Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7323

KeyStoreException in error log of 6.5.x server when adding 7.0.0 server to old topology




      With 6.5.3 and 7.0.0-SNAPSHOT rev. ac6849f4e45 and functional tests we discovered an exception:

      [30/Jun/2020:20:28:56 +0000] category=CORE severity=WARNING msgID=655 msg=Error while trying to add entry ds-cfg-key-id=3EC9E5B3FFFDF46E8D7C3CA609B15CEF,cn=ads-truststore to the trust store: Error while trying to add certificate 3EC9E5B3FFFDF46E8D7C3CA609B15CEF to the trust store file db/ads-truststore/ads-truststore: KeyStoreException(java.io.EOFException)

      in 6.5.3 error log while running a command to add new server (7.0.0) to existing topology:

      ./DJ3/opendj/bin/dsrepl add-local-server-to-pre-7-0-topology  -h openam.example.com -p 4448 -D "cn=admin,cn=Administrators,cn=admin data" -w "password" -X  --baseDn "dc=com"

      Basic test steps:

      • Setup 6.5.3 DSRS (DJ1)
      • Setup 6.5.3 DSRS (DJ2)
      • Enable and initialize replication between DJ1 and DJ2
      • Setup 7.0.0 DSRS (DJ3) - do not start
      • Configure DJ3 to be compatible with 6.5.3 (serverId, set-password-storage-scheme-prop [Salted SHA-512], set-password-policy-prop [Salted SHA-512])
      • ./DJ3/opendj/bin/dsconfig --offline set-global-configuration-prop --set server-id:3 -n
        ./DJ3/opendj/bin/dsconfig --offline set-password-storage-scheme-prop --scheme-name "Salted SHA-512" --set enabled:true -n
        ./DJ3/opendj/bin/dsconfig --offline set-password-policy-prop --policy-name "Default Password Policy" --add default-password-storage-scheme:"Salted SHA-512" --remove default-password-storage-scheme:PBKDF2-HMAC-SHA256 -n
      • run dsrepl add-local-server-to-pre-7-0-topology
      • ./DJ3/opendj/bin/dsrepl add-local-server-to-pre-7-0-topology  -h openam.example.com -p 4448 -D "cn=admin,cn=Administrators,cn=admin data" -w "password" -X  --baseDn "dc=com"

      In second server's (6.5.3) replication log I have found few messages:

      [30/Jun/2020:20:29:02 +0000] category=SYNC severity=INFORMATION msgID=105 msg=Replication server accepted a connection from localhost/ to local address / but the SSL handshake failed. This is probably benign, but may indicate a transient network outage or a misconfigured client application connecting to this replication server. The error was: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


      To reproduce this issue:

      Edit (cmd updated)

      python3 run-pybot.py -v -s replication_group3.mixedTopologies -t add_dsrs_into_existing_dsrs_dsrs_topology dj




            ondrej.fuchsik Ondrej Fuchsik
            ondrej.fuchsik Ondrej Fuchsik
            Cyril Quinton [X] Cyril Quinton [X] (Inactive)
            Ondrej Fuchsik Ondrej Fuchsik
            0 Vote for this issue
            3 Start watching this issue