Table of Contents

LISA must be running as a service user in order to generate API keys

Summary

From Lime CRM 12.22 it's possible to create API users and generate API keys. If you have LISA running as the Local System account you, need to either use limefu to generate API keys, or you need to change the service account for LISA.

Symptoms

When you attempt to generate an API key in LISA, you'll get an error. On the server, you'll get something similar to the following if you look in Windows Event Log:

Limefu output: 
stdout:
stderr:
<long, scary, error message>
  ...

sqlalchemy.exc.DBAPIError: (pyodbc.Error) ('28000', "[28000] [Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'WORKGROUP\\SOMEACCOUNT$'. (18456) (SQLDriverConnect)")

Resolution

There are two resolutions for this.

1. The simplest solution is to use LISA to create and configure API users, and then use limefu for the API key generation only.

2. Another solution, which involves a bit more restrictions but allows an admin to configure everything in LISA, is to configure LISA to run as the same service account as, for instance Lime CRM Web Server.

Generate API keys with limefu

Create your API user in LISA as normal and configure its group memberships as normal. To generate an API key for it:

(lime) C:\> limefu users generate-api-key -a "<lime application>" -u "<apiusername>"

Configure LISA to run as the same user as the other Lime CRM services

This is only feasible if you don't use LISA for configuring the Lime CRM Web service or viewing event logs etc.

In the service manager, configure the service “Lime CRM Server Administration” to run as the service user.

Allow LISA to listen to traffic on port 5472

You have to bind the service user to LISA's port in order for LISA to be able to receive requests.

Delete the previous binding (may not be necessary)

Open a command prompt and run the following command:

netsh http delete urlacl url=http://+:5472/
Bind the service user

Open a command prompt and run the following command:

netsh http add urlacl url=http://+:5472/ user=<service-account>