LookupAMPrincipalCommand failed, Expected: IMSGUID, got class com.rsa.ims.common.DNGUID for RSA Authentication Manager Admin API
2 years ago
Originally Published: 2015-02-09
Article Number
000050784
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager Admin API
RSA Version/Condition: 8.x
 
Issue
When using the AddAMPrincipalCommand to add/register LDAP users and getting the wrong type class.  Expecting IMSGUID but got DNGUID:
  
LookupAMPrincipalCommand failed: COMMAND_EXECUTION_UNEXPECTED_ERROR 
Caused by: com.rsa.common.UnexpectedDataStoreException: 
failed to lookup domain object of class:class com.rsa.authmgr.internal.admin.principalmgt.dal.AMPrincipal by 
GUID:CN=userid,CN=Users,DC=org,DC=com 
Caused by: org.springframework.orm.hibernate3.HibernateSystemException: 
Provided id of the wrong type. Expected: class com.rsa.ims.common.IMSGUID, got class com.rsa.ims.common.DNGUID; 
nested exception is org.hibernate.TypeMismatchException: Provided id of the wrong type. 
Expected: class com.rsa.ims.common.IMSGUID, got class com.rsa.ims.common.DNGUID 
Caused by: org.hibernate.TypeMismatchException: Provided id of the wrong type. 
Expected: class com.rsa.ims.common.IMSGUID, got class com.rsa.ims.common.DNGUID
Cause
The LDAP users were added with AddAMPrincipalCommand, but that is for internal database users.

LDAP users need to be registered first with the RegisterPrincipalsCommand before they can be looked up with the LookupAMPrincipalCommand().
Resolution
Register the user first, then use AddAMPrincipalCommand, as shown in the sample below: 
principal.setWindowsPassword("Password123!");      removed from this sample code, not needed.


 
Workaround
The solution is to register the user AND use AddAMPrincipalCommand. Here is some test code to demonstrate successful call to LookupAMPrincipalCommand: 
  
... 
PrincipalDTO user = lookupUser("Andele"); //unregistered LDAP user 
System.out.println("unregistered GUID is " + user.getGuid()); 

register LDAP user 
RegisterPrincipalsCommand register = new RegisterPrincipalsCommand(); 
register.setPrincipalGuids(new String [] {user.getGuid()}); 
register.execute(); 

//now should see ims GUID 
user = lookupUser("Andele"); 
System.out.println("GUID after registering is " + user.getGuid()); 

//now create AMPrincipal object 
AMPrincipalDTO principal = new AMPrincipalDTO(); 
principal.setGuid(user.getGuid()); 
principal.setBadPasscodes(3); 
principal.setDefaultShell("/bin/sh"); 
principal.setDefaultUserIdShellAllowed(true); 
//principal.setStaticPassword("12345678"); 
//principal.setStaticPasswordSet(true); 

AddAMPrincipalCommand cmd = new AddAMPrincipalCommand(principal); 
cmd.execute(); 

//must register and execute AddAMPrincipalCommand
LookupAMPrincipalCommand amp = new LookupAMPrincipalCommand();  
amp.setGuid(user.getGuid()); 
amp.execute();
Notes
Here is some test code to demonstrate successful call to LookupAMPrincipalCommand:  
... 
PrincipalDTO user = lookupUser("Andele"); //unregistered LDAP user 
System.out.println("unregistered GUID is " + user.getGuid()); 

register LDAP user 
RegisterPrincipalsCommand register = new RegisterPrincipalsCommand(); 
register.setPrincipalGuids(new String [] {user.getGuid()}); 
register.execute(); 

//now should see ims GUID 
user = lookupUser("Andele"); 
System.out.println("GUID after registering is " + user.getGuid()); 

//now create AMPrincipal object 
AMPrincipalDTO principal = new AMPrincipalDTO(); 
principal.setGuid(user.getGuid()); 
principal.setBadPasscodes(3); 
principal.setDefaultShell("/bin/sh"); 
principal.setDefaultUserIdShellAllowed(true); 
//principal.setStaticPassword("12345678"); 
//principal.setStaticPasswordSet(true); 
AddAMPrincipalCommand cmd = new AddAMPrincipalCommand(principal); 
cmd.execute(); 

//must register and execute AddAMPrincipalCommand
LookupAMPrincipalCommand amp = new LookupAMPrincipalCommand();  
amp.setGuid(user.getGuid()); 
amp.execute();

Related Articles

Trending Articles

Don't see what you're looking for?