Environment
Novell Access Management 3 Linux Novell Identity Server
Novell Access Management 3 Access Administration
Situation
Access Manager customer has
Identity (IDP) server and Administration server running on seperate
boxes. Everything was working fine on the Access Manager 3 Interim
release 2 code. After they upgraded to the Support Pack 1 beta 1
code, they were unable to modify any configuration for the Identity
Server in the Admin console.
As soon as any change to the IDP server was made, and they clicked the button to save, the following error was reported on the browser:
Error: System Error The system encountered an unknown error.
Please contact Novell Support.
com.novell.nidp.admin.model.NidsAdminException: com.novell.admin.ns.NamespaceException: INVALID_ATTRIBUTE\n at com.novell.nidp.admin.model.NidsObject.setAttribute(NidsObject.java:1287)\n at com.novell.nidp.admin.model.NidsServer.setUpdateStatus(NidsServer.java:370)\n at com.novell.admin.nids.common.NidsConfigWrapper.setUpdateStatus(Unknown Source)\n at com.novell.admin.nids.common.NidsConfigWrapper.updateConfigObject(Unknown Source)\n at com.novell.admin.nids.common.PropertyPage_TrustedProviders.D(Unknown Source)\n at com.novell.admin.nids.common.PropertyPage_TrustedProviders.cachePage(Unknown Source)\n at com.novell.admin.nids.util.UIContext.B(Unknown Source)\n at com.novell.admin.nids.util.UIContext.execute(Unknown Source)\n at com.novell.admin.nids.IdentityServer_OverviewWizard.execute(Unknown Source)\n at com.novell.emframe.dev.Task.execute(Task.java:490)\n at com.novell.nps.gadgetManager.BaseGadgetInstance.processRequest(BaseGadgetInstance.java:849)\n at com.novell.nps.gadgetManager.BaseGadgetInstance.handleAction(BaseGadgetInstance.java:2375)\n at com.novell.nps.gadgetManager.GadgetManager.processInstanceRequest(GadgetManager.java:1596)\n at com.novell.nps.gadgetManager.GadgetManager.processServiceRequest(GadgetManager.java:1052)\n at com.novell.nps.PortalServlet.handleFrameService(PortalServlet.java:496)\n at com.novell.nps.PortalServlet.processRequest(PortalServlet.java:369)\n at com.novell.nps.PortalServlet.doPost(PortalServlet.java:275)\n at javax.servlet.http.HttpServlet.service(HttpServlet.java:716)...
Looking at the content of the app_sc log file (available from Auditing TAB of Admin Console), the following error was logged at the same time
2007(L)application.sc.core(T)18(C)com.volera.vcdn.application.sc.core.VException(M)(E)javax.naming.directory.SchemaViolationException:
[LDAP: error code 65 - NDS error: illegal attribute (-608)];
remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at com.volera.vcdn.application.sc.core.DeviceInfo.getUpdateStatus(y:2794)
at com.volera.vcdn.application.sc.core.DeviceInfo.setUpdateStatus(y:1590)
at com.volera.vcdn.application.sc.core.DeviceInfo.calculateUpdateStatus(y:1281)
at com.volera.vcdn.application.sc.command.work.DeviceCommandWork.commandStarted(y:2946)
at com.volera.vcdn.application.sc.command.work.IDPCommandWork.K(y:3175)
at com.volera.vcdn.application.sc.command.work.IDPCommandWork.execute(y:3345)
at com.volera.vcdn.platform.executor.DefaultExecutor$ExecutionThread.run(y:2896)
(Msg) 2007-06-19T19:31:04Z SEVERE DeviceManager:
AM#100905083: Error creating an entry in the datastore.
As soon as any change to the IDP server was made, and they clicked the button to save, the following error was reported on the browser:
Error: System Error The system encountered an unknown error.
Please contact Novell Support.
com.novell.nidp.admin.model.NidsAdminException: com.novell.admin.ns.NamespaceException: INVALID_ATTRIBUTE\n at com.novell.nidp.admin.model.NidsObject.setAttribute(NidsObject.java:1287)\n at com.novell.nidp.admin.model.NidsServer.setUpdateStatus(NidsServer.java:370)\n at com.novell.admin.nids.common.NidsConfigWrapper.setUpdateStatus(Unknown Source)\n at com.novell.admin.nids.common.NidsConfigWrapper.updateConfigObject(Unknown Source)\n at com.novell.admin.nids.common.PropertyPage_TrustedProviders.D(Unknown Source)\n at com.novell.admin.nids.common.PropertyPage_TrustedProviders.cachePage(Unknown Source)\n at com.novell.admin.nids.util.UIContext.B(Unknown Source)\n at com.novell.admin.nids.util.UIContext.execute(Unknown Source)\n at com.novell.admin.nids.IdentityServer_OverviewWizard.execute(Unknown Source)\n at com.novell.emframe.dev.Task.execute(Task.java:490)\n at com.novell.nps.gadgetManager.BaseGadgetInstance.processRequest(BaseGadgetInstance.java:849)\n at com.novell.nps.gadgetManager.BaseGadgetInstance.handleAction(BaseGadgetInstance.java:2375)\n at com.novell.nps.gadgetManager.GadgetManager.processInstanceRequest(GadgetManager.java:1596)\n at com.novell.nps.gadgetManager.GadgetManager.processServiceRequest(GadgetManager.java:1052)\n at com.novell.nps.PortalServlet.handleFrameService(PortalServlet.java:496)\n at com.novell.nps.PortalServlet.processRequest(PortalServlet.java:369)\n at com.novell.nps.PortalServlet.doPost(PortalServlet.java:275)\n at javax.servlet.http.HttpServlet.service(HttpServlet.java:716)...
Looking at the content of the app_sc log file (available from Auditing TAB of Admin Console), the following error was logged at the same time
2007(L)application.sc.core(T)18(C)com.volera.vcdn.application.sc.core.VException(M)
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at com.volera.vcdn.application.sc.core.DeviceInfo.getUpdateStatus(y:2794)
at com.volera.vcdn.application.sc.core.DeviceInfo.setUpdateStatus(y:1590)
at com.volera.vcdn.application.sc.core.DeviceInfo.calculateUpdateStatus(y:1281)
at com.volera.vcdn.application.sc.command.work.DeviceCommandWork.commandStarted(y:2946)
at com.volera.vcdn.application.sc.command.work.IDPCommandWork.K(y:3175)
at com.volera.vcdn.application.sc.command.work.IDPCommandWork.execute(y:3345)
at com.volera.vcdn.platform.executor.DefaultExecutor$ExecutionThread.run(y:2896)
(Msg)
Resolution
Rerun the installation of the Administration server again.
Turns out that the upgrade process had failed and administrator received no warning. Looking at the upgrade files in the /tmp/novell_access_manager/ directory, the eDir one gave the clue of the botched install ...
Updated devman trust store
login (ldaps://10.218.58.83:636/o=novell/cn=admin, com.volera.vcdn.platform.storage.core.SPasswordCredentials@175d6ab) failed
javax.naming.AuthenticationException: [LDAP: error code 49 - NDS error: failed authentication (-669)]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
The eDir upgrade had not be done successfully and the resulting schema updates were never applied. When we tried to apply any new object or attribute, it failed with the schema violation error reported.
Turns out that the upgrade process had failed and administrator received no warning. Looking at the upgrade files in the /tmp/novell_access_manager/ directory, the eDir one gave the clue of the botched install ...
Updated devman trust store
login (ldaps://10.218.58.83:636/o=novell/cn=admin, com.volera.vcdn.platform.storage.core.SPasswordCredentials@175d6ab) failed
javax.naming.AuthenticationException: [LDAP: error code 49 - NDS error: failed authentication (-669)]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
The eDir upgrade had not be done successfully and the resulting schema updates were never applied. When we tried to apply any new object or attribute, it failed with the schema violation error reported.