By: Kee Wee Wong named 17 Mar 2020 at 4:50 a.m. CDT

7 Responses
Kee Wee Wong gravatar
Hi Support, We recently upgrade Gluu on EKS from version 4.0 to 4.1, using the steps in the Gluu CE 4.1 documentation https://gluu.org/docs/ce/4.1/upgrade/#upgrade-40-to-41 After the upgrade, we could no longer update the Cache Refresh configuration. Any updates to the config will be reverted to the original values. The cr-rotate pod does not update the cache refresh info either. After troubleshooting with Mohammad Abudayyeh, we discovered that the ldap did not update with the error in oxtrust.log and also in ldapbrowsers: ```Caused by: com.unboundid.ldap.sdk.LDAPException: Entry ou=configuration,o=gluu cannot be modified because the resulting entry would have violated the server schema: Entry ou=configuration,o=gluu violates the Directory Server schema configuration because it includes attribute gluuPersonCount which is not allowed by any of the objectclasses defined in that entry ``` The ou=configuration,o=gluu was missing the `gluuOxtrustStat` objectclass and therefore oxtrust could not update the ldap entry. Can you kindly assist in looking into this issue and possibly the upgrade steps also. Thank you!

By Thomas Gasmyr Mougang staff 17 Mar 2020 at 5:38 a.m. CDT

Thomas Gasmyr Mougang gravatar
Can you provide the following: - The full log where this **Caused by: com.unboundid.ldap.sdk.LDAPException:** is coming from - The ldif representation of the entry with DN **ou=configuration,o=gluu** I think the issue here is that some items that were moved from **ou=configuration,o=gluu** to **metrics** are still available in **ou=configuration,o=gluu**

By Kee Wee Wong named 17 Mar 2020 at 6:21 a.m. CDT

Kee Wee Wong gravatar
Hi Thomas, I have attached the requested info

By Thomas Gasmyr Mougang staff 17 Mar 2020 at 7:11 a.m. CDT

Thomas Gasmyr Mougang gravatar
Okay, can you connect to LDAP using Ldap Browser like JExplorer? If so, connect and lemme know, i will provide steps you have to take to fix it.

By Kee Wee Wong named 17 Mar 2020 at 8:14 a.m. CDT

Kee Wee Wong gravatar
Hi Thomas, Yes, I have access to Apache Directory Studio to modify the LDAP.

By Thomas Gasmyr Mougang staff 17 Mar 2020 at 8:29 a.m. CDT

Thomas Gasmyr Mougang gravatar
okay connect using apache studio and delete the following items from **ou=configuration,o=gluu** - gluuGroupCount - gluuPersonCount - gluuFreeMemory - gluuFreeDiskSpace - gluuFreeSwap - gluuIpAddress - gluuLoadAvg Try to delete item after item and if you encounter error, then select them all and delete at once.

By Kee Wee Wong named 18 Mar 2020 at 3:44 a.m. CDT

Kee Wee Wong gravatar
Hi Thomas, I have deleted the following: * gluuGroupCount * gluuPersonCount * gluuFreeMemory * gluuFreeDiskSpace * gluuIpAddress The following attributes were not in the container * gluuFreeSwap * gluuLoadAvg In addition, I deleted `gluuSystemUptime` too, as it was complaining about that attribute. So far it looks good! I'm able to update the cache refresh configuration now. Thanks! May I know why the data wasn't patched during the upgrade?

By Thomas Gasmyr Mougang staff 18 Mar 2020 at 4:09 a.m. CDT

Thomas Gasmyr Mougang gravatar
> May I know why the data wasn't patched during the upgrade? Yes, there was a mistake in upgrade script. It is now fixed.