When running "vas_status.sh" or "vastool status" the following message is returned:
"FAILURE: 708 In-consistent mapped user cache."
This message occurs when there is a perceived discrepancy between the mapped users in the cache and the mapped users in the file(s) that are used to build the cache.
Possible Cause #1:
It will appear as a false negative when the following syntax is used in the mapped user file:
<name>:@<domain>
Possible Cause #2:
The error can also result from extra white space at the end of a line in a mapping file. To detect this (assuming all lines should be ending with an alpha-numeric character) a command such as the following can be used:
$ grep '[^a-zA-Z0-9]$' user-map
Possible Cause #3:
It can also occur when there is more than one mapped user file listed in vas.conf similar to the following:
user-map-files = /etc/opt/quest/vas/user_map1;/etc/opt/quest/vas/user_map2
This is a problem with some versions of QAS affected by Bug ID# 23734. The users are correctly loaded, but the status script only checks them against the first file in the list, so there is always a discrepancy.
Possible Cause #4:
This can also be caused when a mapping exists for a user that does not exist on the system.
Possible Cause #5:
Some older versions of sed (such as found on AIX 5.3) do not recognize some characters used in the vas_status script which would result in this error coming up when it shouldn't.
The solution to Cause #1 is to either upgrade to the current Hotfix level of QAS or to change the format of the entries in the user map file from <name>:@<domain> to <name>:<name>@<domain>.
The solution to Cause #2 is to delete the white space at the end of any lines in your map files.
The solution to Cause #3 is to combine all mapped users into one file and only list that file in vas.conf, or to upgrade to a QAS version in which Bug ID# 23734 has been fixed.
The solution to Cause #4 is to check that the local user and the AD user for all your mappings are valid users on the server.
The solution to Cause #5 is to upgrade the vas_status script to version 0.7.2 or greater. This corrected version comes with QAS 4.0.3.237. The Bug ID for this issue is #340866.
To re-map the users and check for errors in the mapping:
1 - /opt/quest/libexec/vas/vasd/vas_muupd -d -g5 --unmap-all 2>&1 | tee /tmp/unmapping.txt
This command will unmap all the users.
2 - /opt/quest/libexec/vas/vasd/vas_muupd -d -g5 -f 2>&1 | tee /tmp/mapping.txt
This command will create the mappings again in debug mode.
The mapping.txt and unmapping.txt files will contain debug information.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité Cookie Preference Center