Auto generated revocation requests Stuck in Fulfillment Phase with AFX errors in connector logs If any Change Item rejected within the first request in RSA Governance & Lifecycle
Article Number
Applies To
This is a known issue in the following versions.
- RSA Governance & Lifecycle 7.5.2
Issue
- As per the below screenshot, First CR adding the user into 2 groups (1 item was rejected)
- Second CR is automatically generated to remove users from those 2 groups in the revocation date
- The previously accepted item will be verified normally
- The rejected item will stuck in pending verification state with the below error in esb.AFX-CONN-NAME.log
2023-07-25 14:14:37.465 [ERROR] org.mule.transport.ldapx.LdapxConnector:337 - Error: LDAPException: Unwilling To Perform (53) Unwilling To Perform
LDAPException: Server Message: 00000561: SvcErr: DSID-031A1248, problem 5003 (WILL_NOT_PERFORM), data 0
LDAPException: Matched DN:
2023-07-25 14:14:37.468 [ERROR] org.mule.exception.DefaultMessagingExceptionStrategy:337 -
********************************************************************************
Message : Failed to route event via endpoint: DefaultOutboundEndpoint{endpointUri=ldapx://Active_DirectoryConnector.LDAP, connector=LdapxConnector
{
name=Active_DirectoryConnector.LDAP.connector
lifecycle=start
this=5508239a
numberOfConcurrentTransactedReceivers=4
createMultipleTransactedReceivers=true
connected=true
supportedProtocols=[ldapx]
serviceOverrides=<none>
}
, name='endpoint.ldapx.Active.DirectoryConnector.LDAP', mep=REQUEST_RESPONSE, properties={}, transactionConfig=Transaction{factory=null, action=INDIFFERENT, timeout=0}, deleteUnacceptedMessages=false, initialState=started, responseTimeout=10000, endpointEncoding=UTF-8, disableTransportTransformer=false}. Message payload is of type: LDAPModifyRequest
Code : MULE_ERROR-42999
--------------------------------------------------------------------------------
Exception stack is:
1. Unwilling To Perform (com.novell.ldap.LDAPException)
com.novell.ldap.LDAPResponse:-1 (null)
2. Failed to route event via endpoint: DefaultOutboundEndpoint{endpointUri=ldapx://Active_DirectoryConnector.LDAP, connector=LdapxConnector
{
name=Active_DirectoryConnector.LDAP.connector
lifecycle=start
this=5508239a
numberOfConcurrentTransactedReceivers=4
createMultipleTransactedReceivers=true
connected=true
supportedProtocols=[ldapx]
serviceOverrides=<none>
}
, name='endpoint.ldapx.Active.DirectoryConnector.LDAP', mep=REQUEST_RESPONSE, properties={}, transactionConfig=Transaction{factory=null, action=INDIFFERENT, timeout=0}, deleteUnacceptedMessages=false, initialState=started, responseTimeout=10000, endpointEncoding=UTF-8, disableTransportTransformer=false}. Message payload is of type: LDAPModifyRequest (org.mule.api.transport.DispatchException)
org.mule.transport.AbstractMessageDispatcher:117 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/transport/DispatchException.html)
--------------------------------------------------------------------------------
Root Exception stack trace:
LDAPException: Unwilling To Perform (53) Unwilling To Perform
LDAPException: Server Message: 00000561: SvcErr: DSID-031A1248, problem 5003 (WILL_NOT_PERFORM), data 0
LDAPException: Matched DN:
at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
+ 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************
Cause
Resolution
- SecurID Governance & Lifecycle 7.5.2 P08
