0

I am currently working on a project that uses OpenAM 12.0.2 with OpenDJ 2.6

We had a requirement to make the username editable. So, we ended up creating a custom ldap attribute called loginId and updating OpenAM config to use this attribute instead of uid.

When I import less than 4000 users, login works fine. When I import 4000+ users login doesn't work for any user, even 1 of the first 4000 users in the directory.

I can manually ldapsearch for the users and they exist in the directory, but I can't login with any of them.

We get an "Authorization failed!!" error, which is different to the usual username/password doesn't match error.

If anyone could shed any light on this, I would appreciate it.

Thanks

Edit Here is the attribute definition I am now using.

attributeTypes: ( 1.3.6.1.4.1.37238.2.9 NAME 'loginId' DESC 'username (that can be updated)' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'project schema')

I have rebuilt the indices and still having the same problem :(

MajorCaiger
  • 1,893
  • 1
  • 12
  • 18

1 Answers1

2

That is probably because your instance of OpenDJ is configured to reject unindexed search request and you haven't defined and built an index for the loginID attribute.

Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30
  • Thanks for the reply. That was my theory, however I couldn't figure out how to add the index. I am quite new to ldap/ldif – MajorCaiger Jan 19 '16 at 09:19
  • Thanks for the pointer! For some reason defining the EQUALITY index in the ldif didn't work, but creating the index with dsconfig did the trick! – MajorCaiger Jan 19 '16 at 13:45