How To

How do I re-create a bootstrap file for OpenAM 13.x if the bootstrap file has become corrupt?

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if you need to re-create a bootstrap file for OpenAM if the bootstrap file has become corrupt. This article also provides information about the bootstrap file, including what information it contains.

1 reader recommends this article


This article has been archived and is no longer maintained by ForgeRock.


OpenAM uses the bootstrap file to find its configuration when initializing.

Initially, OpenAM looks at the path specified in the bootstrap locator file (AMConfig_[path_to_openam], which is located in the $HOME/.openamcfg/ directory of the user running the web application container). This file identifies the configuration directory where the bootstrap file is located; the bootstrap file contains details of the configuration store.

A typical bootstrap file (with URL encoding removed to improve readability) looks like this:

ldap://localhost:50389/,ou=DSAME Users,dc=openam,dc=forgerock,dc=org&pwd=AQIC5wM2LY4z9R5f8R&dsbasedn=dc=openam,dc=forgerock,dc=org&dsmgr=cn=Directory Manager&dspwd=AQIC5wM2LY4z9R5f8R&ver=1.0


  • localhost:50389 - hostname and port of the directory server used for the OpenAM configuration store.
  • - URL of the OpenAM instance.
  • cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org - DN of the dsameuser (see How do I change the dsameuser password in AM 5.x or 6.x? for further information on this user).
  • AQIC5wM2LY4z9R5f8R (1st occurrence) - encrypted password for dsameuser.
  • dc=openam,dc=forgerock,dc=org - Base DN.
  • cn=Directory Manager - directory admin user.
  • AQIC5wM2LY4z9R5f8R (2nd occurrence) - encrypted password for the directory admin user.

By default, the dsameuser has the same password as amadmin and the Directory Manager if you are using an embedded configuration store.

Re-creating a bootstrap file

Ideally you should restore the bootstrap from a backup; if you do not have a valid backup, you should re-create the bootstrap file as follows:

Install a new separate OpenAM instance using the same passwords and configuration store as the one for which you are trying to re-create the bootstrap file. The passwords are hashed in the bootstrap file, but providing you use the same passwords, the resulting passwords hash will be the same. You can then copy the bootstrap file from this new instance to the instance with the corrupted bootstrap file.

See Also

How do I change the amadmin password in AM 5.x?

How do I change the dsameuser password in AM 5.x or 6.x?

Default Configuration page shown instead of Login page in AM (All versions)

How do I migrate from an embedded to external DS in AM 5.x or 6.x?

Related Training


Related Issue Tracker IDs

OPENAM-5971 (The Bootstap file needs a method for fast recovery in the event of corruption)

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.