opendj 5 sync password: an error occurred while trying to load the trust store


This topic has 1 reply, 1 voice, and was last updated 5 years, 2 months ago by cristianoburgo.

  • Author
  • #18244

    i’m following the guide to configure the password sync for opendj 5 to openidm 4.
    this is my configuration:

    dn: cn=OpenIDM Notification Handler,cn=Account Status Notification Handlers,cn=config
    objectClass: top
    objectClass: ds-cfg-account-status-notification-handler
    objectClass: ds-cfg-openidm-account-status-notification-handler
    cn: OpenIDM Notification Handler
    ds-cfg-java-class: org.forgerock.openidm.accountchange.OpenidmAccountStatusNotificationHandler
    ds-cfg-enabled: true
    ds-cfg-attribute: password
    ds-cfg-query-id: for-userName
    ds-cfg-attribute-type: entryUUID
    ds-cfg-attribute-type: uid
    ds-cfg-log-file: logs/pwsync
    ds-cfg-update-interval: 0 seconds
    ds-cfg-private-key-alias: openidm-localhost
    ds-cfg-certificate-subject-dn: CN=localhost, O=OpenIDM Self-Signed Certificate, OU=None, L=None, ST=None, C=None
    ds-cfg-trust-manager-provider: cn=JKS,cn=Trust Manager Providers,cn=config
    ds-cfg-key-manager-provider: cn=Default Key Manager,cn=Key Manager Providers,cn=config
    ds-cfg-ssl-cert-nickname: server-cert
    #ds-cfg-openidm-compat-mode: V3
    ds-cfg-openidm-username: openidm-admin
    ds-cfg-openidm-password: openidm-admin

    then when I issue the command to apply the conf:

    ./ldapmodify --port 1389 --hostname '' --bindDN "cn=Directory Manager" --bindPassword "password" \
     --filename /opt/opendj/config/openidm-accountchange-plugin-sample-config

    This error is shown:

    # Processing ADD request for cn=OpenIDM Notification Handler,cn=Account Status Notification Handlers,cn=config
    # The LDAP modify request failed: 80 (Other)
    # Additional Information:  The attempt to apply the configuration add failed. The preliminary checks were all successful and the entry was added to the server configuration, but at least one of the configuration add listeners reported an error when attempting to apply the change: An error occurred while trying to initialize an instance of class org.forgerock.openidm.accountchange.OpenidmAccountStatusNotificationHandler as an account status notification handler as defined in configuration entry cn=OpenIDM Notification Handler,cn=Account Status Notification Handlers,cn=config: InitializationException: An error occurred while trying to load the trust store contents from file /opt/opendj/config/truststore: IOException(Keystore was tampered with, or password was incorrect) (

    The JKS trust manager is :

    Property Value(s)
    1) enabled true
    2) trust-store-file /opt/opendj/config/truststore
    3) trust-store-pin –
    4) trust-store-pin-environment-variable –
    5) trust-store-pin-file /opt/opendj/config/
    6) trust-store-pin-property –
    7) trust-store-type JKS


    just solved the issue, was the trust manager. I created a new one using the dsconfig and the entry is successfully created.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?