Cannot use groups from secondary LDAP for membership within IBM Connections

For a customer I federated a secondary directory (SDS) to store external users in Connections 5.0 CR02. Their primary LDAP (AD) is used for employees. This is nothing new but what I found was that I couldn’t add groups from SDS as members within the external community. I also, couldn’t add groups from SDS to wikis or activities not that there’s any point doing this since external users cannot access these applications outside the community container.

Below is the stack trace I was seeing.

[9/25/15 7:59:19:491 BST] 0000472f MemberHelper  E com.ibm.tango.util.MemberHelper parseMemberDirectoryUuids
com.ibm.tango.exception.NotInDirectoryException: Received null directory data for group uuid: 6c97c140-f58e-1034-9213-b1677db2f55d
at com.ibm.tango.internal.service.core.GroupProfileBo.openByDirectoryUuid(GroupProfileBo.java:104)
at com.ibm.tango.internal.service.TangoServiceImpl.getGroupProfileByDirectoryUuid(TangoServiceImpl.java:7152)
at com.ibm.tango.internal.service.TangoServiceImpl.getGroupProfileByDirectoryUuid(TangoServiceImpl.java:7158)
at com.ibm.tango.util.MemberHelper.parseMemberDirectoryUuids(MemberHelper.java:183)
at com.ibm.tango.web.ui.actions.MemberAddSubmitAction.doActionExecute(MemberAddSubmitAction.java:239)
at com.ibm.tango.web.ui.actions.TangoAction.execute(TangoAction.java:144)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421)…………………………….

I raised a PMR and quickly David McCarthy got on the case. He was able to reproduce. He found that by deleting the AD repository, leaving just SDS, he could add a group. After escalation to L3 they reported that there was a problem with the code and Directory Services (Waltz) were looking into it.

Today I was sent LO87091 which I applied and it now works.

This fix will be included in CR04 which I hear will be released in the new year after 5.5 has landed.