Data validation failed error when creating or updating user data store LDAP attributes after upgrading to AM 6.5.1
The purpose of this article is to provide assistance if you encounter a "Data validation failed for the attribute, sun-idrepo-ldapv3-config-ldap-server" error in AM 6.5.1 when creating or updating the user data store LDAP attributes via ssoadm.
Symptoms
The following error is shown when executing a ssoadm command that updates or creates a data store, for example, update-datastore or create-datastore:
com.sun.identity.cli.CLIException: Message:Data validation failed for the attribute, sun-idrepo-ldapv3-config-ldap-server
The following error is shown in the Configuration debug log when this happens:
amCLI:05/08/2019 10:41:29:750 AM BST: Thread[main,5,main]: TransactionId[unknown]
ERROR: CommandManager.<init>
com.sun.identity.cli.CLIException: Message:Data validation failed for the attribute, sun-idrepo-ldapv3-config-ldap-server
at com.sun.identity.cli.datastore.UpdateDataStore.handleRequest(UpdateDataStore.java:111)
at com.sun.identity.cli.SubCommand.execute(SubCommand.java:296)
at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:217)
at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:139)
at com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:604)
at com.sun.identity.cli.CommandManager.<init>(CommandManager.java:186)
at com.sun.identity.cli.CommandManager.main(CommandManager.java:163)
Caused by: Message:Data validation failed for the attribute, sun-idrepo-ldapv3-config-ldap-server
at com.sun.identity.sm.ServiceSchemaImpl.throwInvalidAttributeValuesException(ServiceSchemaImpl.java:757)
at com.sun.identity.sm.ServiceSchemaImpl.clientEndAttrValidation(ServiceSchemaImpl.java:691)
at com.sun.identity.sm.ServiceSchemaImpl.validatePlugin(ServiceSchemaImpl.java:669)
at com.sun.identity.sm.ServiceSchemaImpl.validateAttrValues(ServiceSchemaImpl.java:606)
at com.sun.identity.sm.ServiceSchemaImpl.validateAttributes(ServiceSchemaImpl.java:354)
at com.sun.identity.sm.ServiceSchemaImpl.validateAttributes(ServiceSchemaImpl.java:323)
at com.sun.identity.sm.ServiceConfig.setAttributes(ServiceConfig.java:544)
at com.sun.identity.cli.datastore.UpdateDataStore.handleRequest(UpdateDataStore.java:92)
... 6 more
Recent Changes
Upgraded to AM 6.5.1.
Causes
The sun-idrepo-ldapv3-config-ldap-server ssoadm property has been renamed to sun-idrepo-ldapv3-config-ldap-server=[n] to allow the priority order of LDAP servers to be specified. This change occurred as a result of OPENAM-5867 (Data Store LDAP server (admin-ordered) list is reordered by OpenAM).
Previously you could specify multiple servers as follows, but the order in which they were entered was not saved:
sun-idrepo-ldapv3-config-ldap-server=localhost:50389 sun-idrepo-ldapv3-config-ldap-server=example.com:1389
Now you can specify them as follows, which sets the priority order:
sun-idrepo-ldapv3-config-ldap-server=[0]=localhost:50389 sun-idrepo-ldapv3-config-ldap-server=[1]=example.com:1389
Note
The change in property name does not affect Amster or REST because this attribute is already multi-valued, for example:
"sun-idrepo-ldapv3-config-ldap-server":["localhost:51389","example.com:1389"],
However, the order in which they are specified is now respected.
Solution
This issue can be resolved by updating your ssoadm scripts or commands to use sun-idrepo-ldapv3-config-ldap-server=[0], sun-idrepo-ldapv3-config-ldap-server=[1] and so on, instead of sun-idrepo-ldapv3-config-ldap-server.
See Also
How do I create a user data store in AM/OpenAM (All versions) using ssoadm?
Setup and Maintenance Guide › Setting Up Identity Data Stores
Related Training
N/A
Related Issue Tracker IDs
OPENAM-5867 (Data Store LDAP server (admin-ordered) list is reordered by OpenAM)