CA Identity Manager Unix v2 connector: Solaris account creation error UNIX: Cannot perform the operation on [<account name>]. The information returned by the endpoint is ['passwd: Invalid argument to option -n', 'Invalid combination of options', 'rc=2']
search cancel

CA Identity Manager Unix v2 connector: Solaris account creation error UNIX: Cannot perform the operation on [<account name>]. The information returned by the endpoint is ['passwd: Invalid argument to option -n', 'Invalid combination of options', 'rc=2']

book

Article ID: 271923

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

When we try to create an account in Solaris using Unix v2 connector we get this error message:

:ETA_E_0004<AAC>, Account 'testacct' on 'XXXXXXXXXX' creation failed: Connector Server Add failed: code 70 (RESULTS_TOO_LARGE): failed to add entry eTDYNAccountName=testacct,eTDYNAccountContainerName=Accounts,eTDYNDirectoryName=XXXXXXXXXX,eTNamespaceName=UNIX v2,dc=im,dc=etasa: JCS@XXXXXXXXXX: UNIX: Error after account creation JCS@XXXXXXXXXX: UNIX: Cannot perform the operation on [testacct].  The information returned by the endpoint is ['passwd: Invalid argument to option -n', 'Invalid combination of options', 'rc=2'].. (ldaps://XXXXXXXXXX:20411)

Environment

Release : 14.4

Resolution

The problem is this combination of attributes:

eTDYN-str-multi-11(Minimum Before Change):  0
eTDYN-str-multi-12(Maximum Age of Password):  -1
eTDYN-str-multi-13(Warning):  7

On Solaris we can use eTDYN-str-multi-12=-1 neither together with eTDYN-str-multi-11=0 nor together with eTDYN-str-multi-13=7
That's why Solaris returned "passwd: Invalid argument to option -n, Invalid combination of options" message

eTDYN-str-multi-11 is called "Minimum Before Change" in our Unix v2 metadata, and it corresponds to '-n' parameter of passwd command on Solaris
eTDYN-str-multi-12 "Maximum Age of Password": '-x' parameter
eTDYN-str-multi-13 "Warning": '-w' parameter

This is what passwd command man page on Solaris says:

       -n min
           Sets  minimum  field  for  name. The min field contains the minimum
           number of days between password changes for name. If min is greater
           than  max,  the  user  can not change the password. Always use this
           option with the -x option, unless max is set to  -1  (aging  turned
           off). In that case, min need not be set.

       -w warn
           Sets  warn  field  for  name. The warn field contains the number of
           days before the password expires  and  the  user  is  warned.  This
           option is not valid if password aging is disabled.

       -x max
           Sets  maximum  field for name. The max field contains the number of
           days that the password is valid for name. The  aging  for  name  is
           turned off immediately if max is set to -1.

So in order to set account password to never expired please use eTDYN-str-multi-12(Maximum Age of Password) = -1, and leave eTDYN-str-multi-11(Minimum Before Change) and eTDYN-str-multi-13(Warning) blank

Powered by Wolken Software