Importing Rules Into Seosdb Using selang -f is Incomplete, Seeing "CA ControlMinder is not running" Error


Article ID: 103465


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)


When importing rules into seosdb from a flat file using the command below, some of the rules are not imported.
# selang -f import_rules_file -o 

When reviewing the output file, the errors say that Privileged Identity Management is not running. However, checking issec after the import completes shows that the daemons are running.
ERROR: Login procedure failed
CA ControlMinder is not running
ERROR: Failed to get user identity from CA ControlMinder CA ControlMinder is not running


If the file being imported by selang is too large, seosd will consume too many resources while importing it. This causes a communication timeout with seoswd, prompting seoswd to restart seosd. Since seosd is down during the middle of the import, some rules will not be imported and the errors previously mentioned will occur.

To check if there was a communication, open the server's messages or syslog file and look for a message similar to the one below.
June 26 12:23:40 testserver seoswd: Communication time out to seosd. Executing seosd 


Release: ACP1M005900-14.0-Privileged Identity Manager


To prevent seosd from using too many resources while selang -f is being run, it is advised to break down a larger flat file into smaller ones. There is no set maximum number of rules the flat file should contain, it is dependent on the average load of the server.