5 Troubleshooting

This chapter contains the following sections:

Troubleshooting
Guidelines on Using the Connector

Troubleshooting

The following table lists solutions to some commonly encountered issues associated with the connector:

Problem Description	Solution
Oracle Identity Manager cannot establish a connection with IBM RACF.	Ensure that the mainframe is running. Verify that the required ports are working. Due to the nature of the Provisioning Agent, the LDAP Gateway must be started first, and then the mainframe JCL started task must be started. This is a requirement based on how TCP/IP operates. Check that the server IP that hosts the LDAP Gateway is configured in the Reconciliation Agent JCL. Read the LDAP Gateway logs to determine if messages are being sent or received. Verify that the IP address, administrator ID, and administrator password are correctly specified in the IT resource. Refer to Oracle Identity Manager Design Console Guide for information about viewing and modifying IT resources. Verify that the mainframe user account and password have not been changed.
The mainframe does not appear to respond.	Check the connection information that you have provided in the IT resource and the `LDAP_INSTALL_DIR/conf/racf.properties` file. Check the logs. If any of the mainframe JCL jobs have reached an abnormal end, then make the required corrections and rerun the jobs.
A particular use case does not work as expected.	Check for the use case event in the LDAP Gateway logs. Then check for the event in the specific log assigned to the IBM RACF Advanced connector that you are using. If the event has not been recorded in either of these logs, then investigate the connection between Oracle Identity Manager and the LDAP Gateway. If the event is in the log but the command has not had the intended change on a mainframe user profile, then check for configuration and connections between the LDAP Gateway and the mainframe. Verify that the message transport layer is working.
The LDAP Gateway fails and stops working.	If this problem occurs, then the Reconciliation Agent stops sending messages to the LDAP Gateway. Instead, it stores them in the subpool cache. When this happens, restart the LDAP Gateway instance so that the Reconciliation Agent reads the subpool cache and resends the messages.
The LDAP Gateway is running. However, the Reconciliation Agent fails and stops working.	If this problem occurs, then all events are sent to the subpool cache. If the mainframe fails, then all messages are written to the disk. When this happens, restart the Reconciliation Agent instance so that it reads messages from the disk or subpool cache and resends the messages.

Guidelines on Using the Connector

Apply the following guidelines while using the connector:

The IBM RACF Advanced connector can accept and transmit any non-ASCII data to the mainframe, but the mainframe does not accept non-ASCII characters. As a result, any task that requires non-ASCII data transfer fails. In addition, there is no provision in the connector to indicate that the task has failed or that an error has occurred on the mainframe. You must exercise caution when providing inputs to the connector for the target system, especially when using a regional language interface.
Passwords used on the mainframe must conform to stringent rules related to passwords on mainframes. These passwords are also subject to restrictions imposed by corporate policies and rules about mainframe passwords. While creating user accounts for target systems on the mainframe, you must take these requirements into account before assigning passwords for these accounts.
If you configure the connector for trusted source reconciliation and set the idfTrusted property in the initialRacfAdv.properties file to true in one of the target system installations on the mainframe, then it must be set to true in all installations that connect to the same LDAP Gateway. Otherwise, the connector will fail. This applies only to a configuration in which a single LDAP Gateway connects to multiple installations of the target system.