Data Loss Prevention

 View Only

  • 1.  Issue Indexing AD User Group

    Posted Feb 22, 2012 10:30 AM

    In one of my new demo systems, I was having a specific issue with indexing AD User Groups.  The indexing process would consistently fail, with the error logged in the Tomcat log as follows:

    22 Feb 2012 00:00:03,858- Thread: 22 SEVERE [com.vontu.profiles.manager.InfoSourceIndexCreator] Unexpected exception while creating exact data profile "ExchangeTek DEMO Source" version 10
    Cause:
    java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
    java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)

    To resolve, I added the following to the manager.policy file:

     permission java.lang.RuntimePermission "accessDeclaredMembers";

    ...which has resolved the issue.

    Just posting in case anyone else has seen something similar.  Not sure how I'd feel about having to do this in a production environment, but if I did run into it in a production system, it's certainly something I'd try as a test and then run through Support before keeping that change in place.  Took me some time to figure out, so I figured I'd post it up here in case anyone else has seen something similar.

    Regards,

    ~Keith



  • 2.  RE: Issue Indexing AD User Group

    Posted Apr 11, 2012 12:27 PM

    I am having the same exact issue!! Error below...

     

    Message
    Code 2905
    Summary Exact data profile creation failed
    Detail Data file for exact data profile "Kaplan Ad2 Source" was not created. Please look in the enforce server logs for more information.

    I did check the logs and it appears to be java related but my java tourbleshooting does not go very far. I found the manager.policy file but I am unsure where to add the line you suggested. Could you be abit more specific on where to add the line.

     

    BTW, I am so glad you posted this!! This stupid issue has been killing me.



  • 3.  RE: Issue Indexing AD User Group

    Posted Apr 12, 2012 05:55 AM

    Hi Kreynolds and mike,

    Please refer the below

    The problem happens because the user to authenticate the AD connection does not have proper priviledges to access directory data. The Index Update cannot access the data from Directory server.

    Please note that even when you pass the connection test by clicking on "Test Connection" button on Configure Directory Connection page, if the user does not have proper priviledges to access the specific OU information, the Index Update would still fail.

    Check the user priviledges used to access the directory server. You may use an LDAP browser to check if the user can access the specific data you want to index.