Connecting to an external data store

This topic contains 9 replies, has 2 voices, and was last updated by  ardentkurt 6 months, 4 weeks ago.

  • Author
    Posts
  • #23902
     ardentkurt 
    Participant

    I am running openam and opendj in two separate Docker containers and am trying to connect to the external data store on the opendj container. Do I need to do anything special in order to connect those two containers? It seems that just using the FQDN (which is actually localhost on the host machine) will not quite get the job done.

    Anyone try this already?

    Thanks!

    #23905
     ardentkurt 
    Participant

    Trying to define the connection using the Docker service does not seem to work — users created in opendj do not show up in openam. In order to use the Docker service way, I am defining the LDAP server as opendj:389 where opendj is the name of the service started in Docker Compose.

    #23913
     xinlian 
    Participant

    did you try use dj ip instead of fqdn?

    #23914
     ardentkurt 
    Participant

    Have not tried the IP address yet. I just tried to ping opendj (which is the service name) from the openam container and that does work so maybe this is already working and I just don’t know…

    #23915
     xinlian 
    Participant

    well..you can use opendj user to login openam to do the testing..

    #23916
     ardentkurt 
    Participant

    Good idea. That unfortunately results in an authentication failed. This is the user created in opendj prior to connecting openam to this external data store:

    dn: ou=admins,dc=example,dc=com
    objectClass: top
    objectClass: organizationalunit
    ou: OpenAM Administrator

    dn: uid=openam,ou=admins,dc=example,dc=com
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    cn: OpenAM Administrator
    sn: OpenAM
    userPassword:password
    ds-privilege-name: update-schema
    ds-privilege-name: subentry-write
    ds-privilege-name: password-reset

    So with login openam/password I should be able to log in, right?

    #23917
     xinlian 
    Participant

    Correct. Are you sure the data store configuration is correct? like ou, user search attribute(this should be cn for you, since i didnt see uid), etc?

    #23918
     ardentkurt 
    Participant

    I have tried both with cn=”Directory Manager” and cn=”OpenAM Administrator” and neither works.

    #23932
     ardentkurt 
    Participant

    Following up on this thread, the cn=Directory Manager user was able to connect to the opendj instance. However, it required checking the “Load schema when finished” checkbox on the Data Stores tab.

    The cn=OpenAM Administrator user still cannot connect.

    #23933
     ardentkurt 
    Participant

    And <service name>:<port on container> is the right way to access the opendj instance.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?