By: Avi Khetarpal user 16 Nov 2017 at 4:31 p.m. CST

3 Responses
Avi Khetarpal gravatar

Hi,

My Gluu server is one that was originally 3.0.2 and then upgraded to 3.1.0 using the migration scripts available on Github. I then upgraded the .WAR files to 3.1.1.

I've found that I can't update my OpenID Connect clients in the oxTrust UI. I get a logged error (in oxtrust.log) saying the LDAP attribute type oxDisabled is undefined. I can see this was added to the community setup in Github in September but it looks like my upgrade pathway may have omitted adding it to my LDAP server?

I'm guessing the solution is simply to create the attribute type with an LDIF script but since it's not something I'm very familiar with, I'd just like some guidance to make sure I do it correctly instead of potentially using a hacky workaround that causes issues in the future.

Thanks,

Avi

By Aliaksandr Samuseu staff 16 Nov 2017 at 5:23 p.m. CST

Aliaksandr Samuseu gravatar

Hi, Avi.

Assigning it to engineer responsible for upgrade script. In a fresh 3.1.x there is no issues with updating clients.

It seems script doesn't add new attribute for clients to schema. Here is workaround you can use:

  1. Edit /opt/gluu/schema/openldap/gluu.schema. Add attribute definition like this:

    attributetype ( oxAttribute:375 NAME 'oxDisabled' DESC 'Status of client' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Gluu created attribute' )

  2. Add the new attribute to the objectclass 'oxAuthClient' in the same file; you'll see there a list of attributes separated with "$" sign

  3. Make sure your edits didn't break schema: # /opt/symas/bin/slaptest -f /opt/symas/etc/openldap/slapd.conf

  4. Restart OpenLDAP: # service solserver restart

By Aliaksandr Samuseu staff 16 Nov 2017 at 5:25 p.m. CST

Aliaksandr Samuseu gravatar

Edited the previous post, correct objectclass name is "oxAuthClient"

By Avi Khetarpal user 16 Nov 2017 at 8:24 p.m. CST

Avi Khetarpal gravatar

Hi Aliaksandr,

Thanks very much, that did the trick! :)

Avi