Error messages and problem solving

A warning or error message might be displayed in the user interface to provide information about the adapter or when an error occurs.

Table 1 contains warnings or errors that might be displayed on the user interface if the adapter is installed on your workstation.
Table 1. Warning and error messages
Warning or error message Corrective action
The following error occurred - Error Description. IBM® Security Privileged Identity Manager cannot establish a connection with IBM Security Directory Integrator. To fix this problem, ensure that:
  • Security Directory Integrator is running
  • The URL specified on the service form for IBM Security Directory Integrator is correct
The login credential is missing or incorrect. You must provide correct information for the adapter to function properly. To fix this problem, ensure that:
  • The managed resource is functioning properly and that you are connected to the correct resource
  • The Managed Resource Location that is specified on the service form is correct
  • The administrator ID specified on the service form is correct
  • The administrator password that is specified on the service form is correct
  • SSH is enabled and running on the managed resource
The account exists. The user is already added to the resource. This error might occur if you are attempting to add a user to the managed resource and IBM Security Privileged Identity Manager is not synchronized with the resource. To fix this problem, schedule a reconciliation between IBM Security Privileged Identity Manager and the resource. See the online help for information about scheduling a reconciliation.
  • The adapter does not have permission to add an account.
  • The adapter does not have permission to modify an account.
  • The adapter does not have permission to delete an account.
 The administrator ID specified on the service form does not have permissions to add, modify, or delete the account. To fix this problem, do one of these steps:
  • Assign the correct privileges to the current administrator ID
  • Change the administrator ID to an administrator ID that has the correct privileges.
  • The required attributes are missing from the request.
  • There were no attributes that were passed to the adapter in the request.
  • One or more required attributes are missing in the request.
 One or more required attributes were not provided when you attempted to add, modify, delete, or search for a user. Type the required attributes for each field and try the action again.
  • A system error occurred adding an account. The account was not added.
  • A system error occurred modifying an account. The account was not changed.
  • A system error occurred deleting an account. The account was not deleted.
  • The search failed because of a system error.
 This error might occur for several reasons. To fix this problem, ensure that:
  • The administrator ID specified on the service form is correct.
  • The administrator password that is specified on the service form is correct.
  • The administrator ID has the correct privileges to add, modify, or delete a user account.
  • The network connection is not slow between IBM Security Privileged Identity Manager and IDI or IDI and the managed resource.
CTGIMT022E The search failed because of a system error: Error running script with Failed value:126 Verify that the sudo user configuration file does not contain syntax errors.
  • The account was added but some attributes failed.
  • The account was modified but some attributes failed.
  • The account was deleted successfully, but other steps failed.
 The account was created, modified, or deleted, but some of the specified attributes in the request were not set. See the list of attributes that failed and the error message that explains why the attribute failed. Correct the errors that are associated with each attribute and try the action again.
Note: Review the documentation for the operating system of the managed resource to determine the correct values for some attributes.
  • The user cannot be modified because it does not exist.
  • An error occurred deleting the account because the account does not exist.
 This error might occur when you attempt to modify or delete a user. This error might also occur if you attempt to change the password for a user. To fix the problem, ensure that:
  • The location that is specified for the managed resource is correct.
  • The user was created on the resource.
  • The user was not deleted from the resource.
If the user does not exist on the resource, create the user on the resource and then schedule a reconciliation. See the online help for information about scheduling a reconciliation.
  • Search filter error.
  • Invalid search filter.
 The filter that is specified in the search request is not correct. Specify the correct filter and try the search action again.
The account is already suspended. This error might occur if you attempt to suspend an account that was already suspended.
The account was not suspended. The request failed to suspend the account. To fix this problem, ensure that:
  • The specified administrator ID is correct.
  • The specified administrator password is correct.
  • The administrator has the necessary privileges to suspend an account.
  • The user exists on the specified managed resource.
See the ibmdi.log file in the solutions directory of the IBM Security Directory Integrator for specific details about the error.
The account is already restored. This error might occur if you attempt to restore an account that was already restored.
The account was not restored. The request failed to restore the account. To fix this problem, ensure that:
  • The specified administrator ID is correct.
  • The specified administrator password is correct.
  • The administrator has the necessary privileges to restore an account.
  • The user exists on the specified managed resource.
See the ibmdi.log file in the solutions directory of the IBM Security Directory Integrator for specific details about the error.
The reconciliation is successful, but no accounts were added to your service.
  • On the service form, check or clear the Use a Shadow File check box.
  • Check the IDI log to ensure that there is no mismatch for shadow file usage.
The application cannot establish a connection to hostname. Ensure that SSH is enabled on the managed resource and that the managed resource is operational and attached to the network.
Attribute names are not displayed in the user interface. For IBM Security Privileged Identity Manager to refresh the list of attribute names, you must either:
  • Stop and restart the IBM Security Identity server.
  • Wait until the cache times out (up to 10 minutes).
Adapter profile is not displayed in the user interface after you install the profile. For IBM Security Identity server to refresh the list of attribute names, you must either:
  • Stop and restart the IBM Security Identity server.
  • Wait until the cache times out (up to 10 minutes).
The group cannot be added because it exists. This error occurs when a request is made to add a group that exists. Create a group with another group name.
The group cannot be added because a group with the GID Group ID number exists. This error occurs when a request is made to add a group with a group ID number that exists. Create a group with another group ID number.
The group Group name cannot be modified or deleted because it does not exist. This error occurs when a request is made to modify or delete a group that does not exist on the managed resource. Do a reconciliation operation to ensure that the group exists on the managed resource.
An error occurred creating, modifying, or deleting the Group name group. The application cannot establish a connection to managed resource. Ensure that these conditions are true.
  • The name in the Administrator name field on the service form is specified correctly.
  • The value of the Password attribute on the service form is specified correctly.
  • The managed resource is operational and connected to the network.
The IBM Security Directory Integrator detected the following error. Error: Connector parameter executeUserProfile has a value that is not valid: true. Clear the Execute user profile? check box for the service that is used in the operation.
Sudo message: sudo: sorry, you must have a tty to run sudo Comment out the line Defaults requiretty in the sudouser file.