Topic
  • 5 replies
  • Latest Post - ‏2019-05-14T11:50:23Z by Deepak S_ISIM
Deepak S_ISIM
Deepak S_ISIM
16 Posts

Pinned topic Unable to add particular ITIM account

‏2018-03-20T15:18:00Z | identity-manager ldap sds

Hello Experts,

I am trying to add a particular user account to ITIM service account, but getting error "CTGIMD070E The <eruid> account already exists.", as per the logs account is sitting under dn eruid=<xx>, ou=systemUser, ou=itim, ou=xxx, DC=COM in LDAP, and I have searched this eruid everywhere including this DN, but can not find his ITIM service account , and even if I am trying to import the LDIF for this user account in systemUser, getting the same error.

As per SDS this account is already there under systemUser ou, but actually it is not.

Could anyone suggest any root cause for this error? What can be the fix for this issue?

 

Thanks.

 

  • yn2000
    yn2000
    1133 Posts

    Re: Unable to add particular ITIM account

    ‏2018-03-22T15:56:03Z  

    Sorry for the harsh response, but I trust more on the system, rather than the human, especially when some information is still missing and/or not 100% correct.

    For example: "...even if I am trying to import the LDIF for this user account in systemUser, getting the same error..." TIM error message (CTGIMD070E) and SDS error message (GLPRDB052E) is different, how come it generates 'the same' message? OK, probably, you meant 'similar' error, rather than 'the same' error. But then, what else we miss that look 'similar', but not 'the same'?

    For example: Is there SDS replication in the environment, such as there are SDS1 and SDS2, which is 'similar', but not 'the same'; then the VIP route TIM to connect to SDS1, but it route you to look at SDS2?

    There are still many variant to narrow down, so I think it is better to open IBM PMR to get second eyes looking at the environment.

    Rgds. YN.

     

  • Deepak S_ISIM
    Deepak S_ISIM
    16 Posts

    Re: Unable to add particular ITIM account

    ‏2018-03-23T08:08:24Z  
    • yn2000
    • ‏2018-03-22T15:56:03Z

    Sorry for the harsh response, but I trust more on the system, rather than the human, especially when some information is still missing and/or not 100% correct.

    For example: "...even if I am trying to import the LDIF for this user account in systemUser, getting the same error..." TIM error message (CTGIMD070E) and SDS error message (GLPRDB052E) is different, how come it generates 'the same' message? OK, probably, you meant 'similar' error, rather than 'the same' error. But then, what else we miss that look 'similar', but not 'the same'?

    For example: Is there SDS replication in the environment, such as there are SDS1 and SDS2, which is 'similar', but not 'the same'; then the VIP route TIM to connect to SDS1, but it route you to look at SDS2?

    There are still many variant to narrow down, so I think it is better to open IBM PMR to get second eyes looking at the environment.

    Rgds. YN.

     

    Thanks,

    yes I know errors are differnet at both the places, and my focus is on more to resolve this error rather than seeing my typo errors, There is no SDS replication, using single SDS, please suggest if you can aniticipate any possible cause of this error, and let me know what else you need to know in this case if you are interested to narrow down on this matter, I know PMR is last step.

  • yn2000
    yn2000
    1133 Posts

    Re: Unable to add particular ITIM account

    ‏2018-03-23T19:44:38Z  

    Thanks,

    yes I know errors are differnet at both the places, and my focus is on more to resolve this error rather than seeing my typo errors, There is no SDS replication, using single SDS, please suggest if you can aniticipate any possible cause of this error, and let me know what else you need to know in this case if you are interested to narrow down on this matter, I know PMR is last step.

    I would check a couple of things...

    • based on the explanation, it seems that this is about SDS and nothing to do with SIM.
    • use cn=root to check the data, because probably an SDS ACL blocking you to see the complete data.
    • clean up ou=recycleBin, because of no reason, but cleaner data makes things clearer.
    • double check SDS unique attribute setting, to cover a possible caused by other attribute
    • try "db2 reorgchk update statistics on table all"
    • if this is DEV or TST, then probably you can rebuild the database, with an assumption that the SDS database is already corrupted.
    • if still failing, then go to last resort, IBM PMR.

    Rgds. YN.

  • technoamitg
    technoamitg
    3 Posts

    Re: Unable to add particular ITIM account

    ‏2019-05-13T06:49:41Z  

    Hello Deepak,

     

    Have you get any solution because we are also facing same issue.

    Updated on 2019-05-13T06:50:00Z at 2019-05-13T06:50:00Z by technoamitg
  • Deepak S_ISIM
    Deepak S_ISIM
    16 Posts

    Re: Unable to add particular ITIM account

    ‏2019-05-14T11:50:23Z  

    Hello Deepak,

     

    Have you get any solution because we are also facing same issue.

    Hello,

    Please describe what error you are getting while creating the ISIM service account?