000029599 - Authentication Manager Admin API LookupAMPrincipalCommand failed, Expected: IMSGUID, got class com.rsa.ims.common.DNGUID

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029599
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager Admin API
RSA Version/Condition: 8.1
Platform: VMware
IssueLookupAMPrincipalCommand failed: COMMAND_EXECUTION_UNEXPECTED_ERROR Caused by: com.rsa.common.UnexpectedDataStoreException: failed to lookup domain object of class:class com.rsa.authmgr.internal.admin.principalmgt.dal.AMPrincipal by GUID:CN=userid,CN=Users,DC=org,DC=com Caused by: org.springframework.orm.hibernate3.HibernateSystemException: Provided id of the wrong type. Expected: class com.rsa.ims.common.IMSGUID, got class com.rsa.ims.common.DNGUID; nested exception is org.hibernate.TypeMismatchException: Provided id of the wrong type. Expected: class com.rsa.ims.common.IMSGUID, got class com.rsa.ims.common.DNGUID Caused by: org.hibernate.TypeMismatchException: Provided id of the wrong type. Expected: class com.rsa.ims.common.IMSGUID, got class com.rsa.ims.common.DNGUID
CauseThe LDAP users were added with AddAMPrincipalCommand, but that is for Internal DB users.
LDAP users need to be registered first with the RegisterPrincipalsCommand before they can be looked up with the LookupAMPrincipalCommand()
Resolution I found a Ted B. case with exact error where Ted told them to use RegisterPrincipalsCommand instead of AddAMPrincipalCommand.
-------------------------
Solution is to register the user 1st AND then use AddAMPrincipalCommand
sample code below.
principal.setWindowsPassword("Password123!"); 
     removed from this sample code, not needed.
 
WorkaroundSolution was to register the user AND use AddAMPrincipalCommand. 
Here is some test code to demonstrate successful call to LookupAMPrincipalCommand: 
... 
PrincipalDTO user = lookupUser("Andele"); //unregistered LDAP user 
System.out.println("unregistered GUID is " + user.getGuid()); 
register LDAP user 
RegisterPrincipalsCommand register = new RegisterPrincipalsCommand(); 
register.setPrincipalGuids(new String [] {user.getGuid()}); 
register.execute(); 
//now should see ims GUID 
user = lookupUser("Andele"); 
System.out.println("GUID after registering is " + user.getGuid()); 
//now create AMPrincipal object 
AMPrincipalDTO principal = new AMPrincipalDTO(); 
principal.setGuid(user.getGuid()); 
principal.setBadPasscodes(3); 
principal.setDefaultShell("/bin/sh"); 
principal.setDefaultUserIdShellAllowed(true); 
//principal.setStaticPassword("12345678"); 
//principal.setStaticPasswordSet(true); 
AddAMPrincipalCommand cmd = new AddAMPrincipalCommand(principal); 
cmd.execute(); 
LookupAMPrincipalCommand amp = new LookupAMPrincipalCommand(); //must register and execute AddAMPrincipalCommand 
amp.setGuid(user.getGuid()); 
amp.execute(); 
NotesHere is some (Ted B.) test code to demonstrate successful call to LookupAMPrincipalCommand: 

... 

PrincipalDTO user = lookupUser("Andele"); //unregistered LDAP user 

System.out.println("unregistered GUID is " + user.getGuid()); 



register LDAP user 

RegisterPrincipalsCommand register = new RegisterPrincipalsCommand(); 

register.setPrincipalGuids(new String [] {user.getGuid()}); 

register.execute(); 



//now should see ims GUID 

user = lookupUser("Andele"); 

System.out.println("GUID after registering is " + user.getGuid()); 



//now create AMPrincipal object 

AMPrincipalDTO principal = new AMPrincipalDTO(); 

principal.setGuid(user.getGuid()); 

principal.setBadPasscodes(3); 

principal.setDefaultShell("/bin/sh"); 

principal.setDefaultUserIdShellAllowed(true); 

//principal.setStaticPassword("12345678"); 

//principal.setStaticPasswordSet(true); 

AddAMPrincipalCommand cmd = new AddAMPrincipalCommand(principal); 

cmd.execute(); 



LookupAMPrincipalCommand amp = new LookupAMPrincipalCommand(); //must register and execute AddAMPrincipalCommand 

amp.setGuid(user.getGuid()); 

amp.execute(); 

Attachments

    Outcomes