ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Account creation issue using UNIX v2 type Endpoint when parent directory of specified user's home directory doesn't exist
Article ID: 129546
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
The problem is reproduced by doing below steps.
1. Create UNIX v2 Type Endpoint from User Console's Endpoints > Manage Endpoints > Create Endpoint page
2. SSH/Login to the UNIX Endpoint and make sure that there is no /AA/BB/CC directory
3. Create UNIX v2 Account Template for the Endpoint
4. Create Provisioning Role
5. Create a new user and assigned the Provisioning Rule
6. Notice account creation failed with the following error in etatrans log
20190217:225429:TID=001c74:CreateAcct:C057:C055:F: msg: :ETA_E_0016, Account for Global User 'unixfour' on Endpoint 'rhel r
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+oot' creation failed: :ETA_E_0004, Account 'unixfour' on 'rhel root' creatio
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+n failed: Connector Server Add failed: code 80 (OTHER-NamingException): failed to
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+ add entry eTDYNAccountName=unixfour,eTDYNAccountContainerName=Accounts,eTDYNDire
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+ctoryName=rhel root,eTNamespaceName=UNIX v2,dc=im,dc=etasa: javax.naming.NamingEx
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+ception: [email protected]: UNIX: Cannot perform the operation on [unixfour]. T
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+he information returned by the endpoint is ['useradd: cannot create directory /AA
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+/BB/CC/unixfour', 'rc=12']. (ldaps://xxxxxxxxxxx.ca.com:20411)
This problem is not happening if you use older UNIX etc connector.
1. Create UNIX v2 Type Endpoint from User Console's Endpoints > Manage Endpoints > Create Endpoint page
Hostname: <UNIX machine hostname>
Administrator: root
Password: <root password>
Shell Prompt (Regexp) : *\#( )
Select "Delete Home Directory When Deleting Account" box
Notes: Leave other parameter as defaults. The Shell Prompt (Regexp) is set as above assuming that the root user prompt is ended with # and a space characterAdministrator: root
Password: <root password>
Shell Prompt (Regexp) : *\#( )
Select "Delete Home Directory When Deleting Account" box
2. SSH/Login to the UNIX Endpoint and make sure that there is no /AA/BB/CC directory
3. Create UNIX v2 Account Template for the Endpoint
On User tab set
UID > UID Mode : Use the Next Free UID
User Account Information > Primary Group : users
Select "Create Home Directory" box
Home Directory : /AA/BB/CC/%AC%
Notes: /AA/BB/CC directory doesn't exist on the UNIX Endpoint machineUID > UID Mode : Use the Next Free UID
User Account Information > Primary Group : users
Select "Create Home Directory" box
Home Directory : /AA/BB/CC/%AC%
4. Create Provisioning Role
On Account Templates tab set
Click [Add Account Template] button to set created UNIX v2 Account Template
On Administrator tab set
Deselect "Administrator can add and remove administrators of this role" box
Admin Policies : who are members of (admin role "System Manager")
User Scope Rule: (all)
Manage Members : selected
On Owners tab set
Owner Rules: who are members of (admin role "System Manager")
Click [Add Account Template] button to set created UNIX v2 Account Template
On Administrator tab set
Deselect "Administrator can add and remove administrators of this role" box
Admin Policies : who are members of (admin role "System Manager")
User Scope Rule: (all)
Manage Members : selected
On Owners tab set
Owner Rules: who are members of (admin role "System Manager")
5. Create a new user and assigned the Provisioning Rule
6. Notice account creation failed with the following error in etatrans log
20190217:225429:TID=001c74:CreateAcct:C057:C055:F: msg: :ETA_E_0016, Account for Global User 'unixfour' on Endpoint 'rhel r
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+oot' creation failed: :ETA_E_0004, Account 'unixfour' on 'rhel root' creatio
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+n failed: Connector Server Add failed: code 80 (OTHER-NamingException): failed to
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+ add entry eTDYNAccountName=unixfour,eTDYNAccountContainerName=Accounts,eTDYNDire
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+ctoryName=rhel root,eTNamespaceName=UNIX v2,dc=im,dc=etasa: javax.naming.NamingEx
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+ception: [email protected]: UNIX: Cannot perform the operation on [unixfour]. T
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+he information returned by the endpoint is ['useradd: cannot create directory /AA
20190217:225429:TID=001c74:CreateAcct:C057:C055:F:+/BB/CC/unixfour', 'rc=12']. (ldaps://xxxxxxxxxxx.ca.com:20411)
This problem is not happening if you use older UNIX etc connector.
Cause
This is a known issue which is recorded in Engineering ticket DE407210.
Environment
Identity Manager 14.2
Resolution
We have created fix that addresses this issue.
Please raise a Technical Support call ticket and request for the fix attached to DE407210.
At the time of this article is written, we are targeting to delivered this fix into 14.2 CP5 onward.
Feedback
Yes
No
Powered by
