By: matt dillenkoffer user 13 Oct 2016 at 10:12 a.m. CDT

11 Responses
matt dillenkoffer gravatar
when I run # ./import244.py backup_24 I get: [root@10 ~]# ./import244.py backup_24/ INFO Stopping Tomcat ... Redirecting to /bin/systemctl stop tomcat.service INFO Stopping Directory Server ... /opt/opendj/bin/stop-ds: line 153: kill: (17138) - Operation not permitted If I stop opendj before running the script with systemctl stop opendj it stops it successfully but then the script fails and exists because it says OpenDJ is not running. On another note if I run service opendj stop I also get the Operation not permitted error

By Michael Schwartz Account Admin 13 Oct 2016 at 1:18 p.m. CDT

Michael Schwartz gravatar
Can you attach logs?

By matt dillenkoffer user 13 Oct 2016 at 2:20 p.m. CDT

matt dillenkoffer gravatar
Here's a copy of the export log, I'm going to rerun the import script on a fresh install of 2.4.4 so I can give you an accurate import log.... ``` 2016-09-14 11:38:14,825 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -s one -b o=gluu o=* dn 2016-09-14 11:38:18,674 DEBUG Running command : /bin/mkdir -p ./backup_24 2016-09-14 11:38:18,681 DEBUG Running command : /bin/mkdir -p ./backup_24/ldif 2016-09-14 11:38:18,686 INFO Creating backup of files 2016-09-14 11:38:19,069 ERROR Failed to backup /opt/idp/conf 2016-09-14 11:38:19,069 ERROR Failed to backup /opt/idp/metadata 2016-09-14 11:38:19,069 INFO Creating backup of LDAP data 2016-09-14 11:38:19,070 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -s one -b o=gluu o=* dn 2016-09-14 11:38:23,298 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=people,o=@!828C.076E.9EF6.A8B2!0001!D8E0.38DF,o=gluu objectclass=* 2016-09-14 11:38:28,885 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=groups,o=@!828C.076E.9EF6.A8B2!0001!D8E0.38DF,o=gluu objectclass=* 2016-09-14 11:38:32,967 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=attributes,o=@!828C.076E.9EF6.A8B2!0001!D8E0.38DF,o=gluu objectclass=* 2016-09-14 11:38:37,471 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=scopes,o=@!828C.076E.9EF6.A8B2!0001!D8E0.38DF,o=gluu objectclass=* 2016-09-14 11:38:41,042 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=clients,o=@!828C.076E.9EF6.A8B2!0001!D8E0.38DF,o=gluu objectclass=* 2016-09-14 11:38:44,611 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=scripts,o=@!828C.076E.9EF6.A8B2!0001!D8E0.38DF,o=gluu objectclass=* 2016-09-14 11:38:48,190 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=uma,o=@!828C.076E.9EF6.A8B2!0001!D8E0.38DF,o=gluu objectclass=* 2016-09-14 11:38:51,597 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=hosts,o=@!828C.076E.9EF6.A8B2!0001!D8E0.38DF,o=gluu objectclass=* 2016-09-14 11:38:55,142 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=u2f,o=@!828C.076E.9EF6.A8B2!0001!D8E0.38DF,o=gluu objectclass=* 2016-09-14 11:38:58,591 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=appliances,o=gluu -s one objectclass=* 2016-09-14 11:39:01,930 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=appliances,o=gluu objectclass=oxTrustConfiguration 2016-09-14 11:39:05,409 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=appliances,o=gluu objectclass=oxAuthConfiguration 2016-09-14 11:39:08,960 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=appliances,o=gluu objectclass=gluuSAMLconfig 2016-09-14 11:39:12,434 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -s base -b o=@!828C.076E.9EF6.A8B2!0001!D8E0.38DF,o=gluu objectclass=* 2016-09-14 11:39:15,765 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -b ou=people,o=site -s one objectclass=* 2016-09-14 11:39:19,290 INFO Creating setup.properties backup file 2016-09-14 11:39:19,290 DEBUG Running command : /bin/cat /tmp/tmpLsKUiZ 2016-09-14 11:39:19,296 DEBUG Running command : /bin/hostname 2016-09-14 11:39:19,301 DEBUG Running command : /bin/grep ^inum ./backup_24/ldif/appliance.ldif 2016-09-14 11:39:19,306 DEBUG Running command : /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -j /tmp/tmpLsKUiZ -s one -b o=gluu o=* dn 2016-09-14 11:39:22,642 DEBUG Running command : /bin/cat ./backup_24/opt/tomcat/conf/salt 2016-09-14 11:39:45,711 INFO Creating backup of UI customizations 2016-09-14 11:39:45,711 DEBUG Running command : /usr/bin/unzip -q /opt/tomcat/webapps/oxauth.war -d /tmp/oxauth-original 2016-09-14 11:39:46,450 DEBUG Running command : /usr/bin/unzip -q /opt/tomcat/webapps/identity.war -d /tmp/oxtrust-original 2016-09-14 11:39:47,695 DEBUG 2016-09-14 11:39:47,698 DEBUG Running command : /usr/bin/find /opt/tomcat/webapps/oxauth 2016-09-14 11:39:49,686 DEBUG Found new file: /opt/tomcat/webapps/oxauth/NantHealth_white10_percent.png 2016-09-14 11:39:49,687 DEBUG Running command : /bin/mkdir -p ./backup_24//opt/tomcat/webapps/oxauth 2016-09-14 11:39:49,699 DEBUG Found changed file: /opt/tomcat/webapps/oxauth/login.xhtml 2016-09-14 11:39:49,700 DEBUG Found new file: /opt/tomcat/webapps/oxauth/login.xhtml_old_prior_to_forgot_password 2016-09-14 11:39:49,717 DEBUG Found new file: /opt/tomcat/webapps/oxauth/admin-login.xhtml 2016-09-14 11:39:49,717 DEBUG Found new file: /opt/tomcat/webapps/oxauth/patient-login.xhtml 2016-09-14 11:39:49,718 DEBUG Found new file: /opt/tomcat/webapps/oxauth/admin-login.page.xml 2016-09-14 11:39:49,719 DEBUG Found new file: /opt/tomcat/webapps/oxauth/dcxm-login.page.xml 2016-09-14 11:39:49,719 DEBUG Found new file: /opt/tomcat/webapps/oxauth/patient-login.page.xml 2016-09-14 11:39:49,720 DEBUG Found new file: /opt/tomcat/webapps/oxauth/dcxm-login.xhtml 2016-09-14 11:39:49,720 DEBUG Running command : /usr/bin/find /opt/tomcat/webapps/identity ```

By matt dillenkoffer user 13 Oct 2016 at 2:56 p.m. CDT

matt dillenkoffer gravatar
ok here's the import log.... ``` [root@10 ~]# cat import_244.log 2016-10-13 12:51:43,458 DEBUG root Running command : whereis service 2016-10-13 12:51:43,467 INFO root Stopping Tomcat ... 2016-10-13 12:51:43,467 DEBUG root Running command : /usr/sbin/service tomcat stop 2016-10-13 12:51:45,666 DEBUG root 2016-10-13 12:51:45,667 INFO root Stopping Directory Server ... 2016-10-13 12:51:45,667 DEBUG root Running command : /usr/sbin/service opendj stop 2016-10-13 12:53:00,493 ERROR root Error running command : /usr/sbin/service opendj stop 2016-10-13 12:53:00,494 ERROR root Traceback (most recent call last): File "./import244.py", line 144, in getOutput output = os.popen(" ".join(args)).read().strip() KeyboardInterrupt ``` It hangs on the Operation not permiited line so I had to hit ctrl-c to get out of it which is why you see the KeyboardInterrupt, below is the command line output from running the import command. ``` [root@10 ~]# ./import244.py backup_24/ INFO Stopping Tomcat ... Redirecting to /bin/systemctl stop tomcat.service INFO Stopping Directory Server ... /opt/opendj/bin/stop-ds: line 153: kill: (3311) - Operation not permitted ^C Session terminated, killing shell... ...killed. ERROR Error running command : /usr/sbin/service opendj stop ERROR Traceback (most recent call last): File "./import244.py", line 144, in getOutput output = os.popen(" ".join(args)).read().strip() KeyboardInterrupt ```

By matt dillenkoffer user 13 Oct 2016 at 3:33 p.m. CDT

matt dillenkoffer gravatar
The crux of the issue here is that I don't care about a full migration. If I can stand 2.4.4 up as a pristine clean install, I only need to import the OpenIDConnect clients from 2.4.3. Because if we can't do that we have to roll out new versions of at least one of our applications because the client secret is embedded in that release. But a full import export would be most ideal.

By Arunmozhi P staff 14 Oct 2016 at 12:02 p.m. CDT

Arunmozhi P gravatar
Hi Matt, The main issue seems to be trying to stop the OpenDJ server. Try doing a `service opendj stop` manually and see if you could stop OpenDJ. If you could do that then, in the import244.py script you can comment out the line 506 `stopOpenDJ()` to look like `#stopOpenDJ()` and then run the script. If you cannot OpenDJ at all, kindly report back.

By matt dillenkoffer user 14 Oct 2016 at 2:15 p.m. CDT

matt dillenkoffer gravatar
So like I said if I try to use "service opendj stop" I get the same error as the script does. But if I use "systemctl stop opendj" it shuts opendj down successfully. So I did what you suggested and commented out the call to stopOpenDJ() and the script runs. But then ends in error. Here is the backup log... ``` [root@10 ~]# cat import_244.log 2016-10-14 12:01:52,474 DEBUG root Running command : whereis service 2016-10-14 12:01:52,482 INFO root Stopping Tomcat ... 2016-10-14 12:01:52,483 DEBUG root Running command : /usr/sbin/service tomcat stop 2016-10-14 12:01:52,529 DEBUG root 2016-10-14 12:01:52,529 INFO root Copying backup files from /etc, /opt and /usr 2016-10-14 12:01:52,534 DEBUG root copying /etc/certs/httpd.key.orig 2016-10-14 12:01:52,534 DEBUG root copying /etc/certs/httpd.key 2016-10-14 12:01:52,535 DEBUG root copying /etc/certs/httpd.csr 2016-10-14 12:01:52,535 DEBUG root copying /etc/certs/httpd.crt 2016-10-14 12:01:52,536 DEBUG root copying /etc/certs/shibIDP.key.orig 2016-10-14 12:01:52,536 DEBUG root copying /etc/certs/shibIDP.key 2016-10-14 12:01:52,537 DEBUG root copying /etc/certs/shibIDP.csr 2016-10-14 12:01:52,537 DEBUG root copying /etc/certs/shibIDP.crt 2016-10-14 12:01:52,538 DEBUG root copying /etc/certs/asimba.key.orig 2016-10-14 12:01:52,538 DEBUG root copying /etc/certs/asimba.key 2016-10-14 12:01:52,539 DEBUG root copying /etc/certs/asimba.csr 2016-10-14 12:01:52,539 DEBUG root copying /etc/certs/asimba.crt 2016-10-14 12:01:52,539 DEBUG root copying /etc/certs/shibIDP.pkcs12 2016-10-14 12:01:52,540 DEBUG root copying /etc/certs/shibIDP.jks 2016-10-14 12:01:52,540 DEBUG root copying /etc/certs/asimba.pkcs12 2016-10-14 12:01:52,541 DEBUG root copying /etc/certs/asimbaIDP.jks 2016-10-14 12:01:52,541 DEBUG root copying /etc/certs/oxauth-web-keys.json 2016-10-14 12:01:52,543 DEBUG root copying /etc/certs/opendj.crt 2016-10-14 12:01:52,544 DEBUG root copying /etc/certs/duo_creds.json 2016-10-14 12:01:52,544 DEBUG root copying /etc/certs/gplus_client_secrets.json 2016-10-14 12:01:52,545 DEBUG root copying /etc/certs/oxpush2_creds.json 2016-10-14 12:01:52,545 DEBUG root copying /etc/certs/cert_creds.json 2016-10-14 12:01:52,547 DEBUG root copying /opt/tomcat/conf/catalina.policy 2016-10-14 12:01:52,548 DEBUG root copying /opt/tomcat/conf/catalina.properties 2016-10-14 12:01:52,550 DEBUG root copying /opt/tomcat/conf/context.xml 2016-10-14 12:01:52,553 DEBUG root copying /opt/tomcat/conf/logging.properties 2016-10-14 12:01:52,553 DEBUG root copying /opt/tomcat/conf/server.xml 2016-10-14 12:01:52,554 DEBUG root copying /opt/tomcat/conf/tomcat-users.xml 2016-10-14 12:01:52,554 DEBUG root copying /opt/tomcat/conf/web.xml 2016-10-14 12:01:52,556 DEBUG root copying /opt/tomcat/conf/salt 2016-10-14 12:01:52,557 DEBUG root copying /opt/tomcat/conf/asimba-selector.xml 2016-10-14 12:01:52,558 DEBUG root copying /opt/tomcat/conf/gluuTomcatWrapper.conf 2016-10-14 12:01:52,559 DEBUG root copying /opt/tomcat/conf/oxTrustLogRotationConfiguration.xml 2016-10-14 12:01:52,561 DEBUG root copying /opt/tomcat/conf/ox-ldap.properties 2016-10-14 12:01:52,561 DEBUG root copying /opt/tomcat/conf/oxtrust-ldap.properties 2016-10-14 12:01:52,565 DEBUG root copying /opt/tomcat/conf/python/python.txt 2016-10-14 12:01:52,566 DEBUG root copying /opt/tomcat/conf/python/duo_web.py 2016-10-14 12:01:52,566 DEBUG root copying /opt/tomcat/conf/Catalina/localhost/oxauth.xml 2016-10-14 12:01:52,567 DEBUG root copying /opt/tomcat/conf/Catalina/localhost/identity.xml 2016-10-14 12:01:52,573 DEBUG root copying /opt/tomcat/webapps/oxauth/NantHealth_white10_percent.png 2016-10-14 12:01:52,574 DEBUG root copying /opt/tomcat/webapps/oxauth/login.xhtml 2016-10-14 12:01:52,574 DEBUG root copying /opt/tomcat/webapps/oxauth/login.xhtml_old_prior_to_forgot_password 2016-10-14 12:01:52,575 DEBUG root copying /opt/tomcat/webapps/oxauth/admin-login.xhtml 2016-10-14 12:01:52,575 DEBUG root copying /opt/tomcat/webapps/oxauth/patient-login.xhtml 2016-10-14 12:01:52,576 DEBUG root copying /opt/tomcat/webapps/oxauth/admin-login.page.xml 2016-10-14 12:01:52,576 DEBUG root copying /opt/tomcat/webapps/oxauth/dcxm-login.page.xml 2016-10-14 12:01:52,576 DEBUG root copying /opt/tomcat/webapps/oxauth/patient-login.page.xml 2016-10-14 12:01:52,577 DEBUG root copying /opt/tomcat/webapps/oxauth/dcxm-login.xhtml 2016-10-14 12:01:52,592 INFO root Updating the SSL Keystore 2016-10-14 12:01:52,592 DEBUG root Exporting OpenDJ certificate 2016-10-14 12:01:52,592 DEBUG root Running command : /usr/bin/keytool -exportcert -keystore /opt/opendj/config/truststore -storepass apEAAVN647rWI7OKq0S53Q0YSy5jAoYkWGRXyRGIIjYCPvjNKY -file /etc/certs/opendj.crt -alias server-cert -rfc 2016-10-14 12:01:52,992 DEBUG root 2016-10-14 12:01:52,992 DEBUG root Deleting new 10.7.152.29_httpd 2016-10-14 12:01:52,993 DEBUG root Running command : /usr/bin/keytool -delete -alias 10.7.152.29_httpd -keystore /usr/java/latest/lib/security/cacerts -storepass changeit -noprompt 2016-10-14 12:01:53,876 DEBUG root Delete operation success. 2016-10-14 12:01:53,876 DEBUG root Importing old 10.7.152.29_httpd 2016-10-14 12:01:53,876 DEBUG root Running command : /usr/bin/keytool -import -trustcacerts -file /etc/certs/httpd.crt -alias 10.7.152.29_httpd -keystore /usr/java/latest/lib/security/cacerts -storepass changeit -noprompt 2016-10-14 12:01:54,832 DEBUG root Certificate import success. 2016-10-14 12:01:54,833 DEBUG root Deleting new 10.7.152.29_asimba 2016-10-14 12:01:54,833 DEBUG root Running command : /usr/bin/keytool -delete -alias 10.7.152.29_asimba -keystore /usr/java/latest/lib/security/cacerts -storepass changeit -noprompt 2016-10-14 12:01:55,791 DEBUG root Delete operation success. 2016-10-14 12:01:55,791 DEBUG root Importing old 10.7.152.29_asimba 2016-10-14 12:01:55,791 DEBUG root Running command : /usr/bin/keytool -import -trustcacerts -file /etc/certs/asimba.crt -alias 10.7.152.29_asimba -keystore /usr/java/latest/lib/security/cacerts -storepass changeit -noprompt 2016-10-14 12:01:56,831 DEBUG root Certificate import success. 2016-10-14 12:01:56,832 DEBUG root Deleting new 10.7.152.29_shibIDP 2016-10-14 12:01:56,832 DEBUG root Running command : /usr/bin/keytool -delete -alias 10.7.152.29_shibIDP -keystore /usr/java/latest/lib/security/cacerts -storepass changeit -noprompt 2016-10-14 12:01:57,724 DEBUG root Delete operation success. 2016-10-14 12:01:57,724 DEBUG root Importing old 10.7.152.29_shibIDP 2016-10-14 12:01:57,724 DEBUG root Running command : /usr/bin/keytool -import -trustcacerts -file /etc/certs/shibIDP.crt -alias 10.7.152.29_shibIDP -keystore /usr/java/latest/lib/security/cacerts -storepass changeit -noprompt 2016-10-14 12:01:58,732 DEBUG root Certificate import success. 2016-10-14 12:01:58,732 DEBUG root Deleting new 10.7.152.29_opendj 2016-10-14 12:01:58,732 DEBUG root Running command : /usr/bin/keytool -delete -alias 10.7.152.29_opendj -keystore /usr/java/latest/lib/security/cacerts -storepass changeit -noprompt 2016-10-14 12:01:59,617 DEBUG root Delete operation success. 2016-10-14 12:01:59,617 DEBUG root Importing old 10.7.152.29_opendj 2016-10-14 12:01:59,617 DEBUG root Running command : /usr/bin/keytool -import -trustcacerts -file /etc/certs/opendj.crt -alias 10.7.152.29_opendj -keystore /usr/java/latest/lib/security/cacerts -storepass changeit -noprompt 2016-10-14 12:02:00,560 DEBUG root Certificate import success. 2016-10-14 12:02:00,560 INFO root Copying the Custom LDAP Schema 2016-10-14 12:02:00,561 INFO root Exporting the current LDAP data 2016-10-14 12:02:00,561 DEBUG root Running command : /opt/opendj/bin/export-ldif -n userRoot -l ./output_ldif/current.ldif 2016-10-14 12:02:17,764 DEBUG root [14/10/2016:12:02:16 -0700] category=JEB seq=2 severity=FINE msg=JE backend 'userRoot' does not specify the number of lock tables: defaulting to 5 [14/10/2016:12:02:16 -0700] category=JEB seq=3 severity=FINE msg=JE backend 'userRoot' does not specify the number of cleaner threads: defaulting to 8 threads [14/10/2016:12:02:17 -0700] category=PLUGGABLE seq=30 severity=INFO msg=Exported 158 entries and skipped 0 in 0 seconds (average rate 524.9/sec) 2016-10-14 12:02:17,764 INFO root Updating oxSectorIdentifierURI to oxSectorIdentifier in people.ldif 2016-10-14 12:02:17,788 INFO root Processing the LDIF data 2016-10-14 12:02:18,237 DEBUG root Keeping old value for displayName 2016-10-14 12:02:18,237 DEBUG root Keeping old value for gluuOrgShortName 2016-10-14 12:02:19,618 DEBUG root Keeping old value for gluuVdsCacheRefreshEnabled 2016-10-14 12:02:19,622 DEBUG root Keeping old value for oxTrustCacheRefreshServerIpAddress 2016-10-14 12:02:22,508 DEBUG root Keep multiple old values for oxAuthClaim 2016-10-14 12:02:22,793 DEBUG root Keeping old value for oxAuthClientSecret 2016-10-14 12:02:22,853 DEBUG root Keep multiple old values for member 2016-10-14 12:02:23,121 DEBUG root Keeping old value for oxScript 2016-10-14 12:02:23,121 DEBUG root Keep multiple old values for oxModuleProperty 2016-10-14 12:02:23,200 DEBUG root Keeping old value for oxScript 2016-10-14 12:02:23,201 DEBUG root Keep multiple old values for oxModuleProperty 2016-10-14 12:02:23,245 DEBUG root Keeping old value for displayName 2016-10-14 12:02:23,245 DEBUG root Keeping old value for description 2016-10-14 12:02:23,246 DEBUG root Keeping old value for oxScript 2016-10-14 12:02:23,246 DEBUG root Keep multiple old values for oxConfigurationProperty 2016-10-14 12:02:23,290 DEBUG root Keep multiple old values for oxModuleProperty 2016-10-14 12:02:23,375 DEBUG root Keep multiple old values for oxModuleProperty 2016-10-14 12:02:23,419 DEBUG root Keep multiple old values for oxModuleProperty 2016-10-14 12:02:23,479 DEBUG root Keep multiple old values for oxModuleProperty 2016-10-14 12:02:23,638 DEBUG root Keeping old value for oxScript 2016-10-14 12:11:39,142 INFO root Running ldif-import on ./output_ldif/processed.ldif 2016-10-14 12:11:39,142 DEBUG root Running command : /opt/opendj/bin/import-ldif -n userRoot -l ./output_ldif/processed.ldif -R ./output_ldif/processed.ldif.rejects 2016-10-14 12:11:58,221 DEBUG root [14/10/2016:12:11:55 -0700] category=UTIL seq=2 severity=INFO msg=Installation Directory: /opt/opendj [14/10/2016:12:11:55 -0700] category=UTIL seq=3 severity=INFO msg=Instance Directory: /opt/opendj [14/10/2016:12:11:55 -0700] category=UTIL seq=4 severity=INFO msg=JVM Information: 1.7.0_95-mockbuild_2016_01_21_15_30-b00 by Oracle Corporation, 64-bit architecture, 1353711616 bytes heap size [14/10/2016:12:11:55 -0700] category=UTIL seq=5 severity=INFO msg=JVM Host: 10.7.152.29, running Linux 3.10.0-327.13.1.el7.x86_64 amd64, 6089326592 bytes physical memory size, number of processors available 2 [14/10/2016:12:11:55 -0700] category=UTIL seq=6 severity=INFO msg=JVM Arguments: "-Dorg.opends.server.scriptName=import-ldif" [14/10/2016:12:11:55 -0700] category=JEB seq=7 severity=FINE msg=JE backend 'userRoot' does not specify the number of lock tables: defaulting to 5 [14/10/2016:12:11:55 -0700] category=JEB seq=8 severity=FINE msg=JE backend 'userRoot' does not specify the number of cleaner threads: defaulting to 8 threads [14/10/2016:12:11:56 -0700] category=PLUGGABLE seq=35 severity=INFO msg=Setting DB cache size to 33554432 bytes. Using 700 Mb off-heap memory through 172 phase one buffers of 4167 Kb. [14/10/2016:12:11:56 -0700] category=PLUGGABLE seq=36 severity=INFO msg=Gluu-OpenDJ 3.0.0-gluu starting import (build 20160331045526, Ree0b5ef693678ceb4fa0e0794a4387aba2fe84cf) [14/10/2016:12:11:56 -0700] category=PLUGGABLE seq=37 severity=INFO msg=Import Thread Count: 2 threads [14/10/2016:12:11:58 -0700] category=PLUGGABLE seq=65 severity=INFO msg=Import LDIF environment close took 0 seconds [14/10/2016:12:11:58 -0700] category=PLUGGABLE seq=66 severity=INFO msg=Flushing data to disk 2016-10-14 12:11:58,221 INFO root Starting Directory Server ... 2016-10-14 12:11:58,221 DEBUG root Running command : /usr/sbin/service opendj start 2016-10-14 12:12:18,651 CRITICAL root OpenDJ did not start properly... exiting. Check /opt/opendj/logs/errors ``` And here is the opendj error log... ``` [14/Oct/2016:11:59:58 -0700] category=CORE severity=NOTICE msgID=org.opends.messages.core.139 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID org.opends.messages.core-135): The Directory Server has started successfully [14/Oct/2016:12:01:29 -0700] category=CORE severity=NOTICE msgID=org.opends.messages.core.139 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerShutdown, alert ID org.opends.messages.core-141): The Directory Server has started the shutdown process. The shutdown was initiated by an instance of class org.opends.server.core.DirectoryServerShutdownHook and the reason provided for the shutdown was The Directory Server shutdown hook detected that the JVM is shutting down. This generally indicates that JVM received an external request to stop (e.g., through a kill signal) [14/Oct/2016:12:01:34 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.370 msg=The backend site is now taken offline [14/Oct/2016:12:01:34 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.370 msg=The backend userRoot is now taken offline [14/Oct/2016:12:01:34 -0700] category=CORE severity=NOTICE msgID=org.opends.messages.core.203 msg=The Directory Server is now stopped [14/Oct/2016:12:12:12 -0700] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.21 msg=Installation Directory: /opt/opendj [14/Oct/2016:12:12:12 -0700] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.23 msg=Instance Directory: /opt/opendj [14/Oct/2016:12:12:12 -0700] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.17 msg=JVM Information: 1.7.0_95-mockbuild_2016_01_21_15_30-b00 by Oracle Corporation, 64-bit architecture, 120061952 bytes heap size [14/Oct/2016:12:12:12 -0700] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.18 msg=JVM Host: 10.7.152.29, running Linux 3.10.0-327.13.1.el7.x86_64 amd64, 6089326592 bytes physical memory size, number of processors available 2 [14/Oct/2016:12:12:12 -0700] category=UTIL severity=NOTICE msgID=org.opends.messages.runtime.19 msg=JVM Arguments: "-Xms128m", "-Xmx128m", "-Dorg.opends.server.scriptName=start-ds" [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxAuthExpiration is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxExternalUid is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_mail is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_entryUUID is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_objectClass is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxAuthAuthorizationCode is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_givenName is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_inum is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_ds-sync-conflict is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_myCustomAttr1 is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_uniqueMember is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_creationDate is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_myCustomAttr2 is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxState is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxMetricType is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_ds-sync-hist is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_uniqueIdentifier is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxAuthGrantId is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_aci is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxAuthSessionDn is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_lastModifiedTime is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:14 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_cn is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxEndDate is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_member is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxSectorIdentifier is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_gluuStatus is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_sn is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxRequestId is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxAuthTokenCode is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxId is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxStartDate is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxApplicationType is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_telephoneNumber is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxApplication is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_uid is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.535 msg=Due to changes in the configuration, index o=gluu_oxDeviceHashCode is currently operating in a degraded state and must be rebuilt before it can be used [14/Oct/2016:12:12:15 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.513 msg=The database backend userRoot containing 0 entries has started [14/Oct/2016:12:12:16 -0700] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.513 msg=The database backend site containing 2 entries has started [14/Oct/2016:12:12:16 -0700] category=EXTENSIONS severity=NOTICE msgID=org.opends.messages.extension.221 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: localhost [14/Oct/2016:12:12:17 -0700] category=PROTOCOL severity=NOTICE msgID=org.opends.messages.protocol.276 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 4444 [14/Oct/2016:12:12:17 -0700] category=PROTOCOL severity=NOTICE msgID=org.opends.messages.protocol.276 msg=Started listening for new connections on LDAPS Connection Handler 0.0.0.0 port 1636 [14/Oct/2016:12:12:17 -0700] category=CORE severity=NOTICE msgID=org.opends.messages.core.135 msg=The Directory Server has started successfully [14/Oct/2016:12:12:17 -0700] category=CORE severity=NOTICE msgID=org.opends.messages.core.139 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID org.opends.messages.core-135): The Directory Server has started successfully ```

By matt dillenkoffer user 17 Oct 2016 at 9:39 a.m. CDT

matt dillenkoffer gravatar
I'd like to reiterate that at the end of the day we NEED to be able to export and import the legacy OpendIDConnect clients, everything else I can do manually. If I can't get the clients migrated over we are dead in the water and if we can't get this environment up soon people are going to start getting upset.

By Mohib Zico staff 17 Oct 2016 at 10:37 a.m. CDT

Mohib Zico gravatar
Matt, If you need you can try in CentOS6.x or Ubuntu 14.04 LTS. There are couple of issues with importing data in backup script ( import244.py ) which require more testing from our side.

By Mohib Zico staff 17 Oct 2016 at 11:26 a.m. CDT

Mohib Zico gravatar
>> There are couple of issues with importing data in backup script ( import244.py ) which require more testing from our side. I think I missed one word here... :-) _There are couple of issues with importing data with backup script ( import244.py ) *in CentOS/RHEL-7.X* which require more testing from our side._

By Mohib Zico staff 17 Oct 2016 at 4:30 p.m. CDT

Mohib Zico gravatar
It's still work in progress.. then again sharing some status with you. - Two systemD scripts attached below which you need to use before running 'setup.py' installation script. This will solve permission issue. - After the completion of 'yum install gluu-server-2.4.4' from [installation doc](https://gluu.org/docs/deployment/centos7/#centos-7-installation-guide), copy these attached systemD script inside your container - cp opendj.service /opt/gluu-server-2.4.4/install/community-edition-setup/static/opendj/systemd/ - cp tomcat /opt/gluu-server-2.4.4/install/community-edition-setup/static/tomcat/systemd/ - Take 'setup.properties' from 'backup_24' and put that inside new container's /install/community-edition-setup - Run 'setup.py' - After the completion of base installation ( after successful completion of setup.py script ); you can run 'import244.py' with 'backup_24' directory. [ output attached below ]

By matt dillenkoffer user 24 Oct 2016 at 8:41 a.m. CDT

matt dillenkoffer gravatar
I was not able to test these procedures, the simplest option at the time was to just reinstall gluu, configure it, setup new clients and then just use and LDAP editor to change the clientID's to the old client ID values. I am glad we ran into all the problems we did though because it forced me to re-look at our authentication form which had morphed into lots of files to maintain. After upgrading to 2.4.4 we are not back to only 1 login form which I'm pretty happy about.