Importing Rules Into Seosdb Using selang -f is Incomplete, Seeing "CA ControlMinder is not running" Error

Document ID : KB000103465
Last Modified Date : 26/06/2018
Show Technical Document Details
Issue:
When importing rules into seosdb from a flat file using the command below, some of the rules are not imported.
# selang -f import_rules_file -o 

When reviewing the output file, the errors say that Privileged Identity Management is not running. However, checking issec after the import completes shows that the daemons are running.
ERROR: Login procedure failed
CA ControlMinder is not running
ERROR: Failed to get user identity from CA ControlMinder CA ControlMinder is not running
Cause:
If the file being imported by selang is too large, seosd will consume too many resources while importing it. This causes a communication timeout with seoswd, prompting seoswd to restart seosd. Since seosd is down during the middle of the import, some rules will not be imported and the errors previously mentioned will occur.

To check if there was a communication, open the server's messages or syslog file and look for a message similar to the one below.
June 26 12:23:40 testserver seoswd: Communication time out to seosd. Executing seosd 
Resolution:
To prevent seosd from using too many resources while selang -f is being run, it is advised to break down a larger flat file into smaller ones. There is no set maximum number of rules the flat file should contain, it is dependent on the average load of the server.