Tuesday, November 21, 2017

SuPump when used on disabled accounts

We had an issue crop up in one of our favorite sites using the Sumatra Pump.

 Calendar item insertion jobs were hanging and the error logs were showing things like this:

 GetUserFromAD-ERROR: Failed while reading AD: (employeeId=F112ZHW); err: Object reference not set to an instance of an object.
GetUserFromAD-ERROR: Failed while reading AD: (employeeId=F112ZHY); err: Object reference not set to an instance of an object.
'ERROR: Failed while reading AD.(employeeId=F112ZHT)
ERROR: Failed while reading AD.(employeeId=33460A)

Simple to diagnose: The accounts causing the problem were DISABLED accounts.

To deal with it exclude the disabled accounts.
      Patient: "Doctor, it hurts when I do this."  
      Doctor: "Don't do that!"

 WHAT (NOT) TO DO

An easy fix: add this criteria to exclude disabled accounts to the LDAP string in the _config.xml file:
(!userAccountControl:1.2.840.113556.1.4.803:=2)
Thus,  your LDAP4USER setting should look something like this  
LDAP://DC=YOUR_DC,DC=COMPANY,DC=COM;(&(mailNickName=*)(employeeID=*)(!userAccountControl:1.2.840.113556.1.4.803:=2))

 What the heck do those strange numbers mean????

 It’s a bitwise AND filter for the UAC.  

 For more info on the UAC please see:

How to use the UserAccountControl flags to manipulate user account properties


Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)