Symantec Privileged Access Management

Expand all | Collapse all

Teradata Connector error

  • 1.  Teradata Connector error

    Posted 03-31-2021 01:07 PM
    Hello All,

    I have written a teradata connector for PAM 3.3 . I have written the functions for teradata DB password verification and update code. The port used for teradata url is also configurable in the application UI. During testing I have found that when the wrong teradata port is given and the verify function is called , an error is displayed in the PAM UI
    i.e.

    PAM-CM-1766: Failed to verify password with target: PAM-EF-0013:Error processing request. Please contact administrator. Connector Host: pamconnect(169.254.102.204)


    and the log message that we got is

    25-Mar-2021 07:55:46.328 INFO [http-nio-127.0.0.1-18080-exec-9] com.hcl.TeradataConnector.api.Credentials.processCredentialVerify [17b5be71-c0d8-43de-9376-133a3957bb6e] [TeradataConnector] Connect url is given as jdbc:teradata://192.168.232.128/DBS_PORT=1025,TMODE=ANSI,CHARSET=UTF8
    25-Mar-2021 07:55:46.328 INFO [http-nio-127.0.0.1-18080-exec-9] com.hcl.TeradataConnector.api.Credentials.processCredentialVerify [17b5be71-c0d8-43de-9376-133a3957bb6e] [TeradataConnector] Credential Verify
    25-Mar-2021 07:55:46.328 INFO [http-nio-127.0.0.1-18080-exec-9] com.hcl.TeradataConnector.api.Credentials.processCredentialVerify [17b5be71-c0d8-43de-9376-133a3957bb6e] [TeradataConnector] Connecting to jdbc:teradata://192.168.232.128/DBS_PORT=1025,TMODE=ANSI,CHARSET=UTF8
    25-Mar-2021 07:55:46.328 INFO [http-nio-127.0.0.1-18080-exec-9] com.hcl.TeradataConnector.api.Credentials.processCredentialVerify [17b5be71-c0d8-43de-9376-133a3957bb6e] [TeradataConnector] using the username verifypam
    25-Mar-2021 07:55:46.374 SEVERE [http-nio-127.0.0.1-18080-exec-9] com.hcl.TeradataConnector.api.Credentials.credentialsValidate [17b5be71-c0d8-43de-9376-133a3957bb6e] [TeradataConnector] Failed to verify credentials for user: 'verifypam' on device: 'terradataserver' with targetApplicationName: 'teradataAppTest'. Reason:
    java.lang.IllegalStateException: Verify failed.
    at com.hcl.TeradataConnector.api.Credentials.processCredentialVerify(Credentials.java:395)
    at com.hcl.TeradataConnector.api.Credentials.credentialsValidate(Credentials.java:149)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)

    Is there any way to reflect the right error for port no is PAM UI ??  I am looking for some message like

    PAM-CM-1766: Failed to verify password with target: PAM-EF-abcd:Wrong port no given in URL.. Please contact administrator. Connector Host: pamconnect(169.254.102.204)

    in place of
    PAM-CM-1766: Failed to verify password with target: PAM-EF-0013:Error processing request. Please contact administrator. Connector Host: pamconnect(169.254.102.204)

    -Regards
       Mohit

    ------------------------------
    Software Consultant
    Broadcom
    ------------------------------


  • 2.  RE: Teradata Connector error

    Broadcom Employee
    Posted 03-31-2021 11:23 PM
    Hi Mohit, This is your custom connector, you control what messages it writes on error. You see that the connector runs into an exception in the processCredentialVerify() method called from credentialsValidate(), both in the Credentials class, source file Credentials.java. This is the class you customize, and you can control what exceptions are thrown in which method, and what message the credentialsValidate() method writes when it catches a specific exception. In this case your custom code throws an IllegalStateException, which is not caught specifically, and so you get into the "catch (Exception e)" case, which throws a new ExtensionException with message MessageConstants.SERVER_ERROR == PAM-EF-0013. I question your intentions above though. How could your code distinguish between the case where the port is wrong and where the port is right but the DB service listening on the port is down? And the fact that there is no log message showing a connect error in your log points to missing diagnostics in your custom code.


  • 3.  RE: Teradata Connector error

    Posted 04-07-2021 01:38 AM

    Classification: Confidential

    Thanks Ralf for your suggestion. I am able to fix the error by throwing the Extension Exception.

     

    -Regards

      Mohit