Group Object Creation Fails When Requestor Has Thousands Of Roles

(Doc ID 2388169.1)

Last updated on APRIL 22, 2018

Applies to:

Identity Manager - Version 11.1.2.3.170924 and later
Information in this document applies to any platform.

Symptoms

Group Object Creation Fails When Requestor Has Thousands Of Roles

Problem Description
---------------------------------------------------
While using Oracle Identity Manager (OIM) 11.1.2.3,  if a user has thousands of roles on his/her account, group creation/provision operations will fail.

The error we see in the logs is this: (The full stack trace is in the SR_PROV_LDAP)GRP_ADM_MASS_ROLE file attached)
Target Class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager
<Class/Method: tcITResourceInstanceOperationsBean/getITResourceInstanceParametersData encounter some problems: Could not get logon user / group membership>
<Class/Method: tcITResourceInstanceOperationsBean/getITResourceInstanceParametersData encounter some problems: {1}
com.thortech.xl.orb.dataaccess.tcDataAccessException
at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(tcDataAccessExceptionUtil.java:81)
at com.thortech.xl.dataaccess.tcDataBase.createException(tcDataBase.java:3212)
...
Caused By: java.sql.SQLSyntaxErrorException: ORA-01795: maximum number of expressions in a list is 1000

Here are the steps we take to reproduce the issue:
1. Log in to Identity Self-Service Console
2. Click 'Manage' tab
3. Click 'Organizations' and select an Organization.
4. Under the organization, click 'Provision'
5. Select 'LDAP Group' and click 'Continue'
6. When asked to 'Verify Resource Selection', click 'Continue'
7. Fill out the resource form, click 'Continue'
8. When asked to 'Verify Process Data' click 'Continue'. This will kick off the provisioning operation.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms