Changing default attribute inetUserStatus

This topic has 4 replies, 2 voices, and was last updated 5 years, 5 months ago by bikumar.

  • Author
    Posts
  • #15895
     bikumar
    Participant

    Hi,

    As part of maintaining user status we have an attribute called “enabled” in OpenDJ which holds one of two possible values “true” and “false”. I am using ansible to automate all the configurations to openAM. Now I want openAM to check for enabled flag instead of inetUserStatus. How can I do that?

    This is what I found in openAM Admin documentation

    Attribute Name of User Status
    Column to check/set user status.

    ssoadm attribute: sun-opensso-database-UserStatusAttr

    Default: inetuserstatus

    User Status Active Value
    Active users have the user status set to this value.

    ssoadm attribute: sun-opensso-database-activeValue

    Default: Active

    User Status Inactive Value
    Inactive users have the user status set to this value.

    ssoadm attribute: sun-opensso-database-inactiveValue

    Default: Inactive

    So I am using the following commands as part of my datastore

    sun-idrepo-ldapv3-config-isactive=enabled
    sun-idrepo-ldapv3-config-inactive=false
    sun-idrepo-ldapv3-config-active=true
    sun-idrepo-ldapv3-config-user-attributes=enabled

    and things are not working. Any help would be appreciated.

    Thanks,
    Sai.

    #15901
     Peter Major
    Moderator

    This should be working, although I found it confusing that you have quoted the help texts for the database idrepo impl instead of the ldapv3 one.
    for the sun-idrepo-ldapv3-config-user-attributes did you include all the other attributes? You may have just replaced the original huge list with “enabled” attribute only.

    #15902
     bikumar
    Participant

    My mistake

    I found this in openAM guide

    Attribute Name of User Status
    Attribute to check/set user status.

    ssoadm attribute: sun-idrepo-ldapv3-config-isactive

    Default: inetuserstatus

    User Status Active Value
    Active users have the user status attribute set to this value.

    ssoadm attribute: sun-idrepo-ldapv3-config-active

    Default: Active

    User Status Inactive Value
    Inactive users have the user status attribute set to this value.

    ssoadm attribute: sun-idrepo-ldapv3-config-inactive

    Default: Inactive

    I have tried both the ways

    replacing the huge list of ldapv3 attributes with the following block

    sun-idrepo-ldapv3-config-isactive=enabled
    sun-idrepo-ldapv3-config-inactive=false
    sun-idrepo-ldapv3-config-active=true
    sun-idrepo-ldapv3-config-user-attributes=enabled

    and also adding the above block to the huge list of ldapv3 attributes

    But neither of them seems working!!

    • This reply was modified 5 years, 5 months ago by bikumar.
    #15905
     Peter Major
    Moderator

    Will need a better description than “not working”. You will certainly need to amend the huge attribute list to include the enabled attribute, The enabled attribute alone in there will most likely never work.

    #15910
     bikumar
    Participant

    I have used the following command to update my existing data store

    /apps/openam/ssoadmin/fsso/bin/ssoadm update-datastore –adminid amadmin -f /apps/openam/ssoadmin/.pass -e callidus -m OpenDJ -D /apps/openam/ssoconfigtool/um_datastore.dat

    And when I try to view the data store via the openam admin console (UI) I do get the following error

    An error occurred while processing this request. Contact your administrator.

    URL says that an exception has occured

    /fsso/base/AMUncaughtException

    PS : I have enabled attribute along with huge list of ldapv3 attributes in um_datastore.dat.

    previously value was pointing to inetUserStatus

    sun-idrepo-ldapv3-config-isactive=inetUserStatus
    sun-idrepo-ldapv3-config-inactive=Active
    sun-idrepo-ldapv3-config-active=Inactive
    sun-idrepo-ldapv3-config-user-attributes=inetUserStatus

    so I have edited the values to the following

    sun-idrepo-ldapv3-config-isactive=enabled
    sun-idrepo-ldapv3-config-inactive=false
    sun-idrepo-ldapv3-config-active=true
    sun-idrepo-ldapv3-config-user-attributes=enabled

    • This reply was modified 5 years, 5 months ago by bikumar.
Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?