[prev in list] [next in list] [prev in thread] [next in thread]
List: forgerock-opendj
Subject: [Opendj] Corrupted userRoot?
From: greg.leib () kanbansolutions ! com (Greg Leib)
Date: 2012-09-06 16:08:20
Message-ID: 7C442D28D4A83343BE411D942DDFB55F0A4E5FDC () BLUPRD0811MB438 ! namprd08 ! prod ! outlook ! com
[Download RAW message or body]
Ludovic,
It?s never run to completion in the console for me, hangs on the first attempt. When \
I run on the command line, I get prompted halfway through about a certificate but \
otherwise command line runs fine.
Greg
From: opendj-bounces@forgerock.org [mailto:opendj-bounces at forgerock.org] On Behalf \
Of Ludovic Poitou
Sent: Thursday, September 06, 2012 6:54 AM
To: OpenDJ discussion list
Subject: Re: [Opendj] Corrupted userRoot?
Hi Greg,
I don't think it has to do with trusting certificates. The rebuild-index command run \
is a local one, it's not communicating with the Admin port. We're looking at it, as \
we recall it was done this way to solve an issue, about 3 years ago.
Did you repeated configuring/rebuilding index several times ? Or is it just hanging \
on the first attempt to rebuild index ?
Kind regards,
Ludovic
- - -
[http://forgerock.com/sites/default/files/forgerock_logo.png]<http://www.forgerock.com/>
Ludovic Poitou - ForgeRock France SAS
e: ludovic.poitou at forgerock.com<mailto:ludovic.poitou at forgerock.com>
t: +33 625 14 96 92
w: www.forgerock.com<http://www.forgerock.com/>
blog: http://ludopoitou.wordpress.com<http://ludopoitou.wordpress.com/>
On Tuesday, September 4, 2012 at 19:44 , Greg Leib wrote:
Ludovic,
I think the problem is that the control panel does not trust the certificate from my \
OpenDJ instance. When I run the ?rebuild-index? command directly from the command \
prompt without a ?-X? or ?--trustAll? argument, I get a prompt in the middle of the \
operation about whether I trust a server certificate. I need to type the word ?yes? \
to continue with the call. I bet the control panel does not know how to handle that \
prompt for input. The control panel calls ?set-backend-prop? prior to the hang, and \
that call includes ?--trustAll? argument. The control panel?s subsequent call to \
?rebuild-index? does not include any parameter for trusting server certificates. I \
tried running the control panel with ?-X? flag, but it does not seem to change the \
behavior.
Is there a way to tell the control panel to trust all certificates? If not, can I \
tell the control panel to trust this specific certificate?
Thanks!
Greg
From: opendj-bounces@forgerock.org<mailto:opendj-bounces at forgerock.org> \
[mailto:opendj-bounces at forgerock.org] On Behalf Of Ludovic Poitou
Sent: Tuesday, September 04, 2012 11:42 AM
To: OpenDJ discussion list
Subject: Re: [Opendj] Corrupted userRoot?
Hi Greg,
Thanks for letting us know that the issue is solved.
I believe we have an issue opened to remember to fix this counter intuitive behavior \
when re-indexing a database.
I'm puzzled though that the Control-Panel still hangs when trying to run a reindex. \
Especially with so few users in the DB (we run regular tests with 10 Million users \
databases).
Since I have a new machine installed, I will try the Control Panel over the X11 \
tunnel.
Kind regards,
Ludovic.
- - -
[http://forgerock.com/sites/default/files/forgerock_logo.png]<http://www.forgerock.com/>
Ludovic Poitou - ForgeRock France SAS
e: ludovic.poitou at forgerock.com<mailto:ludovic.poitou at forgerock.com>
t: +33 625 14 96 92
w: www.forgerock.com<http://www.forgerock.com/>
blog: http://ludopoitou.wordpress.com<http://ludopoitou.wordpress.com/>
On Tuesday, September 4, 2012 at 17:34 , Greg Leib wrote:
Ludovic,
That solved my issue. I think what happened is that the OpenDJ control panel disabled \
the backend prior to the reindex and when I killed the process, the backend never was \
enabled again. So I re-enabled the OpenDJ backend using the process outlined in the \
http://lists.forgerock.org/pipermail/opendj/2011-September/000757.html discussion \
archive. My control panel still hangs when I try to run a re-index, but the command \
line tools are working okay (I guess that?s good enough for now).
Thanks!
Greg
From: opendj-bounces@forgerock.org<mailto:opendj-bounces at forgerock.org> \
[mailto:opendj-bounces at forgerock.org] On Behalf Of Ludovic Poitou
Sent: Saturday, September 01, 2012 6:05 AM
To: OpenDJ discussion list
Subject: Re: [Opendj] Corrupted userRoot?
Hi Greg,
Through my years working with OpenDJ I don't think I've seen the Database truly \
corrupted. Most likely, if the reindexing was aborted abruptly, the backend was left \
disabled and indexes either deleted or invalid.
You should be able to recover with re-enabling the back-end and rebuilding all \
indexes again.
Kind regards,
Ludovic
--
Ludovic Poitou
ForgeRock France - http://www.forgerock.com
ludovic.poitou at forgerock.com<mailto:ludovic.poitou at forgerock.com>
http://ludopoitou.wordpress.com
On Friday 31 August 2012 at 21:09, Greg Leib wrote:
I am new to OpenDJ and am having trouble with what appears to be a corrupted \
?userRoot?. I?m doing an evaluation of OpenDJ-2.5.0-Xpress1 on a 64-bit Ubuntu test \
server. My database has about 10 users in it.
I was attempting to follow the instructions from \
http://docs.forgerock.org/en/openam/10.0.0/dev-guide/index/chap-custom-attr.html to \
add a ?mobile? field to the user self-serve page in OpenAM. In order to search for \
the self-service nodes I needed to create an index for ?ou? attribute. I created the \
index using the control panel GUI over an X11 tunnel, but the process hung when I \
attempted to re-index. I killed the process after about 30 minutes and shut down \
OpenDJ. After restarting OpenDJ, the index commands aren?t working and I can?t run \
?ldapsearch?.
Here is the output from running the ?status? command:
--- Server Status ---
Server Run Status: Started
Open Connections: 1
--- Server Details ---
Host Name: sso.nikon-kanban.com<http://sso.nikon-kanban.com>
Administrative Users: cn=Directory Manager
Installation Path: /opt/opendj/OpenDJ-2.5.0-Xpress1
Version: OpenDJ 2.5.0-Xpress1
Java Version: 1.6.0_34
Administration Connector: Port 4444 (LDAPS)
--- Connection Handlers ---
Address:Port : Protocol : State
-------------:----------:---------
-- : LDIF : Disabled
0.0.0.0:161 : SNMP : Disabled
0.0.0.0:636 : LDAPS : Disabled
0.0.0.0:1389 : LDAP : Enabled
0.0.0.0:1689 : JMX : Disabled
--- Data Sources ---
Base DN: dc=nikon,dc=com
Backend ID: userRoot
Entries: <not available>
Replication: Disabled
When I try to check index status, I get the following error:
opendj at ksdevsso1:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$<mailto:opendj at \
ksdevsso1:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$> ./dbtest list-index-status -n \
userRoot -b "dc=nikon,dc=com"
An unexpected error occurred while attempting to initialize the JE backend
userRoot: The database environment could not be opened: (JE 5.0.48) Database
dc_nikon_dc_com_ou.equality not found. (BackendImpl.java:1741
BackendImpl.java:1652 DBTest.java:945 DBTest.java:548 DBTest.java:142
DBTest.java:112)
When I try to run the ?ldapsearch? I get error code 32. The same search was returning \
fine prior to the indexing snafu:
opendj at ksdevsso1:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$<mailto:opendj at \
ksdevsso1:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$> ./ldapsearch -b dc=nikon,dc=com \
"objectclass=*"
Password for user 'cn=Directory Manager':
SEARCH operation failed
Result Code: 32 (No Such Entry)
Additional Information: The entry dc=nikon,dc=com specified as the search base does \
not exist in the Directory Server
Does this sort of thing happen often in OpenDJ? Any suggestions about how to get \
unstuck? Thanks!
_______________________________________________
OpenDJ mailing list
OpenDJ at forgerock.org<mailto:OpenDJ at forgerock.org>
https://lists.forgerock.org/mailman/listinfo/opendj
_______________________________________________
OpenDJ mailing list
OpenDJ at forgerock.org<mailto:OpenDJ at forgerock.org>
https://lists.forgerock.org/mailman/listinfo/opendj
_______________________________________________
OpenDJ mailing list
OpenDJ at forgerock.org<mailto:OpenDJ at forgerock.org>
https://lists.forgerock.org/mailman/listinfo/opendj
Attachments:
- opendj-1.PNG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.forgerock.org/pipermail/opendj/attachments/20120906/8579781d/attachment.html \
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic