Symantec IGA

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

password syncrhonization between AD and Linux endpoint is NOT working

  • 1.  password syncrhonization between AD and Linux endpoint is NOT working

    Posted Sep 26, 2019 10:51 AM

    We recently changed our production server from Linux RHL 6.6 to RHL 7.7  before this the password synchronization between AD and Linux was working correctly using a non root user that was added to the sudoers list.

    after the change of version we have a different behavior, we even tried with root user


    Current linux verion: NAME="Red Hat Enterprise Linux Server", VERSION="7.7 (Maipo)", ID="rhel", ID_LIKE="fedora", VARIANT="Server", VARIANT_ID="server", VERSION_ID="7.7", PRETTY_NAME="Red Hat Cloud Infrastructure", ANSI_COLOR="0;31", CPE_NAME="cpe:/o:redhat:enterprise_linux:7.7:GA:server", 3.10.0-1062.el7.x86_64 #1 SMP Thu Jul 18 20:25:13 UTC 2019 x86_64


    endpoint type is UNIX v2

    user:  root

    endpoint creation is successful we can do E&C and we can list all the users in the linux machine, the problem is when we want to see the properties of any user we get the following error:


    "Connector Server Read failed: code 19 (CONSTRAINT_VIOLATION): failed on search operation: eTDYNAccountName=acoronel,eTDYNAccountContainerName=Accounts,eTDYNDirectoryName=ingres-11-cont,eTNamespaceName=UNIX v2,dc=im,dc=etasa: JCS@caconnector: JNDI: JCS@caconnector: UNIX: Cannot perform the lookup because because the result is missing data

    - [[Último cambio de contraseña                    :may 25, 2006,

    La contraseña caduca                    : nunca,

    Contraseña inactiva                    : nunca,

    La cuenta caduca            : nunca,

    Número de días mínimo entre cambio de contraseña        : 0,

    Número de días máximo entre cambio de contraseña        : 99999,

    Número de días de aviso antes de que caduque la contraseña    : 7]].

    (ldaps://10.20.11.60:20411)"



    We also noticed that synchornization of password is not possible and it goes on a non-stop loop that made the Provisioning Server crazy

    We had to empty the notification dxserver and restart the PS


    P.S.: We have also opened case number 20073226 with broadcom support the same subject


  • 2.  RE: password syncrhonization between AD and Linux endpoint is NOT working
    Best Answer

    Broadcom Employee
    Posted Sep 27, 2019 11:01 AM

    Hi Felix Varela,

    We need more information to understand the issue. It looks like Connector is unable to parse the output which returned by the endpoint(As per the error).  And the account what you were trying to access is expired. is it correct? Can you please provide us the following information.
    1. Let us know whether you are seeing the same problem if you create a new user and access that user account from IDM?
    2. Provide us connector server(JCS) and endpoint logs.

    Can you please provide us provisioning server logs(etatrans logs & etanotify logs) to analyze the issue. Make sure that etatrans log collected with log level 7.

    Thanks


    Original Message