Upgrade to OpenAM 12.0.0 or 12.0.1 fails with Entry Already Exists exception when CTS store is external with non-default suffix
The purpose of this article is to provide assistance if your upgrade to OpenAM 12.0.0 or 12.0.1 fails with "Entry Already Exists" exception when CTS store is external with a non-default suffix.
1 reader recommends this article
Archived
This article has been archived and is no longer maintained by ForgeRock.
Symptoms
An error similar to the following is shown in the amUpgrade log when the upgrade fails:
amUpgrade:08/10/2015 11:29:48:557 AM BST: Thread[http-bio-8080-exec-10,5,main] ERROR: An error occurred while processing /WEB-INF/template/ldif/sfha/cts-container.ldif org.forgerock.opendj.ldap.ErrorResultIOException: org.forgerock.opendj.ldap.ConstraintViolationException: Entry Already Exists: The entry ou=tokens,dc=example,dc=com cannot be added because an entry with that name already exists at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:109) at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:56) at org.forgerock.opendj.ldif.ChangeRecordVisitorWriter.visitChangeRecord(ChangeRecordVisitorWriter.java:59) at org.forgerock.opendj.ldif.ChangeRecordVisitorWriter.visitChangeRecord(ChangeRecordVisitorWriter.java:39) at org.forgerock.opendj.ldap.requests.AddRequestImpl.accept(AddRequestImpl.java:58) at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:131) at org.forgerock.opendj.ldif.ConnectionChangeRecordWriter.writeChangeRecord(ConnectionChangeRecordWriter.java:56) at org.forgerock.openam.upgrade.DirectoryContentUpgrader.processLDIF(DirectoryContentUpgrader.java:180) at org.forgerock.openam.upgrade.DirectoryContentUpgrader.upgrade(DirectoryContentUpgrader.java:212) at org.forgerock.openam.upgrade.steps.UpgradeDirectoryContentStep.perform(UpgradeDirectoryContentStep.java:72) at org.forgerock.openam.upgrade.UpgradeServices.upgrade(UpgradeServices.java:186) at com.sun.identity.config.upgrade.Upgrade.doUpgrade(Upgrade.java:79) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)Recent Changes
Upgrade to OpenAM 12.0.0 or 12.0.1 where you have an external config, separate CTS store and a different suffix used for the external CTS store
Causes
When upgrading to OpenAM 12.0.0 or 12.0.1 and an external CTS is configured, a bug in the upgrader process can cause OpenAM to connect to the configuration store instead of the external CTS directory when verifying the CTS backend exists. Since the CTS suffix does not exist in this store, it causes the upgrade to fail with an Entry Already Exists error.
Solution
This issue can be resolved by upgrading to OpenAM 12.0.2 or later; you can download this from BackStage.
See Also
Upgrade to AM 5.x or 6.x fails when anonymous access is disabled in DS
Related Training
N/A