The following error is shown when installing the Web agent:OpenAM Web Agent for Apache Server installation. Validating... Error validating OpenAM - Agent configuration. Installation failed.
The corresponding Install log shows the following errors:2017-09-17 10:11:23 OpenAM Web Agent for Apache server silent installation 2017-09-17 10:11:23 license accepted with --acceptLicence option 2017-09-17 10:11:23 license was accepted earlier 2017-09-17 10:11:23 Unable to find the "User" entry in the httpd.conf file, will try APACHE_RUN_USER environment variable 2017-09-17 10:11:23 Unable to find the "Group" entry in the httpd.conf file, will try APACHE_RUN_GROUP environment variable 2017-09-17 10:11:23 am_agent_login(): closing connection after failure 2017-09-17 10:11:23 error validating OpenAM agent configuration 2017-09-17 10:11:23 installation error 2017-09-17 10:11:23 installation exit
Alternatively, you may not see an error when you install but instead see the following error in the error_log (located in the /path/to/apache/logs directory) when you start the server:[unixd:alert] [pid 6616:tid 140758435143128] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive
These errors occur when the user and group are not set in the Apache httpd.conf file (located in the path/to/apache/conf directory) or in the APACHE_RUN_USER and APACHE_RUN_GROUP environment variables (envvars file). The Apache worker process requires read/write access to the agent configuration and log files. These entries ensure that Apache is running with the correct user context and that the Agent files are created in a way that is owned and accessible to them.
This issue can be resolved as follows:
- Check whether the user and group are set; you can do this via the httpd.conf file or equivalent file (such as envvars). For example:
- Review the httpd.conf file and check whether the user and group are set. By default, they are set to apache, for example: $ cat httpd.conf | grep 'User\|Group' ... User apache Group apache ..If they are not set, you should set them; you can set them to apache or nobody.
- Review the envvars file to ensure the user and group are set in the APACHE_RUN_USER and APACHE_RUN_GROUP environment variables. For example: $ cat envvars | grep 'APACHE_RUN_USER\|APACHE_RUN_GROUP' export APACHE_RUN_USER=apache export APACHE_RUN_GROUP=apacheIf they are not set, you should set them; you can set them to apache or nobody.
- Review the passwd and group files to check whether the user and group match what is set in your httpd.conf file or equivalent. For example: $ cat /etc/passwd | grep apache apache:x:48:48:apache:/usr/share/httpd:/sbin/nologin $ cat /etc/group | grep apache apache:x:48:
If they are not set, you should set them to match what is in the httpd.conf file or equivalent.
The Agent installer can change the ownership to the same User and Group specified in the Apache configuration. For further details on using the installer to set the appropriate permissions. See Install the Apache Web Agent.