Posts tagged "ldap"

CQ5: “LDAPException: error result (4); Sizelimit exceeded” when synchronizing users

Issue

If you are using an LDAP connection with your CQ server you may notice that the LDAP users are not imported correctly to CQ with a warning similar to the following in the error.log:

09.11.2012 10:22:57.624 *WARN* POST /system/console/jmx/com.adobe.granite.ldap…DTools/op/syncAllUsers/ HTTP/1.1 com.day.crx.security.ldap.principals.LDAPPrincipalProvider Error finding user * com.day.crx.security.ldap.LDAPRepositoryException: LDAP error: com.day.ldap.LDAPException: error result (4); Sizelimit exceeded
        at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider.java:396)
        at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findPrincipals(LDAPPrincipalProvider.java:553)
        at com.day.crx.security.ldap.LDAPUserSync.syncAllUsers(LDAPUserSync.java:182)
        at com.day.crx.security.ldap.LDAPSynchronization$Directory.syncAllUsers(LDAPSynchronization.java:283)
        at com.day.crx.security.ldap.jmx.LDAPUserMBean.syncAllUsers(LDAPUserMBean.java:117)
        at com.day.crx.security.ldap.jmx.LDAPUserMBean.invoke(LDAPUserMBean.java:187)


09.11.2012 10:22:57.625 *INFO* POST /system/console/jmx/com.adobe.granite.ldap…Tools/op/syncAllUsers/ HTTP/1.1] com.day.crx.security.ldap.LDAPUserSync LDAP synchronization: 0 of 0 users synchronized in 0 seconds

Reason

This error is caused by your LDAP settings. In ActiveDirectory (AD), for example, there is a maxpagesize limit set to 1000 by default. This is the maximum number of results returned for any given LDAP query, including CQ user synchronization.  For more information see: http://support.microsoft.com/kb/315071?wa=wsignin1.0

Solution

You have a few options to avoid this problem:

  1. ask your LDAP administrator to increase the maxpagesize on your LDAP server
  2. use filters in your LDAP queries to reduce the number of LDAP entries returned so that you do not hit this limit

reference: (40240/CRX-3043)

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 6.3/10 (4 votes cast)

LiveCycle ES: AuthenticationManagerImpl errorCode:16386 errorCodeHEX:0×4002

Issue

The following exception occurs when you were running custom Java code to interact with Adobe LiveCycle 7 Workflow using LDAP lookups and migrate to LiveCycle ES:

[04 Mar 2010 10:32:27, 058] ERROR (WorklistController.java:66) - java.lang.Exception: | 
[com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16386 errorCodeHEX:0x4002 message:
user_identifier:myuniqueid=XXXXXXXX,ou=people,dc=company,dc=com domain:LDAP Production| 
[com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean] errorCode:13316 errorCodeHEX:0x3404 message:
user_identifier:myuniqueid=XXXXXXXX,ou=people,dc=company,dc=com domain:LDAP Production
com.pictet.livecycleworkflow.restservices.client.exceptions.ResourceOperationException: java.lang.Exception: | 
[com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16386 errorCodeHEX:0x4002 message:
user_identifier:myuniqueid=XXXXXXXX,ou=people,dc=company,dc=com domain:LDAP Production| 
[com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean] errorCode:13316 errorCodeHEX:0x3404 message:
user_identifier:myuniqueid=XXXXXXXX,ou=people,dc=company,dc=com domain:LDAP Production
 at com.company.livecycleworkflow.restservices.client.impl.AbstractLiveCycleWorkflowRestServiceClient.sendRequest(AbstractLiveCycleWorkflowRestServiceClient.java:92)
 at com.company.livecycleworkflow.restservices.client.impl.AbstractLiveCycleWorkflowRestServiceClient.readRestUrl(AbstractLiveCycleWorkflowRestServiceClient.java:100)
 at com.company.livecycleworkflow.restservices.client.impl.LiveCycleWorkflowRestServiceClientImpl.getActivities(LiveCycleWorkflowRestServiceClientImpl.java:47)
 at com.company.livecycleworkflow.restservices.client.impl.LiveCycleWorkflowRestServiceClientImpl.getActivities(LiveCycleWorkflowRestServiceClientImpl.java:40)
 at com.company.managerscomments.controller.WorklistController.handleRequestInternal(WorklistController.java:54)
 at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
 at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:44)
 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:723)
 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:663)
 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:394)
 at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:348)

The method that throws this error is: authResult = auth.getAuthResultOnBehalfOfUser(“myuniqueid=XXXXXXXX, ou=people”, “LDAP Production”, context).

Reason

This exception occurs when you don’t use the same user DN in the Java code as is stored in LDAP and in the LiveCycle database.

For example, the myuniqueID in the EDCPRINCIPALENTITY table is:

myuniqueid=XXXXXXXX,ou=People,dc=company,dc=com

and in the Java code it’s:

myuniqueid=XXXXXXXX,ou=people,dc=company,dc=com

The ou has a capital “P” in LDAP and in the DB, but in the Java code, it was attempting to find the user with a lowercase “p” for the ou. This error can occur in LiveCycle ES as Adobe changed the LDAP synchronization algorithm to canonicalize the DN strings during synchronization. As a result, the DN strings appear in the DB exactly as they are defined in LDAP (including case-sensitivity).

Solution

Make sure that you are using exactly the same user DN in the Java code as it is stored in LDAP and in the LiveCycle database.

reference: (181473688)

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 0.0/10 (0 votes cast)

LiveCycle ES: Cannot instantiate class com.sun.jndi.ldap.Ldap.CtxFactory

Issue

When you have migrated from LC7 to ES and you setup the LDAP Search component (with the refresh or build buttons), you receive the following error:

Cannot instantiate class com.sun.jndi.ldap.Ldap.CtxFactory

Solution

The initial_context_factory parameter (in the deployment settings of this component) has been changed during the migration process by mistake from null to com.sun.jndi.ldap.Ldap.CtxFactory.

Change this parameter to the correct value: com.sun.jndi.ldap.LdapCtxFactory.

Additional information

When a null value was used in LiveCycle 7, the server interpreted it as com.sun.jndi.ldap.LdapCtxFactory by default.  This no longer happens in LiveCycle ES, so you cannot use null values for this parameter.

More information about the mapping of the LDAP Search component in LiveCycle ES can be found under:

http://livedocs.adobe.com/livecycle/es/wb_help/00000735.html

reference: (181280535)

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 5.5/10 (2 votes cast)

LiveCycle ES: CRON expressions and documentation for Quartz Scheduler

Issue

 If you wish to schedule an LDAP synchronization in LiveCycle you can do so using CRON expressions in the Quartz Scheduler.  The Quartz Scheduler is an open source technology and you can find the official documentation here:

http://www.opensymphony.com/quartz/wikidocs/CronTriggers%20Tutorial.html

Explanation

 The meaning of the fields we use in the CRON expressions are as follows:

Field Name Mandatory Value Range Special Characters
Seconds Yes 0-59 , – * /
Minutes Yes 0-59 , – * /
Hours Yes 0-23 , – * /
Day of month Yes 1-31 , – * ? / L W C
Month Yes 1-12 or JAN-DEC , – * /
Day of week Yes 1-7 or SUN-SAT , – * ? / L C #
Year No empty or 1 , – * /

Examples

0 0 12 * * ?                         Fire at 12pm (noon) every day

0 15 10 ? * *                       Fire at 10:15am every day

0 15 10 * * ?                       Fire at 10:15am every day

0 15 10 * * ? *                     Fire at 10:15am every day

0 15 10 * * ? 2005               Fire at 10:15am every day during the year 2005

0 * 14 * * ?                         Fire every minute starting at 2pm and ending at 2:59pm, every day

0 0/5 14 * * ?                      Fire every 5 minutes starting at 2pm and ending at 2:55pm, every day

0 0/5 14,18 * * ?                  Fire every 5 minutes starting at 2pm and ending at 2:55pm, AND fire every 5 minutes starting at 6pm and ending at 6:55pm, every day

0 0-5 14 * * ?                       Fire every minute starting at 2pm and ending at 2:05pm, every day

0 10,44 14 ? 3 WED            Fire at 2:10pm and at 2:44pm every Wednesday in the month of March

0 15 10 ? * MON-FRI            Fire at 10:15am every Monday, Tuesday, Wednesday, Thursday and Friday

0 15 10 15 * ?                      Fire at 10:15am on the 15th day of every month

0 15 10 L * ?                        Fire at 10:15am on the last day of every month

0 15 10 ? * 6L                      Fire at 10:15am on the last Friday of every month

0 15 10 ? * 6L                      Fire at 10:15am on the last Friday of every month

0 15 10 ? * 6L 2002-2005      Fire at 10:15am on every last friday of every month during the years 2002, 2003, 2004 and 2005

0 15 10 ? * 6#3                    Fire at 10:15am on the third Friday of every month

0 0 12 1/5 * ?                       Fire at 12pm (noon) every 5 days every month, starting on the first day of the month

0 11 11 11 11 ?                    Fire every November 11th at 11:11am

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 7.0/10 (3 votes cast)