CyberArk connector - The external application 'LDAP' could not be found

Which IIQ version are you inquiring about?

8.5p1

Please share any images or screenshots, if relevant.

image897×275 2.81 KB

image899×274 4.21 KB

[Please insert images here, otherwise delete this section]

Please share any other relevant files that may be required (for example, logs).

[Please insert files here, otherwise delete this section]

Share all details about your problem, including any error messages you may have received.

I have a CyberArk application configured as a Privileged Account Management (PAM) application in IdentityIQ. I am trying to add an identity to an already existing safe. During the identity search, I encounter the error visible in one of the images. The error is as follows:

sailpoint.tools.GeneralException: The external application 'LDAP' could not be found.


at sailpoint.service.pam.PamExternalUserStoreService.getExternalApplication(PamExternalUserStoreService.java:125)

at sailpoint.service.pam.PamExternalUserStoreService.getExternalLink(PamExternalUserStoreService.java:145)

at sailpoint.service.pam.PamIdentitySuggestService.getPamAccounts(PamIdentitySuggestService.java:75)

at sailpoint.service.pam.PamIdentitySuggestService.getIdentities(PamIdentitySuggestService.java:49)

at sailpoint.rest.ui.pam.PamIdentitySuggestResource.getIdentities(PamIdentitySuggestResource.java:58)

at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)

at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.base/java.lang.reflect.Method.invoke(Method.java:568)

at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)

at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)

at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)

at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219)

at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)

at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475)

at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397)

at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)

at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)

at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)

at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)

at org.glassfish.jersey.internal.Errors.process(Errors.java:292)

at org.glassfish.jersey.internal.Errors.process(Errors.java:274)

at org.glassfish.jersey.internal.Errors.process(Errors.java:244)

at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)

at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)

What should I do to resolve this problem? What do I need to change or add in the configuration to prevent this issue from occurring again?

If i remember correctly for “external accounts”, the link will have an attribute named something like “source”, which now would be = LDAP. IIQ will try to find an application named LDAP to retrieve information from the E.g. AD application. This source attribute needs to match the name of the appropriate e.g AD app.
You could maybe just try to change the attribute on the link via debug to point to the AD app (if u have it in your system), and see if the error persists.

@krzysiekPienkowski I didn’t work on it but it seems somewhere in your application or in sys config you might have configured LDAP as external source. It is worth checking xmls to see if you get anything.

Do you have external source configured in your PAM configuration? Do you have application named “LDAP” in you environment. If the application name is matching (case sensitive) , are the links aggregated and present for users?

It appears to be a source configuration setting on the CyberArk side. Currently, users may be configured with LDAP as the source, while the corresponding source application does not exist in SailPoint.

If the Source attribute is not being used in your use case, you can try removing the Source attribute from the CyberArk schema in SailPoint. After making this change, run an account aggregation (and optionally a target aggregation) and then re-test.

However, if the Source attribute is required for your use case, the correction must be made on the CyberArk side by properly configuring the source mapping. In most cases, the source usually is Active Directory. You should engage the CyberArk SME to review and update the configuration accordingly if needed.

I did exactly that. Removed source attribute from schema. In my case that helped.

Thanks.