3 Replies Latest reply: May 21, 2013 10:30 AM by gman13 RSS

    idmConfigTool.sh -prepareIDStore mode=OAM fails with missing users in LDAP

    gman13
      I am configuring OAM following the EDG:
      - Enterprise Deployment Guide for Oracle Identity Management
      - 11g Release 1 (11.1.1.5)

      I am at this step "10.4 Preparing the Identity Store"

      "10.4.1 Extending Directory Schema for Oracle Access Manager" runs without any issue.
      But this step "10.4.2 Creating Users and Groups for Oracle Access Manager" is giving me issues.

      Looks like its not creating the users oblixanonymous/oamadmin/oamLDAP and also a group OAMAdministrators.

      This is the command I run:
      - idmConfigTool.sh -prepareIDStore mode=OAM input_file=oam.props

      oam.props has this information

      IDSTORE_HOST: admin.mycompany.com
      IDSTORE_PORT: 389
      IDSTORE_BINDDN: cn=orcladmin
      IDSTORE_USERNAMEATTRIBUTE: cn
      IDSTORE_LOGINATTRIBUTE: uid
      IDSTORE_USERSEARCHBASE: cn=Users,dc=mycompany,dc=com
      IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=mycompany,dc=com
      IDSTORE_SEARCHBASE: dc=mycompany,dc=com
      POLICYSTORE_SHARES_IDSTORE: true
      OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators
      IDSTORE_OAMSOFTWAREUSER: oamLDAP
      IDSTORE_OAMADMINUSER: oamadmin

      I am seeing errors in automation.log

      WARNING: Could not update userpassword for oblixanonymous. Reason: [LDAP: error code 32 - Entry to be modified not found.]
      WARNING: Could not update userpassword for oamadmin. Reason: [LDAP: error code 32 - Entry to be modified not found.]
      WARNING: Could not update userpassword for oamLDAP. Reason: cn=oamLDAP,null: [LDAP: error code 34 - Error in DN Normalization.]
      WARNING: Error in adding the OAM Admin User as member of OAM Admin Group : NamingException encountered during loading of file: /oracle/product/fmw/Oracle_IAM/idmtools/templates/common/oam_group_member_template.ldifdn: cn=OAMAdministrators,cn=Groups,dc=mycompany,dc=com
      [LDAP: error code 32 - Entry to be modified not found.]
        • 1. Re: idmConfigTool.sh -prepareIDStore mode=OAM fails with missing users in LDAP
          gman13
          I have even enabled more logging and this is the result


          May 21, 2013 2:18:31 PM oracle.idm.automation.util.Util setLogger
          WARNING: Logger initialized in warning mode
          May 21, 2013 2:18:35 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler execute
          INFO: OAM_RUNTIME_USER::PolicyStore Host NULL: cn=oamLDAP,null
          May 21, 2013 2:18:41 PM oracle.idm.automation.util.LDAPUtil updatePassword
          WARNING: Could not update userpassword for oblixanonymous. Reason: [LDAP: error code 32 - Entry to be modified not found.]
          May 21, 2013 2:18:41 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOblixAnonymousUser
          INFO: Oblix Anonymous User has been created
          May 21, 2013 2:18:47 PM oracle.idm.automation.util.LDAPUtil updatePassword
          WARNING: Could not update userpassword for oamadmin. Reason: [LDAP: error code 32 - Entry to be modified not found.]
          May 21, 2013 2:18:47 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMAdminUser
          INFO: OAM Admin User has been created
          May 21, 2013 2:18:47 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMSoftwareUser
          INFO: createOAMSoftwareUser:: Entering...
          May 21, 2013 2:18:47 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMSoftwareUser
          INFO: createOAMSoftwareUser::User Name: oamLDAP
          May 21, 2013 2:18:47 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMSoftwareUser
          INFO: createOAMSoftwareUser::systemBase: null
          May 21, 2013 2:18:47 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMSoftwareUser
          INFO: createOAMSoftwareUser::template: oid/oim_user_template.ldif
          May 21, 2013 2:18:47 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMSoftwareUser
          INFO: createOAMSoftwareUser::filePath: /idmtools/templates/
          May 21, 2013 2:18:47 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMSoftwareUser
          INFO: createOAMSoftwareUser::ORACLE_HOME: /oracle/product/fmw/Oracle_IAM
          May 21, 2013 2:18:54 PM oracle.idm.automation.util.LDAPUtil updatePassword
          WARNING: Could not update userpassword for oamLDAP. Reason: cn=oamLDAP,null: [LDAP: error code 34 - Error in DN Normalization.]
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMSoftwareUser
          INFO: OAM Software User has been created
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMSoftwareUser
          INFO: createOAMSoftwareUser:: Exiting...
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addUsersToGroups
          INFO: addUsersToGroups:: mIDStoreSubVector: [s_UsersContainerDN, cn=Users,dc=mycompany,dc=com, s_GroupsContainerDN, cn=Groups,dc=mycompany,dc=com, s_SearchBase, dc=mycompany,dc=com, s_NamingAttr, cn, s_SystemIDBase, null, s_OAMUser, oamLDAP]
          May 21, 2013 2:18:54 PM OAMPreIntegrationHandler addOAMAdminGroupToIDMAdminGroup
          FINER: ENTRY
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addOAMGroupToWebLogicAdminGroup
          INFO: OAM Admin Group has been added as a member of IDM Admin Group
          May 21, 2013 2:18:54 PM OAMPreIntegrationHandler addOAMAdminGroupToIDMAdminGroup
          FINER: RETURN
          May 21, 2013 2:18:54 PM OAMPreIntegrationHandler createOAMAdminGroup
          FINER: ENTRY
          May 21, 2013 2:18:54 PM OAMPreIntegrationHandler createOAMAdminGroup
          FINE: Admin Group: adminGroup:OAMAdministrators
          May 21, 2013 2:18:54 PM OAMPreIntegrationHandler createOAMAdminGroup
          FINE: Admin Group: file:oid/oim_group_template.ldif
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMAdminGroup
          INFO: OAM Admin group created successfully
          May 21, 2013 2:18:54 PM OAMPreIntegrationHandler createOAMAdminGroup
          FINER: RETURN
          May 21, 2013 2:18:54 PM OAMPreIntegrationHandler addUsertoOAMAdminGroup
          FINER: ENTRY
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addUsertoOAMAdminGroup
          INFO: addUsertoOAMAdminGroup:: adminUser: oamadmin
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addUsertoOAMAdminGroup
          INFO: addUsertoOAMAdminGroup:: adminGroup: OAMAdministrators
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addUsertoOAMAdminGroup
          INFO: addUsertoOAMAdminGroup:: mMemberSubstitutionVector: [s_UsersContainerDN, cn=Users,dc=mycompany,dc=com, s_GroupsContainerDN, cn=Groups,dc=mycompany,dc=com, s_SearchBase, cn=Users,dc=mycompany,dc=com, s_NamingAttr, cn, s_UserName, oamadmin, s_GroupName, OAMAdministrators]
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addUsertoOAMAdminGroup
          WARNING: Error in adding the OAM Admin User as member of OAM Admin Group : NamingException encountered during loading of file: /oracle/product/fmw/Oracle_IAM/idmtools/templates/common/oam_group_member_template.ldifdn: cn=OAMAdministrators,cn=Groups,dc=mycompany,dc=com
          changetype: modify
          add: uniquemember
          uniquemember: cn=oamadmin,cn=Users,dc=mycompany,dc=com
          -
          [LDAP: error code 32 - Entry to be modified not found.]
          May 21, 2013 2:18:54 PM OAMPreIntegrationHandler addUsertoOAMAdminGroup
          FINER: RETURN
          May 21, 2013 2:18:54 PM OAMPreIntegrationHandler createOAMWritePrivGroup
          FINER: ENTRY
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMWritePrivGroup
          INFO: createOAMWritePrivGroup::uname: cn=oamLDAP,null
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMWritePrivGroup
          INFO: createOAMWritePrivGroup::oamUser: oamLDAP
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMWritePrivGroup
          INFO: createOAMWritePrivGroup::base: dc=mycompany,dc=com
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMWritePrivGroup
          INFO: createOAMWritePrivGroup:load::mIDStoreSubVector: [s_UsersContainerDN, cn=Users,dc=mycompany,dc=com, s_GroupsContainerDN, cn=Groups,dc=mycompany,dc=com, s_SearchBase, dc=mycompany,dc=com, s_NamingAttr, cn, s_SystemIDBase, null, s_SearchBase, dc=mycompany,dc=com, s_OAMUser, cn=oamLDAP,null]
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMWritePrivGroup
          INFO: OAM Write Privilege Group with OAM User as its member has been created
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler createOAMConfigStoreContainer
          INFO: OAM Config Store container has been created in the Policy Store
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addSchemaAdminPrivileges
          INFO: Schema Admin Privileges for OAM Software User have been created
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addPwdPolicyToUsers
          INFO: Password policy has been added to OAM Admin user
          May 21, 2013 2:18:54 PM oracle.idm.automation.impl.oam.handlers.OAMPreIntegrationHandler addPwdPolicyToUsers
          INFO: Password policy has been added to OAM software user
          May 21, 2013 2:18:54 PM oracle.idm.automation.AutomationTool dumpConfig
          INFO: Configuration details have been dumped to the file idmDomainConfig.param
          • 2. Re: idmConfigTool.sh -prepareIDStore mode=OAM fails with missing users in LDAP
            gman13
            Last piece of information to add is content of idmDomainConfig.param

            cat idmDomainConfig.param

            IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=mycompany,dc=com
            POLICYSTORE_PORT: 389
            IDSTORE_LOGINATTRIBUTE: uid
            OAM_POLICYSTORE_HOST: admin.mycompany.com
            OAM11G_SECOND_ACCESS_SERVER_HOST: oim-mw-2.mycompany.com
            OAM11G_OIM_INTEGRATION_REQ: false
            OAM_POLICYSTORE_PORT: 389
            OAM11G_WLS_ADMIN_PORT: 7001
            IDSTORE_USERSEARCHBASE: cn=Users,dc=mycompany,dc=com
            OAM11G_WLS_ADMIN_USER: weblogic
            POLICYSTORE_READWRITE_USERNAME: cn=PolicyRWUsercn=users,dc=mycompany,dc=com
            OAM11G_ACCESS_SERVER_HOST: oim-mw-1.mycompany.com
            IDSTORE_HOST: admin.mycompany.com
            OAM11G_ACCESS_SERVER_PORT: 5575
            OAM11G_SSO_ONLY_FLAG: false
            OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators
            OAM11G_WLS_ADMIN_HOST: admin.mycompany.com
            OAM_RUNTIME_ROOT_DN: cn=oamLDAP,cn=Users,dc=mycompany,dc=com
            POLICYSTORE_CONTAINER: cn=jpsroot
            IDSTORE_PORT: 389
            OAM11G_SECOND_ACCESS_SERVER_PORT: 5575
            POLICYSTORE_HOST: admin.mycompany.com
            OAM_USERNAME: cn=oamLDAP,cn=Users,dc=mycompany,dc=com
            • 3. Re: idmConfigTool.sh -prepareIDStore mode=OAM fails with missing users in LDAP
              gman13
              ok I have found the issue

              oam.props was missing this

              IDSTORE_SYSTEMIDBASE: cn=systemids,dc=mycompany,dc=com