Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10852

Configuration store LDAP causes authentication and psearch failures even after recovery


    • Support Ticket IDs:


      This is tested with latest 14.0 snapshot and due to the fix in AME-12815


      • Setup 1 external config directory
      • Setup 1 external user dir
      • Create 2 LB each pointing to these directory
      • Setup OpenAM to use these LB port as the config/user directory
      • Start/Stop LB to simulate LDAP disconnection


      • When the user directory LB is disconnect and restablished the persistent connection
        works and connection from OpenAM is seen establish (FINE)
      • But when the configuration directory LB connection is disconnected and reconnected
        the configuration directory psearch is established but if you disconnect/reconnect
        the user directory LB, the persistent search to the user directory FAILS
        --> Psearch to user directory STOPS
      • After the above steps NO LOGIN can happen (even amadmin FAILS to be able
        to login)
        --> Authentication not possible anymore

      Expected: (but not happening)

      • Persistent search to user directory still works
      • User can still login (instead no-one can)

      Investigation done:

      • It seems that the code to call clearCaches() in the EventService have issues. The problem seems to be that somehow that EventService.clearCache somehow
        calls in dRepoPluginsCache.clearIdRepoPluginsCache which shutdowns the user repository if this is seen. (or maybe other stuff).
      - Not on 14.0.x but the flow would be the same
              at com.iplanet.services.ldap.event.LDAPv3PersistentSearch.stopSearch(LDAPv3PersistentSearch.java:246)
              at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.removeListener(DJLDAPv3Repo.java:2132)
              at com.sun.identity.idm.server.IdRepoPluginsCache.clearIdRepoPluginsCache(IdRepoPluginsCache.java:314)
              at com.sun.identity.idm.server.IdRepoPluginsCache.schemaChanged(IdRepoPluginsCache.java:675)
              at com.sun.identity.sm.ServiceSchemaManagerImpl.allObjectsChanged(ServiceSchemaManagerImpl.java:407)
              at com.sun.identity.sm.SMSNotificationManager.allObjectsChanged(SMSNotificationManager.java:348)
              at com.sun.identity.sm.ldap.LDAPEventManager.allEntriesChanged(LDAPEventManager.java:165)
              at com.iplanet.services.ldap.event.EventService$EventServicePersistentSearch.clearCaches(EventService.java:380)
              at com.iplanet.services.ldap.event.LDAPv3PersistentSearch$2.run(LDAPv3PersistentSearch.java:223)


          Issue Links



              • Assignee:
                david.luna@forgerock.com David Luna
                chee-weng.chea C-Weng C
                QA Assignee:
                Philip Anderson
              • Votes:
                0 Vote for this issue
                9 Start watching this issue


                • Created: