Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

CRLQE0864W Lifecycle Query Engine was unable to detect an external user registry

Questions
Tags
Users
Badges
Fons Maathuis
(40418) Mar 26 '18, 10:21 a.m.

 I've installed RTC 6.0.5 ifix002. Started with empty databases, installed JTS, CCM, DCC, LQE, QM, RM, RS and DW.

During setup I've configured LDAP/SDBM, which works fine. Users from RACF are imported into the user-registry. 
But in the JTS.log I see that LQE has a problem with LDAP:
2018-03-26 16:11:21,204 [Default Executor-thread-75 @@ 16:11 <unauthenticated> <LQE/1.0@145.83.230.95> /jts/service/com.ibm.team.repository.service.internal.IExternalUserRegistryRestService/externalUserRegistryConfiguration] ERROR ts.internal.userregistry.ldap.LDAPRACFUserRegistry  - [9470f621] CRJAZ0738I Error fetching groups.
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - R004028 Search size limit exceeded (sendSearchResults:3183)]; remaining name 'PROFILETYPE=GROUP,racfdb=MVS1'

The LQE.log tells me this:
CRLQE0864W Lifecycle Query Engine was unable to detect an external user registry. The request to fetch the external user registry configuration returned with an http status code of 400. Retrying in 1 minute.  The Lifecycle Query Engine Admin UI might be unavailable because users and groups can not be mapped to roles. 

Do I need to configure a LDAP connection from LQE? What can I do to prevent LQE going to RACF, I may want to disable LQE, does that have repercussions to the other applications? 

Who can help me?

thanx in advance 

Fons

0 votes

1 answer
4,276 views
0 votes

Accepted answer

Permanent link
Donald Nong
(14.5k614) Mar 26 '18, 9:10 p.m.

The error occurs when LQE tries to fetch groups from the LDAP server. The LDAP query ends with an error R004028. In other words, the LDAP server is connected but a certain query fails. You can check the details of error R004028 in the below document.
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.glpa400/msg-R004028.htm

Simply put,  the LDAP query returns more records than the server allows, and you need to find a way to change this. You can narrow down the scope of the search (by setting the base DN to a lower level, for example), or increase the server limit, or increase the client limit. It all depends on the actual configuration. If you cannot resolve it by yourself, please contact IBM Support.

Fons Maathuis selected this answer as the correct answer

0 votes

Comments
Fons Maathuis
Mar 27 '18, 2:38 a.m.

Hi Donald,

I did understand that the LDAP query returns too much results. Stretching up the server limit is not an option, so I need to reduce the search results. I hoped to get an answer to help me configuring LQE so it only searches the RACF-groups I've configured in my JTS user registry. Think that is the part you mentioned 'setting the base DN to a lower level', but how can I do that in LQE?

Fons

Donald Nong
Mar 27 '18, 9:21 p.m.

From the stack trace that you provided, the service is from JTS, not LQE.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 6,165

Question asked: Mar 26 '18, 10:21 a.m.

Question was seen: 4,276 times

Last updated: Mar 27 '18, 9:21 p.m.

Confirmation Cancel Confirm