This topic contains 4 replies, has 4 voices, and was last updated by  gary.rasmussen 1 month ago.

  • Author
    Posts
  • #24762
     schism2675 
    Participant

    Hi, I’m trying to install AM 6.5 using 2 external DS 6.5s (configuration and identity).
    I have successfully created the two DS in the following way:

    ./setup directory-server –instancePath /opt/identitystore –rootUserDn “cn=Directory Manager” –rootUserPassword ***** –monitorUserDn uid=Monitor –monitorUserPassword ***** –productionMode –hostname fds1.lab.com –adminConnectorPort 4444 –ldapPort 1389 –ldapsPort 1636 –baseDN dc=identity,dc=openam,dc=example,dc=com –addBaseEntry –acceptLicense

    [opendj@fds1 configurationstore]$ ../identitystore/bin/status –offline

    >>>> General details

    Version : ForgeRock Directory Services 6.5.0
    Installation and instance path : /opt/identitystore6.5
    Run status : Started
    Host name : fds1.lab.com
    Administration port (LDAPS) : 4444

    >>>> Connection handlers

    Name : Port : Protocol : Security : Status
    ——:——:———-:—————–:———
    LDAP : 1389 : LDAP : Allows StartTLS : Enabled
    LDAPS : 1636 : LDAP : SSL : Enabled
    LDIF : – : LDIF : – : Disabled
    SNMP : 161 : SNMP : – : Disabled

    >>>> Local backends

    Base DN : Backend : Type : Status
    —————————————-:————-:——:——–
    uid=Monitor : monitorUser : LDIF : Enabled
    cn=Directory Manager : rootUser : LDIF : Enabled
    dc=identity,dc=openam,dc=example,dc=com : userRoot : DB : Enabled

    The tool is running in offline mode. Connect to the running instance in order to have a more detailed status of the server

    ./setup directory-server –instancePath /opt/configurationstore –rootUserDn “cn=Directory Manager” –rootUserPassword ***** –monitorUserDn uid=Monitor –monitorUserPassword **** –productionMode –hostname fds1.lab.com –adminConnectorPort 5444 –ldapPort 2389 –ldapsPort 2636 –baseDN dc=config,dc=openam,dc=example,dc=com –addBaseEntry –acceptLicense

    [opendj@fds1 configurationstore]$ bin/status –offline

    >>>> General details

    Version : ForgeRock Directory Services 6.5.0
    Installation and instance path : /opt/configurationstore6.5
    Run status : Started
    Host name : fds1.lab.com
    Administration port (LDAPS) : 5444

    >>>> Connection handlers

    Name : Port : Protocol : Security : Status
    ——:——:———-:—————–:———
    LDAP : 2389 : LDAP : Allows StartTLS : Enabled
    LDAPS : 2636 : LDAP : SSL : Enabled
    LDIF : – : LDIF : – : Disabled
    SNMP : 161 : SNMP : – : Disabled

    >>>> Local backends

    Base DN : Backend : Type : Status
    ————————————–:————-:——:——–
    uid=Monitor : monitorUser : LDIF : Enabled
    cn=Directory Manager : rootUser : LDIF : Enabled
    dc=config,dc=openam,dc=example,dc=com : userRoot : DB : Enabled

    The tool is running in offline mode. Connect to the running instance in order to have a more detailed status of the server

    But when I start the AM configuration, after configuring the 2 DS in external mode, when I create the configuration I get the following error:

    Invalid Suffix for directory server fds1.lab.com:2389. No Base Entity dc=config,dc=openam,dc=example,dc=com found., refer to install.log under for more informati

    But Base Entity exists!

    (fds1.lab.com:2389 is Configuration Store)

    The indicated file does not exist! What am I doing wrong?

    • This topic was modified 4 months ago by  schism2675.
    #24767
     rajeshsadhanala 
    Participant

    Hi Schism,

    Do you want to domain lab.com then include lab in the dc = lab in your base setup.

    Regards
    Rajesh

    #24774
     schism2675 
    Participant

    Hi Rajesh no, i don’t want to include my hostame domain (lab.com) in my baseDN. There is some relationship?

    Today I did another test. I create ConfigurationSTore without –-productionMode flag, And the configuration of OpenAM is correctly completed.

    Maybe there are some configurations, inside productionMode, which returns the “Invalid Suffix …” error

    • This reply was modified 4 months ago by  schism2675.
    #24793
     Michelle Reagin 
    Participant

    What is listed in your DS errors log or, failing anything informative there, DS access log? The key to the problem would be in one of those two logs.

    Regards,
    Michelle Reagin

    #25786
     gary.rasmussen 
    Participant

    I ran in to this exact error today.

    am> :load /opt/forgerock/binaries/Myinstallscript.amster
    Configuration failed: Invalid Suffix for directory server cfg-1.dev.iam.toyota.com:2389. No Base Entity ou=am-config found., refer to install.log under for more information.

    This appears to be an issues with the directory based on the error however it turned out in my case to be a connectivity error.

    I had done several test runs on my scripts then found this happen after the env was rebuilt.
    Everything appeared fine with the directory when I searched it locally and there were no errors in the DJ log files.

    A telnet to the config store instance port from the AM server failing was one clue.
    nslookup of the hostname looked fine.
    DNS resolution was fine however I had not double checked these against the AWS console to validate the IP.

    It wasn’t until I installed openldap on the AM server and tried a search against the config store instance that i got the real answer that connectivity was the issue.

    root@am-1:~# ldapsearch -h cfg-1.devservername -p 2389 -D cn=directory\ manager -w <password> -b ou=am-config -s sub ou=*
    ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

    ping worked fine but telnet: Unable to connect to remote host: Connection refused
    netstat on DJ server, and local serches were correct

    I then performed nslookups on all the dj servers and found the duplicated IP address for the cts and config instances.

    Then I double checked all the servers IPs in AWS console compared to nslookup of hostnames and found the duplication

    Root Cause: When the env was rebuilt, dns entries were not properly configured and two EC2 instances had the same IP assigned therefore the search for the baseDN of the config instance was failed due ot going to wrong dns resolved server.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?