Error creating directory server backend

Tagged: , , ,

This topic contains 10 replies, has 4 voices, and was last updated by  ardentkurt 4 months, 2 weeks ago.

  • Author
    Posts
  • #23934
     ardentkurt 
    Participant

    Following along from the install manual for OpenAM 13, I am trying to create a directory server backend by running the following command:

    ./dsconfig create-backend –backend-name cfgStore –set base-dn:dc=example,dc=com –set enabled:true –type local-db –port 4444 –bindDN “cn=Directory Manager” –bindPassword password –no-prompt

    This errors out with the message:

    The Local DB Backend could not be created because of the following reason:

    * [LDAP: error code 53 – The Directory Server is unwilling to add
    configuration entry ds-cfg-backend-id=cfgStore,cn=Backends,cn=config
    because one of the add listeners registered with the parent entry
    cn=Backends,cn=config rejected this change with the message: Unable to
    register base DN dc=example,dc=com with the Directory Server for backend
    null because that base DN is already registered for backend userRoot]

    The confusing part to me is that the backend does have a name — cfgStore not null.

    Any ideas on what’s going on here?

    #23935
     Rob Matthews 
    Participant

    Hi, the important part of this message is that they cannot have the same baseDN “dc=example,dc=com”

    #23936
     ardentkurt 
    Participant

    Hmm…ok, given that I’m following the installation manual, would it make sense to do something like this:

    dc=openam,dc=example,dc=com

    Or is there another baseDN that makes sense here?

    Thanks!

    #23947
     Gentjan Kocaqi 
    Participant

    I did have a look to that doc you are following and it seems you are at “Procedure 1.4. To Install an External OpenDJ Directory Server” step 3. I do believe that your confusion is coming from the instructions for version 2.6 and 3.0: it seems you executed them both instead of just one related to your version of OpenDJ. This explains the error you are getting. I assume you are using OpenDJ 3 so your command should be the following one:

    $ dsconfig create-backend \
    --backend-name cfgStore \
    --set base-dn:dc=example,dc=com \
    --set enabled:true \
    --type je \
    --port 4444 \
    --bindDN "cn=Directory Manager" \
    --bindPassword pwd \
    --no-prompt

    Cheers

    #23980
     ardentkurt 
    Participant

    Hi Gentjan,

    I am at Procedure 1.4 — you are correct. I am not executing both commands though. Since I am using OpenDJ 2.6.4, I am running just the following command:

    ./dsconfig create-backend –backend-name cfgStore –set base-dn:dc=example,dc=com –set enabled:true –type local-db –port 4444 –bindDN “cn=Directory Manager” –bindPassword password –no-prompt

    Rob Matthews was saying that the error is due to the baseDN already being registered. When I run the following command, I can see this is the case:

    ./list-backends
    Backend ID : Base DN
    —————:——————–
    adminRoot : cn=admin data
    ads-truststore : cn=ads-truststore
    backup : cn=backups
    config : cn=config
    monitor : cn=monitor
    schema : cn=schema
    tasks : cn=tasks
    userRoot : “dc=example,dc=com”

    The confusion for me is that I am following along in the installation manual and getting this error. Shouldn’t I be able to just set this up using the steps from the manual????

    Given that this is a valid error, what should I do to get around it and continue following the example from the installation manual?

    Thanks!

    #23991
     Rob Matthews 
    Participant

    Hi, the guide describes setting up an external DJ instance for the config store, the command it provides for setup doesn’t create a backend so it should be fine. If you had already setup your DJ instance then you just need to change the baseDN you specify.

    #23995
     ardentkurt 
    Participant

    Hi Rob,

    Yes, this is a little confusing. The guide mentions that [t]he following example procedure shows how to prepare a single OpenDJ directory server instance as an external configuration data store. The OpenDJ instance implements a single backend for the OpenAM configuration data. The procedure assumes that you have also prepared an external identity repository and an external CTS store, separate from the configuration data store. Does this mean that I need one instance for the external identity repository and another instance as the external configuration data store???

    Thanks!

    #23996
     Rob Matthews 
    Participant

    You can do it that way, it means you can apply JVM tuning per instance and have the same baseDN, more simply you can just have different backends with different baseDN’s, for example dc=cfgstore,dc=example,dc=com and dc=userStore,dc=example,dc=com. Note that if you do this when you add a new backend it will have the default setting of 50% db-cache, you’ll want to make sure that the total db-cache percentage for all backends doesn’t exceed 80% (so you could set 40% for the userstore and 40% for the configstore you would need to work out what is appropriate for your deployment)

    You could even have it all pointing at the same backend but this is not advisable as you can’t tune appropriately for the datastore type.

    It’s all up to you and depends on how much control you need over tuning, personally I’ve never had problems with having them as different backends in the same instance. The examples in the docs always use dc=example,dc=com so you just need to alter them to fit your setup.

    #24007
     Michelle Reagin 
    Participant

    There are a few ways to handle externalized Directory Servers with AM. Since you are new to Directory Servers, I would recommend doing an externalized Directory Server with both the Config and Core Token Server in the same instance. You don’t need to have different backends for each, but if you wanted to get to that level, you could. The critical part is ensuring your Config schema and Core Token Server schema are applied to that server and the indexes required for the Core Token Server are also applied. Beyond that, you also have the standard Directory Server performance tuning, such as setting the JVM parameters and defining the backend cache percent and replication purge delay, to consider as well. Just look for the performance tuning section in the Directory Server Admin guide and work through it.

    I do recommend keeping your user data in a different Directory Server instance than your Config and Core Token Server. The Core Token Server has very different and demanding performance needs and your performance statistics would be best served by having your user data in a different DS where you could tune specifically to your user data and usage patterns.

    Regards,
    Michelle Reagin

    #24027
     ardentkurt 
    Participant

    Thanks, Rob and Michelle. I ended up moving to a deployment that separates the user and config data stores and running the remaining commands with a baseDN of dc=cfgStore,dc=example,dc=com. In order to verify that this is setup correctly, I am trying to verify the indexes that were created by running:

    ./verify-index --baseDN dc=cfgStore,dc=example,dc=com

    However, this yields zero results.

    [01/Dec/2018:11:04:35 +0000] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend cfgStore does not specify the number of lock tables: defaulting to 97
    [01/Dec/2018:11:04:35 +0000] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend cfgStore does not specify the number of cleaner threads: defaulting to 24 threads
    [01/Dec/2018:11:04:36 +0000] category=JEB severity=NOTICE msgID=8847466 msg=Checked 0 entries and found 0 error(s) in 0 seconds (average rate 0.0/sec)

    However, when I run the same command with baseDN dc=example,dc=com I get one entry:

    ./verify-index –baseDN dc=example,dc=com

    [01/Dec/2018:11:07:08 +0000] category=BACKEND severity=INFORMATION msgID=9437595 msg=Local DB backend userRoot does not specify the number of lock tables: defaulting to 97
    [01/Dec/2018:11:07:08 +0000] category=BACKEND severity=INFORMATION msgID=9437594 msg=Local DB backend userRoot does not specify the number of cleaner threads: defaulting to 24 threads
    [01/Dec/2018:11:07:09 +0000] category=JEB severity=NOTICE msgID=8847466 msg=Checked 1 entries and found 0 error(s) in 0 seconds (average rate 26.3/sec)

    Does this seem correct?

    Thanks!

    #24028
     ardentkurt 
    Participant

    Okay, listing the indexes for that dn seems to show all the indexes:

    ./dbtest list-index-status --backendID cfgStore --baseDN dc=cfgStore,dc=example,dc=com

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?