IPA-Adding OS (Environment) Identity

Sort:
You are not authorized to post a reply.
Author
Messages
Roger French
Veteran Member
Posts: 545
Veteran Member

    So, attempting to add the OS Identity using the Resource Update node. This is Landmark on Windows 10.1.1.51

    LSF 10.x

    So in the IPA is working and the Basic LSF Security record using the Resource Update node. The SSOP and the EMSS identities are also added correctly.

    The OS Environment identity is not. Here is a snippet from the error log of the work unit. The SID is not an attribute to populate in the build in the Resource Node, and thus it can't be manually added. I've already confirmed that the user does have a SID by using the wmic command.

     

     

    Error while executing ResourceUpdate activity 
    java.lang.Exception: Invalid Argument (SID=null for service [LSF10] with svcIdenAttrs [[SID]] and identProps {SID=null, LOGIN=DDomain\john.doe, UID=, PASSWORD=password}).Service 'TEST_EMPLOYEE' added Succesfully.Service 'SSOP' added Succesfully.
    at com.lawson.bpm.processflow.workFlow.flowGraph.FgaUsers.addServiceRemote(FgaUsers.java:935)
    at com.lawson.bpm.processflow.workFlow.flowGraph.FgaUsers.startActivity(FgaUsers.java:1153)
    at com.lawson.bpm.processflow.workFlow.flowGraph.FgActivity.execute(FgActivity.java:947)

     

    Has anyone been able to add the OS Environment identity using the Resource Update node? If so how did you make it work?

    Thank you


    JimY
    Veteran Member
    Posts: 510
    Veteran Member
      Yes, we have been able to add the OS Identity.  Are you including the domain?  Below is a screen shot of what we do.



      Roger French
      Veteran Member
      Posts: 545
      Veteran Member

        Yes, I've included the domain. Tried both hard coding it like you have in your example, and also in the variable for the DOMAIN_USER with and without the Domain\. For the PASSWORD value I used password. Still the error occurs. 

        JimY
        Veteran Member
        Posts: 510
        Veteran Member
          Is john.doe a valid user id set up in Active Directory(Not sure if you use AD)? It sounds like it is not able to get the SID. Have you tried adding it using ISS and does it work?
          Roger French
          Veteran Member
          Posts: 545
          Veteran Member

            Yes AD is used, and Yes I can add it in ISS.

            JimY
            Veteran Member
            Posts: 510
            Veteran Member
              I am stumped(not to hard to do). Does anything show up in the security_provisioning.log file?
              Roger French
              Veteran Member
              Posts: 545
              Veteran Member

                No, nothing of an error or warning type appears in the security_provisioning.log

                Roger French
                Veteran Member
                Posts: 545
                Veteran Member

                  Well I was actually able to get this to work. The key was to add an additional Resource Update and add the OS identity in that node after the Resource Add node.


                  For whatever reason in this case, attempting to add the OS identity in the Resource Add node doesn't work, but adding it using the Resource Update node does work.

                  JimY
                  Veteran Member
                  Posts: 510
                  Veteran Member
                    Strange, because it works for me using the Add node. Maybe a difference in Landmark versions. Glad you got it to work.
                    You are not authorized to post a reply.