OpenDJ Import LDIF breaks OpenAM setup

Home Forums ForgeRock Products Access Management OpenDJ Import LDIF breaks OpenAM setup

Learn more about our upcoming Identity Summits

Tagged: , , ,

This topic has 2 replies, 3 voices, and was last updated 7 years, 5 months ago by Ludo.

  • Author
    Posts
  • February 23, 2015 at 10:39 pm #3174
     kirkm
    Participant

    I am having problems with OpenAM after using OpenDJ “Import LDIF” capability. If I import a very simple entity into OpenDJ in a path that is totally unrelated to openam entities, I can no longer log into the OpenAM console and get the “No such organization found” error. In the OpenDJ Control panel, I can see the data and if I delete it, I still cannot login. If I run the same test using ldap-modify using the same data, everything is fine! What happening behind the scenes that is different between ldap-modify and Import-LDIF?

    Goal is to move ldap data including users from one OpenAM configuration to another. Same versions but the configuration is different.

    Versions are OpenAM 11.0, OpenDJ 2.6.0

    Below are the commands and the data.

    /opt/opendj/bin/ldapmodify -D “cn=Directory Manager” -h localhost -p 1636 -w “password” –useSSL -a -f bar.ldif

    /opt/opendj/bin/import-ldif \
              –ldifFile /home/kirkm/bar.ldif \
              –backendID userRoot \
              –append \
              –hostName ldap.dev \
              –port 4444 \
              –bindDN cn=Directory\ Manager \
              –bindPassword ******** \
              –trustAll \
              –noPropertiesFile

    bar.ldif file

    dn: ou=organizations,dc=innovationgateway,dc=us
    objectClass: organizationalUnit
    objectClass: top
    ou: organizations

    dn: cn=foo,ou=organizations,dc=innovationgateway,dc=us
    objectClass: extensibleObject
    objectClass: top
    objectClass: organization
    o: Foo Orgs
    documentIdentifier: PUBLIC
    description: Foo org created while testing new model
    cn: foo
    co: USA
    businessCategory: COMMERCIAL

    February 24, 2015 at 1:04 pm #3181
     Peter Major
    Moderator

    I’m not entirely sure that the OpenDJ import-ldif is really relevant for your error message. No such organization found error usually means that you are trying to access a non-existent realm.
    My guess is that if you append realm=/ query parameter to the login URL then suddenly you get a nice login screen.
    Usual suspects:
    * realm/DNS aliases (if a single alias is uses for more than one realm, you can see this error message)
    * freshly created site (creating a new site – for some reason – automatically creates a DNS alias for the root realm so can essentially cause the above problem as well)

    February 24, 2015 at 1:57 pm #3183
     Ludo
    Moderator

    Hi,

    Import-LDIF is meant for bulkload data into OpenDJ, and as such, by default does replace existing data.
    If you need to add just a few entries, ldapmodify is the tool to use, as it allows the new entries to be automatically replicated, when replication is enabled.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.
Visit our blog

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?