5 Troubleshooting

This chapter contains the following sections:

Troubleshooting
Guidelines on Using the Connector

Troubleshooting

Table 5-1 lists solutions to some commonly encountered issues associated with the connector.

Note:

Verify that you have performed Step 11 of the procedure described in the "Installing and Configuring the LDAP Gateway" section to enable logging.

Table 5-1 Troubleshooting

Problem Description	Solution
Oracle Identity Manager cannot establish a connection to the CA Top Secret server.	Ensure that the mainframe server is up and running. Check that the necessary ports are working. Due to the nature of the provisioning adapter, the LDAP Gateway must be started first, and then the mainframe JCL started task must be initiated. This is a requirement based on how TCP/IP operates. Check that the IP address of the server that hosts the LDAP Gateway, is configured in the Reconciliation Agent JCL. View the LDAP Gateway logs to determine if messages are being sent or received. Examine the Oracle Identity Manager configuration to verify that the IP address, admin ID, and admin password are correct. Check with the mainframe platform manager to verify that the mainframe user account and password have not been changed.
The mainframe does not appear to respond.	Ensure that the Oracle Identity Manager mappings are correct. Check the configuration mappings for the LDAP Gateway. If any of the mainframe JCL jobs have reached an abnormal end, then make the required corrections and rerun the jobs.
A particular use case does not appear to be functioning.	Check for the use case event in question on the Gateway Server Log. Then check for the event in the specific log assigned to that CA Top Secret Advanced Connector. If the event does not register in either of these two logs, investigate the connection between the Oracle Identity Manager and the CA Top Secret Advanced Connector Gateway. If the event is in the log but the command has not had the intended change on a mainframe user profile, check for configuration and connections between the Gateway and the mainframe. Check that TCP/IP is turned on.
The LDAP Gateway fails and stops working	If this problem occurs, then the Reconciliation Agent stops sending messages to the LDAP Gateway. Instead, it stores them in the subpool cache. When this happens, restart the LDAP Gateway instance so that the Reconciliation Agent reads the subpool cache and resends the messages.
The LDAP Gateway is running. However, the Reconciliation Agent fails and stops working	If this problem occurs, then all events are sent to the subpool cache. If the mainframe fails, then all messages are written to the disk. When this happens, restart the Reconciliation Agent instance so that it reads messages from the disk or subpool cache and resends the messages.

Guidelines on Using the Connector

Apply the following guidelines while using the connector:

The connector can accept and transmit any non-ASCII data to the mainframe, but the mainframe does not accept non-ASCII characters. As a result, any task that requires non-ASCII data transfer fails. In addition, there is no provision in the connector to indicate that the task has failed or that an error has occurred on the mainframe.

Caution:
To avoid errors of this type, you must exercise caution when providing inputs to the connector for the target system, especially when using a regional language interface.
Passwords used on the mainframe must conform to stringent rules related to passwords on mainframes. These passwords are also subject to restrictions imposed by corporate policies and rules about mainframe passwords.
If you configure the connector for trusted source reconciliation and set the idfTrusted property in the initialTopSecretAdv.properties file to true on one of the target system installations on the mainframe, then it must be set to true on all installations that connect to the same LDAP Gateway. Otherwise, the connector will fail. This applies only to a configuration in which a single LDAP Gateway connects to multiple installations of the target system.