...
This instance is not setup behind a load balancer |
Run
The LDAP operation failed., refer to install.log under /opt/openam-config.0 for more information.
Another bug in a sense. Carefully reading the manual,
If you decide to use an existing installation of OpenDJ for configuration data, then you must first relax the restriction on objects with multiple structural object classes, by using the OpenDJ *dsconfig* command before completing OpenAM configuration.
Enter this into the command line
| Code Block |
|---|
cd /opt/opends.0
./dsconfig -h opendj.krypton.com -p 4444 -D "cn=Directory Manager" -w ****** set-global-configuration-prop --set single-structural-objectclass-behavior:warn -X -n |
When the configuration completes, click Proceed to Login, and then login as OpenAM administrator.
There is a note from the online manual,
| Panel |
|---|
Restrict permissions to the configuration directory (by default $HOME/openam, where $HOME corresponds to the user who runs the web container). |
But no instructions on how to do this or even why we need to do this.
Ah, I figured it out. By default OpenAM selects the user running the web container's home directory as the location for the OpenAM configuration files. It is saying to set permissions up so other users can not modify it. In our case, we are using serveradmin as the user running the web container, but then we choose a more explicit directory /opt/openam-config and is already configured to only allow staff and svradm.