Facing Issues in adding new dn like "uid=openam1, ou=people, dc=example, dc=com"

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Facing Issues in adding new dn like "uid=openam1, ou=people, dc=example, dc=com"

Rohit Sharma
Hi

I am trying to configure the opendj(version 3.0) on separate host. I am following the docs provided at backstage.forgerock.com for openam to configure opendj accordingly. I tried this many a time but failed so Started again from scratch. Now i am trying to add the new dn like "uid=openam1,ou=people,dc=example,dc=com" while configuring the opendj as per the doc (<a href="https://backstage.forgerock.com/#!/docs/openam/13/install-guide#prepare-configuration-store">https://backstage.forgerock.com/#!/docs/openam/13/install-guide#prepare-configuration-store) at point number #1.5 .

Now there is a sub point under 1.5 with number as #4 in which we need to create a file with name as add-config-entries.ldif. And i actually modified it to something else in order to create the desired the dn. Following is the content of my ldif file :
#################
dn: dc=example,dc=com
objectclass: top
objectclass: domain
dc: example
aci: (targetattr="*")(version 3.0;acl "Allow CRUDQ operations";
 allow (search, read, write, add, delete)
 (userdn = "ldap:///uid=openam,ou=admins,dc=example,dc=com");)
aci: (targetcontrol="2.16.840.1.113730.3.4.3")(version 3.0;acl "Allow
 persistent search"; allow (search, read)(userdn = "ldap:///uid=openam
 ,ou=admins,dc=example,dc=com");)
aci: (targetcontrol="1.2.840.113556.1.4.473")(version 3.0;acl "Allow
 server-side sorting"; allow (read)(userdn = "ldap:///
 uid=openam,ou=admins,dc=example,dc=com");)

aci: (targetattr="*")(version 3.0;acl "Allow CRUDQ operations";
 allow (search, read, write, add, delete)
 (userdn = "ldap:///uid=openam1,ou=people,dc=example,dc=com");)
aci: (targetcontrol="2.16.840.1.113730.3.4.3")(version 3.0;acl "Allow
 persistent search"; allow (search, read)(userdn = "ldap:///uid=openam1
 ,ou=people,dc=example,dc=com");)
aci: (targetcontrol="1.2.840.113556.1.4.473")(version 3.0;acl "Allow
 server-side sorting"; allow (read)(userdn = "ldap:///
 uid=openam1,ou=people,dc=example,dc=com");)

dn: ou=admins,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: admins

dn: uid=openam,ou=admins,dc=example,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: openam
sn: openam
uid: openam
userPassword: secret12
ds-privilege-name: subentry-write
ds-privilege-name: update-schema

dn: ou=people,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: people

dn: uid=openam1,ou=people,dc=example,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: openam1
sn: openam1
uid: openam1
userPassword: secret12
ds-privilege-name: subentry-write
ds-privilege-name: update-schema
#################

As expected i got the following error message :
Processing ADD request for dc=example,dc=com
ADD operation successful for DN dc=example,dc=com
Error at or near line 15 in LDIF file config/add-config-entries.ldif:
org.opends.server.util.LDIFException: Unable to parse LDIF entry starting at
line 15 because the first line does not contain a DN (the first line was "aci:
(targetattr="*")(version 3.0;acl "Allow CRUDQ operations";allow (search, read,
write, add, delete)(userdn =
"ldap:///uid=openam1,ou=people,dc=example,dc=com");)" 

Need of doing this ?
Because i want to create users for authentication purpose as per my application and at present everything is running on default which we cannot use for production setups. Thats why i am configuring the same on distributed architecture. If i install everythng (i.e. openam and opendj) as per default settings i used to get the error : "Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo: Unable to find entry: Entry uid=rohit.sharma,ou=people,dc=example,dc=com cannot be added because its parent entry ou=people,dc=example,dc=com does not exist in the server"

The steps i am following to add new user after configuring openam and opendj as per the doc is :
1.) Login to openam
2.) Then go to following from home page. Access Control -> / (Top Level Realm) -> Subjects -> New
3.) And on entering the details as required it throws the error(mentioned above).

Now, can anyone of you please let me know how to add the new sub dn (i.e. ou=people,dc=example,dc=com) while configuring the opendj if possible.
Or how to add it after the default configuration of opendj and openam as per the doc : <a href="https://backstage.forgerock.com/#!/docs/openam/13/install-guide#prepare-configuration-store">https://backstage.forgerock.com/#!/docs/openam/13/install-guide#prepare-configuration-store.


Thanks
Rohit Sharma

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: Facing Issues in adding new dn like "uid=openam1, ou=people, dc=example, dc=com"

Bernhard Thalmayr
there is a subtle bug in the ldapmodify command .... you need to add
'-a'  or change the LIDF to include the changetype for each operation
(changetype: add)

-Bernhard

Am 12/02/16 um 16:40 schrieb Rohit Sharma:

> Hi
>
> I am trying to configure the opendj(version 3.0) on separate host. I am
> following the docs provided at backstage.forgerock.com
> <http://backstage.forgerock.com> for openam to configure opendj
> accordingly. I tried this many a time but failed so Started again from
> scratch. Now i am trying to add the new dn like
> "uid=openam1,ou=people,dc=example,dc=com" while configuring the opendj
> as per the doc
> (<a href="https://backstage.forgerock.com/#!/docs/openam/13/install-guide#prepare-configuration-store">https://backstage.forgerock.com/#!/docs/openam/13/install-guide#prepare-configuration-store)
> at point number #1.5 .
>
> Now there is a sub point under 1.5 with number as #4 in which we need to
> create a file with name as add-config-entries.ldif. And i actually
> modified it to something else in order to create the desired the dn.
> Following is the content of my ldif file :
> #################
> dn: dc=example,dc=com
> objectclass: top
> objectclass: domain
> dc: example
> aci: (targetattr="*")(version 3.0;acl "Allow CRUDQ operations";
>  allow (search, read, write, add, delete)
>  (userdn = "ldap:///uid=openam,ou=admins,dc=example,dc=com");)
> aci: (targetcontrol="2.16.840.1.113730.3.4.3")(version 3.0;acl "Allow
>  persistent search"; allow (search, read)(userdn = "ldap:///uid=openam
>  ,ou=admins,dc=example,dc=com");)
> aci: (targetcontrol="1.2.840.113556.1.4.473")(version 3.0;acl "Allow
>  server-side sorting"; allow (read)(userdn = "ldap:///
>  uid=openam,ou=admins,dc=example,dc=com");)
>
> aci: (targetattr="*")(version 3.0;acl "Allow CRUDQ operations";
>  allow (search, read, write, add, delete)
>  (userdn = "ldap:///uid=openam1,ou=people,dc=example,dc=com");)
> aci: (targetcontrol="2.16.840.1.113730.3.4.3")(version 3.0;acl "Allow
>  persistent search"; allow (search, read)(userdn = "ldap:///uid=openam1
>  ,ou=people,dc=example,dc=com");)
> aci: (targetcontrol="1.2.840.113556.1.4.473")(version 3.0;acl "Allow
>  server-side sorting"; allow (read)(userdn = "ldap:///
>  uid=openam1,ou=people,dc=example,dc=com");)
>
> dn: ou=admins,dc=example,dc=com
> objectclass: top
> objectclass: organizationalUnit
> ou: admins
>
> dn: uid=openam,ou=admins,dc=example,dc=com
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> cn: openam
> sn: openam
> uid: openam
> userPassword: secret12
> ds-privilege-name: subentry-write
> ds-privilege-name: update-schema
>
> dn: ou=people,dc=example,dc=com
> objectclass: top
> objectclass: organizationalUnit
> ou: people
>
> dn: uid=openam1,ou=people,dc=example,dc=com
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> cn: openam1
> sn: openam1
> uid: openam1
> userPassword: secret12
> ds-privilege-name: subentry-write
> ds-privilege-name: update-schema
> #################
>
> As expected i got the following error message :
> Processing ADD request for dc=example,dc=com
> ADD operation successful for DN dc=example,dc=com
> Error at or near line 15 in LDIF file config/add-config-entries.ldif:
> org.opends.server.util.LDIFException: Unable to parse LDIF entry starting at
> line 15 because the first line does not contain a DN (the first line was
> "aci:
> (targetattr="*")(version 3.0;acl "Allow CRUDQ operations";allow (search,
> read,
> write, add, delete)(userdn =
> "ldap:///uid=openam1,ou=people,dc=example,dc=com");)"
>
> Need of doing this ?
> Because i want to create users for authentication purpose as per my
> application and at present everything is running on default which we
> cannot use for production setups. Thats why i am configuring the same on
> distributed architecture. If i install everythng (i.e. openam and
> opendj) as per default settings i used to get the error : "Plug-in
> org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo: Unable to find entry:
> Entry uid=rohit.sharma,ou=people,dc=example,dc=com cannot be added
> because its parent entry ou=people,dc=example,dc=com does not exist in
> the server"
>
> The steps i am following to add new user after configuring openam and
> opendj as per the doc is :
> 1.) Login to openam
> 2.) Then go to following from home page. Access Control -> / (Top Level
> Realm) -> Subjects -> New
> 3.) And on entering the details as required it throws the
> error(mentioned above).
>
> Now, can anyone of you please let me know how to add the new sub dn
> (i.e. ou=people,dc=example,dc=com) while configuring the opendj if possible.
> Or how to add it after the default configuration of opendj and openam as
> per the doc :
> <a href="https://backstage.forgerock.com/#!/docs/openam/13/install-guide#prepare-configuration-store">https://backstage.forgerock.com/#!/docs/openam/13/install-guide#prepare-configuration-store.
>
>
> Thanks
> Rohit Sharma
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam