6 Troubleshooting

Table 6-1 describes solutions to problems that you might encounter while using the connector.

Table 6-1 Troubleshooting Tips

Problem Description Solution

The LDAP Gateway does not send the full attribute value when provisioning attribute values that contain one or more space characters.

If this problem occurs, surround the attribute value in single quotation marks when populating the form field.

IOException: The process cannot access the file because another process has locked a portion of the file. This error is thrown during LDAP Gateway server startup.

Ensure that there are no other LDAP Gateways running on the server. Often, this error occurs when an LDAP Gateway Windows service is started in the background and a user attempts to start another LDAP Gateway using the run.bat file.

Oracle Identity Manager cannot establish a connection with CA Top Secret.

  • Ensure that the mainframe server is up and running.

  • Verify that the required ports are working.

  • Due to the nature of the Provisioning Agent, the LDAP Gateway must be started first, and then the mainframe JCL started task must be initiated. This is a requirement based on how TCP/IP operates. Check that the IP address of the server that hosts the LDAP Gateway is configured in the Reconciliation Agent JCL.

  • Read the LDAP Gateway logs to determine if messages are being sent or received.

  • Verify that the IP address, administrator ID, and administrator password are correctly specified in the IT resource. See Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Manager for information about viewing and modifying IT resources.

  • Verify that the mainframe user account and password have not been changed.

The mainframe does not appear to respond.

Check the logs. If any of the mainframe JCL jobs have reached an abnormal end, then make the required corrections and rerun the jobs.

A particular use case does not appear to be functioning.

Check for the use case event in the LDAP Gateway logs. Then check for the event in the specific log assigned to the CA Top Secret Advanced connector that you are using.

  • If the event does not register in either of these two logs, then investigate the connection between Oracle Identity Manager and the LDAP Gateway.

  • If the event is in the log but the command has not had the intended change on a mainframe user, then check for configuration and connections between the LDAP Gateway and the mainframe.

  • Verify that the message transport layer is working.

The LDAP Gateway fails and stops working

If this problem occurs, then the Reconciliation Agent stops sending messages to the LDAP Gateway. Instead, it stores them in the subpool cache.

When this happens, restart the LDAP Gateway instance so that the Reconciliation Agent reads the subpool cache and resends the messages.

The LDAP Gateway is running. However, the Reconciliation Agent fails and stops working

If this problem occurs, then all event data is sent to the subpool cache. If the mainframe fails, then all messages are written to the disk.

When this happens, restart the Reconciliation Agent so that it reads messages from the disk or subpool cache and resends the messages.

The LDAP Gateway does not respond to reconciliation requests when installed as a Windows service.

Check that the /lib directory in the LDAP Gateway does not contain multiple versions of the same JAR file. The Windows Service script installs all files in the /lib directory. Therefore, having multiple versions of the same JAR file can result in a collision. See the run script located in the /bin directory for the correct name and version number of the JAR file.