Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-4210

Cannot import/export LDIF in offline mode after configuring OpenDJ Password Synchronization Plugin

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 4.0.0, 3.5.2
    • Fix Version/s: 6.0.0
    • Component/s: tools
    • Environment:
      OpenDJ-3.5.2
      opendj-openidm-account-change-notification-handler-3.5.2
      IDM 4.5 (for IDM self-signed cert)
    • Support Ticket IDs:
    • Sprint:
      OpenDJ Sprint 117

      Description

      Cannot offline import/export-ldif after configuring OpenDJ Password Synchronization Plugin

      Steps to reproduce:

      1. configure default, standalone DJ instance with LDAPS enabled.
      1. Install and configure the password sync plugin, as per the IDM Integrators guide
      3. Attempt an offline export-ldif or import-ldif (result is the same):

      Output for 3.5.2:

      $ /export-ldif --backendID userRoot --includeBranch dc=example,dc=com --ldifFile ../out.ldif
      
      An error occurred while attempting to initialize server components to run the
      tool: An error occurred while attempting to initialize the password policy
      components: An error occurred while trying to initialize an instance of class
      org.forgerock.openidm.accountchange.OpenidmAccountStatusNotificationHandler as
      an account status notification handler as defined in configuration entry
      cn=OpenIDM Notification Handler,cn=Account Status Notification
      Handlers,cn=config: NullPointerException
      (OpenidmAccountStatusNotificationHandler.java:367
      OpenidmAccountStatusNotificationHandler.java:292
      OpenidmAccountStatusNotificationHandler.java:196
      OpenidmAccountStatusNotificationHandler.java:124
      AccountStatusNotificationHandlerConfigManager.java:355
      AccountStatusNotificationHandlerConfigManager.java:309
      AccountStatusNotificationHandlerConfigManager.java:110
      DirectoryServer.java:2074 DirectoryServer.java:181 DirectoryServer.java:929
      DirectoryServer.java:792 ExportLDIF.java:356 TaskTool.java:262
      ExportLDIF.java:293 ExportLDIF.java:105 ExportLDIF.java:80)
      (id=org.opends.messages.tool-373)
      

      Expected result:

      Successful offline export/import

      Observations:

      Online export/import-ldif does work, as long as --trustAll option is used. Otherwise the same NPE and stack trace is observed.

      Adding the --trustAll option to the offline import/export is not possible and results in a connect error, as it is recognised as a scheduled task:

      $ ./export-ldif --noPropertiesFile --backendID userRoot --includeBranch dc=example,dc=com --ldifFile ../ldif.out -X
      Password for user 'cn=Directory Manager':
      You have provided options for scheduling this operation as a task but options
      provided for connecting to the server's tasks backend resulted in the
      following error: 'Connect Error'
      

      Also reproduced in OpenDJ-4.0/DS-IDM-account-change-notification-handler-5.0.0 with a different error:

      $ ./export-ldif --noPropertiesFile --backendID userRoot --includeBranch dc=example,dc=com --ldifFile ../ldif.out --offline -X
      An error occurred while attempting to initialize server components to run the
      tool: An error occurred while attempting to initialize the password policy
      components: An error occurred while trying to decode the managed object
      configuration entry cn=OpenIDM Notification Handler,cn=Account Status
      Notification Handlers,cn=config: The Openidm Account Status Notification
      Handler could not be decoded due to the following reasons: The
      "certificate-subject-dn" property must be specified as it is mandatory; The
      "openidm-url" property must be specified as it is mandatory
      (id=org.opends.messages.tool-373)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ylecaillez Yannick Lecaillez
                Reporter:
                john.noble John Noble
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: