Total Pageviews

Wednesday, April 29, 2020

basic opendj ldap commands



./ldapsearch --hostname ds1.avantastech.com --port 1389 --baseDN "ou=People,dc=avantastech,dc=com"  uid=user.1


Change a Password for a User
./ldappasswordmodify -p 1389  -D "cn=directory manager" -w Password -a "dn:uid=user.19,ou=People,dc=avantastech,dc=com" -n changeit


Access OpenDJ configurations

./dsconfig --hostname ds1.avantastech.com --port 4444 --bindDN "cn=directory manager" --bindPassword Password --trustAll

Create a Backup
./backup --backUpAll --backupDirectory /app/forgerock/opendj/backup --port 4444 --bindDn "cn=directory manager" --bindPassword Password --trustAll --no-prompt



Restore UserRoot from a Backup $

./opendj/bin/restore -p 4444 -D "cn=directory manager" -w Password -d /app/forgerock/opendj/backup/userRoot --trustAll

Export ldif File
./export-ldif --port 4444 --backendId userRoot --ldifFile /app/forgerock/backup/ldif-file/users.ldif --bindDN "cn=directory manager" --bindPassword Password --trustAll --no-prompt

Get Password Policy
 ./dsconfig get-password-policy-prop --policy-name "Default Password Policy" -h ds1.avantastech.com -D "cn=directory manager" -w Password -p 4444 --trustall --no-prompt


Get OpeDJ Server ID

./dsconfig get-global-configuration-prop --hostname ds1.avantastech.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword Password --property server-id --trustAll --no-prompt

Posted by at No comments:

Monday, April 20, 2020

Forgerock opendj ERROR: The Directory Server could not acquire an exclusive lock on file


Looks like your server got shut down abnormally.

solution:
either shut down the server again or remove server.lock file that is under locks folder.

Start the server. It will resolve the issue
Posted by at No comments:

Tuesday, February 11, 2020

Service Now integration with Forgerock OpenAM



1. create IDP metadata from Forgerock OpenAM make sure you have NameID Format same as Service Now. your metadata should have x509 certificate that is required by SAML to sign the request. If you are not using certificate make sure to select default certificate offered by forgerock AM

2. send metadata to Service Now.
3. import Service Now Metadata (SP) to forgerock AM servers. make changes to SP metadata. Click on Service Now metadata and go to Assertion Processing and at the Attribute Mapper put the attribute you have in Service Now at Advanced --> User Field (uid=user_name)


Service Now configuration:

Service now should have these below values

NameID Policy(SP) same as NameID Format (IDP)


Value in the User Field is same as what IDP have in Service Now Assertion processing --> Attribute Mapper --> Attribute MAP i.e(uid=user_name)


other points to consider is users who are not in SNOW wont be able to login to SNOW if that user does not exists in the SNOW.


Posted by at No comments:

Monday, February 10, 2020

foegerock openam error Unable to do sso or federation. com.sun.identity.saml2.common.SAML2Exception: Provider's signing certificate alias is missing.


debug log error
Unable to do sso or federation. com.sun.identity.saml2.common.SAML2Exception: Provider's signing certificate alias is missing.


your IDP is missing certificate that is required by server to sign SAMLrequest.

solution:
configure idp with x509 certificate
reconfigure idp with pre-configure "Signing Key"(option you will get when configuring IDP)


Posted by at No comments:

Saturday, February 8, 2020

opends enabling replication opendj



to change server names follow below link
https://backstage.forgerock.com/knowledge/kb/book/b73824898#a87750034


to enable replication used below commands


./dsreplication configure --adminUid admin --adminPassword Passw0rd1 --baseDn dc=orasystemsusa,dc=com --host1 dsA.example.com --port1 5444 --bindDn1 "cn=Directory Manager" --bindPassword1 Password --replicationPort1 8989 --host2 dsB.example.com--port2 5444 --bindDn2 "cn=Directory Manager" --bindPassword2 Passwrd --replicationPort2 8989 --trustAll --no-prompt


./dsreplication initialize --baseDN dc=orasystemsusa,dc=com --adminUID admin --adminPassword Password --hostSource dsA.example.com --portSource 5444 --hostDestination dsB.example.com --portDestination 5444 --trustAll --no-prompt


./dsreplication status --adminUID admin --adminPassword Password --hostname dsA.example.com --port 5444 --trustAll
Posted by at No comments:

Tuesday, January 28, 2020

OpenIDM LDAP connector types (LiveSync, Implicit Sync)


1. LiveSync:
                    It sync changes from LDAP to OpenIDM  ( LDAP --> OpenIDM)

2. Implicit Sync:
                           It sync changes from IDM to LDAP (OpenIDM --> OpenDJ)

Posted by at No comments:

Monday, January 27, 2020

openidm error SEVERE: OpenICF connector test of SystemIdentifier{ uri='system/ldap/'} failed!



Error while configuring OpenAM with OpenDJ

SEVERE: OpenICF connector test of SystemIdentifier{ uri='system/ldap/'} failed!


Solution:

Issues could be IDM is unable to reach OpenDJ

check the following if ds server information is correct

1. DNS name resolution
2. openidm/db/ds/conf/repo.ds-external.json


Posted by at No comments:
Subscribe to: Posts (Atom)