Workaround fix for the ssoadm CLI issue 3955

If you are running in to the Opensso issue 3955



Problem:


While configuring the OpenSSO(build 6) server
against Sun Directory Server to store the configuration data, if you
have selected  different passwords for the 'amadmin' user and for the
DSEE Bind DN user(for eg: cn=directory manager), then  the command line
tool 'ssoadm' will fail on certain circumstances.


This issue
does not happen when OpenSSO server is configured with default
configuration store. There are two workarounds to resolve the issue.




  1. Create cn=dsameuser entry under the configuration directory server

  2. Update the serverconfig.xml in the configuration store



later option is recommended to the production customers


for instance when you invoke the 'list-server-cfg' subcommand you might see following type of error messages in the command window 



Run the following sequence of steps 


Step 1


Login as amadmin user to the OpenSSO Console, and access ssoadm.jsp




Step 2


Get the existing serverconfig.xml and save it in a text file




Step 3


Encode the 'amadmin' passwd using the encode.jsp









Step 3a


Edit the serverconfig.xml dumped from step 1 to include the correct encrypted password of amadmin to the  following users



  • User1: puser

  • User2: dsameuser


Make sure you dont update the password for the Server group named 'sms' that has the correct password



Step 4



Load the new serverconfig.xml with the change



Workaround Option 2


 Create following entries in your Configuration Directory Server



dn: ou=dsame users,ROOT_SUFFIX
objectClass: top
objectClass: organizationalUnit

dn: cn=dsameuser,ou=DSAME Users, ROOT_SUFFIX
objectclass: inetuser
objectclass: organizationalperson
objectclass: person
objectclass: top
cn: dsameuser
sn: dsameuser
userPassword: AMADMIN_PASSWD

Comments:

Hi!
Link to bug 3955 is invalid

Posted by Vladimir Romanov on November 06, 2008 at 08:31 PM PST #

I found this bug when deploy new version in production. We use same passwords in testings..
Additional info..
You will get ssoadm error only on second run. My configuration script contain many runs of ssoadm. To workaround I just restart glassfish after every ssoadm run

Posted by Vladimir Romanov on November 06, 2008 at 08:35 PM PST #

Post a Comment:
Comments are closed for this entry.
About

Indira Thangasamy, I manage the OpenSSO Quality engineering team.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today