Error during initial config of OpenAM 5.5.1

This topic has 7 replies, 3 voices, and was last updated 4 years, 5 months ago by bertalanvoros.

  • Author
    Posts
  • #20895
     bertalanvoros
    Participant

    Hello All,

    I am doing an evaluation of OpenAM and OpenIG once more.
    Active Directory is used as the User Data Store.

    The account used to bind to AD is a read only account which I assume has something to do with this error.
    This used to work on previous version.

    Could someone confirm that this is the case or if I should look somewhere else?

    Error:
    02/13/2018 04:20:18:821 PM UTC: Creating demo user.
    AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.
    ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=91

    Thanks a lot in advance,
    Bertalan

    #20896
     Andy Cory
    Participant

    Hi

    LDAP error code 91 indicates OpenAM cannot reach the datastore at all, I’d expect this to prevent the bind in the first place, before any considerations as to the read only nature of your AD. Do you see a successful bind and then this error on a subsequent operation? Either way, network or firewall issues seem the most likely explanation.

    -Andy

    #20897
     bertalanvoros
    Participant

    Thanks a lot, this is really helpful.
    I am testing now if this is a connectivity problem.

    #20899
     bertalanvoros
    Participant

    Just tested and the MS AD domain controller can be reached from the OpenAM machine by both pinging and on the relevant ports.

    Still getting the same error when the initial config is being applied.

    02/14/2018 02:48:30:523 PM UTC: Creating demo user.
    AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.
    ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=91

    Some additional information.
    When at the ‘Configuration Store Details’ page during the configuration wizard the ports are each displaying the value ‘-1’.
    I replace ‘-1’ with the follwing:
    DIRECTORY_ADMIN_PORT = 4444
    DIRECTORY_JMX_PORT = 1689
    DIRECTORY_PORT = 50389

    Could this have an impact on this?

    #20902
     bertalanvoros
    Participant

    UPDATE:

    Quickly set up a test domain controller, created a user for openam that has full access to AD and getting a new error at the same step:

    02/14/2018 04:54:41:159 PM UTC: Creating demo user.
    AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=53

    Have you seen this before?

    #20904
     bertalanvoros
    Participant

    FINAL UPDATE:
    I turned off all password complexity requirements in the test AD.
    Still getting the same error.

    I give up.

    #20907
     handat
    Participant

    Try connecting to AD using LDAPS instead of LDAP.

    #20911
     bertalanvoros
    Participant

    Thanks a lot for all the responses.
    No luck unfortunately.
    The best I can get out of OpenAM when using MS AD as the user data store is a ldap error 53 when the initial configuration attempts to create a demo user.

    I even set up a test AD with a service account for openam that has full access and all password complexity requirements turned off to eliminate that, still no luck.

    When I tested previous versions I had no problem setting up OpenAM the same way.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?