Solutions
Archived

Upgrade to OpenAM 12.0.0 or 12.0.1 fails with Entry Already Exists exception when CTS store is external with non-default suffix

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if your upgrade to OpenAM 12.0.0 or 12.0.1 fails with "Entry Already Exists" exception when CTS store is external with a non-default suffix.


1 reader recommends this article

Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

An error similar to the following is shown in the amUpgrade log when the upgrade fails:

amUpgrade:08/10/2015 11:29:48:557 AM BST: Thread[http-bio-8080-exec-10,5,main] ERROR: An error occurred while processing /WEB-INF/template/ldif/sfha/cts-container.ldif org.forgerock.opendj.ldap.ErrorResultIOException: org.forgerock.opendj.ldap.ConstraintViolationException: Entry Already Exists: The entry ou=tokens,dc=example,dc=com cannot be added because an entry with that name already exists at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:109) at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:56) at org.forgerock.opendj.ldif.ChangeRecordVisitorWriter.visitChangeRecord(ChangeRecordVisitorWriter.java:59) at org.forgerock.opendj.ldif.ChangeRecordVisitorWriter.visitChangeRecord(ChangeRecordVisitorWriter.java:39) at org.forgerock.opendj.ldap.requests.AddRequestImpl.accept(AddRequestImpl.java:58) at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:131) at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:56) at org.forgerock.openam.upgrade.DirectoryContentUpgrader.processLDIF(DirectoryContentUpgrader.java:180) at org.forgerock.openam.upgrade.DirectoryContentUpgrader.upgrade(DirectoryContentUpgrader.java:212) at org.forgerock.openam.upgrade.steps.UpgradeDirectoryContentStep.perform(UpgradeDirectoryContentStep.java:72) at org.forgerock.openam.upgrade.UpgradeServices.upgrade(UpgradeServices.java:186) at com.sun.identity.config.upgrade.Upgrade.doUpgrade(Upgrade.java:79) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

Recent Changes

Upgrade to OpenAM 12.0.0 or 12.0.1 where you have an external config, separate CTS store and a different suffix used for the external CTS store

Causes

When upgrading to OpenAM 12.0.0 or 12.0.1 and an external CTS is configured, a bug in the upgrader process can cause OpenAM to connect to the configuration store instead of the external CTS directory when verifying the CTS backend exists. Since the CTS suffix does not exist in this store, it causes the upgrade to fail with an Entry Already Exists error.

Solution

This issue can be resolved by upgrading to OpenAM 12.0.2 or later; you can download this from BackStage.

See Also

Upgrade to OpenAM 12.0.0 or 12.0.1 hangs in DirectoryContentUpgrader when configuration and CTS stores are external

Upgrade to AM 5.x or 6.x fails when anonymous access is disabled in DS

Best practice for upgrading to OpenAM 12.x

Related Training

N/A

Related Issue Tracker IDs

OPENAM-6457 (DirectoryContentUpgrader causes Entry Already Exists exception for CTS suffix when upgrading OpenAM)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.