Getting error on Active Directory group aggregation after 8.4 upgrade

Which IIQ version are you inquiring about?

Version 8.4

Share all details related to your problem, including any error messages you may have received.

We recently upgraded to 8.4 and an error showed up on our Active Directory group aggregation:

2024-02-29T13:09:21,103 ERROR QuartzScheduler_Worker-3 sailpoint.api.Aggregator:5685 - Exception during aggregation (Last group was: CN=Group1,DC=asdf,DC=xyz)org.hibernate.exception.ConstraintViolationException: could not execute statement org.hibernate.exception.ConstraintViolationException: could not execute statement
	at sailpoint.persistence.HibernatePersistenceManager.commitTransaction( ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]
	at sailpoint.persistence.ClassPersistenceManager.commitTransaction( ~[identityiq.jar:8.4 Build bdd0ed4de58-20230919-192552]

Does anyone have any insight into what this error is saying and how to make it go away?


you may need to check the size of columns in spt_managed_attribute table and see what data is coming from AD … it seems that there’s either data length coming from AD doesn’t fits in spt_managed_attribute table or its trying to insert some null value in some columns which is set to not null etc…

The length for the Value column on the SPT_MANAGED_ATTRIBUTE table is 450. The entitlements that are throwing the errors are no more than about 100 chars, so I don’t think it is a length issue.


It should be fixed in 8.4 IIQSR-773
Fixed a problem that prevented hierarchical groups from being properly created during partitioned group aggregation.
Maybe try non-partitionied agg

Hmm, it fails with that same Constraint error with partitioning turned ON or OFF.


I missed this error, which seems important. This error is showing up at the same time as the one in my original post:

More than one matching ManagedAttribute uuid: APP1, memberOf, {4b61c001-dcba-4fc1-9974-175e1ed80031}

Sure enough, there are two ManagedAttribute values in the database with that UUID.

One of the ManagedAttributes had been changed in AD. I would think that the DN change propagation would take care of this issue? We’ve only had this issue since move from 8.1 to 8.4


@vic_rinkenberger Interesting, this error is due to UUID collision. The chances of UUID collision are said to be close to zero. Try deleting the conflicting managedAttribute from IdentityIQ using the console command delete ManagedAttribute <object ID>. Try Group Aggregation once again. This should work. Let me know how it goes.

1 Like

Yes try to run group add with detect deleted to fix the managed attribute

OK, so I did delete the conflicting ManagedAttributes from the database and now things seems to be working. Thanks for the help.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.