Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-07-07

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:38 SteveFerris joined #openam
03:18 SteveFerris joined #openam
04:47 ramteid joined #openam
06:08 tsmalmbe joined #openam
06:53 aldaris joined #openam
09:44 phlat joined #openam
09:44 aldaris joined #openam
10:02 aldaris joined #openam
11:24 MegaMatt joined #openam
11:25 SteveFerris joined #openam
11:48 KermitTheFragger joined #openam
12:05 mckeanbs joined #openam
12:09 aldaris joined #openam
12:17 MegaMatt joined #openam
13:09 SteveFerris joined #openam
13:30 SteveFerris joined #openam
14:11 aldaris1 joined #openam
15:17 Diar joined #openam
15:18 Diar Evening all. we set the max sessions on openam restarted tomcat and now its not letting us login. Have had a look in the in config LDAP server and can't see a setting to set it back to the defaults
15:18 aldaris1 Afternoon
15:19 MegaMatt use ssoadm?
15:19 aldaris what did you set it to?
15:19 aldaris 1?
15:20 Diar ssoadm needs to authenticate you, it fails as its out of sessions.
15:20 Diar thought we set it to 6000 and increased the Xms and Xmx to 6G so thought we would have lots of room to play
15:20 aldaris what do you see in the stats files?
15:22 Diar 07/07/2015 03:21:22:000 PM UTC: Thread[SystemTimer,5,main] Max sessions in session table Current/Peak:2/371 Max active sessions Current/Peak:1/1 Session Notifications in Queue Current/Peak:0/0
15:22 MegaMatt 2 sessions?
15:22 Diar Thats what its saying
15:22 aldaris well then you didn't ran out of sessions
15:23 Diar Maximum sessions limit reached or session quota has exhausted. Contact your system administrator. Return to Login page
15:23 aldaris then maybe session quota?
15:23 Diar How would I check/change this to allow us access ?
15:24 aldaris well, did you enable session quota or not?
15:24 Diar Only thing changed was the JVM memory and max sessions
15:25 Diar we have now revereted the JVM change..
15:25 aldaris the JVM changes don't really matter..
15:26 Diar SO how can we get this to a state where we can login ?
15:26 Diar With out loosing our realms...
15:26 aldaris well surely you used ssoadm scripts to make every config change
15:27 aldaris but I guess you could edit the config schema in the directory
15:29 Diar WHere is the config schema in the directory? had a look but could not see an attribute to change
15:29 aldaris it's well hidden
15:29 aldaris can you find iPlanetAMSessionService first?
15:33 MegaMatt Is it the sunServiceSchema within that btw?
15:33 Diar @aldaris Yes can find iPlanetAMSessionService
15:34 aldaris sunserviceSchema attr?
15:34 Diar has an ou=1.0 under it with 5 further ou's
15:34 aldaris you want the Global one
15:34 aldaris or somewhere that sunServiceSchema attr
15:35 Diar global has one ou under called default
15:35 MegaMatt keep going
15:35 aldaris until you find that attr
15:35 MegaMatt I think on mine I saw the sunServiceSchema attribute within 1.0 itself
15:36 Diar Yes got it :)
15:36 Diar You are correct MegaMatt
15:37 MegaMatt are you not set to destroy_old_sesison btw?
15:37 Diar <AttributeSchema cosQualifier="default"  i18nKey="a118"  isSearchable="no"  name="iplanet-am-session-quota-limit"  rangeEnd="2147483647"  rangeStart="1"  syntax="number_range"  type="single" >
15:38 aldaris what do you see as defaultvalues?
15:38 Diar 5
15:40 Diar <DefaultValues>                         <Value>5</Value>                     </DefaultValues>                 </AttributeSchema>
15:40 aldaris and what's the behavior?
15:40 MegaMatt This conversation is giving me major deja vu. I believe in the past I asked if aldaris had blogged about this before - people locking them selves out with session — and he says “No”..
15:41 Diar How do you mean I am still unable to login, are the defaults the actual values if I increase this will this increase the session limit
15:41 MegaMatt He means, are you using DESTROY_OLD_SESSION ?
15:41 aldaris they look differently in the config Matt
15:41 aldaris they look like java class names
15:42 aldaris and there are 2 settings in there for legacy reasons..
15:42 aldaris @MegaMatt, locking yourself out is quite a challenge, and there appear to be so many ways of doing that
15:42 MegaMatt :D
15:44 MegaMatt this XML is so ugly to look at in an 80 line char box within opendj control panel.. haha
15:44 Diar http://pastebin.com/TaSTgHg4
15:45 aldaris iplanet-am-session-constraint-handler
15:45 aldaris DestroyNextExpiring
15:45 aldaris but even then
15:45 aldaris session quota is disabled
15:45 aldaris come on Diar… :)
15:46 aldaris are you using "amadmin" as the user name?
15:47 Diar Currently yes :)
15:48 aldaris let's see that max session limit then
15:48 aldaris go to iPlanetAMSessionService
15:48 aldaris PlatformService that is
15:50 MegaMatt What did you use to pretty up the XML from the tiny ldap line?
15:50 MegaMatt ah found a webpage that does it ;)
15:51 MegaMatt freeformatter
15:51 Diar http://pastebin.com/FhLcQaST
15:52 aldaris xmllint —format?
15:52 aldaris that's not what we need now Diar
15:52 aldaris you need to find the com-sun-identity-servers
15:52 aldaris and under that all the servers
15:53 aldaris and in the sunkeyvalue/sunxmlkeyvalue you'll need to find com.iplanet.am.session.maxSessions
15:53 aldaris for all the servers you have configured
15:53 aldaris the cookie domain of .internal looks quite messed up tho :9
15:53 aldaris :)
15:55 Diar serverconfig=com.iplanet.am.session.maxSessions=0
15:55 aldaris well congratz
15:55 MegaMatt that doesn’t look so good
15:55 MegaMatt ;)
15:56 MegaMatt serverconfig=com.iplanet.a​m.session.maxSessions=5000 is what I have,.. nyah nyah ;)
15:57 Diar Yeah thats the default we hit that so we set it to 0 (unlimited) and upped the heap size
15:57 MegaMatt I have a feeling 0 isn’t unlimited ;)
15:57 aldaris (facepalm)
15:58 aldaris there are no emoticons for IRC :(
15:58 Diar But changing it and restarting it has worked :)
15:58 MegaMatt You would have to make some ascii line art ;) but I know exactly what emoticon that brings up
15:58 Diar thanks guys :)
15:58 aldaris "thought we set it to 6000 and increased the Xms and Xmx to 6G so thought we would have lots of room to play"
15:59 aldaris just like a good old fashioned customer would lie :)
15:59 MegaMatt yeah, that’s pretty far from 0 (unlimited)  ;D
15:59 Diar Doc say set to zero then it will just use up available memory, or words to that affect, but nice to know thats not what it means :)
16:00 Diar Yeah to many cooks...
16:00 aldaris Maximum Sessions
16:00 aldaris Maximum concurrent sessions OpenAM permits
16:00 aldaris property: com.iplanet.am.session.maxSessions
16:00 MegaMatt Where do the docs say that?
16:00 MegaMatt I see: Maximum Sessions5000 - In production this value can safely be set into the 100,000s. The maximum session limit is really controlled by the maximum size of the JVM heap which must be tuned appropriately to match the expected number of concurrent sessions.
16:00 aldaris http://openam.forgerock.org/doc/bootstrap/ad​min-guide/index.html#tuning-session-settings
16:01 aldaris yepp, I don't see that in the docs either
16:02 Diar many thanks :)
17:36 aldaris joined #openam
18:28 fairuz joined #openam
18:43 MegaMatt joined #openam
19:41 balo joined #openam
20:01 pcypher joined #openam
20:02 aldaris joined #openam
20:42 fairuz joined #openam
21:12 fairuz joined #openam
21:12 pcypher joined #openam
21:49 pcypher joined #openam
21:56 pcypher joined #openam
21:58 aldaris joined #openam
21:59 pcypher_ joined #openam
22:00 MegaMatt joined #openam
22:11 pcypher joined #openam
22:11 fairuz joined #openam
22:14 pcypher joined #openam
22:48 MegaMatt joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary