When trying to create a USER resource in selang, the following error occurs. This is occurring for multiple users, impacting the ability to manage the users and causing improper privileges for them.
PAMSC> eu testpamsc .....
ERROR: Failed to create USER testpamsc
ERROR: XUSER testpamsc already exists in database
PAMSC> exit
Privileged Identity Manager 12.8 SP1
PAM Server Control 14.x
By default, an XUSER resource will be created when a user logs into the server and there is no USER resource for them. For more information about this behavior and how to control it, please refer to the
Enable or Disable the Creation of XUSER Records at Enterprise User Login
There cannot be a USER and XUSER with the same name, so if an admin attempts to create a USER when an XUSER already exists, the "Failed to create USER" and "XUSER already exists in database" errors will occur. The same will happen if an admin attempts to create an XUSER when a USER resource of the same name already exists.
In order to create the USER resource, first use the selang `rxu` to delete the existing XUSER resource, then run the `eu` command to create the USER resource.
# selang
PAMSC> rxu testpamsc
Successfully deleted XUSER testpamsc
PAMSC> eu testpamsc .....
Successfully created USER testpamsc
PAMSC> exit
To see what other XUSER resources exist which may cause future conflicts, the command `list XUSER` will search the endpoint's database for all XUSER resources and list them out.
# selang
PAMSC> list XUSER
johndoe
root
pimadmin
test123
PAMSC> exit