Problem with configuring custom Base DN

This topic has 7 replies, 3 voices, and was last updated 5 years, 2 months ago by Ludo.

  • Author
    Posts
  • #12936
     ltutaj
    Participant

    Hello,

    In OpenDJ 2.7.0, during installation, I was able to define custom Base DN like:
    * ddi-admin-alias=ddi-admin
    * zone-id=1
    Lately I tried to install and configure in the same way OpenDJ 3.0.0 and it occurred that it is not possible. It is also not possible to configure mentioned Base DN when adding new backend when the server is already installed.
    The error that appeared is:
    The JE Backend could not be created due to a communications problem: Invalid
    Attribute Syntax: Entry “ds-cfg-backend-id=test,cn=Backends,cn=config”
    contains a value “ddi-admin-alias=ddi-admin” for attribute ds-cfg-base-dn that
    is invalid according to the syntax for that attribute: The DN
    “ddi-admin-alias=ddi-admin” could not be parsed due to the following reason:
    No attribute type with name or OID “ddi-admin-alias” exists in the schema

    What shall I do to able to add my custom Base DN.

    Regards,
    Lukasz

    #12937
     Bill Nelson
    Participant

    By definition, your root suffix should be be associated with valid schema attributes. The fact that you are trying to use an extended attribute (i.e. ddi-admin-alias or zone-id) before you have actually extended your schema seems to be why you are seeing this. I have never tried this before (all my root suffixes use common attributes such as dc, o, cn, etc.) and I am quite surprised that previous versions allowed you to do this. I will have to try to replicate this when I have more time.

    Unfortunately the schema folder doesn’t exist before you install so you can’t even try copying/pasting a 99-user.ldif with the extended attributes into it ahead of time to try to “pre-extend the schema”. As such, the best option in my opinion would be to not create your root suffix at all during the installation. Instead, install the product, extend the schema, and then create the new suffix and populate the data. Of course all of this can be easily scripted.

    #12939
     ltutaj
    Participant

    I tried to add mentioned suffixes after installation with my custom schema “75pnmserver.ldif” present in …/config/schema directory. It contains both mentioned attributes that are supposed to be used as suffixes:
    attributeTypes: ( zone-id-oid NAME ‘zone-id’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
    attributeTypes: ( ddi-admin-alias-oid NAME ‘ddi-admin-alias’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

    However I get the same error as previously:
    The JE Backend could not be created due to a communications problem: Invalid
    Attribute Syntax: Entry “ds-cfg-backend-id=test,cn=Backends,cn=config”
    contains a value “ddi-admin-alias=ddi-admin” for attribute ds-cfg-base-dn that
    is invalid according to the syntax for that attribute: The DN
    “ddi-admin-alias=ddi-admin” could not be parsed due to the following reason:
    No attribute type with name or OID “ddi-admin-alias” exists in the schema

    In version 2.7.0 I did both – created one suffix during installation (ddi-admin-alias) and second one zone-id=1 after installation with “dsconfig” command and option “create-backend”. Both worked with my custom schema. In 3.0.0 I use the same custom schema.

    Regards,
    Lukasz

    #12940
     Bill Nelson
    Participant

    The fact that you are seeing the error “No attribute type with name or OID “ddi-admin-alias” exists in the schema” indicates that OpenDJ does not yet recognize the extended schema. Did you restart OpenDJ after copying the schema file in the config/schema directory? If not, you need to as those files are only read in during startup.

    I see that you are using a filename of “75pnmserver.ldif”, not that it should make any difference, but you might want to try renaming that file. The filename structure is ##-name.ldif, so try 75-pnmserver.ldif just for grins. If that doesn’t work, try using OpenDJ’s default schema extension filename of 99-user.ldif to see if that has any impact. You can see I am trying different things here just to test the behavior of the new release.

    Finally, if none of them work, try extending the schema with the ldapmodify command to see if OpenDJ returns any errors.

    /opt/forgerock/opendj/bin/ldapmodify -h localhost -p 1389 -D “cn=Directory Manager” -w password -f ./custom_schema.ldif

    where: custom_schema.ldif contains something like:

    dn: cn=schema
    changetype: modify
    add: attributeTypes
    attributeTypes: ( zone-id-oid NAME ‘zone-id’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
    attributeTypes: ( ddi-admin-alias-oid NAME ‘ddi-admin-alias’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

    (note: this has not been tested, but it should work)

    bill

    #12942
     Ludo
    Moderator

    You may have hit a known issue (OPENDJ-2738) with OpenDJ 3.0 which has been resolved in the master source branch.
    Can you please try again with a recent nightly builds ?

    #12962
     ltutaj
    Participant

    Thank you bothfor your help. Summing up testing of your tips:
    I installed opendj-3.0.0-1.noarch.rpm with md5 MD5 checksum: a737c8db3b804a79106b620ec5640f9c available using following link:https://backstage.forgerock.com/#!/downloads/OpenDJ/OpenDJ%20Enterprise/3.0.0/OpenDJ%203%20Linux%20RPM%20package#list
    1. I renamed 75pnmserver.ldif to 75-pnmserver.ldif and restarted server – adding backend with custom suffix failed

    2. I moved definition of ddi-admin-alias and zone-id attributes to 99-user.ldif and restarted server – adding backend with custom suffix failed

    3. I tried to adddefinitions from custom_schema.ldif with ldapmodify command – it failed

    # ldapmodify -h localhost -p 11389 -D xxx -w yyy -f custom_schema.ldif
    Processing MODIFY request for cn=schema
    MODIFY operation failed
    Result Code:  65 (Object Class Violation)
    Additional Information:  Entry cn=schema cannot be modified because the resulting entry would have violated the server schema: Entry cn=schema violates the Directory Server schema configuration because it includes attribute add which is not allowed by any of the objectclasses defined in that entry
    # cat custom_schema.ldif
    dn: cn=schema
    changetype: modify
    add: attributeTypes
    attributeTypes: ( zone-id-oid NAME 'zone-id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
    attributeTypes: ( ddi-admin-alias-oid NAME 'ddi-admin-alias' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

    4. I downloaded nightly build opendj-4.0.0_20160908-1.noarch.rpm, installed it and configured without any backend added. Then copied my custom schema 75pnmserver.ldif to …/config/schema directory and restarted server – both backends were added without problems.

    It appears that official release 3.0.0 contains mentioned bug OPENDJ-2738. Hence I am wondering what should I do, because I want to eplace version 2.7.0 with newer version. Do you plan to release some patch to commonly available version of OpenDJ-3.0.0 in near future? Or maybe I should evaluate using nightly build of version 4.0.0?

    Regards,
    Lukasz

    #12968
     Bill Nelson
    Participant

    If you are a ForgeRock subscription customer, then you can download the code from Backstage once its made available in a patch or the next release.

    If you are not a customer then you will have to continue testing with the pre-release build or wait until the next .0 release is made available in the January ’17 time frame.

    #12990
     Ludo
    Moderator

    BTW, OpenDJ 2.7.0 was never a ForgeRock product release. Only nightly builds on the master had a 2.7.0 numbers until we moved to the 3.0.0-SNAPSHOT naming.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?