Invalid DN string during search Error: findUsersInScope: Exception doing scoped search

Document ID : KB000094801
Last Modified Date : 04/05/2018
Show Technical Document Details
Issue:
An error similar to this appears in an identity Manager task

Error: findUsersInScope: Exception doing scoped search: [facility=4 severity=3 reason=0 status=6 message=Unrecognized command] _directoryFindMatchingObjects doing search throws error: [facility=4 severity=2 reason=0 status=38 message=No items found] Organisation OU=Test78,OU=Business Entities,OU=PrePROD,OU=PrePROD,DC=managed,DC=testapps,DC=iam,DC=im does not appear in the directory.
Resolution:
Check the default search configuration of the task you are running (of "Modify User' for example):

Modify Admin Task > Modify User > Search Tab

The search tab allows you to config both the default user search and the default Organization search.

Also verify the scope rule for the task. Click Role Use and note which admin roles are assigned.

Then you can look at the configuration of the respective admin roles (Modify Admin Roles) to make sure members and administrators have the expected membership and scope rules defined.

For the specifc error above, in the role membership of an admin role it was noted that the whole DN, including a duplicate 'OU=PrePROD,' needed to be removed. The duplicate OU can be seen in the original error:

OU=Test78,OU=Business Entities,OU=PrePROD,OU=PrePROD,DC=managed,DC=testapps,DC=iam,DC=im