Expand my Community achievements bar.

SOLVED

UserManagerLookupService findGroupMembers restricted to 200?

Avatar

Former Community Member

Hi All,

I have a hopefully simple question.

Scenario:
1) I have LCES3 connected & synchronizing to the clients MS AD nightly. (Enterprise Domain setup in the LC Adminui)
2) I need to periodically query a specific group and do something with each user.
3) The specific group contains 975 users
4) Im using the Find Group & findGroupMembers operations from the UserManagerLookupService to retrieve a list of users.

Problem:
1) The findGroupMembers operation is only returning 200 users.

What I have tried / Noted:
1) Modifying the offset & resultSize values of the findGroupMembers operation to try get the next “batch” of users – no luck.
2) I opened the GROUP in LC AdminUI and noted that there are only 200 users in the GROUP – I resynchronized
2 a) Then in LC AdminUI, I went to “Edit Enterprise Domain” -> Directory -> Directory Group. I clicked TEST and saw the GROUP. I clicked on the GROUP, and noted in the “member” Attributes Names in the Attribute Value it listed all 975 users.
3) I have resynchronzied the Enteprise domain multiple times, but still no reflection (all users showing in the group in AdminUI or via Workbench findGroupMembers query).
4) The users that need to be in the group, however are showing in the LC AdminUI as users, however in the user’s user groups, it shows that it is not associated with that group.

5) Googling - on one of the adobe blogs, it speaks about a config file - but doesn't say where it is? (http://blogs.adobe.com/apugalia/lifecycle-of-livecycle-domain-synchronization/)

Question:
1) Why does LC AdminUI findGroupMemmbers not return the full set of users in a group in a synchronized Enterprise domain (it limits it to 200)?

Im hoping this is a simple adminui update, setting or config file change.

Thanking you all in advance

1 Accepted Solution

Avatar

Correct answer by
Former Community Member

For others:

In AdminUI I found the hiding config file! 

See --> Home --> Settings --> User Management --> Configuration --> Manual Configurations

What to do:

Export -> Modify -> Import

1) Read the warnings!

2) See: http://help.adobe.com/en_US/livecycle/10.0/AdminHelp/WS92d06802c76abadb-5145d5d12905ce07e7-7fd0.html

3) Note: http://help.adobe.com/en_US/livecycle/10.0/AdminHelp/WS92d06802c76abadb-5145d5d12905ce07e7-7f94.html

View solution in original post

3 Replies

Avatar

Former Community Member

Correcting error in question:

Question:
1) Why does the findGroupMembers in LC Workbench not return the full set of users in a group (only the first 200) from LiveCycle's synchronized Enterprise domain?

Avatar

Correct answer by
Former Community Member

For others:

In AdminUI I found the hiding config file! 

See --> Home --> Settings --> User Management --> Configuration --> Manual Configurations

What to do:

Export -> Modify -> Import

1) Read the warnings!

2) See: http://help.adobe.com/en_US/livecycle/10.0/AdminHelp/WS92d06802c76abadb-5145d5d12905ce07e7-7fd0.html

3) Note: http://help.adobe.com/en_US/livecycle/10.0/AdminHelp/WS92d06802c76abadb-5145d5d12905ce07e7-7f94.html

Avatar

Former Community Member

Just while im at it...

So after doing the above, you need to go back to Domain Management and Edit your Authentication & Directory for the specific domain.

You will need to put the password in again (as per warnings in step 1 above in previous post).

When putting in your password, it may give you an error saying the "username and password is incorrect".

And you will probably find a nice error in your server error log:

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 775, v1db0]

Go to https://confluence.atlassian.com/display/CONFKB/LDAP+Error+Code+49 to figure out what the bold and underlined value means.

In my example 775 means user account is locked. (why... when I did the config.xml import, alot of  things happened on the server error log and assume it locked the AD account)

The following has evaluated to null or missing: ==> liqladmin("SELECT id, value FROM metrics WHERE id = 'net_accepted_solutions' and user.id = '${acceptedAnswer.author.id}'").data.items [in template "analytics-container" at line 83, column 41] ---- Tip: It's the step after the last dot that caused this error, not those before it. ---- Tip: If the failing expression is known to be legally refer to something that's sometimes null or missing, either specify a default value like myOptionalVar!myDefault, or use <#if myOptionalVar??>when-present<#else>when-missing. (These only cover the last step of the expression; to cover the whole expression, use parenthesis: (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)?? ---- ---- FTL stack trace ("~" means nesting-related): - Failed at: #assign answerAuthorNetSolutions = li... [in template "analytics-container" at line 83, column 5] ----