OpenAM installation with external OpenDJ

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenAM installation with external OpenDJ

Bernie Jones

Just running my first time installation in a lab build and I decided to use an external LDAP store rather than the embedded.

OpenDJ installed OK and I’ve set up two R/W replicas as per docs.

 

Following the OpenAM installation steps I need to manually prepare OpenDJ – section 1.4.2.1 Preparing an Identity Repository With Dynamic Schema Updates

 

However, when trying to update using an LDIF based on the example:

 

dn: ou=admins,dc=example,dc=com

objectClass: top

objectClass: organizationalunit

ou: OpenAM Administrator

dn: uid=openam,ou=admins,dc=example,dc=com

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetOrgPerson

cn: OpenAM Administrator

sn: OpenAM

userPassword: changeMe

ds-privilege-name: update-schema

ds-privilege-name: subentry-write

ds-privilege-name: password-reset

 

with command based on:

 

ldapmodify \

--defaultAdd \

--hostname opendj.example.com \

--port 1389 \

--bindDN "cn=Directory Manager" \

--bindPassword password \

--filename openam-ds-admin-account.ldif

 

I get the error:

 

Processing ADD request for ou=admins,dc=idam,dc=com

ADD operation failed

Result Code:  65 (Object Class Violation)

Additional Information:  Entry ou=admins,dc=idam,dc=com violates the Directory Server schema configuration because it includes multiple conflicting structural objectclasses organizationalPerson and organizationalUnit. Only a single structural objectclass is allowed in an entry

 

I found the solution to that on this mailing list which is to set ds-cfg-single-structural-objectclass-behavior to accept.

 

However I now get:

 

Processing ADD request for ou=admins,dc=idam,dc=com

ADD operation failed

Result Code:  65 (Object Class Violation)

Additional Information:  Entry ou=admins,dc=idam,dc=com violates the Directory Server schema configuration because it includes attribute dn which is not allowed by any of the objectclasses defined in that entry

 

Which has me stuck….

 

Any help greatly appreciated.

 

Regards,

Bernie

 

 

scl_header14

 

Tel:         01308 488392

Mob:     07770 587118

Profile: https://www.linkedin.com/in/berniejones

 




Avast logo

This email has been checked for viruses by Avast antivirus software.
www.avast.com





Avast logo

This email has been checked for viruses by Avast antivirus software.
www.avast.com



_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: OpenAM installation with external OpenDJ

Jari Ahonen

Your LDIF is invalid, there should be an empty line before the "dn: uid=openam…" one.

 

- Jari

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Bernie Jones
Sent: Wednesday, April 13, 2016 2:49 PM
To: [hidden email]
Subject: [OpenAM] OpenAM installation with external OpenDJ

 

Just running my first time installation in a lab build and I decided to use an external LDAP store rather than the embedded.

OpenDJ installed OK and I’ve set up two R/W replicas as per docs.

 

Following the OpenAM installation steps I need to manually prepare OpenDJ – section 1.4.2.1 Preparing an Identity Repository With Dynamic Schema Updates

 

However, when trying to update using an LDIF based on the example:

 

dn: ou=admins,dc=example,dc=com

objectClass: top

objectClass: organizationalunit

ou: OpenAM Administrator

dn: uid=openam,ou=admins,dc=example,dc=com

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetOrgPerson

cn: OpenAM Administrator

sn: OpenAM

userPassword: changeMe

ds-privilege-name: update-schema

ds-privilege-name: subentry-write

ds-privilege-name: password-reset

 

with command based on:

 

ldapmodify \

--defaultAdd \

--hostname opendj.example.com \

--port 1389 \

--bindDN "cn=Directory Manager" \

--bindPassword password \

--filename openam-ds-admin-account.ldif

 

I get the error:

 

Processing ADD request for ou=admins,dc=idam,dc=com

ADD operation failed

Result Code:  65 (Object Class Violation)

Additional Information:  Entry ou=admins,dc=idam,dc=com violates the Directory Server schema configuration because it includes multiple conflicting structural objectclasses organizationalPerson and organizationalUnit. Only a single structural objectclass is allowed in an entry

 

I found the solution to that on this mailing list which is to set ds-cfg-single-structural-objectclass-behavior to accept.

 

However I now get:

 

Processing ADD request for ou=admins,dc=idam,dc=com

ADD operation failed

Result Code:  65 (Object Class Violation)

Additional Information:  Entry ou=admins,dc=idam,dc=com violates the Directory Server schema configuration because it includes attribute dn which is not allowed by any of the objectclasses defined in that entry

 

Which has me stuck….

 

Any help greatly appreciated.

 

Regards,

Bernie

 

 

scl_header14

 

Tel:         01308 488392

Mob:     07770 587118

Profile: https://www.linkedin.com/in/berniejones

 

 


Image removed by sender. Avast logo

This email has been checked for viruses by Avast antivirus software.
www.avast.com




Image removed by sender. Avast logo

This email has been checked for viruses by Avast antivirus software.
www.avast.com

 


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: OpenAM installation with external OpenDJ

Bernie Jones

Jari, many thanks! I’ve been staring at that file for two days wondering what was wrong with it!

 

Regards,

Bernie

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Jari Ahonen
Sent: 13 April 2016 14:17
To: Users
Subject: Re: [OpenAM] OpenAM installation with external OpenDJ

 

Your LDIF is invalid, there should be an empty line before the "dn: uid=openam…" one.

 

- Jari

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Bernie Jones
Sent: Wednesday, April 13, 2016 2:49 PM
To: [hidden email]
Subject: [OpenAM] OpenAM installation with external OpenDJ

 

Just running my first time installation in a lab build and I decided to use an external LDAP store rather than the embedded.

OpenDJ installed OK and I’ve set up two R/W replicas as per docs.

 

Following the OpenAM installation steps I need to manually prepare OpenDJ – section 1.4.2.1 Preparing an Identity Repository With Dynamic Schema Updates

 

However, when trying to update using an LDIF based on the example:

 

dn: ou=admins,dc=example,dc=com

objectClass: top

objectClass: organizationalunit

ou: OpenAM Administrator

dn: uid=openam,ou=admins,dc=example,dc=com

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetOrgPerson

cn: OpenAM Administrator

sn: OpenAM

userPassword: changeMe

ds-privilege-name: update-schema

ds-privilege-name: subentry-write

ds-privilege-name: password-reset

 

with command based on:

 

ldapmodify \

--defaultAdd \

--hostname opendj.example.com \

--port 1389 \

--bindDN "cn=Directory Manager" \

--bindPassword password \

--filename openam-ds-admin-account.ldif

 

I get the error:

 

Processing ADD request for ou=admins,dc=idam,dc=com

ADD operation failed

Result Code:  65 (Object Class Violation)

Additional Information:  Entry ou=admins,dc=idam,dc=com violates the Directory Server schema configuration because it includes multiple conflicting structural objectclasses organizationalPerson and organizationalUnit. Only a single structural objectclass is allowed in an entry

 

I found the solution to that on this mailing list which is to set ds-cfg-single-structural-objectclass-behavior to accept.

 

However I now get:

 

Processing ADD request for ou=admins,dc=idam,dc=com

ADD operation failed

Result Code:  65 (Object Class Violation)

Additional Information:  Entry ou=admins,dc=idam,dc=com violates the Directory Server schema configuration because it includes attribute dn which is not allowed by any of the objectclasses defined in that entry

 

Which has me stuck….

 

Any help greatly appreciated.

 

Regards,

Bernie

 

 

scl_header14

 

Tel:         01308 488392

Mob:     07770 587118

Profile: https://www.linkedin.com/in/berniejones

 

 


Image removed by sender. Avast logo

This email has been checked for viruses by Avast antivirus software.
www.avast.com





Image removed by sender. Avast logo

This email has been checked for viruses by Avast antivirus software.
www.avast.com

 




Avast logo

This email has been checked for viruses by Avast antivirus software.
www.avast.com





Avast logo

This email has been checked for viruses by Avast antivirus software.
www.avast.com



_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam