|
Thursday May 19, 2005
Not nuking your Access Manager ldap config.....
This one caught me today, so time to share and help avoid ;). I wasn't watching what I had in a script for adding ldif data to a directory server for an Access Manager benchmark that we run as part of our ongoing Java Enterprise System benchmarking effort.
When you install Access Manager it creates a bunch of entries in your directory server related to the access manager. Now to add some userdata into this I generated a 100,000 user file with MakeLDIF from slamd, lets say its /tmp/foo.ldif, and added it into my userRoot instance of the directory server using ldif2db.
ldif2db -n userRoot -i /tmp/foo.ldif
All fine one would think, but it actually rebuilds the entire user root, and hence when I try to access the Access Manager login screen I get the following error in my logs (/var/opt/SUNWam/amAuthentication.error in this case).
"2005-05-19 15:09:11" "Invalid Domain" amAuthentication.error AUTHENTICATION-20
"Not Available" "Not Available" INFO "Not Available" "Not Available"
"cn=dsameuser,ou=DSAME Users,dc=jestest,dc=sun,dc=com" "Not Available"
So what I should have done is backup the original contents and add them back in, like so
./db2ldif -n userRoot -a /tmp/bkup.ldif
./ldif2db -n userRoot -i /tmp/bkup.ldif -i /tmp/foo.ldif
And now back to my regular scheduled work....
[ update - May 20th ]
Just noticed I had a typo in the ldif2db ordering, the original ldif file has to go first or you end up in the situation I was in initially.
(2005-05-19 08:01:28.0)
Permalink
Trackback URL: http://blogs.sun.com/fintanr/entry/not_nuking_your_access_manager
|
Posted by Steve on May 19, 2005 at 05:22 PM IST #
Posted by fintanr on May 19, 2005 at 05:27 PM IST #