First identity collector failure


IGA 3.5.1 on windows 2016 fresh install.


eDir - latest fully patched 8.8

Login with igadmin works so basic stuf works. 

Trying to add first Identity Collector version: Identity Manager Identity Collector - Template Version 3.5.0

Filling in IP port and so on, requests the certficate and approves that, then clicking "Test Connection" and... Failure.


Log looks like this:

[INFO] 2019-09-18 15:09:53 com.netiq.daas.daaservice.DaaService <init> - [DAAS] Configuration file path: D:\netiq\idm\apps\tomcat\webapps\daas\daasconfig
[FINE] 2019-09-18 15:09:53 com.netiq.daas.daaservice.ServiceMap loadServiceInstance - [DAAS] Received request to load service: IDMIdentityTemplate-4-5-18c4de4980c24aebb7518e02ff361fdd
[FINE] 2019-09-18 15:09:53 com.netiq.daas.daaservice.ServiceMap loadServiceInstance - [DAAS] Loaded service: IDMIdentityTemplate-4-5-18c4de4980c24aebb7518e02ff361fdd, load count: 1
[FINE] 2019-09-18 15:09:53 com.netiq.daas.daaservice.ServiceProviderMap clean - [DAAS] Collection cleaner running...
[FINE] 2019-09-18 15:09:53 com.microfocus.daas.ldap.Connector <init> - [DAAS] Server URL: ldaps://
[FINE] 2019-09-18 15:09:53 com.netiq.daas.common.SrvInstance <init> - [DAAS] New service instance. TTL: 60
[FINE] 2019-09-18 15:09:53 com.netiq.daas.common.SrvInstance resetTimeout - [DAAS] Reset timeout for service instance to TTL: 60
[FINE] 2019-09-18 15:09:53 com.netiq.daas.common.JcceLoggerAdapter log - [DAAS] Creating TLS certificate truststore:
Type: X.509
Subject:, O=IDV
Issuer: O=IDV, OU=Organizational CA
Adding certificates to truststore:
Alias: O=IDV, OU=Organizational CA
(Elapsed time: 1.799 milliseconds)
[FINE] 2019-09-18 15:09:53 com.microfocus.daas.nativeldapservice.SSLSocketFactoryPrivate <init> - [DAAS] Creating TrustManager...
[FINE] 2019-09-18 15:09:53 com.microfocus.daas.nativeldapservice.SSLSocketFactoryPrivate <init> - [DAAS] Setting up SSLContext environment...
[FINE] 2019-09-18 15:09:53 com.microfocus.daas.nativeldapservice.TrustManagerPrivate checkServerTrusted - [DAAS] In checkServerTrusted()...
[FINE] 2019-09-18 15:09:53 com.microfocus.daas.nativeldapservice.TrustManagerPrivate isChainTrusted - [DAAS] Inspecting certificate chain. length is: 2
[FINE] 2019-09-18 15:09:53 com.microfocus.daas.nativeldapservice.TrustManagerPrivate isChainTrusted - [DAAS] Issuer Cert 1: O=IDV, OU=Organizational CA
[FINE] 2019-09-18 15:09:53 com.microfocus.daas.nativeldapservice.TrustManagerPrivate isChainTrusted - [DAAS] Subject Cert 1: O=IDV, OU=Organizational CA
[FINE] 2019-09-18 15:09:53 com.microfocus.daas.nativeldapservice.TrustManagerPrivate checkServerTrusted - [DAAS] Server certificate is trusted...
[FINE] 2019-09-18 15:09:53 com.microfocus.daas.nativeldapservice.TrustManagerPrivate getAcceptedIssuers - [DAAS] In getAcceptedIssuers()...
[FINEST] 2019-09-18 15:09:53 com.microfocus.daas.ldap.DirectoryCache getDirectoryInfo - [DAAS] Caching directory information:
Class: DirectoryInfo
Port: 636
Type: EDIR
Class: EDirectorySchema

...whole schema goes here...

[SEVERE] 2019-09-18 15:09:53 org.apache.catalina.core.StandardWrapperValve invoke - Servlet.service() for servlet [daas] in context with path [/daas] threw exception [java.lang.NullPointerException] with root cause
at com.microfocus.daas.ldap.edir.NameMap$LdapMapping.<init>(
at com.microfocus.daas.ldap.edir.NameMap$LdapMapping.<init>(

...full javablob here...

[FINE] 2019-09-18 15:09:54 com.netiq.daas.daaservice.ServiceMap unloadServiceInstance - [DAAS] Received request to unload service: IDMIdentityTemplate-4-5-18c4de4980c24aebb7518e02ff361fdd
[FINE] 2019-09-18 15:09:54 com.netiq.daas.daaservice.ServiceMap unloadServiceInstance - [DAAS] Decremented load count on service: IDMIdentityTemplate-4-5-18c4de4980c24aebb7518e02ff361fdd, load count: null
[SEVERE] 2019-09-18 15:09:54 testConnection - [IG-SERVER] Test Connection error: Encountered unexpected error: Entity input stream has already been closed.


And for sure nothing works. Amazing that it can get the schema.

Can't do collect, can't test collection etc. 

Added the ldap server CA cert to cacerts as trusetd - based on guesswork - no change. 

So obviously there is something completely obvious that I missed - but what?





  • Anders,

    My first thought is watch out for timeouts.  If you are were I knew you were working, might be the query is taking too long. But you do actually get a timeout like error in the logs for that. (I had a query to lock down the collected identities that was not using indexed attrs that took over 15 seconds and died.  Indexing the attrs did fix it.  But first I changed my query to remove one extra attr and it helped as well).


    Actually that was OSP on login now that I think about it.

    Does your schema have anything 'goofy' in it?  Since it read your schema, I wonder if it is parsing it, missing some expected data element and bombing. 


  • Hi,


    Sorry for the late response - you know me - just at another customer  

    I don't think its timeout related - I have no bad stuff in the log. Will take a look at rights for the user I'm using doing the connect, I have some sort of recollection that it might be in play here.

  • Verified Answer

    And so I have found the issue.
    Correct rights in the tree.
    Correct rights in the tree.
    Correct rights in the tree.

    I hope I don't forget it again.
Reply Children
No Data