LDAP: error code 80 - LDP1999E Error issuing command with R_Admin
search cancel

LDAP: error code 80 - LDP1999E Error issuing command with R_Admin

book

Article ID: 379162

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Governance

Issue/Introduction

We created the TSSv2 endpoint, but when we try to explore it, it fails with the following errors

eta20240906.log:

2024.09.06.10:25:45.712   ERROR IM Provisioning Server - :ETA_E_0257<EXX>, Error listing Facilities objects: Connector Server Search failed: code 80 (OTHER-NamingException): failed on search operation: eTDYNContainer001Name=TestContainer,eTDYNDirectoryName=TSSTESTEndpoint,eTNamespaceName=CA Top Secret v2,dc=im,dc=etasa: javax.naming.NamingException: [LDAP: error code 80 - LDP1999E Error issuing command with R_Admin, <TSS0920E R_admin Internal error. Rsn=  4>] (ldaps://xxx.xxx.xxxx:20411) (by User 'etaadmin' - TenantNotSet) [DETAIL] {ID=66704392-8fj4-4a64-8665-72gda43cb353}
2024.09.06.10:26:00.852   ERROR IM Provisioning Server - :ETA_E_0024<EDI>, Endpoint 'TSSTESTEndpoint' exploration failed: (objects added: 2, deleted: 0, updated: 0, unchanged: 64265, failures: 2) (by User 'etaadmin' - TenantNotSet) {ID=66704392-8fj4-4a64-8665-72gda43cb353}

etatrans20240906-0000.log:

20240906:102545:TID=000ef0:Explore   :E089:----:I: EXPLORE: ERROR=":ETA_E_0257<EXX>, Error listing Facilities objects: Connector Ser
20240906:102545:TID=000ef0:Explore   :E089:----:I:+ver Search failed: code 80 (OTHER-NamingException): failed on search operation: e
20240906:102545:TID=000ef0:Explore   :E089:----:I:+TDYNContainer001Name=TestContainer,eTDYNDirectoryName=TSSTESTEndpoint,eTNamespaceName=CA
20240906:102545:TID=000ef0:Explore   :E089:----:I:+Top Secret v2,dc=im,dc=etasa: javax.naming.NamingException: [LDAP: error code 80
20240906:102545:TID=000ef0:Explore   :E089:----:I:+- LDP1999E Error issuing command with R_Admin, <TSS0920E R_admin Internal error.
20240906:102545:TID=000ef0:Explore   :E089:----:I:+Rsn=  4>] (ldaps://xxx.xxx.xxxx:20411)"
20240906:102545:TID=000ef0:Explore   :E089:----:I: EXPLORE: Exploring 'TSSTESTEndpoint' for 'eTDYNContainer002'
20240906:102545:TID=000ef0:Explore   :E089:----:I: Pagination Status (Explore): enabled (Endpoint); Page Size: 1000 (Endpoint)
20240906:102545:TID=000ef0:Explore   :E089:----:I: EXPLORE: Assuming the DB Container is not empty-- so start off with the algorithm
20240906:102545:TID=000ef0:Explore   :E089:----:I:+ that does DB Read of each entry first, then does DB Add or DB Modify if necessary
20240906:102545:TID=000ef0:Explore   :E089:----:I: Pagination Status (Explore): enabled (Endpoint); Page Size: 1000 (Endpoint)
20240906:102545:TID=000ef0:Explore   :E089:----:I: DN: eTDYNDirectoryName=TSSTESTEndpoint,eTNamespaceName=CA Top Secret v2,dc=im.

Environment

Release : 14.4
Component : CA Identity Governance

Resolution

It appears that there are no grants for the TSSTestUser user used in the TSS logs. We inserted the correct grants, this is the command that was launched "ss perm(TSSTestUser) CASECAUT(TSSCMD.) ACCESS(USE)", and now the explore on TSSv2 endpoint completes without failure.

Powered by Wolken Software