It's all about the answers!

Ask a question

CRLQE0864W Lifecycle Query Engine was unable to detect an external user registry


Fons Maathuis (217) | asked Mar 26 '18, 10:21 a.m.

 I've installed RTC 6.0.5 ifix002. Started with empty databases, installed JTS, CCM, DCC, LQE, QM, RM, RS and DW.

During setup I've configured LDAP/SDBM, which works fine. Users from RACF are imported into the user-registry. 
But in the JTS.log I see that LQE has a problem with LDAP:
2018-03-26 16:11:21,204 [Default Executor-thread-75 @@ 16:11 <unauthenticated> <LQE/1.0@145.83.230.95> /jts/service/com.ibm.team.repository.service.internal.IExternalUserRegistryRestService/externalUserRegistryConfiguration] ERROR ts.internal.userregistry.ldap.LDAPRACFUserRegistry  - [9470f621] CRJAZ0738I Error fetching groups.
javax.naming.SizeLimitExceededException: [LDAP: error code 4 - R004028 Search size limit exceeded (sendSearchResults:3183)]; remaining name 'PROFILETYPE=GROUP,racfdb=MVS1'

The LQE.log tells me this:
CRLQE0864W Lifecycle Query Engine was unable to detect an external user registry. The request to fetch the external user registry configuration returned with an http status code of 400. Retrying in 1 minute.  The Lifecycle Query Engine Admin UI might be unavailable because users and groups can not be mapped to roles. 

Do I need to configure a LDAP connection from LQE? What can I do to prevent LQE going to RACF, I may want to disable LQE, does that have repercussions to the other applications? 

Who can help me?

thanx in advance 

Fons

Accepted answer


permanent link
Donald Nong (14.4k314) | answered Mar 26 '18, 9:10 p.m.

The error occurs when LQE tries to fetch groups from the LDAP server. The LDAP query ends with an error R004028. In other words, the LDAP server is connected but a certain query fails. You can check the details of error R004028 in the below document.
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.glpa400/msg-R004028.htm

Simply put,  the LDAP query returns more records than the server allows, and you need to find a way to change this. You can narrow down the scope of the search (by setting the base DN to a lower level, for example), or increase the server limit, or increase the client limit. It all depends on the actual configuration. If you cannot resolve it by yourself, please contact IBM Support.

Fons Maathuis selected this answer as the correct answer

Comments
Fons Maathuis commented Mar 27 '18, 2:37 a.m. | edited Mar 27 '18, 2:38 a.m.

Hi Donald,

I did understand that the LDAP query returns too much results. Stretching up the server limit is not an option, so I need to reduce the search results. I hoped to get an answer to help me configuring LQE so it only searches the RACF-groups I've configured in my JTS user registry. Think that is the part you mentioned 'setting the base DN to a lower level', but how can I do that in LQE?

Fons


Donald Nong commented Mar 27 '18, 9:21 p.m.

From the stack trace that you provided, the service is from JTS, not LQE.

Your answer


Register or to post your answer.