Hi,

The code map refresh for our Active Directory Groups has stopped working
(Unable to complete the CODE MAP refresh)
We currently have over 10.000 groups and I am wonderering if there is an
upper limit ?
Also the refresh always stops after 115 seconds?
When I enabled tracing on the AD driver, it takes a long time to gather
the groups, but the refresh still stops for this entitlement after 115
seconds..
If a change the BaseDN of the Group Entitlement to a an OU with less
groups, the Code Map refresh finishes. (One OU with 1000 Groups took
about 36 seconds)

Is there a way to increase this timeout?
Schould I created several Entitlements for our different sub OU's (which
might be over 100 Entitlements) so each entitlement contains less
groups?
(In the designer the refresh of the Entitlements Value work it takes a
little more then 2 minutes)

RBPM:
Identity Manager 4.0.2 patch E
Revision 41620

Bellow the trace of the RBPM.
I also activated a driver trace which is pretty big but the query
finishes with success (it just takes longer then 115s)

16:57:26,723 INFO [STDOUT] DEBUG [RBPM]
[com.novell.idm.nrf.persist.PopulateCodeMap:loadEnt itlementConfigSettings]
Display Name: EN: User-Group
16:57:26,725 INFO [STDOUT] DEBUG [RBPM]
[com.novell.idm.nrf.persist.PopulateCodeMap:getQuer ies] No connections
for entitlement in entitlement config, defaulting to query defined in
entitlement definition, u
sing default application language code: en
16:57:26,725 INFO [STDOUT] DEBUG [RBPM]
[com.novell.idm.nrf.persist.PopulateCodeMapopulateFromEntitlementQuery]
Processing connection name: null language code:en query:
16:57:26,726 INFO [STDOUT] DEBUG [RBPM]
[com.novell.idm.nrf.persist.PopulateCodeMapopulateFromEntitlementQuery]
<?xml version="1.0" encoding="UTF-8"?><nds dtdversion="2.0">
<input>
<query
class-name="Group" dest-dn="OU=Identities,DC=gouv,DC=etat,DC=lu"
scope="subtree">
<search-class
class-name="Group"/>
<read-attr
attr-name="Description"/>
</query>
</input>
</nds>
16:57:26,726 INFO [STDOUT] DEBUG [RBPM]
[com.novell.idm.nrf.persist.PopulateCodeMap:debugTi meIntervalStart]
t.Starting time interval
16:57:26,727 INFO [STDOUT] DEBUG [RBPM]
[com.novell.idm.nrf.persist.PopulateCodeMap:debugTi meIntervalStart]
t.Starting time interval
16:59:21,909 INFO [STDOUT] ERROR [RBPM]
[com.novell.idm.nrf.service.CodeMapEngine:updateEnt itlementToCodeMapView]
Unable to complete the CODE MAP refresh for entitlement:
cn=group,cn=active directory - mad,
cn=iam driver set,ou=resources,o=system.
com.novell.idm.nrf.exception.NrfException: Error occurred populating
code map table(s) for entitlement: cn=group,cn=active directory -
mad,cn=iam driver set,ou=resources,o=system. The most likely cause is
th
at the IDM driver containing the entitlement is not started, or there is
a communication issue between the remote loader and driver. Refer to the
following stack trace for more details. A NDS trace log may h
elp with driver related issues.
at
com.novell.idm.nrf.persist.PopulateCodeMap.populat eFromEntitlementQuery(PopulateCodeMap.java:344)
at
com.novell.idm.nrf.persist.PopulateCodeMap.populat eFromEntitlementQuery(PopulateCodeMap.java:147)
at
com.novell.idm.nrf.service.ProvisioningCodeMapServ ice.populateCodeMapTablesFromQuery(ProvisioningCod eMapService.java:770)
at
com.novell.idm.nrf.service.ProvisioningCodeMapServ ice.updateViewFromEntitlement(ProvisioningCodeMapS ervice.java:297)
at
com.novell.idm.nrf.service.ProvisioningCodeMapServ ice.refreshViewFromEntitlement(ProvisioningCodeMap Service.java:101)
at
com.novell.idm.nrf.service.CodeMapEngine.updateEnt itlementToCodeMapView(CodeMapEngine.java:354)
at
com.novell.idm.nrf.service.CodeMapEngine.refreshCo deMap(CodeMapEngine.java:298)
at
com.novell.srvprv.impl.servlet.service.GWTCodeMapB ridge.refreshCodeMap(GWTCodeMapBridge.java:204)
at
com.novell.srvprv.impl.servlet.service.GwtServiceR outer.refreshCodeMap(GwtServiceRouter.java:3018)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknow n Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known
Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
com.google.gwt.user.server.rpc.RPC.invokeAndEncode Response(RPC.java:569)
at
com.google.gwt.user.server.rpc.RemoteServiceServle t.processCall(RemoteServiceServlet.java:208)
at
com.google.gwt.user.server.rpc.RemoteServiceServle t.processPost(RemoteServiceServlet.java:248)
at
com.google.gwt.user.server.rpc.AbstractRemoteServi ceServlet.doPost(AbstractRemoteServiceServlet.java :62)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:717)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
com.novell.soa.common.i18n.URILoggerServletFilter. doFilter(URILoggerServletFilter.java:63)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
com.novell.soa.common.i18n.BestLocaleServletFilter .doFilter(BestLocaleServletFilter.java:242)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doF ilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:235)
at
org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:191)
at
org.jboss.web.tomcat.security.SecurityAssociationV alve.invoke(SecurityAssociationValve.java:190)
at
org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:433)
at
org.jboss.web.tomcat.security.JaccContextValve.inv oke(JaccContextValve.java:92)
at
org.jboss.web.tomcat.security.SecurityContextEstab lishmentValve.process(SecurityContextEstablishment Valve.java:126)
at
org.jboss.web.tomcat.security.SecurityContextEstab lishmentValve.invoke(SecurityContextEstablishmentV alve.java:70)
at
org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:102)
at
org.jboss.web.tomcat.service.jca.CachedConnectionV alve.invoke(CachedConnectionValve.java:158)
at
org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:330)
at
org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:829)
at
org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.process(Http11Protocol.java:598)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run( JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: com.novell.idm.nrf.exception.NrfException: Error occurred
running the entitlement/nds queries for entitlement Dn:
cn=group,cn=active directory - mad,cn=iam driver
set,ou=resources,o=system, Query
XML: <?xml version="1.0" encoding="UTF-8"?><nds dtdversion="2.0">
<input>
<query
class-name="Group" dest-dn="OU=Identities,DC=gouv,DC=etat,DC=lu"
scope="subtree">
<search-class
class-name="Group"/>
<read-attr
attr-name="Description"/>
</query>
</input>
</nds>

at
com.novell.idm.nrf.persist.PopulateCodeMap.runQuer y(PopulateCodeMap.java:673)
at
com.novell.idm.nrf.persist.PopulateCodeMap.populat eFromEntitlementQuery(PopulateCodeMap.java:218)
.... 45 more
Caused by: javax.naming.NamingException: [LDAP: error code 80 -
transport failure (-625)]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknow n Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknow n Source)
at com.sun.jndi.ldap.LdapCtx.extendedOperation(Unknow n Source)
at sun.reflect.GeneratedMethodAccessor652.invoke(Unkn own
Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known
Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
com.sssw.fw.directory.realm.impl.jndildap.EboLdapC ontextProxyHandler.invokeMethod(EboLdapContextProx yHandler.java:145)
at
com.sssw.fw.directory.realm.impl.jndildap.EboLdapC ontextProxyHandler.invoke(EboLdapContextProxyHandl er.java:86)
at com.sun.proxy.$Proxy392.extendedOperation(Unknown Source)
at
com.novell.idm.nrf.persist.PopulateCodeMap.runQuer y(PopulateCodeMap.java:662)
.... 46 more

Kind Regards,
G


--
nickleloup
------------------------------------------------------------------------
nickleloup's Profile: https://forums.netiq.com/member.php?userid=5862
View this thread: https://forums.netiq.com/showthread.php?t=52290