Can't register supergluu devices

By: Alexandre Zia Account Admin 30 Mar 2020 at 6:39 p.m. CDT

3 Responses
Alexandre Zia gravatar
Cant register SuperGluu devices. User logs in into oxTrust, then the QRCode is presented. After scan QRCode with Super Gluu app, the app presents the error message: "Fido U2F response was rejected." relevant oxauth.log lines: ... org.gluu.persist.exception.EntryPersistenceException: Failed to persist entry: oxId=1585610319401,ou=fido,inum=xxxxxxx,ou=people,o=gluu ... Caused by: com.unboundid.ldap.sdk.LDAPException: Entry oxId=1585610319401,ou=fido,inum=xxxxxxxx,ou=people,o=gluu violates the Directory Server schema configuration because it includes attribute personInum which is not allowed by any of the objectclasses defined in that entry ... opendj.log shows the same: [30/Mar/2020:20:34:52 -0300] ADD RES conn=17046 op=260 msgID=261 result=65 message="Entry oxId=1585611292315,ou=fido,inum=xxxxxxxxxxx,ou=people,o=gluu violates the Directory Server schema configuration because it includes attribute personInum which is not allowed by any of the objectclasses defined in that entry" etime=0 {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":42826},"server":{"ip":"127.0.0.1","port":1636},"request":{"protocol":"LDAPS","operation":"ADD","connId":17046,"msgId":261,"dn":"oxId=1585611292315,ou=fido,inum=xxxxxxxx,ou=people,o=gluu"},"transactionId":"0","response":{"status":"FAILED","statusCode":"65","elapsedTime":0,"elapsedTimeUnits":"MILLISECONDS","detail":"Entry oxId=1585611292315,ou=fido,inum=xxxxxxx,ou=people,o=gluu violates the Directory Server schema configuration because it includes attribute personInum which is not allowed by any of the objectclasses defined in that entry"},"timestamp":"2020-03-30T23:34:52.322Z","_id":"9d1d33e1-f2aa-4274-9722-feb463b1f61a-725419"}
CentOS 7.7
closed

Answers

By Aliaksandr Samuseu staff 30 Mar 2020 at 6:56 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Alexandre. It's a known issue. Here is hot-fix: 1. Log in to container 2. Retrieve the correct schema file: `# wget https://raw.githubusercontent.com/GluuFederation/community-edition-setup/version_4.1.0/static/opendj/101-ox.ldif` 3. Stop "opendj" service 4. Backup previous schema file (you'll need it to rever the change if something will go wrong): `# cp /opt/opendj/config/schema/101-ox.ldif ./101-ox.ldif.bak` 5. Deploy the new schema: `# cp 101-ox.ldif /opt/opendj/config/schema/101-ox.ldif` 6. Start the service; check `/opt/opendj/logs/server.out` for any schema-related errors; if something goes wrong, restore the schema from the backup and restart the service Sorry for the inconvenience caused, this is fixed in 4.2 already.

By Alexandre Zia Account Admin 30 Mar 2020 at 7:22 p.m. CDT

Copy
Alexandre Zia gravatar
Thanks for the ultra fast response. Worked like a charm, authenticating an SSL VPN through radius with supergluu now!!! regards.

By Aliaksandr Samuseu staff 31 Mar 2020 at 1:38 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
No problem :) That was a fix in a private customer's ticket, so I just copied it to public boards, to save us some effort on answering this in the future.

Post an answer