AD Managed System

Hi!
After installing the AD connector, there is an Active check mark in the managed systems panel next to the AD Managed System, the Last Date line is also highlighted in green in the Running collectors status, but clicking on Connector replis I see the error “Crud Operation Error:java.lang.NullPointerException”, what can it be related to?
The data for AD (OU, etc.) is all correct.

Thank you for reaching out.

From your description, it appears that the AD connector has been installed successfully—the Active check mark in the Managed Systems panel and the green highlight under Running Collectors status indicate this. However, the error message you’re seeing when accessing Connector Replies:

“Crud Operation Error: java.lang.NullPointerException”

suggests that a missing or improperly initialized object may occur during one of the CRUD operations (Create, Read, Update, Delete) performed by the connector.

Common Causes:

  1. Null Configuration or Mapping Value

A field or attribute mapping (possibly in the Attribute Map or Provisioning Policy) may be missing or pointing to a null value in the source data or configuration.

  1. Missing Connector Script Parameter or Logic Error

If you’re using custom connector scripts (e.g., Groovy), a required object (like a user attribute, role, or system ID) may not be initialized or properly passed.

  1. AD User/Group Object Without Required Fields

It’s possible that a user or group being processed is missing a required field (e.g., sAMAccountName, distinguishedName, etc.) that the connector expects.

Recommended Actions:

Review Connector Logs: Check the detailed logs under idm.log and synchronization.log, or the full stack trace if available—this will indicate which object is null.

Validate Attribute Mappings: Ensure that all required fields in your Managed System Configuration and Provisioning Policy are correctly mapped.

Connector Replies Debug: If possible, run a test sync on a single object and monitor the output in real-time to isolate the issue.

Check Scripts: If any custom scripts are being used in provisioning, verify they include proper null checks and do not assume all values are always present.

If the issue persists, please feel free to send us:

A snippet of the idm.log and synchronization.log (with the full stack trace, if possible)

A screenshot of your Provisioning Policy Map and Attribute Map

The version of OpenIAM you’re running and the type of installation.

We’ll be happy to assist further!

Hi!
What path are the idm.log and synchronize.log files in? I don’t see them in the /var/log path.

Hello Fergust,

If it’s an RPM-based installation, the log files such as idm.log and synchronize.log can typically be found in the following directory: /usr/local/openiam/logs/

For Docker-based installations, you can use the following commands to retrieve the logs:

  1. Identify the container ID for the relevant service:
    docker ps | grep <servicename>

  2. Once you have the container ID, use the following command to view the logs:
    docker logs <container_id>

Hello Ameet!
I checked the logs of the container, that’s what error I was able to get:
[AD sAMAccountName]=Test.ADProv
ProvisionServicePostProcessor: add called.
AD user Status: true ====
2025-03-17 07:27:17.177 INFO 1 — [e_TaskExecutor9] o.o.i.m.l.ConnectorResponseListener : Caught SAVE response from connector in backend: AbstractConnectorResponse(super=Response(status=FAILURE, errorCode=null, errorText=Crud Operation Error:javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100796, data 0, 1 access points
ref 1: websitecompany.com

@fergust Thanks for the update.

To assist further, we’ll need a screenshot of the Managed System configuration and the Policy Maps defined for it. Additionally, could you please confirm whether the operation being performed is user provisioning into this Managed System, or if it’s a data sync from the Managed System?

This information will help us analyze the issue more accurately.

Thanks,
Ameet