Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7330

After upgrade dsconfig set-crypto-manager-prop command fails

    Details

    • Type: Bug
    • Status: Done
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: security, upgrade
    • Labels:
      None

      Description

      After upgrade, an attempt to change the master key alias in the Crypto Manager with dsconfig fails due to an object class violation.

      The attached script  does a whole lot of other stuff (as an attempt to figure out how to write up the command introduced in OPENDJ-7121). But basically, it installs a couple of 6.5 servers with the evaluation profile, replicates them, upgrades them to 7, runs the cleanup command, and then attempts to add the deployment key based keys, finishing with an attempt to set the Crypto Manager's key to use the new master-key.

      It ends with:

      Object Class Violation: Entry cn=Crypto Manager,cn=config cannot be modified
      because the resulting entry would have violated the server schema: Entry
      "cn=Crypto Manager,cn=config" violates the schema because it contains
      attribute "ds-cfg-ssl-cert-nickname" which is not allowed by any of the object
      classes in the entry
      

      The same issue arises when running the command interactively.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                fabiop Fabio Pistolesi
                Reporter:
                Mark Mark Craig
                Dev Assignee:
                Fabio Pistolesi
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: