"Refresh Role Memberships" Failing with ORA-01745 when 70,000+ Role Members to Review

(Doc ID 2222236.1)

Last updated on SEPTEMBER 25, 2017

Applies to:

Identity Manager - Version 11.1.2.3.160419 and later
Information in this document applies to any platform.

Symptoms


"Refresh Role Memberships" failing when 70,000+ role members
-----------------------


Seeing errors like the following:
-----

[2016-09-06T19:53:50.506-04:00] [oim_server1] [WARNING] [] [oracle.iam.scheduler.vo] [tid: OIMQuartzScheduler_Worker-3] [userId: oiminternal] [ecid: c2f4d8fd32afa0e0:-707f99dd:156e775d2e2:-8000-0000000000067679,0] [APP: oim#11.1.1.3.0] IAM-1020021 Unable to execute job : Refresh Role Memberships with Job History Id:5217342[[
oracle.iam.platform.utils.SuperRuntimeException: Role membership rule evaluation failed for following roles :DartLDAPAlias Provisioning,Kiewit AD Provisioning

After some investigation, found that the following error is the cause:

2016-09-08T09:28:50.620-04:00 oracle.iam.oimdataproviders.impl ORA-01745: invalid host/bind variable name[[
java.sql.SQLSyntaxErrorException: ORA-01745: invalid host/bind variable name

The issue appears to happen when a membership rule contains evaluates to more than 70,000 members.
Is there a way to work around this issue?




[2016-09-09T10:18:47.423-04:00] [oim_server1] [ERROR] [] [oracle.iam.oimdataproviders.impl] [tid: OIMQuartzScheduler_Worker-1] [userId: oiminternal] [ecid: 0000LSFH_XIFw005JzXBif1Nog8M000004,1:30623] [APP: oim#11.1.1.3.0] ORA-01745: invalid host/bind variable name[[
java.sql.SQLSyntaxErrorException: ORA-01745: invalid host/bind variable name

at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:548)




Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms