Camelia, the Perl 6 bug

IRC log for #openam, 2013-11-01

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:40 MegaMatt joined #openam
05:22 balo joined #openam
06:57 hos001 joined #openam
07:33 aldaris joined #openam
08:05 m0sf3t joined #openam
08:53 kohvihoo1 joined #openam
08:58 aldaris joined #openam
09:05 SteveF joined #openam
09:35 SteveF joined #openam
09:42 aldaris joined #openam
09:51 DbT_ joined #openam
11:00 aldaris joined #openam
11:12 * balo reading http://openam.forgerock.org/openam-d​ocumentation/openam-doc-source/doc/i​nstall-guide/index.html#cts-config
11:13 balo "You can set a root suffix for CTS tokens for either the default embedded or an external token store. If you select Default Token Store, OpenAM will use the embedded configuration data store for CTS tokens."
11:13 asyd CTS?
11:14 MegaMatt joined #openam
11:14 aldaris core token service
11:14 balo as I understand from it, if I'm using external cfg ds, the cts will use the embedded ds by default?
11:14 balo i don't think this is the case :)
11:14 aldaris no, the default will use the configstore
11:15 balo yep, i tought so. the docs could be confusing.
11:16 balo *thought
11:16 aldaris file a JIRA then
11:20 balo will do
11:34 balo https://bugster.forgerock.o​rg/jira/browse/OPENAM-3236
11:46 aldaris thanks
11:52 SteveF_ joined #openam
12:03 balo I really should learn more ldap... :)
12:37 balo did the installer add the cts schema at configuration time? or i still have to add the cts schema if i'd like to use the cfg ds as my token store?
12:37 aldaris cts-schema should've been added
12:37 aldaris it should be added for both embedded/external
12:38 balo yep, i should've checked the install.log before question :)
12:38 balo i see it now in the log: Loading Schema cts-add-schema.ldif...Success.
12:38 aldaris beware that it says installing even when it fails
12:39 balo :D okay
12:51 aldaris for the very curious, here is the not-entirely final 11.0.0 build: http://maven.forgerock.org/repo/releas​es/org/forgerock/openam/openam-server/
12:52 aldaris I'm saying not entirely, because it hasn't been announced yet, hence it can change if we find further bugs
12:53 pdurbin rc1? :)
12:53 balo thanks! I'll be use this, instead of the nightly from yesterday for my experiments.
12:54 aldaris http://maven.forgerock.org/repo/releases/o​rg/forgerock/openam/openam-server/11.0.0/
12:54 aldaris this one..
12:54 aldaris when the release is really out, you want to download that one!
12:55 balo you should fix this: $ sha1sum -c openam-server-11.0.0.war
12:55 balo sha1sum: openam-server-11.0.0.war: no properly formatted SHA1 checksum lines found
12:55 balo :P
12:56 balo ofc I can check it manually but it would be nice
12:57 balo i think just the filename is missing from the sha1 file
12:57 aldaris let me just ignore this request, as there is no JIRA :D
12:57 balo okay, I get it :D
12:57 aldaris the SHA is for Maven
12:57 aldaris for downloads there should be a separate SHA file I guess
12:57 aldaris but I don't care at the moment
12:57 aldaris :)
12:58 balo i see. maybe i should file an issue for maven then... they should use proper hash files
12:59 aldaris and then all the clients would start to fail because of the new format
12:59 aldaris good luck with that :p
13:00 balo i'm optimistic... maybe for maven4 :D i think they used to broke the backward compatibility of the repositories
13:14 MegaMatt Interesting infinite recursion loop on the alias
13:14 aldaris yepp, don't know too much about that, very strange
13:17 MegaMatt Something weird with the server ID I suppose
13:17 aldaris yeah, something along those lines, but no idea why
13:18 MegaMatt it's a pretty tight loop.. they could probably follow along in the source code with their values maybe
13:19 aldaris I was too lazy in the morning to go through the whole loop and see why it occurs, but the code path indeed exists
13:19 MegaMatt yeah, I'm not suggesting you should -- I'm suggesting they should ;)
15:29 balo anyone know: can i add a new basedn in opendj with a root suffix? i found this post on Ludo's blog: http://ludopoitou.wordpress.com/2009/01/20/​opends-tips-multiple-suffixes-with-opends/ and it works like a charm, but after add, I have to add the top domain entry with ldapmodify :(
15:30 aldaris1 joined #openam
15:31 balo if I check the base dn creation in the setup it creates this entry
15:31 balo so maybe i'm missing something
16:16 aldaris1 balo, what are you talking about?
16:17 balo idk if you saw what i wrote @ 16:29 (maybe 15:29 for you?)
16:17 aldaris I've read it back from the log and still didn't made sense :)
16:18 balo oh :D
16:19 balo so my new local setup is looks like this: two opendj servers. one only with the cts, one with 3 base dn's: ssobe1, ssobe2, users. I can create the new base dn's but the top level entries are missing from the newly created base dn-s
16:20 balo i created them with manually after the basedn, ex:
16:20 balo dn: dc=ssobe1,dc=vbalazs,dc=me
16:20 balo dc: ssobe1
16:20 balo objectClass: domain
16:20 balo objectClass: top
16:21 balo with ldapmodify. so it works now, i just didn't get it why it doesn't be created when I'm add a new base dn like this.
16:22 balo when I ran the opendj setup and i set to create the base dn this top level entry is there
16:29 aldaris so how do you create the new base DNs?
16:29 asyd balo: do you create backend for each base dn?
16:30 balo aldaris: exatly like in the linked post: bin/dsconfig set-backend-prop --backend-name userRoot --add base-dn:dc=ssobe1,dc=vbalazs,dc=me -j /tmp/ldap.pw --hostname ds.localtest.me --trustAll
16:30 balo asyd: nope, I'm using one backend for all of the 3 dns
16:31 balo (userRoot)
16:31 aldaris yepp
16:31 asyd ok
16:31 aldaris but when you use the installer
16:31 aldaris even then you can select that you only want to create the base entry on top of the new base dn
16:31 aldaris I guess if you wouldn't create the base entry, then it would behave the same
16:31 balo oh, so it called base entry. good to know :D
16:33 balo thanks. btw is this a legit config? i mean, is this the recommended way or one basedn with 3 "sub" root suffix. I didn't try that, maybe it can't even work that way :D
16:34 aldaris it'll work just fine
16:34 aldaris but you can only define indexes per backend
16:34 aldaris so for the CTS you would want to have separate backend
16:35 balo for cts i have a different opendj instance
16:35 aldaris that's not really necessary..
16:35 balo oh. maybe i can spare some memory :)
16:35 aldaris now I don't remember correctly, but even replication can be configured per base DN (or per backend??)
16:37 aldaris I think it's per base DN
17:58 balo still not entirely clear that to me. i don't see in the help of ldapmodify how can I specify the backend :|
17:59 balo opendj guess the backend from the base dn?
18:00 balo according the architecture, if I get this right, the schema is shared between backends.
18:00 balo i read about the architecture here: http://idmdude.com/2012/07/​23/the-opendj-architecture/
18:18 balo yaay, i think it's working! :D i have cts data in a different backend, everything in one instance, nicely separated. Now, I'll install a new openam instance and run some test with the sfo
18:20 balo however, I couldn't find how can I set this: "remove or lower the index size limit for the objectclass index"
18:20 MegaMatt that sounds like Directory Server, balo
18:21 balo MegaMatt: yeah, i tried to set it to opendj but i can't find in the opendj docs
18:22 MegaMatt Is it the internal DJ?
18:22 balo i found timeouts, max search result sizes, etc
18:22 balo nope, an external instance
18:23 MegaMatt I think I have that in my notes somewhere
18:23 MegaMatt dsconfig get-backend-prop --backend-name
18:24 balo I would be glad if you could share this. I'm not a DS jedi :/
18:24 MegaMatt UserBackend
18:24 MegaMatt Look at that
18:24 MegaMatt oops, all one line
18:24 MegaMatt and UserBackend is your backend
18:24 MegaMatt obviously..
18:24 MegaMatt I see that has index-entry-limit
18:24 MegaMatt oh wait, you want size limit
18:24 MegaMatt but still, see if it's listed in there
18:27 balo yep, i have an entry limit row: http://pastebin.com/3hcu7kr7
18:30 MegaMatt Yeah, but yours is saying the index size limit.. not entry limit... let me look through the rest of my notes
18:32 balo http://pastebin.com/NeEJSrp4
18:32 balo aldaris wrote it earlier (6. rows). I'm not sure what this means exactly :/
18:33 MegaMatt ah ok
18:33 MegaMatt so why not remove the index then?
18:34 MegaMatt He might mean the entry limit for that index ...
18:34 MegaMatt Because I don't think you ever search on objectclass -- do you?
18:35 MegaMatt that seems .. wrong ;)
18:36 MegaMatt AFK for a bit, good luck :D
18:38 aldaris joined #openam
18:38 balo thanks! :)
18:44 balo aldaris: when you wrote "remove or lower the index size limit for the objectclass index" earlier, did you mean index-entry-limit?
19:01 aldaris joined #openam
19:28 hos001 left #openam
19:30 aldaris1 joined #openam
19:42 kim__ joined #openam
19:44 kim__ I'm using opendj as datastore and having some schema issues. Load schema was not check durring configuration so i added i later, but still getting the same issue. What could the reason for this be?
19:45 aldaris could you provide some example error messages or something?
19:45 aldaris (it's like talking to a customer even in my freetime…)
19:46 asyd :))
19:46 kim__ http://pastebin.com/jXXvUf1T
19:47 asyd so the schema was not imported to opendj
19:48 kim__ http://pastebin.com/WD0001Hf
19:49 asyd origin 'Nortel subscriber interoperability ?!
19:50 kim__ no idea where it come from
19:50 asyd my bad, i have the same
19:50 MegaMatt aldaris: What is this "free time" you speak of? ;)
19:51 MegaMatt kim: It looks like it's telling you why it didn't let you do that modification
19:51 aldaris kim__ that is a bit odd, the schema itself looks to be correct, I assume the logs are from the same DJ instance
19:51 kim__ aldaris: correct
19:51 aldaris which version of DJ btw?
19:52 kim__ aldaris: OpenDJ 2.4.6
19:53 aldaris and which version of AM?
19:53 kim__ to give you some history: migration from opensso and opends
19:53 kim__ OpenAM 10.0.0 (2012-April-13 10:24)
19:55 aldaris and if you restart DJ there is no error whatsoever about the schema?
19:55 MegaMatt Turn it off, and on again!
19:56 kim__ no, nothing
19:56 kim__ stopped and started multiple times
19:57 aldaris so let's try something simple then
19:57 kim__ i had an issue with degraded indexes, but thats rebuild now
19:57 aldaris if you have X server on the machine, can you try to bring up the control panel and see if you can add the attribute through there?
19:57 kim__ sure
20:05 kim__ just need to find out how to add it. The attribute is not showing up
20:06 aldaris select a different view on the top
20:06 aldaris (in the menu I mean)
20:08 kim__ attribute view?
20:09 aldaris I don't know, whichever lets you to define arbitrary attributes :)
20:10 kim__ same issue
20:10 aldaris then you have some troubles with that schema
20:10 aldaris and DJ
20:11 aldaris so in config/schema you have a 99-user.ldif which has the inetUserStatus and inetUser attributes defined
20:11 aldaris have you also defined the objectclass: inetUser in your attempt?
20:13 kim__ inetUserStatus is listed as a optional attribute under inetUser
20:13 aldaris aaand?
20:14 kim__ not sure?
20:15 aldaris if you want to add an attribute without having the corresponding objectclass, then that will never work
20:15 aldaris all attributes should have their corresponding objectclasses defined in the entries
20:17 kim__ there we go
20:18 kim__ Thank you!
20:20 kim__ one last question:
20:21 kim__ When i login to openam, i'm getting a page about updating the user information. I have defined a Default Success Login URL. Why is i not redirected?
20:21 balo <off>haha, this reminds me of Columbo :D </off>
20:22 aldaris I don't know, not a fortune teller
20:22 aldaris check the logs and you'll see
23:16 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary