jvybihal Frequent Contributor.
Frequent Contributor.
176 views

No Users Found in idmdash (compound indexes)

Jump to solution

Hi, in idmdash/#/users/ I see "No Users Found" when there actually are users. The number between Users header even shows that there are users. Basically similar to issues here and here.

Yeah, I know, compound indexes. I have dealt with them in the past already. But this time I can not seem to get this working. This is basically fresh installation, no changes to DAL.

My compound indexes:

 

	GnSnIndex	Online	User	Value	Given Name,Surname
	SnGnIndex	Online	User	Value	Surname,Given Name
	CnSnIndex	Online	User	Value	CN,Surname
	TitleSnIndex	Online	User	Value	Title,Surname
	OuSnIndex	Online	User	Value	OU,Surname
	LSnIndex	Online	User	Value	L,Surname
	mailSnIndex	Online	User	Value	Internet EMail Address,Surname
	telephoneNumberSnIndex	Online	User	Value	Telephone Number,Surname

 

 

In catalina.out I can see that compound indexes are indeed the issue, but I am really out of ideas what I should do now. The indexes are there, but the edir is not happy:

 

 

ERROR [com.novell.srvprv.impl.vdata.model.VirtualDataAccess] (ajp-nio-8109-exec-6) [RBPM] Operation not supported. Compound Indexes not found for the sorting attribute : javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'ou=users,o=data'
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'ou=users,o=data'
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3227)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
	at com.novell.srvprv.impl.vdata.model.VirtualDataAccess.getPaggedResultFromVlV(VirtualDataAccess.java:2248)
	at com.novell.srvprv.impl.vdata.model.VirtualDataAccess.getPaggedResultlist(VirtualDataAccess.java:648)
	at com.novell.srvprv.impl.vdata.model.VirtualDataAccess.getEntityResultList(VirtualDataAccess.java:609)
	at com.novell.srvprv.impl.vdata.model.VirtualDataModel.getEntityResultList(VirtualDataModel.java:421)
	at com.netiq.idm.infosrv.IdentityInfoServiceImpl.getVirtualEntityFromUserSearch(IdentityInfoServiceImpl.java:726)
	at com.netiq.idm.infosrv.IdentityInfoServiceImpl.getUsersDetaildResponse(IdentityInfoServiceImpl.java:1567)
	at com.netiq.idm.rest.access.UserInfoService.getUserInfoFromSrv(UserInfoService.java:1190)
	at com.netiq.idm.rest.access.UserInfoService.searchUsersWithDefaults(UserInfoService.java:777)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:168)
	at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:67)
	at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:259)
	at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:133)
	at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:83)
	at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:133)
	at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:71)
	at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:990)
	at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:941)
	at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:932)
	at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:384)
	at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:451)
	at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:632)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.auth.JAASFilter.doFilter(JAASFilter.java:145)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.auth.saml.AuthTokenGeneratorFilter.doFilter(AuthTokenGeneratorFilter.java:108)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.auth.sso.SSOFilter.doFilter(SSOFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.soa.common.i18n.BestLocaleServletFilter.doFilter(BestLocaleServletFilter.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.ForceNoCacheFilter.doFilter(ForceNoCacheFilter.java:69)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.CrossScriptingFilter.doFilter(CrossScriptingFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:132)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:479)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

ERROR [com.netiq.idm.rest.access.UserInfoService] (ajp-nio-8109-exec-6) [RBPM] Internal exception occurred processing REST service
com.netiq.idm.infosrv.IdentityInfoServiceException: Operation not supported. Compound Indexes not found for the sorting attribute : javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'ou=users,o=data'
	at com.netiq.idm.infosrv.IdentityInfoServiceImpl.getUsersDetaildResponse(IdentityInfoServiceImpl.java:1576)
	at com.netiq.idm.rest.access.UserInfoService.getUserInfoFromSrv(UserInfoService.java:1190)
	at com.netiq.idm.rest.access.UserInfoService.searchUsersWithDefaults(UserInfoService.java:777)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:168)
	at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:67)
	at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:259)
	at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:133)
	at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:83)
	at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:133)
	at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:71)
	at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:990)
	at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:941)
	at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:932)
	at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:384)
	at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:451)
	at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:632)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.auth.JAASFilter.doFilter(JAASFilter.java:145)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.auth.saml.AuthTokenGeneratorFilter.doFilter(AuthTokenGeneratorFilter.java:108)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.auth.sso.SSOFilter.doFilter(SSOFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.soa.common.i18n.BestLocaleServletFilter.doFilter(BestLocaleServletFilter.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.ForceNoCacheFilter.doFilter(ForceNoCacheFilter.java:69)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.CrossScriptingFilter.doFilter(CrossScriptingFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.novell.common.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:132)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:479)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

 

 

Anybody please, any idea what could be the issue?

Labels (1)
0 Likes
1 Solution

Accepted Solutions
rivey Super Contributor.
Super Contributor.

Re: No Users Found in idmdash (compound indexes)

Jump to solution

There is a note in the 4.7.2 documentation about how to create the compound indexes.  You specifically want one with an ancestorId value.

Also, on the settings page where you configure the attributes to search for users, you must ensure that your compound index for GivenName,Surname matches the exact parameters you search by there.  Once that new index with ancestorId is online, you disable the old one to avoid collisions.  What this means, for example, if you search by "givenName, Surname, FullName, CN", then your compound index should have those values, in that order (plus ancestorId flag).  After it is ready, kill the old givename,surname compound index.

Documentation link: https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm472/data/releasenotes_idm472.html#performance-issues-with-people-search-using-server-side-sorting-in-identity-applications

Note the comment about adding this index via command line only.  It cannot be done via iManager as the ancestorId flag is not available there.

4 Replies
Knowledge Partner
Knowledge Partner

Re: No Users Found in idmdash (compound indexes)

Jump to solution
Do you have the compound indexes on the correct server? Index are server specific, so that could be an issue.
Restart of tomcat is also good since flush cache is really bad right now.
Otherwhise im out of ideas.
0 Likes
rivey Super Contributor.
Super Contributor.

Re: No Users Found in idmdash (compound indexes)

Jump to solution

There is a note in the 4.7.2 documentation about how to create the compound indexes.  You specifically want one with an ancestorId value.

Also, on the settings page where you configure the attributes to search for users, you must ensure that your compound index for GivenName,Surname matches the exact parameters you search by there.  Once that new index with ancestorId is online, you disable the old one to avoid collisions.  What this means, for example, if you search by "givenName, Surname, FullName, CN", then your compound index should have those values, in that order (plus ancestorId flag).  After it is ready, kill the old givename,surname compound index.

Documentation link: https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm472/data/releasenotes_idm472.html#performance-issues-with-people-search-using-server-side-sorting-in-identity-applications

Note the comment about adding this index via command line only.  It cannot be done via iManager as the ancestorId flag is not available there.

jvybihal Frequent Contributor.
Frequent Contributor.

Re: No Users Found in idmdash (compound indexes)

Jump to solution
THANKS!!! This really helped.

I wonder how come that I did not occur this before, because I already have three 4.7.2 install behind me, and this is the firt time it happened to me.
0 Likes
jvybihal Frequent Contributor.
Frequent Contributor.

Re: No Users Found in idmdash (compound indexes)

Jump to solution

Unfortunately, I tried all of that. This is simple setup, only one server. Flushed cache like crazy, restarted tomcat, nds, even whole box was rebooted multiple times. Added more Indexes (Surname,OU, Surname,Telephone Number, etc.). Now I am trying to figue out somethign from ndstrace, but nothing obvious for me.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.