apple.com/en/MacOSXSrvr10.3_OpenDirectoryAdmin.pdf

OIM reconciliation fails when more then one record in trusted source table

I've create a reconciliation connector against an oracle table with 2 colums:
user_id
email
When I run the connector with only one record exists in the table everything works fine and the user is propogated to the OIM user store. If I add a second record and run the reconciliation again I get:
ERROR,18 Jun 2010 10:15:58,715,[XELLERATE.JMS],The Reconciliation Event with key -1 does not exist
ERROR,18 Jun 2010 10:15:58,716,[XELLERATE.JMS],Processing Reconciliation Message with ID -1 failed.
I'm fairly certain this is something simple.
Does anyone have any thoughts?

How about performing the update IN the database using a stored
procedure?
By using non-database fields on your form to get the
information, you can then call the procedure in the database to
perform the updates. If an error occurs in the procedure you
rollback, if necessary, and send a message or status back to the
form. If it succeeds you might wish to commit and then re-
execute the form's query -- using either the original key values
or the new key values...
null

Ldap reconciliation fail.

Similar Messages

Maybe you are looking for