Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15510

Generic amster error message "No Base Entity dc=config,dc=forgerock,dc=com found" needs to detail the actual ldap error - during install-openam

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.2.1
    • Fix Version/s: 6.0.1, 6.5.3, 7.0.0, 5.5.2
    • Component/s: Amster
    • Labels:
    • Sprint:
      AM Sustaining Sprint 70
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      When using install-openam amster option, if ANY issue occurs with the Config DJ server configuration, amster reports the generic error message:

      Configuration failed: Invalid Suffix for directory server configdj.internal.forgerock.com:1636. No Base Entity dc=config,dc=forgerock,dc=com found., refer to install.log under  for more information.
      

      I get that error under the following circumstances.

      a)
      wrong config admin user password
      b)
      wrong config admin user
      c)
      Cert from DJ was not in AM's truststore, causing SSL Communication failure

      This can cause an increase in time in troubleshooting as it isn't clear in the error message WHY the base DN wasn't obtained (because of username mismatch, bad password, other ldap related errors).

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. 1 install am with amster with this command but with incorrect admin user(cfgStoreDirMgr)::
      install-openam --serverUrl https://am1.internal.forgerock.com:8043/openam --adminPwd cangetinam --acceptLicense --cfgDir /home/support/openamamconfig --cfgStoreDirMgrPwd configdjpassword --cfgStore dirServer --cfgStoreHost configdj.internal.forgeorck.com --cfgStoreAdminPort 4444 --cfgStorePort 1389 --cfgStoreDirMgr uid=cn=Directory Manager --cookieDomain .forgerock.com --lbSiteName ExternalORT --lbPrimaryUrl https://am.internal.forgerock.com/openam --cfgStoreRootSuffix dc=config,dc=forgerock,dc=com --pwdEncKey 12345678 --cfgStoreSsl SIMPLE
      
      1. 2. even though the Base DN is correct, we get this error message
      Configuration failed: Invalid Suffix for directory server configdj.internal.forgerock.com:1636. No Base Entity dc=config,dc=forgerock,dc=com found., refer to install.log under  for more information.
      
      1. 3. DJ logs show the issue is incorrect username:
      {"eventName":"DJ-LDAP","client":{"ip":"172.24.11.60","port":52723},"server":{"ip":"172.24.11.60","port":1389},"request":{"protocol":"LDAP","operation":"BIND","connId":10,"msgId":1,"version":"3","dn":"uid=cn=Directory Manager","authType":"SIMPLE"},"transactionId":"62c52e75-7ce6-464d-8896-93137d776d0b-120","response":{"status":"FAILED","statusCode":"49","elapsedTime":2,"elapsedTimeUnits":"MILLISECONDS","failureReason":"Unable to bind to the Directory Server because no such user exists in the server"},"userId":"uid=cn=Directory Manager","timestamp":"2019-10-01T00:14:50.477Z","_id":"62c52e75-7ce6-464d-8896-93137d776d0b-124"}
      
      1. ...
      Expected behaviour
      {amster says error the DJ indicates: Unable to bind to the Directory Server because no such user exists in the server: }
      
      Current behaviour
      {amster says incorrect base dn}
      

      Work around

      none, correct issue, once it has been figured out.

      Code analysis

      not done

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                david.bate David Bate
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: