PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 07/12/2017 10:55 AM by  JimY
IPA-Adding OS (Environment) Identity
 8 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Roger French
Private
Private
Veteran Member
(1266 points)
Veteran Member
Posts:522


Send Message:

--
07/10/2017 11:24 AM

    So, attempting to add the OS Identity using the Resource Update node. This is Landmark on Windows 10.1.1.51

    LSF 10.x

    So in the IPA is working and the Basic LSF Security record using the Resource Update node. The SSOP and the EMSS identities are also added correctly.

    The OS Environment identity is not. Here is a snippet from the error log of the work unit. The SID is not an attribute to populate in the build in the Resource Node, and thus it can't be manually added. I've already confirmed that the user does have a SID by using the wmic command.

     

     

    Error while executing ResourceUpdate activity 
    java.lang.Exception: Invalid Argument (SID=null for service [LSF10] with svcIdenAttrs [[SID]] and identProps {SID=null, LOGIN=DDomain\john.doe, UID=, PASSWORD=password}).Service 'TEST_EMPLOYEE' added Succesfully.Service 'SSOP' added Succesfully.
    at com.lawson.bpm.processflow.workFlow.flowGraph.FgaUsers.addServiceRemote(FgaUsers.java:935)
    at com.lawson.bpm.processflow.workFlow.flowGraph.FgaUsers.startActivity(FgaUsers.java:1153)
    at com.lawson.bpm.processflow.workFlow.flowGraph.FgActivity.execute(FgActivity.java:947)

     

    Has anyone been able to add the OS Environment identity using the Resource Update node? If so how did you make it work?

    Thank you


    JimY
    Private
    Private
    Veteran Member
    (1089 points)
    Veteran Member
    Posts:389


    Send Message:

    --
    07/11/2017 5:56 AM
    Yes, we have been able to add the OS Identity.  Are you including the domain?  Below is a screen shot of what we do.



    Roger French
    Private
    Private
    Veteran Member
    (1266 points)
    Veteran Member
    Posts:522


    Send Message:

    --
    07/11/2017 7:39 AM

    Yes, I've included the domain. Tried both hard coding it like you have in your example, and also in the variable for the DOMAIN_USER with and without the Domain\. For the PASSWORD value I used password. Still the error occurs. 

    JimY
    Private
    Private
    Veteran Member
    (1089 points)
    Veteran Member
    Posts:389


    Send Message:

    --
    07/11/2017 9:48 AM
    Is john.doe a valid user id set up in Active Directory(Not sure if you use AD)? It sounds like it is not able to get the SID. Have you tried adding it using ISS and does it work?
    Roger French
    Private
    Private
    Veteran Member
    (1266 points)
    Veteran Member
    Posts:522


    Send Message:

    --
    07/11/2017 9:50 AM

    Yes AD is used, and Yes I can add it in ISS.

    JimY
    Private
    Private
    Veteran Member
    (1089 points)
    Veteran Member
    Posts:389


    Send Message:

    --
    07/11/2017 10:39 AM
    I am stumped(not to hard to do). Does anything show up in the security_provisioning.log file?
    Roger French
    Private
    Private
    Veteran Member
    (1266 points)
    Veteran Member
    Posts:522


    Send Message:

    --
    07/11/2017 11:38 AM

    No, nothing of an error or warning type appears in the security_provisioning.log

    Roger French
    Private
    Private
    Veteran Member
    (1266 points)
    Veteran Member
    Posts:522


    Send Message:

    --
    07/12/2017 8:42 AM

    Well I was actually able to get this to work. The key was to add an additional Resource Update and add the OS identity in that node after the Resource Add node.


    For whatever reason in this case, attempting to add the OS identity in the Resource Add node doesn't work, but adding it using the Resource Update node does work.

    JimY
    Private
    Private
    Veteran Member
    (1089 points)
    Veteran Member
    Posts:389


    Send Message:

    --
    07/12/2017 10:55 AM
    Strange, because it works for me using the Add node. Maybe a difference in Landmark versions. Glad you got it to work.
    You are not authorized to post a reply.