LDAP group import failed

Document ID : KB000004744
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

With PAM v2.7, LDAP group import failed with java.lang.ArrayIndexOutOfBoundsException, if base DN is not associated with domain component (dc) attributes.

  

== LDAPImport0.log ==

<record>
  <date>2016-11-09T23:33:16</date>
  <millis>1478734396161</millis>
  <sequence>18</sequence>
  <logger>com.xceedium.gatekeeper.ldapSink.ServiceLDAPDataSink</logger>
  <level>SEVERE</level>
  <class>com.xceedium.gatekeeper.ldapSink.ServiceLDAPDataSink</class>
  <method>importLDAPGroupMember</method>
  <thread>10</thread>
  <message>Exception occurred while importing LDAP member</message>
  <exception>
    <message>java.lang.ArrayIndexOutOfBoundsException: 1</message>
    <frame>
      <class>com.xceedium.gatekeeper.ldapSink.ServiceLDAPDataSink</class>
      <method>importLDAPGroupMember</method>
      <line>42</line>
    </frame>
    <frame>
      <class>com.xceedium.gatekeeper.ldapSink.DatabaseLDAPDataSink</class>
      <method>run</method>
      <line>299</line>
    </frame>
    <frame>
      <class>com.xceedium.gatekeeper.ldapSink.ServiceLDAPDataSink</class>
      <method>run</method>
      <line>19</line>
    </frame>
    <frame>
      <class>java.lang.Thread</class>
      <method>run</method>
    </frame>
  </exception>
</record>

Environment:
PAM: 2.7User Directory: CA Directory R12 SP18
Cause:

PAM is looking up LDAP member with domain component (dc) attribute. Hence, exception is returned when we attempt to import LDAP group members from LDAP instance with base DN of “o=Democorp,c=au”.

Resolution:

Defect is addressed with later patch release of PAM v2.7 -- CAPAM_2.7.0.06.p.zip

 

 

Additional Information:

Workaround:

 

Use LDAP instance with domain component (dc) attributes as its base DN.

 

The issue is not observed with earlier releases of PAM e.g: PAM v2.5 and v2.6