Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6457

DirectoryContentUpgrader causes Entry Already Exists exception for CTS suffix when upgrading OpenAM

    Details

    • Sprint:
      Sustaining Sprint 10
    • Support Ticket IDs:

      Description

      When upgrading to OpenAM 12, the DirectoryContentUpgrader part of the process tries to process various ldif modification tasks.

      In the case of 'CreateCTSContainer':

          private class CreateCTSContainer implements Upgrader {
      
              @Override
              public String getLDIFPath() {
                  return "/WEB-INF/template/ldif/sfha/cts-container.ldif";
              }
      
              @Override
              public boolean isUpgradeNecessary(Connection conn, Schema schema) throws UpgradeException {
                  return !entryExists(conn, new LDAPConfig(baseDN).getTokenStoreRootSuffix());
              }
          }
      

      In a scenario where CTS is external with a non-default suffix, this logic is still executed and the end result is:

      amUpgrade:05/09/2015 10:23:22:557 AM BST: Thread[http-bio-8080-exec-10,5,main]
      ERROR: An error occurred while processing /WEB-INF/template/ldif/sfha/cts-container.ldif
      org.forgerock.opendj.ldap.ErrorResultIOException: org.forgerock.opendj.ldap.ConstraintViolationException: Entry Already Exists: The entry ou=tokens,dc=example,dc=com cannot be added because an entry with that name already exists
              at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:109)
              at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:56)
              at org.forgerock.opendj.ldif.ChangeRecordVisitorWriter.visitChangeRecord(ChangeRecordVisitorWriter.java:59)
              at org.forgerock.opendj.ldif.ChangeRecordVisitorWriter.visitChangeRecord(ChangeRecordVisitorWriter.java:39)
              at org.forgerock.opendj.ldap.requests.AddRequestImpl.accept(AddRequestImpl.java:58)
              at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:131)
              at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:56)
              at org.forgerock.openam.upgrade.DirectoryContentUpgrader.processLDIF(DirectoryContentUpgrader.java:180)
              at org.forgerock.openam.upgrade.DirectoryContentUpgrader.upgrade(DirectoryContentUpgrader.java:212)
              at org.forgerock.openam.upgrade.steps.UpgradeDirectoryContentStep.perform(UpgradeDirectoryContentStep.java:72)
              at org.forgerock.openam.upgrade.UpgradeServices.upgrade(UpgradeServices.java:186)
              at com.sun.identity.config.upgrade.Upgrade.doUpgrade(Upgrade.java:79)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      

      This is because OpenAM uses a configuration store connection factory to run the isUpgradeNecessary() check, but it uses the 'getTokenStoreRootSuffix' which corresponds to external CTS configuration. It therefore looks up a suffix that doesn't exist in the config store.

      Additionally, in the actual cts-container.ldif file, this contains default ou=tokens,<configstoresuffix> based entries that have no relation to an external CTS suffix. So because it hasn't found the 'external suffix', it then tries to add the configstore based suffix (which does already exist).

      As a result the overall upgrade fails.

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              ian.packer Ian Packer [X] (Inactive)
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0h
                0h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 3h
                3h