This topic has 7 replies, 3 voices, and was last updated 4 years, 5 months ago by 
-
Posts
-
Hello All,
I am doing an evaluation of OpenAM and OpenIG once more.
Active Directory is used as the User Data Store.The account used to bind to AD is a read only account which I assume has something to do with this error.
This used to work on previous version.Could someone confirm that this is the case or if I should look somewhere else?
Error:
02/13/2018 04:20:18:821 PM UTC: Creating demo user.
AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.
ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=91Thanks a lot in advance,
BertalanHi
LDAP error code 91 indicates OpenAM cannot reach the datastore at all, I’d expect this to prevent the bind in the first place, before any considerations as to the read only nature of your AD. Do you see a successful bind and then this error on a subsequent operation? Either way, network or firewall issues seem the most likely explanation.
-Andy
Just tested and the MS AD domain controller can be reached from the OpenAM machine by both pinging and on the relevant ports.
Still getting the same error when the initial config is being applied.
02/14/2018 02:48:30:523 PM UTC: Creating demo user.
AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.
ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=91Some additional information.
When at the ‘Configuration Store Details’ page during the configuration wizard the ports are each displaying the value ‘-1’.
I replace ‘-1’ with the follwing:
DIRECTORY_ADMIN_PORT = 4444
DIRECTORY_JMX_PORT = 1689
DIRECTORY_PORT = 50389Could this have an impact on this?
UPDATE:
Quickly set up a test domain controller, created a user for openam that has full access to AD and getting a new error at the same step:
02/14/2018 04:54:41:159 PM UTC: Creating demo user.
AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=53Have you seen this before?
FINAL UPDATE:
I turned off all password complexity requirements in the test AD.
Still getting the same error.I give up.
Thanks a lot for all the responses.
No luck unfortunately.
The best I can get out of OpenAM when using MS AD as the user data store is a ldap error 53 when the initial configuration attempts to create a demo user.I even set up a test AD with a service account for openam that has full access and all password complexity requirements turned off to eliminate that, still no luck.
When I tested previous versions I had no problem setting up OpenAM the same way.
You must be logged in to reply to this topic.
