All users/groups gone in Data Protector, cannot create new users/groups

U. Windl

2/28/23, 8:57 AM

I had a support case for Microfocus Data Protector 10.91 that turned out to be a file permission problem eventually. User hpdp had group users instead of the intended omni, so I changed the groups of all affected files and directories after fixing the local user.

Actually the user should have been taken from LDAP, but was created locally with a different group, causing the problem. So I removed the local user and imported the user from LDAP. I had stopped Data Protector, rebooted the machine, and started Data Protector successfully. So everything seemed fine.

Backups work, the reporting Server is refreshed periodically, but suddenly some reports popped up an error saying that user should be removed and recreated.

Looking at the Users context, I see that no users and groups are displayed any more. But the ClassSpec and UserList files (as well as WebAccess) are still there and filled.

Even when I try to recreate the admin group I get an unspecific error "Error while adding group" with identifier 159:9995.

I have no idea what might be wrong, but I checked that the AppServer Java process runs with the correct UID and GID, and the files in question can be read via the GID at least.

In the logs I see something that looks as an SQL statement to look up users.

Additional info

/opt/omni/bin/omniusers -list also outputs nothing.

In DPserver.log I found "Get GroupName: User does not belong to a valid group.".

218

0 + 0

linux

backup

U. Windl

2/28/23, 9:43 AM

Well, I'd wish those programmers would have created reasonable error messages, not saying *what* did not work, but *why* it did not work, or giving more details where the error originated.

Score:0

Server

U. Windl

2/28/23, 10:01 AM

I found the problem, that is: At least I solved the problem:

Inspired by the message Get GroupName: User does not belong to a valid group. I suspected that the Java program fails to get the User or Group from LDAP (via nsswitch) (while both getent passwd hpdp and getent group omni did work).

So first I displayed the group entry using getent group omni, then added that line to the group file using vigr. Next I did a similar thing for the user entry using getent passwd hpdp to display the entry, and then vipw to add the entry to the passwd file.

Finally when refreshing the Users context in the Data Protector GUI, the users and groups were there again!

My /etc/snnswitch.conf (SLES 12) contains (among other lines):

passwd: compat
group:  files ldap
passwd_compat: ldap

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: All users/groups gone in Data Protector, cannot create new users/groups

TH: ผู้ใช้/กลุ่มทั้งหมดที่อยู่ใน Data Protector จะไม่สามารถสร้างผู้ใช้/กลุ่มใหม่ได้

RO: Toți utilizatorii/grupurile plecate în Data Protector, nu pot crea utilizatori/grupuri noi

RU: Все пользователи/группы, удаленные из Data Protector, не могут создавать новых пользователей/групп

VI: Tất cả người dùng/nhóm đã vào Data Protector, không thể tạo người dùng/nhóm mới

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.