LDAPCONF Synchronization adds only a partial set of users to the TIBCO iProcess Engine.
Article ID: KB0088232
Updated On:
| Products | Versions |
|---|---|
| TIBCO iProcess Engine (Oracle) | - |
| Not Applicable | - |
Description
Resolution:
Description:
============
When using LDAPCONF to synchronize users from LDAP, a partial set of users are added to the TIBCO iProcess Engine. The following entry is seen in the sw_warn file:
2012/05/07 10:39:42.613301(BG:2:4976:0::::pro:promvinf.c:80516:2467): 1631-WARNING: <ldap_moveinf(): PARTIAL RESULTS. Not all User entries returned from LDAP Servers.> <> <> <>
2012/05/07 10:39:42.717430(BG:2:4976:0::::pro:cplmain.c:80415:2381): 1631-WARNING: <CPLInstruction - Error> <-19> <MOVINFO> <MOVINFO^FULL>
The BG debug will contain the following return code from the LDAP search:
[T=01584]120507103436.352316:T004: SW_LDAP_search : Return code from ldap_search_s is 4
Environment:
============
All supported TIBCO iProcess Engine versions.
All supported platforms.
Resolution:
==========
An LDAP_SEARCH return code 4 means that the search results were restricted or partial results were retrieved. There is no restriction in the TIBCO iProcess Engine LDAPCONF utility to limit the number of search results; however the LDAP Server may have a restriction on the result-set that can be retrieved. If the number of users has increased to a value greater than the possible result-set from the LDAP server then either the maximul result set from the LDAP server must be increased or filter criteria should be used to reduce the overall result set.
The following is an example filter expression (valid for Microsoft Active Directory only), which would return only active user accounts and skip all disabled accounts:
(&(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Description:
============
When using LDAPCONF to synchronize users from LDAP, a partial set of users are added to the TIBCO iProcess Engine. The following entry is seen in the sw_warn file:
2012/05/07 10:39:42.613301(BG:2:4976:0::::pro:promvinf.c:80516:2467): 1631-WARNING: <ldap_moveinf(): PARTIAL RESULTS. Not all User entries returned from LDAP Servers.> <> <> <>
2012/05/07 10:39:42.717430(BG:2:4976:0::::pro:cplmain.c:80415:2381): 1631-WARNING: <CPLInstruction - Error> <-19> <MOVINFO> <MOVINFO^FULL>
The BG debug will contain the following return code from the LDAP search:
[T=01584]120507103436.352316:T004: SW_LDAP_search : Return code from ldap_search_s is 4
Environment:
============
All supported TIBCO iProcess Engine versions.
All supported platforms.
Resolution:
==========
An LDAP_SEARCH return code 4 means that the search results were restricted or partial results were retrieved. There is no restriction in the TIBCO iProcess Engine LDAPCONF utility to limit the number of search results; however the LDAP Server may have a restriction on the result-set that can be retrieved. If the number of users has increased to a value greater than the possible result-set from the LDAP server then either the maximul result set from the LDAP server must be increased or filter criteria should be used to reduce the overall result set.
The following is an example filter expression (valid for Microsoft Active Directory only), which would return only active user accounts and skip all disabled accounts:
(&(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Issue/Introduction
LDAPCONF Synchronization adds only a partial set of users to the TIBCO iProcess Engine.
Feedback
Yes
No
Powered by
