missing objectclasses like sunfederationmanagerdatastore

This topic has 10 replies, 2 voices, and was last updated 6 years ago by Bill Nelson.

  • Author
    Posts
  • #6109
     Scott Hagan
    Participant

    trying an installation of OpenAM 12.0.0 and OpenDJ 2.6.0. while migrating user entries getting failures.
    LDAP: error code 65 – Object class sunFederationManagerDataStore cannot be added to entry
    looking in 99-user.ldif looks like a lot of missing objectclasses compared to older versions. Any ideas why the above objectclass and probably others were not loaded?

    #6111
     Bill Nelson
    Participant

    Two questions.

    Are you using an external OpenDJ instance or the embedded OpenDJ instance. If it is an external instance, you need to extend the schema on that instance.

    Did you select the “load schema on save” checkbox in the data store definition?

    Based on your saying that the 99-user.ldif file doesn’t contain the extended attributes/objectclasses, I would assume that one of these may be your most likely problem.

    #6112
     Scott Hagan
    Participant

    Thanks for the response.
    It is an external dj instance.
    Load schema when saved is not checked. just checked it and saved change, cant see a difference.

    sorry what exactly do you mean by “you need to extend the schema on that instance”?

    the installer used configurator tool and the data store got named as embedded, however it points to the proper DJ instance.

    #6113
     Scott Hagan
    Participant

    sorry, just realized that checking load schema is not being persisted. I check the box and save, go back in and its unchecked again.

    #6114
     Bill Nelson
    Participant

    That is a common misunderstanding. The ‘load schema when saved’ is a one time control that simply tells OpenAM to extend the schema on the OpenDJ instance it is using for its data store. that checkbox is cleared after the control has been executed. it is not persisted and nor do you want it to be as that would cause the schema to be loaded every time you updated your data store definition.

    Are you good now?

    #6115
     Scott Hagan
    Participant

    thanks, I thought about that being the case after I responded.
    as far as extending the schema, are you saying to manually load the missing attributes or is there a predefined ldif with these missing objectclasses?
    I mean I could steal the 99-user.ldif from an old installation and and swap them out.
    that just feels unsavory. not understanding why these objectclasses were added before, but not in this version.

    #6116
     Bill Nelson
    Participant

    Somewhere, somehow, someone must have extended the schema in this OpenDJ instance. Either that, or you have never tried adding a user through OpenAM for you to have detected this before.

    Not knowing all of what is in your 99-user.ldif file, I would be remiss to tell you to just copy it to the new system. But, assuming that you have a somewhat standard implementation, then that should be fine. Just stop OpenDJ before you do this, otherwise you will overwrite what you just copied.

    The other question I would ask, is what are you using as the bindDN in the data store definition. Is it “cn=Directory Manager” by any chance? If so, then you should be able to extend the schema on an external OpenDJ server by checking the ‘load schema on save’ box. If you are using a different user (then first of all I applaud you) then you would need to grant that user the appropriate privileges in OpenDJ to modify the schema.

    A preferred method that we use when building new environments, is to use a script that pulls in the appropriate schema based on what is is we are building. If this OpenDJ instance will be used as a datastore for OpenAM users, then we include the OpenAM attributes/object classes. If we have company specific attributes/objects classes then we include the Company Specific schema. Essentially, the script looks for the presence of these types of files and includes them as necessary. We script everything to minimize risk.

    #6141
     Scott Hagan
    Participant

    I guess that is really what I was asking. you said
    “A preferred method that we use when building new environments, is to use a script that pulls in the appropriate schema based on what is is we are building. If this OpenDJ instance will be used as a datastore for OpenAM users, then we include the OpenAM attributes/object classes.”

    include the OpenAM attributes/object classes from where?

    #6157
     Bill Nelson
    Participant

    We captured the contents of the 99-user.ldif file immediately after checking the ‘load schema on save’ checkbox (see below) and used that as the basis for our OpenAM schema. Our installation scripts are somewhat dynamic (multi-purpose) so I check for the presence of this file in a particular folder and if found, execute the following:

    $BINDIR/ldapmodify –hostname $ODJFQDN –port $LDAPPORT –bindDN “$ROOTDN” –bindPassword $ROOTPASS –defaultAdd –filename $AMSCHEMA

    Hope this helps,

    bill

    ————–

    dn: cn=schema
    changetype: modify
    add: attributeTypes
    attributeTypes: ( 2.16.840.1.113730.3.1.1072 NAME ‘iplanet-am-user-admin-start-dn’ DESC ‘Starting DN for Admin User’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.63 NAME ‘iplanet-am-auth-login-success-url’ DESC ‘Redirection URL After Successful Login’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.1466.101.120.43 NAME ‘preferredTimeZone’ DESC ‘preferred time zone for a person’ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ‘iPlanet’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.839 NAME ‘sunIdentityServerPPLegalIdentityVATIdValue’ DESC ‘Liberty PP IDValue’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.1071 NAME ‘iplanet-am-user-auth-modules’ DESC ‘User Auth Modules’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.65 NAME ‘iplanet-am-auth-post-login-process-class’ DESC ‘Class Name for Post Authentication Processing’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.36733.2.2.1.3.1 NAME ( ‘assignedDashboard’ ) DESC ‘Dashboard App registry’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenAM’ )
    attributeTypes: ( 1.3.6.1.4.1.36733.2.2.1.4 NAME ‘devicePrintProfiles’ DESC ‘Device print profiles information is stored in this attribute’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenAM’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.823 NAME ‘sunIdentityMSISDNNumber’ DESC ‘User MSISDN Number’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.976 NAME ‘iplanet-am-user-account-life’ DESC ‘User Account Life’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.853 NAME ‘sunIdentityServerPPFacadeGreetSound’ DESC ‘Liberty PP FacadeGreetSound’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.828 NAME ‘sunIdentityServerPPCommonNameMN’ DESC ‘Liberty PP CommonName MN’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.862 NAME ‘sunIdentityServerPPEmergencyContact’ DESC ‘Liberty PP EmergencyContact’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.856 NAME ‘sunIdentityServerPPDemographicsLanguage’ DESC ‘Liberty PP DemographicsLanguage’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.1053 NAME ‘iplanet-am-session-service-status’ DESC ‘Session Service Status’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.860 NAME ‘sunIdentityServerPPSignKey’ DESC ‘Liberty PP SignKey’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.59 NAME ‘iplanet-am-user-alias-list’ DESC ‘User Alias Names List’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.73 NAME ‘iplanet-am-user-federation-info-key’ DESC ‘User Federation Information Key’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.692 NAME ‘inetUserStatus’ DESC ‘”active”, “inactive”, or “deleted” status of a user’ EQUALITY caseIgnoreMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘Nortel subscriber interoperability’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.58 NAME ‘iplanet-am-user-auth-config’ DESC ‘User Authentication Configuration’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.854 NAME ‘sunIdentityServerPPFacadegreetmesound’ DESC ‘Liberty PP FacadeMeGreetSound’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.851 NAME ‘sunIdentityServerPPFacadeWebSite’ DESC ‘Liberty PP FacadeWebSite’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.1466.101.120.42 NAME ‘preferredLocale’ DESC ‘preferred locale for a person’ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN ‘iPlanet’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.832 NAME ‘sunIdentityServerPPLegalIdentityLegalName’ DESC ‘Liberty PP LegalName’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.62 NAME ‘iplanet-am-auth-configuration’ DESC ‘Authentication Configuration’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.859 NAME ‘sunIdentityServerPPDemographicsTimeZone’ DESC ‘Liberty PP DemographicsTimeZone’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.834 NAME ‘sunIdentityServerPPLegalIdentityMaritalStatus’ DESC ‘Liberty PP Marital Status’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.836 NAME ‘sunIdentityServerPPLegalIdentityAltIdType’ DESC ‘Liberty PP AltID Type’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.1069 NAME ‘iplanet-am-session-destroy-sessions’ DESC ‘Destroy Session’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.74 NAME ‘iplanet-am-user-federation-info’ DESC ‘User Federation Information’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.989 NAME ‘sun-fm-saml2-nameid-infokey’ DESC ‘SAML 2.0 Name Identifier Information Key’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.825 NAME ‘sunIdentityServerPPCommonNameCN’ DESC ‘Liberty PP CommonName CN’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.2.840.113556.1.2.102 NAME ‘memberof’ DESC ‘Group that the entry belongs to’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN ‘iPlanet Delegated Administrator’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.838 NAME ‘sunIdentityServerPPLegalIdentityVATIdType’ DESC ‘Liberty PP IDType’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.830 NAME ‘sunIdentityServerPPCommonNamePT’ DESC ‘Liberty PP CommonName PersonalTitle’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.841 NAME ‘sunIdentityServerPPEmploymentIdentityOrg’ DESC ‘Liberty PP Org’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.837 NAME ‘sunIdentityServerPPLegalIdentityAltIdValue’ DESC ‘Liberty PP AltID Type’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.831 NAME ‘sunIdentityServerPPInformalName’ DESC ‘Liberty PP InformalName’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.591 NAME ‘iplanet-am-user-password-reset-force-reset’ DESC ‘Password Reset Force Reset password’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.857 NAME ‘sunIdentityServerPPDemographicsAge’ DESC ‘Liberty PP DemographicsAge’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.829 NAME ‘sunIdentityServerPPCommonNameAltCN’ DESC ‘Liberty PP CommonName Alt CN’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.1073 NAME ‘iplanet-am-user-service-status’ DESC ‘User Service Status’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.858 NAME ‘sunIdentityServerPPDemographicsBirthDay’ DESC ‘Liberty PP DemographicsBirthDay’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.852 NAME ‘sunIdentityServerPPFacadeNamePronounced’ DESC ‘Liberty PP FacadeNamePronounced’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.1067 NAME ‘iplanet-am-session-max-caching-time’ DESC ‘Max Session Caching Time’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.835 NAME ‘sunIdentityServerPPLegalIdentityGender’ DESC ‘Liberty PP Gender’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.590 NAME ‘iplanet-am-user-password-reset-question-answer’ DESC ‘Password Reset User Question Answer’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.826 NAME ‘sunIdentityServerPPCommonNameFN’ DESC ‘Liberty PP CommonName FN’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.855 NAME ‘sunIdentityServerPPDemographicsDisplayLanguage’ DESC ‘Liberty PP DemographicsDisplayLanguage’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.1068 NAME ‘iplanet-am-session-get-valid-sessions’ DESC ‘Get Valid Sessions’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.842 NAME ‘sunIdentityServerPPEmploymentIdentityAltO’ DESC ‘Liberty PP Alt Orgs’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.849 NAME ‘sunIdentityServerPPMsgContact’ DESC ‘Liberty PP MsgContact’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.1074 NAME ‘iplanet-am-user-login-status’ DESC ‘User Login Status’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.821 NAME ‘sunIdentityServerDiscoEntries’ DESC ‘User DiscoEntries’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.850 NAME ‘sunIdentityServerPPFacadeMugShot’ DESC ‘Liberty PP FacadeMugShot’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.793 NAME ‘sunAMAuthInvalidAttemptsData’ DESC ‘XML data for Invalid Login Attempts’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.1070 NAME ‘iplanet-am-session-add-session-listener-on-all-sessions’ DESC ‘Add Session Listener on All Sessions’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.827 NAME ‘sunIdentityServerPPCommonNameSN’ DESC ‘Liberty PP CommonName SN’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.71 NAME ‘iplanet-am-user-success-url’ DESC ‘Redirection URL for Successful User Authentication’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.72 NAME ‘iplanet-am-user-failure-url’ DESC ‘Redirection URL for Failed User Authentication’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.990 NAME ‘sun-fm-saml2-nameid-info’ DESC ‘SAML 2.0 Name Identifier Information’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.848 NAME ‘sunIdentityServerPPAddressCard’ DESC ‘Liberty PP AddressCard’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.589 NAME ‘iplanet-am-user-password-reset-options’ DESC ‘Password Reset Options’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.1066 NAME ‘iplanet-am-session-max-idle-time’ DESC ‘Max Session Idle Time’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.833 NAME ‘sunIdentityServerPPLegalIdentityDOB’ DESC ‘Liberty PP Date of Birth’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.1065 NAME ‘iplanet-am-session-max-session-time’ DESC ‘Max Service Time’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 2.16.840.1.113730.3.1.693 NAME ‘inetUserHttpURL’ DESC ‘A users Web addresses’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ‘Nortel subscriber interoperability’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.861 NAME ‘sunIdentityServerPPEncryptKey’ DESC ‘Liberty PP EncryPTKey’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.840 NAME ‘sunIdentityServerPPEmploymentIdentityJobTitle’ DESC ‘Liberty PP JobTitle’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.752 NAME ‘iplanet-am-session-quota-limit’ DESC ‘Session Quota Constraints’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )
    attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.64 NAME ‘iplanet-am-auth-login-failure-url’ DESC ‘Redirection URL for Failed User Authentication’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ‘OpenSSO’ )

    add: objectclasses
    objectClasses: ( 1.3.6.1.4.1.36733.2.2.2.4 NAME ‘devicePrintProfilesContainer’ DESC ‘Class containing device print profiles’ SUP top AUXILIARY MAY ( devicePrintProfiles ) X-ORIGIN ‘OpenAM’ )
    objectClasses: ( 1.3.6.1.4.1.36733.2.2.2.3.1 NAME ‘forgerock-am-dashboard-service’ AUXILIARY MAY ( assignedDashboard ) X-ORIGIN ‘Forgerock’ )
    objectClasses: ( 2.16.840.1.113730.3.2.175 NAME ‘iplanet-am-session-service’ DESC ‘Session Service OC’ SUP top AUXILIARY MAY ( iplanet-am-session-max-session-time $ iplanet-am-session-max-idle-time $ iplanet-am-session-max-caching-time $ iplanet-am-session-quota-limit $ iplanet-am-session-get-valid-sessions $ iplanet-am-session-destroy-sessions $ iplanet-am-session-add-session-listener-on-all-sessions $ iplanet-am-session-service-status ) X-ORIGIN ‘OpenSSO’ )
    objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.118 NAME ‘sunAMAuthAccountLockout’ DESC ‘Invalid Login Attempts Object Class’ SUP top AUXILIARY MAY ( sunAMAuthInvalidAttemptsData ) X-ORIGIN ‘OpenSSO’ )
    objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.148 NAME ‘sunFMSAML2NameIdentifier’ DESC ‘SAML 2.0 name identifier objectclass’ SUP top AUXILIARY MAY ( sun-fm-saml2-nameid-infokey $ sun-fm-saml2-nameid-info ) X-ORIGIN ‘OpenSSO’ )
    objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.76 NAME ‘sunFederationManagerDataStore’ DESC ‘FSUser provider OC’ SUP top AUXILIARY MAY ( iplanet-am-user-federation-info-key $ iplanet-am-user-federation-info $ sunIdentityServerDiscoEntries) X-ORIGIN ‘OpenSSO’ )
    objectClasses: ( 2.16.840.1.113730.3.2.184 NAME ‘iplanet-am-managed-person’ DESC ‘Managed Person OC’ SUP top AUXILIARY MAY ( iplanet-am-user-account-life ) X-ORIGIN ‘OpenSSO’ )
    objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.127 NAME ‘sunIdentityServerLibertyPPService’ DESC ‘sunIdentityServerLibertyPPService OC’ SUP top AUXILIARY MAY ( sunIdentityServerPPCommonNameCN $ sunIdentityServerPPCommonNameAltCN $ sunIdentityServerPPCommonNameFN $ sunIdentityServerPPCommonNameSN $ sunIdentityServerPPCommonNamePT $ sunIdentityServerPPCommonNameMN $ sunIdentityServerPPInformalName $ sunIdentityServerPPLegalIdentityLegalName $ sunIdentityServerPPLegalIdentityDOB $ sunIdentityServerPPLegalIdentityMaritalStatus $ sunIdentityServerPPLegalIdentityGender $ sunIdentityServerPPLegalIdentityAltIdType $ sunIdentityServerPPLegalIdentityAltIdValue $ sunIdentityServerPPLegalIdentityVATIdType $ sunIdentityServerPPLegalIdentityVATIdValue $sunIdentityServerPPEmploymentIdentityJobTitle $ sunIdentityServerPPEmploymentIdentityOrg $ sunIdentityServerPPEmploymentIdentityAltO $ sunIdentityServerPPAddressCard $ sunIdentityServerPPMsgContact $ sunIdentityServerPPFacadeMugShot $ sunIdentityServerPPFacadeWebSite $ sunIdentityServerPPFacadeNamePronounced $ sunIdentityServerPPFacadeGreetSound $ sunIdentityServerPPFacadegreetmesound $ sunIdentityServerPPDemographicsDisplayLanguage $ sunIdentityServerPPDemographicsLanguage $ sunIdentityServerPPDemographicsBirthDay $ sunIdentityServerPPDemographicsAge $ sunIdentityServerPPDemographicsTimeZone $ sunIdentityServerPPSignKey $ sunIdentityServerPPEncryptKey $ sunIdentityServerPPEmergencyContact ) X-ORIGIN ‘OpenSSO’ )
    objectClasses: ( 2.16.840.1.113730.3.2.176 NAME ‘iplanet-am-user-service’ DESC ‘User Service OC’ SUP top AUXILIARY MAY ( iplanet-am-user-auth-modules $ iplanet-am-user-login-status $ iplanet-am-user-admin-start-dn $ iplanet-am-user-auth-config $ iplanet-am-user-alias-list $ iplanet-am-user-success-url $ iplanet-am-user-failure-url $ iplanet-am-user-password-reset-options $ iplanet-am-user-password-reset-question-answer $ iplanet-am-user-password-reset-force-reset $ sunIdentityMSISDNNumber ) X-ORIGIN ‘OpenSSO’ )
    objectClasses: ( 1.3.6.1.4.1.1466.101.120.142 NAME ‘iPlanetPreferences’ AUXILIARY MAY ( preferredLanguage $ preferredLocale $ preferredTimeZone ) X-ORIGIN ‘iPlanet’ )
    objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.23 NAME ‘iplanet-am-auth-configuration-service’ DESC ‘Authentication Configuration Service OC’ SUP top AUXILIARY MAY ( iplanet-am-auth-configuration $ iplanet-am-auth-login-success-url $ iplanet-am-auth-login-failure-url $ iplanet-am-auth-post-login-process-class ) X-ORIGIN ‘OpenSSO’ )
    objectClasses: ( 2.16.840.1.113730.3.2.130 NAME ‘inetuser’ DESC ‘Auxiliary class which has to be present in an entry for delivery of subscriber services’ SUP top AUXILIARY MAY ( uid $ inetUserStatus $ inetUserHTTPURL $ userPassword $ memberof ) X-ORIGIN ‘Nortel subscriber interoperability’ )

    #6165
     Scott Hagan
    Participant

    first off Thank you, you have been a huge help.
    I am thankful for anyone that takes the time to answer me. I extracted the attributes/objclasses I needed and have loaded into the schema. took some trial/error on a couple but I think I am good now.
    thanks again.

    I assume some of these are legacy attributes/obj. I had to put together some ldifs like this when we were moving from OpenSSO/DSEE to OpenAM 10/OpenDJ. now I needed this set moving to OpenAM 12. Seems like these would be maintained somewhere and become a install option.
    Or are you saying that our install was not done correctly? I am not the one doing the install, I have been asked to consult only, so I cant say if instructions are being followed to the tee.

    #6175
     Bill Nelson
    Participant

    The attribute/objectclass names have been the same for several years (dating back to the iPlanet days), hence the common names for each implementation -> Access Manager, openSSO, OpenAM. So in effect, they are legacy names, but ones that are still in use today and will most likely be in use for the foreseeable future.

    Loading the OpenAM schema is not part of an installation and I doubt you will see it as such. Instead it was implemented as a checkbox (load schema on save) to be flexible for both embedded and external configuration stores (as necessary). It is just one thing that an implementation engineer needs to remember on an install. Either way, if they forget, they will figure it out soon enough; sort of like finding out that you have not configured the LDAP information correctly by selecting the Subjects tab.

    Keep in mind that an upgrade from 9 -> 10 -> 11 -> 12 is very easy and all of these parameters carry forward during the upgrade process (they should since they are stored in the config server). You are only running into this because you are performing a brand new installation.

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?