Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2016-05-16

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:48 ilbot3 joined #openam
01:48 Topic for #openam is now Chat about the OpenAM project - https://backstage.forgerock.com/#/downloads - OpenAM 13.0.0 is out! OpenAM 12.0.2 is out! Channel logs at: http://irclog.perlgeek.de/openam/today
06:47 aldaris joined #openam
07:22 aldaris joined #openam
08:18 aldaris joined #openam
09:56 aldaris joined #openam
10:25 aldaris joined #openam
11:03 MegaMatt joined #openam
11:15 sonuloveu joined #openam
11:15 sonuloveu Hello
11:15 sonuloveu anyone around here
11:15 MegaMatt Not really, no
11:16 sonuloveu I am using OpenAM13 and using external bus I want to create user
11:17 sonuloveu any clue ?
11:17 aldaris hi
11:17 aldaris external bus??
11:17 sonuloveu using REST API
11:18 MegaMatt There are CRUD operations you can do.. or you could go directly to the user store, or use a identity management tool
11:18 sonuloveu can you suggest one tool which I can give quick try?
11:19 MegaMatt ID management is not a quick try type of thing
11:19 sonuloveu still :)
11:19 sonuloveu I will take my time to get used to it
11:19 sonuloveu :)
11:21 MegaMatt From: https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-crud-identity
11:21 MegaMatt “OpenAM is not primarily an identity data store, nor is it provisioning software. For storing identity data, consider OpenDJ. For provisioning, consider OpenIDM. Both of these products provide REST APIs as well."
11:23 sonuloveu for openDJ it is working fine
11:23 sonuloveu I am trying to store it in OpenLDAP
11:24 MegaMatt and?
11:25 sonuloveu it's not working with LDAP but working fine with OpenDJ
11:25 aldaris what isn't working exactly?
11:28 sonuloveu http://pastebin.com/UPpeZuS0
11:29 MegaMatt Not sure what that’s trying to show me
11:29 aldaris me neither
11:29 aldaris it looks to be working
11:29 sonuloveu 1. I am trying to creating generic LDAPv3 relm
11:30 aldaris did you mean generic LDAPv3 data store?
11:30 sonuloveu than I am trying to create external user using rest api client
11:30 sonuloveu yes aldaris
11:31 aldaris using the /openam/json/users endpoint?
11:33 sonuloveu myurl/openam/json/customers/users/?_action=create
11:33 aldaris so your data store is defined in the /customers realm then?
11:33 sonuloveu customers is my realm which I created for LDAPv3 in open
11:34 sonuloveu yes
11:34 MegaMatt I’d consider looking at the actual log files (maybe turn them up to message level) to determine what is or isn’t working - the IdRepo log in particular should be of use. Probably something is misconfigured in your datastore configuration.. or something’s up with the actual datstore itself
11:35 sonuloveu that's giving me 404
11:35 aldaris that /json/customers/users/?_action=create gives you 404?
11:36 MegaMatt ooh, then yeah, that’s different
11:36 MegaMatt maybe a typo in the realm name?
11:36 aldaris is there a JSON response with that 404?
11:39 sonuloveu yes I will show in a sec
11:42 sonuloveu "code": 404"reason": "Not Found""message": "Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=17"
11:43 aldaris "Indicates that the attribute specified in the modify or add operation does not exist in the LDAP server's schema."
11:43 aldaris have a look at the OpenLDAP access logs
11:44 MegaMatt Did you add the OpenAM schema to your LDAP repository?
11:45 sonuloveu yes
11:45 sonuloveu Do I need to save the OpenAM schema before I create user?
11:45 aldaris you've looked at the OpenDJ schema and then manually converted to OpenLDAP directory schema
11:45 sonuloveu as while configuring it shows me Load schema when saved
11:46 sonuloveu OpenLDAP manually created that
11:47 aldaris FYI I'm facepalming at the moment :)
11:47 sonuloveu :(
11:47 aldaris either you should make sure that the directory schema is properly to applied for your OpenLDAP instance
11:47 aldaris or you should adjust the settings of your OpenLDAP data store to ensure that you are not trying to work with objectclasses and attributes that simply don't exist in your directory
11:48 sonuloveu gotcha
11:48 aldaris and no, the load schema on save checkbox will not do anything useful if your directory is openldap
11:49 sonuloveu I see... so do you know where can I get help to add OpenAM schema to LDAP repo?
11:49 aldaris first you should check whether you even need the directory schema
11:50 aldaris if you are not using certain OpenAM features, then chances are you don't even need the schema to be applied
11:50 sonuloveu no I surely need the directory schema for sure
11:51 aldaris then you will need to manually apply the schema, by converting the schema to an OpenLDAP specific format
11:52 aldaris you can search for "openam openldap schema" on Google, but I'm not sure if you will actually find examples or ready to download ldif files
11:54 sonuloveu I think I got the starting point and will start look into it
11:54 sonuloveu and if further issue come I will come back here :)
11:54 sonuloveu and thanks for both of you
11:54 sonuloveu but one thing aldaris
11:54 sonuloveu "username":"test4",
11:54 sonuloveu "realm":"dc=barbucha",
11:54 sonuloveu "uid":["test4"],
11:54 sonuloveu "sn":["test4"],
11:54 sonuloveu "cn":["test4"],
11:55 sonuloveu "givenName":["test4"],
11:55 sonuloveu "dn":["uid=test4,ou=People,dc=barbucha"],
11:55 sonuloveu "objectClass":["person","inetorgperson","organizationalperson","top"],
11:55 sonuloveu "universalid":["id=test4,ou=user,dc=barbucha"]}
11:55 sonuloveu I created this user manually in openLDAP GUI
11:55 sonuloveu it's just REST API which is failing
11:55 sonuloveu and it's working fine in PHPLDAPADMIN tool
11:56 aldaris obviously
11:56 MegaMatt Neither of those use OpenAM to call out to the datastore
11:57 aldaris reading via REST will not fail, since the missing schema won't really cause any problems
11:58 aldaris the create operation fails, because OpenAM tries to set attributes in the user entry that don't exist in the OpenLDAP directory schema
12:00 sonuloveu yes, because I created user manually and took json and trying to create it through REST API
12:01 sonuloveu so I believe that schema is already in LDAP repo
12:08 aldaris it isn't
12:09 aldaris even if you use the JSON output, OpenAM will add extra attributes to the entry when instructed to create the user entry
12:10 sonuloveu is there any way to track that down?
12:10 aldaris track what down?
12:11 sonuloveu extra attributes from openAM
12:11 aldaris you can have a look at the OpenLDAP access logs (as suggested like half an hour ago)
12:12 sonuloveu got it I will check that and first will find a way to add OpenAM schema to LDAP repo
12:12 aldaris or you could try to use tcpdump/wireshark to see what exact attributes are sent across
12:12 sonuloveu yes that's sound much better :) I will give it try
12:18 sonuloveu thank you very much for you help aldaris
12:41 aldaris joined #openam
13:03 sonuloveu joined #openam
13:39 GrosSeb joined #openam
14:21 sonuloveu joined #openam
19:18 aldaris joined #openam
19:46 fig joined #openam
19:47 fig Well I'll be... I heard there was an IRC channel, but I didn't expect people to be idling in it!
19:47 MegaMatt Sure, why not?
19:48 fig To be honest I havn't used IRC for at least 12 years. Didn't think it was still a thing people did.. Especially didn't think it would be a thing with regards to openam :)
19:50 aldaris well openam is more than 12 year old product, so why not
19:50 MegaMatt And freenode is pretty popular with open source projects....
19:50 fig Well that's great to hear
21:18 MegaMatt joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary