tag:blogger.com,1999:blog-1313555317533051532024-03-12T22:10:11.671-07:00Bits n pieces of OpenSSOI have had quite a journey as I started using/working with OpenSSO. So many learnings, so many adventures, so many mistakes and so many awesomed feelings.. All these and more tricks, to help you get unstuckAnonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-131355531753305153.post-60963568080928190782009-12-03T11:37:00.000-08:002009-12-03T11:42:56.430-08:00Version of the embedded opends config storeOpensso comes with its very own bundles opends inside, which acts as config store, and can also double as user store for POCs.<br />NOTE: Using the embedded opends as user store in production environment is not supported<br /><br />Today , I ran into a requirement where I had to find the version of the opends in one of the installs<br />This can be achieved using ldapsearch.<br /><ul><li>ldapsearch -h abc.abc.com -p 53389 -D"cn=directory manager" -w ****** -b "cn=Version,cn=monitor" -s base "" <br />version: 1<br />dn: cn=Version,cn=monitor<br />objectClass: extensibleObject<br />objectClass: top<br />objectClass: ds-monitor-entry<br />revisionNumber: 5097<br />shortName: OpenDS<br />compactVersion: OpenDS-1.0.2-build002<br />pointVersion: 2<br />cn: Version<br />buildID: 20090317124610Z<br />majorVersion: 1<br />productName: OpenDS Directory Server<br />minorVersion: 0<br />fullVersion: OpenDS Directory Server 1.0.2-build002<br />buildNumber: 2<br /><br /></li><li>ldapsearch -h abc.abc.com -p 53389 -D"cn=directory manager" -w ****** -b "" -s base "" vendorVersion<br />version: 1<br />dn:<br />vendorVersion: OpenDS Directory Server 1.0.2-build002<br /></li></ul>Anonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com0tag:blogger.com,1999:blog-131355531753305153.post-35586365740380953492009-11-13T11:38:00.000-08:002009-11-13T11:43:24.430-08:00Incorrect AVA formatGot this error when trying to create a keystore.<br /><br />c:\3960\glassfish\domains\domain1\config>keytool -genkey -keyalg RSA -keystore a<br />mkeystore.jks -validity 365 -alias "fam8" -dname "amqa-x2100-01.red.iplanet.com,<br />ou=identity,o=sun.com,L=santa clara, ST=CA, C=US"<br />Enter keystore password:<br />Re-enter new password:<br />keytool error: java.io.IOException: Incorrect AVA format<br /><br />Which was because, i had incorrect dname<br />Should be "<span style="color: rgb(153, 0, 0);">cn=</span>amqa-x2100-01.red.iplanet.co...........Anonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com0tag:blogger.com,1999:blog-131355531753305153.post-30595159756098252482009-11-04T09:49:00.000-08:002009-11-04T09:55:08.426-08:00Some not-so-coomon ssoadm examplesssoadm command line utility that comes with OpenSSO is indeed a very handy little piece of tool<br />Here are few examples for some not so common usages of ssoadm, which I learnt and want to share<br /><br />1) Here was a request to the users alias "does someone know the ssoadm command to change signature algorithm for saml2 assertion ( typically to choose RSA-SHA256 ) ? ( corresponding to the gui for the admin console in Configuration/Global/federation/Signature ) "<br /><br />You should be able to use "ssoadm set-attr-defs" to set the signature algorithm and "ssoadm get-attr-defs" to see the updated value.<br /><br />./ssoadm set-attr-defs -s sunFAMFederationCommon -t Global -u amadmin -f /usr/tmp/pass -a "SignatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"<br />bash-3.00# ./ssoadm get-attr-defs -s sunFAMFederationCommon -t Global -u amadmin -f /usr/tmp/pass<br />(Thanks Charles)Anonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com0tag:blogger.com,1999:blog-131355531753305153.post-38532223515518186112009-10-15T12:06:00.000-07:002009-10-19T20:36:49.739-07:00del del del..unwanted mails..bites me backThere were series of mails from our IT department warning us about servers being decommissioned. But first I postponed the needed, then forgot, and then ignored the FINAL WARNING.<br />What happens...<br />My lack of action bit me back and my solaris box was unusable<br /><br />Having grown up with windows machines, unix is something I am still getting used to.<br />So I was so scaared of what happens<br /><br />But it turns out that, the IT team had done a pretty good document which guided us step by step.<br />And in course I also learnt a couple of new things<br /><br />- ypwhich - gives the NIS server the machine is currently using<br />-- you can also try "ypwhich another-machine-on-nw"<br /><br />- /etc/resolv.conf - Defines which naming server to use<br />Eg - nameserver 129.147.9.5, where 129.147.9.5 is the ip address of the naming server usedAnonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com0tag:blogger.com,1999:blog-131355531753305153.post-41381577807719877392009-09-24T12:52:00.000-07:002009-09-24T18:29:06.804-07:00"No more processes" in solaris machineAnother new error<br />Product deployment failed in solaris with error some jre lib exception<br />Googling said I had to increase the number of processes in os level in /etc/system<br />But even vi failed with "no more processes"<br />So had to reboot and issue gone!!<br /><br />First time i saw this.. should rememberAnonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com0tag:blogger.com,1999:blog-131355531753305153.post-57833437172709904652009-07-24T11:55:00.000-07:002009-07-24T12:01:34.928-07:00Opensso configuration failure - case 2 - UnsupportedClassVersionError<span style="color: rgb(0, 0, 153);font-family:verdana;" >The upcoming express build, build 8 ( as well as the available nightly's) now support only jdk6 at the opensso server container.<br /><br />This is the exception you see when configuring with jdk5<br /></span><span style="font-weight: bold; color: rgb(0, 0, 153);font-family:verdana;" ><br />Symptom:<br />-----------<br />Opensso configuration fails<br /><br /></span><span style="color: rgb(0, 0, 153);font-size:100%;" >--> Configuration fails at<br /><span style="color: rgb(102, 0, 0);">Checking configuration directory /export/isqa/SJSWS/opensso-8080....Success.</span><br /><span style="color: rgb(102, 0, 0);">Installing OpenSSO configuration store...Success RSA/ECB/OAEPWithSHA1AndMGF1Padd</span><br /><span style="color: rgb(102, 0, 0);">ing.</span><br /><span style="color: rgb(102, 0, 0);">Installing OpenSSO configuration store in /export/isqa/SJSWS/opensso-8080/opends</span><br /><span style="color: rgb(102, 0, 0);">...Success.</span><br /><span style="color: rgb(102, 0, 0);">Creating OpenSSO suffix...Success.</span><br /><span style="color: rgb(102, 0, 0);">Tag swapping schema files....Success.</span><br /><span style="color: rgb(102, 0, 0);">Loading Schema opends_config_schema.ldif...Success.</span><br /><span style="color: rgb(102, 0, 0);">Loading Schema opends_user_schema.ldif...Success.</span><br /><span style="color: rgb(102, 0, 0);">Loading Schema opends_embinit.ldif...Success.</span><br /><span style="color: rgb(102, 0, 0);">Loading Schema opends_user_index.ldif...Success.</span><br /><span style="color: rgb(102, 0, 0);">Loading Schema opends_plugin.ldif...Success.</span><br /><span style="color: rgb(102, 0, 0);">...Success.</span><br /><span style="color: rgb(102, 0, 0);">Reinitializing system properties.AMSetupServlet.processRequest: errorcom.sun.ide</span><br /><span style="color: rgb(102, 0, 0);">ntity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Ca</span><br /><span style="color: rgb(102, 0, 0);">nnot obtain Application SSO token.</span><br /><span style="color: rgb(102, 0, 0);">Check AMConfig.properties for the following properties</span><br /><span style="color: rgb(102, 0, 0);"> com.sun.identity.agents.app.username</span><br /><span style="color: rgb(102, 0, 0);"> com.iplanet.am.service.password</span><br /><span style="color: rgb(102, 0, 0);"> at com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:</span><br /><span style="color: rgb(102, 0, 0);">258)</span><br /><span style="color: rgb(102, 0, 0);"> at java.security.AccessController.doPrivileged(Native Method)</span><br /><span style="color: rgb(102, 0, 0);">at com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:</span><br /><span style="color: rgb(102, 0, 0);">258)</span><br /><span style="color: rgb(102, 0, 0);"> at java.security.AccessController.doPrivileged(Native Method)</span><br /><span style="color: rgb(102, 0, 0);"> at com.iplanet.am.util.SystemProperties.initializeProperties(SystemPrope</span><br /><span style="color: rgb(102, 0, 0);">rties.java:450)</span><br /><span style="color: rgb(102, 0, 0);"> at com.sun.identity.setup.AMSetupServlet.reInitConfigProperties(AMSetupS</span><br /><br /><span style="color: rgb(102, 0, 0);">--> {config dir}/opensso/debug/Configuration shows</span><br /><span style="color: rgb(102, 0, 0);">amSMS:07/21/2009 02:20:35:953 PM PDT: Thread[service-j2ee-5,5,main]</span><br /><span style="color: rgb(102, 0, 0);">ERROR: SMSObjectDB: Unable to get amsdkbasedn:</span><br /><br /><span style="color: rgb(102, 0, 0);">Got LDAPServiceException code=19</span><br /><span style="color: rgb(102, 0, 0);"> at com.iplanet.services.ldap.DSConfigMgr.getDSConfigMgr(DSConfigMgr.java</span><br /><span style="color: rgb(102, 0, 0);">:162)</span><br /><span style="color: rgb(102, 0, 0);"> at com.sun.identity.sm.SMSObjectDB.getAMSdkBaseDN(SMSObjectDB.java:58)</span><br /><span style="color: rgb(102, 0, 0);"> at com.sun.identity.sm.SMSObjectDB.getRootSuffix(SMSObjectDB.java:112)</span><br /><span style="color: rgb(102, 0, 0);"> at com.sun.identity.sm.ldap.SMSLdapObject.initialize(SMSLdapObject.java:</span><br /><span style="color: rgb(102, 0, 0);">201)</span><br /><span style="color: rgb(102, 0, 0);">.....................</span><br /><br /><span style="color: rgb(102, 0, 0);">The lower level exception message</span><br /><span style="color: rgb(102, 0, 0);">Connection to the server could not be established</span><br /><span style="color: rgb(102, 0, 0);">The lower level exception:</span><br /><span style="color: rgb(102, 0, 0);">com.sun.identity.shared.ldap.LDAPException: Connection to the server could not b</span><br /><span style="color: rgb(102, 0, 0);">e established (-1)</span><br /><br />--> <config_dir>/opends/logs dont report any exception<br /><br />--> Container logs says "<span style="color: rgb(102, 0, 0);">java.lang.UnsupportedClassVersionError: PWC1651: Class com.sun.identity.idsvcs.I</span><br /><span style="color: rgb(102, 0, 0);">dentityServicesImpl has unsupported major or minor version numbers, which are gr</span><br /><span style="color: rgb(102, 0, 0);">eater than those found in the Java Runtime Environment version 1.5.0_15</span><br />"<br /><br />So this is the culprit - JDK container is using is - 1.5.0_15<br /><br /><span style="font-family:arial;">Solution:<br />-----------<br />Upgrade container jdk to jdk6 and reconfigure<br /><br />Other configuration Issues:<br /><a href="http://nithyastechnotes.blogspot.com/2009/07/opensso-configuration-failure-case-1.html">http://nithyastechnotes.blogspot.com/2009/07/opensso-configuration-failure-case-1.html</a><br />http://nithyastechnotes.blogspot.com/2009/07/opensso-deployment-issue-in-geronimo.html<br /></span></config_dir></span>Anonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com0tag:blogger.com,1999:blog-131355531753305153.post-87335963045984892212009-07-23T15:08:00.001-07:002009-07-23T15:08:58.772-07:00Opensso deployment issue in geronimo 2.1.4<div class="entry-content"> <p>The opensso nightly builds dont deploy on geronimo 2.1.4</p> <p>This is due to a the way the webservices-tools.jar is bundled.</p> <p> rwxr-xr-x 0 26-Sep-2008 13:19:20 1.0/<br /> drwxr-xr-x 0 26-Sep-2008 13:19:22 1.0/META-INF/<br /> -rw-r--r-- 656 28-Mar-2005 12:23:02 1.0/META-INF/MANIFEST.MF<br /> drwxr-xr-x 0 26-Sep-2008 13:19:22 1.0/META-INF/services/<br /> -rw-r--r-- 164 28-Mar-2005 12:22:14 1.0/META-INF/services/com.sun.tools.xjc.CodeAugmenter<br /> -rw-r--r-- 44 2-Nov-2002 16:15:24 1.0/META-INF/services/org.relaxng.datatype.DatatypeLibraryFactory<br /> drwxr-xr-x 0 28-Mar-2005 12:20:58 1.0/com/<br /> drwxr-xr-x 0 26-Sep-2008 13:19:20 1.0/com/sun/<br /> drwxr-xr-x 0 26-Sep-2008 13:19:22 1.0/com/sun/codemodel/<br /> -rw-r--r-- 287 28-Mar-2005 12:20:36 1.0/com/sun/codemodel/CodeWriter.class<br />...<br /> -rw-r--r-- 1179 28-Feb-2008 18:49:50 com/sun/codemodel/CodeWriter.class<br /><br />Because of the 1.0 in the package structure.</p> <p>Geronimo issue opened for this is - https://issues.apache.org/jira/browse/XBEAN-126</p> <p> Opensso issue opened to document this is - https://opensso.dev.java.net/issues/show_bug.cgi?id=4976<br /></p> <p>NOTE : opensso works fine on geronimo 2.1.1<br /></p> <p><br /></p> </div>Anonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com0tag:blogger.com,1999:blog-131355531753305153.post-22351494189272699372009-07-21T12:49:00.000-07:002009-07-22T10:43:07.726-07:00Building your own OpenSSO ? Heres how you can quickly test itI guess not many members of the OpenSSO community are aware of the testing framework inbuilt in the product. This article will help you to understand how you can use this feature to quickly validate your OpenSSO build.<br /><br /><span style="color: rgb(153, 0, 0);">Where is the framework?</span><br />It is called qatest and in available under opensso, when you check out the cvs source code.<br /><br /><span style="color: rgb(153, 0, 0);">What is the framework?</span><br />It is a pure java based testing framework built using open source tools like testng,ant,jetty<br /><br /><span style="color: rgb(153, 0, 0);">Which aspect of the framework is covered in this article?</span><br />Sanity tests all the core features of OpenSSO product. Helps avoiding basic regressions.<br /><br /><span style="color: rgb(153, 0, 0);">How to use it?</span><br />What I am covering in this article, is how to quickly sanity test a opensso build.<br />There is some setup required, gathering all the required jars, as this is not shipped with the product. But the results are worth this effort.<br />Other than this, with minimalist changes required, you get all the key features of opensso tested.<br /><br /><span style="color: rgb(153, 0, 0);">Prerequisites</span><br />1) From Opensso - opensso.war, Deploy the war on a supported container. You dont have to configure it.<br />2) Ant version 1.7.1 or above<br />3) Gathering the required jars. Place the following jars <opensso_home><opensso>/qatest/lib folder.<br />-- openssoclientsdk.jar,opensso-sharedlib.jar corresponding to the build you are testing<br />-- testng-5.10beta-jdk15.jar,mysql-connector-java-5.0.8-bin.jar,javaee.jar,jsse.jar,saaj-api.jar,saaj-impl.jar,servlet.jar,webservices-rt.jar<br />-- Create a folder </opensso></opensso_home><opensso>/qatest/lib/jetty and copy the jetty jars here<br />-- Create a folder <opensso>/qatest/lib/htmlunit and copy the htmlunit1.1.4 jars here<br />-- Create a folder <opensso>/qatest/lib/xacml and copy the jaxb-impl.jar jaxb-libs.jar<br />jars here<br />Click below for a diagrammatic representation of all the lib<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicoKiTdLvUYWYOVS2wNmTfB2aTq4f3sra5ZAYGG_kkGZMsMJl9DpaLS_YNeskHMwSbT74aGR_LzKDk-2fvbfdStDAAwCqo5C9vzdB7RiVmC66OyMWhx9w0R9TK9-t-p_gA0eF_ebPKLd0/s1600-h/qatestLib.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 155px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicoKiTdLvUYWYOVS2wNmTfB2aTq4f3sra5ZAYGG_kkGZMsMJl9DpaLS_YNeskHMwSbT74aGR_LzKDk-2fvbfdStDAAwCqo5C9vzdB7RiVmC66OyMWhx9w0R9TK9-t-p_gA0eF_ebPKLd0/s200/qatestLib.jpg" alt="" id="BLOGGER_PHOTO_ID_5361340803613878754" border="0" /></a><br />4) Go to </opensso></opensso><opensso>/qatest/resources<br />5) Copy the file Configurator-server_name.properties.template, and create a <server-name>.properties file.<br />Eg: myserver.properties<br />6) Edit the file for details matching the setup you planned.<br />Eg:<span style="font-style: italic;">Below is my file,stripped of comments, which I used to run the sanity tests in my laptop.</span><span style="font-size:85%;"><span style="font-style: italic;"><br />com.iplanet.am.naming.url=http://localhost:8080/opensso/namingservice<br />cookiedomain=<br />amadmin_password=secret12<br />com.iplanet.am.service.password=secret123<br />config_dir=/Users/nithyasrinivasan/opensso-localhost<br />directory_server=localhost<br />directory_port=50389<br />config_root_suffix=dc=opensso,dc=java,dc=net<br />ds_dirmgrpasswd=secret12<br /><br /></span></span><span style="font-size:85%;"><span style="font-size:100%;">Now what?<br />You are done.<br />Goto </span></span><opensso>/qatest, fire the tests.<br /><span style="font-size:85%;"><span style="font-size:100%;"><br />ant -lib lib/ant-contrib-1.0b3.jar -DSERVER_NAME1=myserver run<br /><br />If the tests have been executed successfully, the run should finish the following output<br />[echo] The Automation reports are at <</span></span>opensso home dir>/qatest/<server-name>/ldapv3/sanity<timestamp><br /><br /><span style="font-size:85%;"><span style="font-size:100%;">You can see the reports at this location.<br /><br />Sample reports -<br /></span></span></timestamp></server-name></opensso></server-name></opensso></opensso><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4BeNtk-cDRJmu8k5j_GHCCst-Z1E7BCtI_HUc2FRcFy6SGgSQePQJRs_1v-oiFIN3XmLnB2Z9VFd4NeyNq3AOMb1471LGg2UQKyCpxbCouoCq1btJPPorwpFNIDAZK7ldvIf9KcyGQW0/s1600-h/sanity_results.jpeg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 200px; height: 88px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4BeNtk-cDRJmu8k5j_GHCCst-Z1E7BCtI_HUc2FRcFy6SGgSQePQJRs_1v-oiFIN3XmLnB2Z9VFd4NeyNq3AOMb1471LGg2UQKyCpxbCouoCq1btJPPorwpFNIDAZK7ldvIf9KcyGQW0/s200/sanity_results.jpeg" alt="" id="BLOGGER_PHOTO_ID_5361341112733440370" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjk8B13yR5OWnf_tW4Q-KY4hCDnh5cwxWpAQGIW4R1Ks_mjiJwcQLVjJJMi-0qX2FGh75bSsoz_yY-T65ztaZDUb2X_LGwuuXW5E1oSJj2hB0yKLVK1nNwzrFuSHPA93AxjLHjDPMliySI/s1600-h/sanity-authentication-results.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 200px; height: 28px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjk8B13yR5OWnf_tW4Q-KY4hCDnh5cwxWpAQGIW4R1Ks_mjiJwcQLVjJJMi-0qX2FGh75bSsoz_yY-T65ztaZDUb2X_LGwuuXW5E1oSJj2hB0yKLVK1nNwzrFuSHPA93AxjLHjDPMliySI/s200/sanity-authentication-results.jpg" alt="" id="BLOGGER_PHOTO_ID_5361341413098840962" border="0" /></a>Anonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com0tag:blogger.com,1999:blog-131355531753305153.post-48313267210966441992009-07-20T22:44:00.000-07:002009-07-21T09:34:12.618-07:00Opensso - Using in memory notification for Config storeIf your opensso instance uses a remote config store, you can improve the performance using the alternative in-memory notification for Config Store.<br />If this property com.sun.identity.sm.enableDataStoreNotification=true<br />then Opensso makes use of a persistent ldap connection to listen to the event notifications.<br />Disabling Datastore notification<br />-------------------------<br />Step 1) Go the page <br />Configuration -> Servers & Sites -> Server Instancce -> SDK<br />Set<br />com.sun.identity.sm.enableDataStoreNotification=false<br />com.sun.am.event.connection.disable.list=aci,um,sm<br /><br />Step 2) Restart the container<br /><br />Step 3) Check the sun one directory server logs/opensso debug logs.(Assuming that the debug level is set to message)<br />Sample messages are pasted below<br /><br />1) This is from DS access logs<br />No psearch after disabling the datastore notification<br /><br />[20/Jul/2009:14:40:26 -0700] conn=0 op=1 msgId=191 - SRCH base="dc=opensso,dc=java,dc=net" scope=2 filter="(|(objectClass=sunService)(objectClass=sunServiceComponent))" attrs="objectClass" options=persistent<br />[20/Jul/2009:14:40:37 -0700] conn=5 op=1 msgId=252 - SRCH base="dc=opensso,dc=java,dc=net" scope=2 filter="(objectClass=*)" attrs="objectClass" options=persistent<br />[20/Jul/2009:15:14:18 -0700] conn=16 op=1 msgId=210 - SRCH base="dc=opensso,dc=java,dc=net" scope=2 filter="(|(objectClass=sunService)(objectClass=sunServiceComponent))" attrs="objectClass" options=persistent<br />[20/Jul/2009:15:14:54 -0700] conn=22 op=1 msgId=19 - SRCH base="dc=opensso,dc=java,dc=net" scope=2 filter="(|(objectClass=sunService)(objectClass=sunServiceComponent))" attrs="objectClass" options=persistent<br /><br />NOTE: Server was resatrted at amSMS:07/20/2009 03:16:34:931 PM PDT: Thread[main,5,main]<br />**********************************************<br /><br />2) Configuration debug file<br /><br />amEventService:07/20/2009 03:15:20:717 PM PDT: Thread[smIdmThreadPool,5,main]<br />EventService.getListenerList(): In realm mode or config time, SMS listener is set to datastore notification flag: false<br />amEventService:07/20/2009 03:15:20:718 PM PDT: Thread[smIdmThreadPool,5,main]<br />EventService.getListenerList() - all listeners are disabled, EventService won't start<br />amEventService:07/20/2009 03:15:20:718 PM PDT: Thread[smIdmThreadPool,5,main]<br />EventService.resetAllSearches(): All psearches have been disabled<br />amEventService:07/20/2009 03:15:20:718 PM PDT: Thread[smIdmThreadPool,5,main]<br />EventService.removeListener(): Removing listener requestID: 19 Listener: com.sun.identity.sm.ldap.LDAPEventManager@160c21a<br />amEventService:07/20/2009 03:15:21:221 PM PDT: Thread[smIdmThreadPool,5,main]<br />EventService.resetAllSearches(): Psearch disabled: com.sun.identity.sm.ldap.LDAPEventManager<br />amSMSEvent:07/20/2009 03:15:21:221 PM PDT: Thread[smIdmThreadPool,5,main]<br />SMSNotificationManager.init deregistering for notification with: com.sun.identity.sm.ldap.SMSLdapObjectAnonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com2tag:blogger.com,1999:blog-131355531753305153.post-603715192980960772009-07-17T21:16:00.000-07:002009-07-22T10:47:17.587-07:00Opensso/cli ssoadm - The version of your server instance is: nullSymptom:<br />--------<br />Cli ssoadm setup ends with exception<br />Eg<br /><span style="font-style: italic;">-bash-3.00$ ./setup<br />Path to config files of OpenSSO server (example: /opensso):/home/etggfish/opensso<br />Debug Directory:/home/etggfish/opensso/opensso/debug<br />Log Directory:/home/etggfish/opensso/opensso/log<br />The scripts are properly setup under directory: /local/0/sw/openssotools/opensso<br />Debug directory is /home/etggfish/opensso/opensso/debug.<br />Log directory is /home/etggfish/opensso/opensso/log.<br />The version of this tools.zip is: Enterprise 8.0 Build 6(2008-October-31 09:07)<br />The version of your server instance is: null<br /><br /></span><br /><br />Solution:<br />---------<br />1) Check the com.iplanet.am.version in the server.<br />Thanks to Gang for the following script to set the property to the right value<br />You can run this script to fix null version<br /><br /> $SSOADM_PATH/ssoadm update-server-cfg -s default -a 'com.iplanet.am.version=<version_expected>' -u amadmin -f $PWF -O<br /> SERVER=`$SSOADM_PATH/ssoadm list-servers -u amadmin -f $PWF -O`<br /> for SVR in $SERVER<br /> do<br /> $SSOADM_PATH/ssoadm remove-server-cfg -s $SVR -a 'com.iplanet.am.version' -u amadmin -f $PWF -O<br /> done<br /><br />2) Also check if the attribute is present </version_expected>com.iplanet.am.version in the Config DS.<br />Else you can add it using Configuration -> Servers & Sites -> Default Server Instance -> com.iplanet.am.version attributeAnonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com1tag:blogger.com,1999:blog-131355531753305153.post-75962825022009871192009-07-17T14:01:00.001-07:002009-07-17T14:10:21.284-07:00Mysterious cron failuresOne of the constant challenges that I face daily is why a particular cron didnt run.<div>Though I have the script spitting all the output to a output file, sometimes even that doesnt happen / or not enough</div><div>And given that we have a matrix of machines spanning over a breadth of the different OS's, I break my head often.</div><div><br /></div><div>So this should come handy </div><div>--> The most common thing is to associate a email account to the user running the cron so that you can monitor the email. But sometimes it is not possible, so in that case just type "mail" and the last(hopefully, though sometimes it the last mail you had read) mail is displayed which should help you.</div><div><br /></div><div>--> Look at /var/cron/log or /var/adm/messages - (This hasnt helped me much, though)</div><div><br /></div><div>--> Check if all the files the script uses has fully qualified domain names in case the files are in a central nfs location</div><div><br /></div><div>--> One stupid problem once I faced was that the dir where I echo the script didnt have write permissions for the user running the cron and hence failed..</div><div><br /></div><div><br /></div><div><span class="Apple-style-span" style="font-size: 28px;"><br /></span></div>Anonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com0tag:blogger.com,1999:blog-131355531753305153.post-55287790693648403432009-07-15T10:21:00.000-07:002009-07-22T14:48:58.516-07:00Opensso configuration failure - Not enough space on opends logsSymptom:<br />------------<br />Checking configuration directory /export/qatest/TOMCAT/opensso-18080....Success.<br />Installing OpenSSO configuration store...Success RSA/ECB/OAEPWithSHA1AndMGF1Padding.<br />Configuration failed!<br /><config-dir>/opends/logs/errors <span style="font-style: italic; color: rgb(0, 0, 153);font-size:85%;" ><br />[16/Jul/2009:13:30:46 -0700] category=JEB severity=NOTICE msgID=8847402 msg=The database backend userRoot containing 0 entries has started<br />[16/Jul/2009:13:30:50 -0700] category=CONFIG severity=SEVERE_ERROR msgID=3407988 msg=An error occurred while trying to initialize a backend loaded from class org.opends.server.backends.TrustStoreBackend with the information in configuration entry ds-cfg-backend-id=ads-truststore,cn=Backends,cn=config: Error while attempting to generate a self-signed certificate ads-certificate in the trust store file config/ads-truststore: KeyStoreException(Cannot run program "/usr/dist/share/java,v1.6.0_05/5.x-i86pc/jre/bin/keytool": error=12, Not enough space) (TrustStoreBackend.java:1897 TrustStoreBackend.java:359 BackendConfigManager.java:1298 BackendConfigManager.java:279 DirectoryServer.java:2555 DirectoryServer.java:1358 EmbeddedUtils.java:89 EmbeddedOpenDS.java:264 EmbeddedOpenDS.java:199 AMSetupServlet.java:559 AMSetupServlet.java:615 AMSetupServlet.java:691 AMSetupServlet.java:398 AMSetupServlet.java:342 HttpServlet.java:637 HttpServlet.java:717 ApplicationFilterChain.java:290 ApplicationFilterChain.java:206 AMSetupFilter.java:99 ApplicationFilterChain.java:235 ApplicationFilterChain.java:206 ...). This backend will be disabled</span><br /><br />Resolution:<br />-------------<br />-->Check /tmp and swap space<br />--> Also use a local java so that the tmp dir is set to local /tmp<br />--> Check if there are any hanging processed for the containers. In one instance, since the servers are configured using scripts, there were few orphan processes consuming all the memory<br /><br /></config-dir>Anonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com1tag:blogger.com,1999:blog-131355531753305153.post-87971634408762346972009-07-15T10:16:00.000-07:002009-07-15T10:19:11.798-07:00Why This BlogEvery day there is a new challenge..<br />But on many days there is a known challenge..<br />I know I have dealt with it before.. But what exactly I did, that sample code snippet eludes and I spend valuable minutes searching throught endless emails and documents finding what I need<br /><br />So trying to minimise this humangous waste of efforsts, I am creating this blog....<br />May be some one else might also find it useful......<br /><br />Good luck to me...Anonymoushttp://www.blogger.com/profile/16826478131090276041noreply@blogger.com0