Failed to Create USER in Selang, XUSER Already Exists in Database
search cancel

Failed to Create USER in Selang, XUSER Already Exists in Database

book

Article ID: 273606

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM) CA Virtual Privilege Manager

Issue/Introduction

When trying to create a USER resource in selang, the following error occurs. This is occurring for multiple users, impacting the ability to manage the users and causing improper privileges for them.

PAMSC> eu testpamsc .....
ERROR: Failed to create USER testpamsc
ERROR: XUSER testpamsc already exists in database
PAMSC> exit

Environment

Privileged Identity Manager 12.8 SP1
PAM Server Control 14.x

Cause

By default, an XUSER resource will be created when a user logs into the server and there is no USER resource for them. For more information about this behavior and how to control it, please refer to the 

Enable or Disable the Creation of XUSER Records at Enterprise User Login

There cannot be a USER and XUSER with the same name, so if an admin attempts to create a USER when an XUSER already exists, the "Failed to create USER" and "XUSER already exists in database" errors will occur. The same will happen if an admin attempts to create an XUSER when a USER resource of the same name already exists.

Resolution

In order to create the USER resource, first use the selang `rxu` to delete the existing XUSER resource, then run the `eu` command to create the USER resource.

# selang
PAMSC> rxu testpamsc
Successfully deleted XUSER testpamsc
PAMSC> eu testpamsc .....
Successfully created USER testpamsc
PAMSC> exit

To see what other XUSER resources exist which may cause future conflicts, the command `list XUSER` will search the endpoint's database for all XUSER resources and list them out.

# selang
PAMSC> list XUSER
johndoe
root
pimadmin
test123
PAMSC> exit