Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15244

AM configuration does not perform schema extension for identity store although it has the permissions


    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.0,, 6.5.1,, 6.5.2
    • Fix Version/s: 6.0.1, 5.5.2, 7.0.0, 6.5.3
    • Component/s: configurator, install
    • Labels:
    • Environment:
      Oracle JDK 1.8.0_201-b09
      Apache Tomcat/9.0.8
      AM 6.5.0/1
    • Sprint:
      AM Sustaining Sprint 65, AM Sustaining Sprint 66
    • Story Points:
    • Support Ticket IDs:
    • Needs QA verification:
    • Functional tests:
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description


      Bug description

      User identity subjects can not be added via AM console.

      How to reproduce the issue

      1. Setup DS 6.0.0 instance to be used as AM's external configuration data store and identity store.
      2. Add default 'people' container used by AM
      3. Configure AM 6.5.0 using amster, specifying external configuration data store and identity store
      4. After installation log into AM console
      5. Try to create an user identity subject
      Expected behaviour
      user identity subject should be created in the identity store
      Current behaviour
      error shows up in AM console

      Work around

      1) Apply manual schema extensions needed for AM, or

      2) Ensure that the userStoreType param is included when running the install-openam amster command (as this will then result in the schema loading being performed).


      It's not noted in the release notes that the functionality was removed.
      AM does perform schema extensions for the external configuration data store ... this is inconsistent behavior. Either no configuration change is performed at all to any Directory Server and it's the duty of the Directory Server administrator to perform the action or AM does it.
      AM can not rely on DS profiles are being used , even if FR DS is used as identity repository.




            • Assignee:
              lawrence.yarham Lawrence Yarham
              bthalmayr Bernhard Thalmayr
            • Votes:
              0 Vote for this issue
              6 Start watching this issue


              • Created: