Expand my Community achievements bar.

System user package issue

Avatar

Level 4

Hi Team, 

Env: AEM as a cloud service

1. Have created a system user from crx/explorer and provided the permissions on tools->security->permissions. Have verified the user permissions for the same on useradmin 

2. Configured SU on system/console/configMgr. The file was generated under apps/system/config. Copied this file to /apps/../osgiconfig/config.(can see the same on system configmgr).

3. After this deleted the existing file.

4. Now everything seems good. But while hitting my listener I'm getting the below error.

org.apache.sling.api.resource.LoginException: Cannot derive user name for bundle com.test.core [572] and sub service bs-final-test

Note:  Have done all the above steps to create a package and install it in higher environments.

Could someone please help me to resolve it?

9 Replies

Avatar

Employee Advisor

Hi @Lakshmi9 ,

Looking at the error, the issue looks like to be with the migrated system user you have created. The configurations that you have created looks good and that is correct.

How are you migrating the system user and the ACL's of the system user to AEM as cloud service? The recommended way to do so is explained here. https://bimmisoi.blogspot.com/2021/08/create-system-user-using-repository.html

 

Avatar

Community Advisor

Hi,

Seems user is missing 

Cannot derive user name for bundle com.test.core [572] and sub service bs-final-test

 

Create system user with correct permission during repository initialization.

Configuration file example: /apps/my-app/config/org.apache.sling.jcr.repoinit.RepositoryInitializer-init.config

scripts=["
    create service user my-data-reader-service
 
    set ACL on /var/my-data
        allow jcr:read for my-data-reader-service
    end
"]
 

 



Arun Patidar

Avatar

Level 4

Hi @Anish-Sinha , @arunpatidar 

Thank you for the reply.

Here are the steps that I have tried with the above approach.

1. Added script at Apache Sling Repository Initializer Factory as below.

create service user project-service-user
set ACL on /
allow jcr:all for project-service-user
end

After saved it, service user was created under this path /home/users/system & also config file under /apps/system/config.

2. As per my requirement, have copied the config file inside /apps/project/osgiconfig/config & it looks as below. 

 

Lakshmi9_0-1651774307500.png

3. Now created a package for this 

/apps/baem/osgiconfig/config/org.apache.sling.jcr.repoinit.RepositoryInitializer.project.cfg.json 

 

after all done, added the same file in the below path(codebase) & given a build. 

\ui.config\src\main\content\jcr_root\apps\project\osgiconfig\config

 

Can see the above file in the same path but service user was not created inside /home & couldn't find the repoInit config in system/console/configMgr.

 

Kindly provide your inputs to get it done.

 

Thank you

Avatar

Community Advisor

Hi,

I think there is an error in your cfg.json file,

the "scripts" part should be without "

 

"scripts"=["
    create service user my-data-reader-service
 
    set ACL on /var/my-data
        allow jcr:read for my-data-reader-service
    end
"]

 

you can check example here

https://drewrobinson.com/blog/aem-repository-initialization-with-repoinit



Arun Patidar

Avatar

Level 4

Hi @arunpatidar,

the above solution was working. Service user created & verified permissions too. But getting the same error again after the build.

Lakshmi9_3-1651827890016.png

 

Lakshmi9_1-1651827789861.png

 

Lakshmi9_2-1651827837151.png

 

 

listener code snippet:

Lakshmi9_0-1651827605701.png

 

Error: 06.05.2022 14:19:12.849 *ERROR* [OsgiInstallerImpl] com.project.core.listeners.Listener Cannot derive user name for bundle com.project.core [572] and sub service test-auth-serviceuser
org.apache.sling.api.resource.LoginException: Cannot derive user name for bundle com.project.core [572] and sub service test-auth-serviceuser

 

kindly help, thank you!

Avatar

Community Advisor

Hi,

It seems the servicename is wrong in your code, you used username for mapping service.

 

can you check org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-<unique-name-for- -your-factory>.cfg.json configuration

Example file:

 

service.ranking="0"
      user.mapping="[com.project.core:test-auth-service=test-auth-serviceuser"]

 



Arun Patidar

Avatar

Level 4

Hi @arunpatidar 

I missed to add the mapper for the newly created user & added it now as below.

 

Lakshmi9_0-1651844585800.png

 

Lakshmi9_1-1651844840471.png

 

 

Again placed, the org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended.169bd574-d7ab-46a3-bcc9-629c584192ac.cfg.json file inside /apps/..../osgiconfig/config and given a build. But still no luck Arun. Getting the same LoginException.

 

 

 

Avatar

Level 4

verified service user, config files & permissions after the build. All looks good. But same error again  

Avatar

Community Advisor

Hi,

did you tried this in local?

you can do it with manually in locally and debug to see , what is the issue.

 

Issue would be due to one of the following 

1. systemuser is missing

2. service and service user mapping is misising/wrong 



Arun Patidar