Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6977

DS expects root user password instead of admin user password in standalone DS , RS deployments

    Details

    • Type: Bug
    • Status: Dev backlog
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.2, 6.0.0, 5.5.0
    • Fix Version/s: None
    • Component/s: backends
    • Labels:
    • Support Ticket IDs:

      Description

      In standalone DS and RS deployments, DS is not accepting the admin password with dsreplication commands. Instead, it is accepting only the Root User password. Please see details of my testing below:

      I set up two DS 6.5.2 servers and 1 standalone RS server:

      /OpenDJ/opendj/setup directory-server          --instancePath /OpenDJ/opendj          --rootUserDn cn=Directory\ Manager          --rootUserPassword password  --acceptLicense        --monitorUserDn uid=Monitor          --monitorUserPassword password          --hostname DS-55-A.fr.local          --adminConnectorPort 4444          --ldapPort 1389          --sampleData 2000          --baseDn dc=example,dc=com
       
      /OpenDJ/opendj/setup directory-server          --instancePath /OpenDJ/opendj          --rootUserDn cn=Directory\ Manager          --rootUserPassword password --acceptLicense        --monitorUserDn uid=Monitor          --monitorUserPassword password          --hostname DS-55-B.fr.local          --adminConnectorPort 4444          --ldapPort 1389          --sampleData 2000          --baseDn dc=example,dc=com
      
      /OpenDJ/opendj/setup replication-server \
                --instancePath /OpenDJ/opendj \
                --rootUserDn cn=Directory\ Manager \
                --rootUserPassword password \
                --monitorUserDn uid=Monitor \
                --monitorUserPassword password \
                --acceptLicense \
                --hostname DS600.fr.local \
                --adminConnectorPort 4444 \
                --replicationPort 8989

      Root User password was setup as password ​ on all 3 servers.

       

      Configured replication using admin and password as admin123 :

      dsreplication  configure  --adminUID admin  --adminPassword admin123  --baseDN dc=example,dc=com  --host1 DS-55-A.fr.local  --port1 4444  --bindDN1 "cn=Directory Manager"  --bindPassword1 password  --noReplicationServer1  --host2 DS600.fr.local  --port2 4444  --bindDN2 "cn=Directory Manager"  --bindPassword2 password  --replicationPort2 8989  --onlyReplicationServer2  --trustAll  --no-prompt
      
      dsreplication  configure  --adminUID admin  --adminPassword admin123 --baseDN dc=example,dc=com  --host1 DS-55-B.fr.local  --port1 4444  --bindDN1 "cn=Directory Manager"  --bindPassword1 password  --noReplicationServer1  --host2 DS600.fr.local  --port2 4444  --bindDN2 "cn=Directory Manager"  --bindPassword2 password  --replicationPort2 8989  --onlyReplicationServer2  --trustAll  --no-prompt
      

       

      Following this, if I try dsreplication status using admin and admin123, it complains that the credentials are wrong. It works only when I provide the password as password (which is the root user password). 

      dsreplication status --adminUID admin --adminPassword admin123 --hostname DS-55-B.fr.local --port 4444 --trustAll
      
      The provided credentials are not valid in server DS-55-B.fr.local:4444.
      Details: Invalid Credentials
      
      >>>> Specify OpenDJ LDAP connection parameters
      
      Directory server hostname or IP address [DS-55-B.fr.local]: 
      
      Directory server administration port number [4444]: 
      
      Global Administrator User ID [admin]: 
      
      Password for user 'admin': 
      
      The provided credentials are not valid in server DS-55-B.fr.local:4444.
      Details: Invalid Credentials
      
      
      Directory server hostname or IP address [DS-55-B.fr.local]: 
      
      Directory server administration port number [4444]: 
      
      Global Administrator User ID [admin]: 
      
      Password for user 'admin': 
      
      The equivalent non-interactive command-line is:
      dsreplication status \
                --hostname DS-55-B.fr.local \
                --port 4444 \
                --adminUid admin \
                --adminPassword ****** \
                --no-prompt
      Suffix DN         : Server                : Entries : Replication enabled : DS ID : RS ID : RS Port (1) : Delay (ms) : Security (2)
      ------------------:-----------------------:---------:---------------------:-------:-------:-------------:------------:-------------
      dc=example,dc=com : DS-55-A.fr.local:4444 : 2002    : true                : 29349 : (3)   :             : 0          : 
      dc=example,dc=com : DS-55-B.fr.local:4444 : 2002    : true                : 5389  : (3)   :             : 0          : 
      uid=Monitor       : DS-55-A.fr.local:4444 : 1       :                     :       :       :             :            : 
      uid=Monitor       : DS-55-B.fr.local:4444 : 1       :                     :       :       :             :            : 
      uid=Monitor       : DS600.fr.local:4444  : 1        :                     :       :       :             :            : 
                        : DS600.fr.local:4444  : (4)      : true                :       : 28710 : 8989        : N/A        : false

       

      The stored passwords are seen to be different:

      # grep userPassword db/rootUser/rootUser.ldif
      userPassword: {PBKDF2}10000:KbBOfV6NsjrQmdiC+j3rT/fY5idZbuHsctTPZA==
      # grep userPassword db/adminRoot/admin-backend.ldif
      userPassword: {PBKDF2}10000:a5QKukAl8T3BuyPn3IN1pVMZf4TLa1qtk6YbmQ==
      

       

      In DS+RS servers, there is no problem.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                akhil.kommadath Akhil Kommadath
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated: