Cannot apply any changed to Identity Server after upgrading Access Manager

  • 3311082
  • 06-Jul-2007
  • 26-Apr-2012

Environment


Novell Access Management 3 Linux Novell Identity Server
Novell Access Management 3 Access Administration

Situation

Access Manager customer has Identity (IDP) server and Administration server running on seperate boxes. Everything was working fine on the Access Manager 3 Interim release 2 code. After they upgraded to the Support Pack 1 beta 1 code, they were unable to modify any configuration for the Identity Server in the Admin console.

As soon as any change to the IDP server was made, and they clicked the button to save, the following error was reported on the browser:

Error: System Error The system encountered an unknown error.
Please contact Novell Support.

com.novell.nidp.admin.model.NidsAdminException: com.novell.admin.ns.NamespaceException: INVALID_ATTRIBUTE\n at com.novell.nidp.admin.model.NidsObject.setAttribute(NidsObject.java:1287)\n at com.novell.nidp.admin.model.NidsServer.setUpdateStatus(NidsServer.java:370)\n at com.novell.admin.nids.common.NidsConfigWrapper.setUpdateStatus(Unknown Source)\n at com.novell.admin.nids.common.NidsConfigWrapper.updateConfigObject(Unknown Source)\n at com.novell.admin.nids.common.PropertyPage_TrustedProviders.D(Unknown Source)\n at com.novell.admin.nids.common.PropertyPage_TrustedProviders.cachePage(Unknown Source)\n at com.novell.admin.nids.util.UIContext.B(Unknown Source)\n at com.novell.admin.nids.util.UIContext.execute(Unknown Source)\n at com.novell.admin.nids.IdentityServer_OverviewWizard.execute(Unknown Source)\n at com.novell.emframe.dev.Task.execute(Task.java:490)\n at com.novell.nps.gadgetManager.BaseGadgetInstance.processRequest(BaseGadgetInstance.java:849)\n at com.novell.nps.gadgetManager.BaseGadgetInstance.handleAction(BaseGadgetInstance.java:2375)\n at com.novell.nps.gadgetManager.GadgetManager.processInstanceRequest(GadgetManager.java:1596)\n at com.novell.nps.gadgetManager.GadgetManager.processServiceRequest(GadgetManager.java:1052)\n at com.novell.nps.PortalServlet.handleFrameService(PortalServlet.java:496)\n at com.novell.nps.PortalServlet.processRequest(PortalServlet.java:369)\n at com.novell.nps.PortalServlet.doPost(PortalServlet.java:275)\n at javax.servlet.http.HttpServlet.service(HttpServlet.java:716)...


Looking at the content of the app_sc log file (available from Auditing TAB of Admin Console), the following error was logged at the same time

2007(L)application.sc.core(T)18(C)com.volera.vcdn.application.sc.core.VException(M)(E)javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - NDS error: illegal attribute (-608)]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at com.volera.vcdn.application.sc.core.DeviceInfo.getUpdateStatus(y:2794)
at com.volera.vcdn.application.sc.core.DeviceInfo.setUpdateStatus(y:1590)
at com.volera.vcdn.application.sc.core.DeviceInfo.calculateUpdateStatus(y:1281)
at com.volera.vcdn.application.sc.command.work.DeviceCommandWork.commandStarted(y:2946)
at com.volera.vcdn.application.sc.command.work.IDPCommandWork.K(y:3175)
at com.volera.vcdn.application.sc.command.work.IDPCommandWork.execute(y:3345)
at com.volera.vcdn.platform.executor.DefaultExecutor$ExecutionThread.run(y:2896)
(Msg) 2007-06-19T19:31:04Z SEVERE DeviceManager: AM#100905083: Error creating an entry in the datastore.

Resolution

Rerun the installation of the Administration server again.

Turns out that the upgrade process had failed and administrator received no warning. Looking at the upgrade files in the /tmp/novell_access_manager/ directory, the eDir one gave the clue of the botched install ...

Updated devman trust store
login (ldaps://10.218.58.83:636/o=novell/cn=admin, com.volera.vcdn.platform.storage.core.SPasswordCredentials@175d6ab) failed
javax.naming.AuthenticationException: [LDAP: error code 49 - NDS error: failed authentication (-669)]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)


The eDir upgrade had not be done successfully and the resulting schema updates were never applied. When we tried to apply any new object or attribute, it failed with the schema violation error reported.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.