Account creation issue using UNIX v2 type Endpoint when parent directory of specified user's home directory doesn't exist

book

Article ID: 129546

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

The problem is reproduced by doing below steps.

1. Create UNIX v2 Type Endpoint from User Console's Endpoints > Manage Endpoints > Create Endpoint page
Hostname: <UNIX machine hostname>
Administrator: root
Password: <root password>
Shell Prompt (Regexp) : *\#( )
Select "Delete Home Directory When Deleting Account" box
     Notes: Leave other parameter as defaults. The Shell Prompt (Regexp) is set as above assuming that the root user prompt is ended with # and a space character

2. SSH/Login to the UNIX Endpoint and make sure that there is no /AA/BB/CC directory

3. Create UNIX v2 Account Template for the Endpoint
On User tab set
  UID > UID Mode : Use the Next Free UID
  User Account Information > Primary Group : users
  Select "Create Home Directory" box
  Home Directory : /AA/BB/CC/%AC%
    Notes: /AA/BB/CC directory doesn't exist on the UNIX Endpoint machine

4. Create Provisioning Role
On Account Templates tab set
  Click [Add Account Template] button to set created UNIX v2 Account Template
On Administrator tab set
  Deselect "Administrator can add and remove administrators of this role" box
  Admin Policies : who are members of (admin role "System Manager")
  User Scope Rule: (all)
  Manage Members : selected
On Owners tab set
  Owner Rules: who are members of (admin role "System Manager")

5. Create a new user and assigned the Provisioning Rule

6. Notice account creation failed with the following error in etatrans log

20190217:225429:TID=001c74:CreateAcct:C057:C055:F: msg: :ETA_E_0016, Account for Global User 'unixfour' on Endpoint 'rhel r
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+oot' creation failed: :ETA_E_0004, Account 'unixfour' on 'rhel root' creatio
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+n failed: Connector Server Add failed: code 80 (OTHER-NamingException): failed to
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+ add entry eTDYNAccountName=unixfour,eTDYNAccountContainerName=Accounts,eTDYNDire
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+ctoryName=rhel root,eTNamespaceName=UNIX v2,dc=im,dc=etasa: javax.naming.NamingEx
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+ception: [email protected]: UNIX: Cannot perform the operation on [unixfour]. T
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+he information returned by the endpoint is ['useradd: cannot create directory /AA
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+/BB/CC/unixfour', 'rc=12']. (ldaps://xxxxxxxxxxx.ca.com:20411)


This problem is not happening if you use older UNIX etc connector.

Cause

This is a known issue which is recorded in Engineering ticket DE407210.

Environment

Identity Manager 14.2

Resolution

We have created fix that addresses this issue.
Please raise a Technical Support call ticket and request for the fix attached to DE407210.

At the time of this article is written, we are targeting to delivered this fix into 14.2 CP5 onward.