000029599 - LookupAMPrincipalCommand failed, Expected: IMSGUID, got class com.rsa.ims.common.DNGUID for RSA Authentication Manager Admin API

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 10, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029599
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager Admin API
RSA Version/Condition: 8.x
 
IssueWhen using the AddAMPrincipalCommand to add/register LDAP users and getting the wrong type class.  Expecting IMSGUID but got DNGUID:
 

LookupAMPrincipalCommand failed: COMMAND_EXECUTION_UNEXPECTED_ERROR
Caused by: com.rsa.common.UnexpectedDataStoreException:
failed to lookup domain object of class:class com.rsa.authmgr.internal.admin.principalmgt.dal.AMPrincipal by
GUID:CN=userid,CN=Users,DC=org,DC=com
Caused by: org.springframework.orm.hibernate3.HibernateSystemException:
Provided id of the wrong type. Expected: class com.rsa.ims.common.IMSGUID, got class com.rsa.ims.common.DNGUID;
nested exception is org.hibernate.TypeMismatchException: Provided id of the wrong type.
Expected: class com.rsa.ims.common.IMSGUID, got class com.rsa.ims.common.DNGUID
Caused by: org.hibernate.TypeMismatchException: Provided id of the wrong type.
Expected: class com.rsa.ims.common.IMSGUID, got class com.rsa.ims.common.DNGUID
CauseThe LDAP users were added with AddAMPrincipalCommand, but that is for internal database users.

LDAP users need to be registered first with the RegisterPrincipalsCommand before they can be looked up with the LookupAMPrincipalCommand().
ResolutionRegister the user first, then use AddAMPrincipalCommand, as shown in the sample below:

principal.setWindowsPassword("Password123!");      removed from this sample code, not needed.



 
WorkaroundThe solution is to register the user AND use AddAMPrincipalCommand. Here is some test code to demonstrate successful call to LookupAMPrincipalCommand: 
 

... 
PrincipalDTO user = lookupUser("Andele"); //unregistered LDAP user 
System.out.println("unregistered GUID is " + user.getGuid()); 

register LDAP user 
RegisterPrincipalsCommand register = new RegisterPrincipalsCommand(); 
register.setPrincipalGuids(new String [] {user.getGuid()}); 
register.execute(); 

//now should see ims GUID 
user = lookupUser("Andele"); 
System.out.println("GUID after registering is " + user.getGuid()); 

//now create AMPrincipal object 
AMPrincipalDTO principal = new AMPrincipalDTO(); 
principal.setGuid(user.getGuid()); 
principal.setBadPasscodes(3); 
principal.setDefaultShell("/bin/sh"); 
principal.setDefaultUserIdShellAllowed(true); 
//principal.setStaticPassword("12345678"); 
//principal.setStaticPasswordSet(true); 

AddAMPrincipalCommand cmd = new AddAMPrincipalCommand(principal); 
cmd.execute(); 

//must register and execute AddAMPrincipalCommand
LookupAMPrincipalCommand amp = new LookupAMPrincipalCommand();  
amp.setGuid(user.getGuid()); 
amp.execute();
NotesHere is some test code to demonstrate successful call to LookupAMPrincipalCommand: 

... 
PrincipalDTO user = lookupUser("Andele"); //unregistered LDAP user 
System.out.println("unregistered GUID is " + user.getGuid()); 

register LDAP user 
RegisterPrincipalsCommand register = new RegisterPrincipalsCommand(); 
register.setPrincipalGuids(new String [] {user.getGuid()}); 
register.execute(); 

//now should see ims GUID 
user = lookupUser("Andele"); 
System.out.println("GUID after registering is " + user.getGuid()); 

//now create AMPrincipal object 
AMPrincipalDTO principal = new AMPrincipalDTO(); 
principal.setGuid(user.getGuid()); 
principal.setBadPasscodes(3); 
principal.setDefaultShell("/bin/sh"); 
principal.setDefaultUserIdShellAllowed(true); 
//principal.setStaticPassword("12345678"); 
//principal.setStaticPasswordSet(true); 
AddAMPrincipalCommand cmd = new AddAMPrincipalCommand(principal); 
cmd.execute(); 

//must register and execute AddAMPrincipalCommand
LookupAMPrincipalCommand amp = new LookupAMPrincipalCommand();  
amp.setGuid(user.getGuid()); 
amp.execute();

Attachments

    Outcomes