000024579 - AXM - 'internal 500 error' when clicking on update on a user in admingui

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024579
Applies ToClearTrust Authorization Server 6.0.2
Microsoft Windows Windows Server SP1
6.02 AXM server is a new installation, however the ldap backend datastore was created originally to support a Cleartrust 5.5.3 installation then migrated to 6.02.
The upgrade document states when migrating from 5.5.3 backend datastore, you must run the script ldap_55_to_60.sh (for unix, or ldap_55_to_60.bat for windows).
The ldap_55_to_60.(bat/sh) script automatically updates the backend datastore by adding and populating the attribute "ctscAdministrativeGroupQualifiedName" to entries in the in the ou=ctscAdminRepository branch of the backend ldap datastore.  This attribute is both new and required in AXM 6.X, but was not used or available in CT 5.5.3.
The backend datastore is iPlanet 5.1 ldap.  The schema was successfully migrated from 5.5.3 to 6.X without issue, as  the only step on the actual ldap server is to replace the 60rsa-cleartrust.ldif in the $NSROOT/slapd-<instance>/config/schema with the new schema file from 6.X installation media as directed in the upgrade guide.
IssueAXM - getting "internal 500 error" when he clicks update in admingui

When hitting the "update" box to save changes for any user, regardless of what field is being updated, admingui returns: Error 500--Internal Server Error  

The same behavior is true when attempting to create or delete a user, however viewing users does not produce the fault and works correctly.


The admingui web container in this configuration is WebLogic 9.02, however the problem is independent which container is being used, the same problem will occur if tomcat is being used

Here is the trace dump produced in the admingui window

14:04:09:596 [*] [APIClientProxy-2] - Thread requesting stream.
sirrus.da.exception.NoSuchEntryException: The result set does not contain any entries.
at sirrus.da.ldap.util.LDAPConnection.getSingleEntry(LDAPConnection.java:614)
at sirrus.da.ldap.admin.factory.LDAPAdministrativeGroupFactory.searchForAdministrativeGroupByName(LDAPAdministrativeGroupFactory.java:225)
at sirrus.da.ldap.admin.factory.LDAPAdministrativeGroupFactory.getAdministrativeGroupByName(LDAPAdministrativeGroupFactory.java:265)
at sirrus.da.admin.factory.sort.SortingAdministrativeGroupFactory.getAdministrativeGroupByName(SortingAdministrativeGroupFactory.java:58)
at sirrus.da.admin.AdministrativeGroup.getByName(AdministrativeGroup.java:173)
at sirrus.api.command.read.specific.GetAdminGroupByNameCmd.execute(GetAdminGroupByNameCmd.java:48)
at sirrus.api.command.APICmdStrategy.executeCmd(APICmdStrategy.java:209)
at sirrus.api.command.APICmdStrategy.executeOn(APICmdStrategy.java:89)
at sirrus.util.strategy.StrategyManager.executeStrategyFor(StrategyManager.java:141)
at sirrus.api.server.APIClientProxy.executeCmd(APIClientProxy.java:1002)
at sirrus.api.server.APIClientProxy.run(APIClientProxy.java:742)
14:04:09:597 [*] [APIClientProxy-2] - Thread requesting stream.
Object not found (RC_OBJ_NOT_FOUND): The result set does not contain any entries.
at sirrus.api.command.APICmdStrategy.executeCmd(APICmdStrategy.java:226)
at sirrus.api.command.APICmdStrategy.executeOn(APICmdStrategy.java:89)
at sirrus.util.strategy.StrategyManager.executeStrategyFor(StrategyManager.java:141)
at sirrus.api.server.APIClientProxy.executeCmd(APIClientProxy.java:1002)
at sirrus.api.server.APIClientProxy.run(APIClientProxy.java:742)
14:04:09:598 [*] [APIClientProxy-2] - Return code is 2 msg is Object not found (RC_OBJ_NOT_FOUND): The result set does not contain any entries.


When turning on search profiling thru the below parameter in ldap.conf on:
cleartrust.data.ldap.show_search_profiling :true
And changing the eserver startup script to log the debug output to a file 
# Uncomment to send output (including debug tracing, if enabled)
OUTFILE=c:\temp\eserver-$DATE.out
 
The debug log shows:
 
12:52:13:010 [*] [APIClientProxy-0] - APIServer: about to execute command key getAdminGroupByName logged in is true
12:52:13:013 [*] [APIClientProxy-0] - Thread requesting stream.
java.lang.NullPointerException
at sirrus.da.ldap.util.LDAPStore.escapeSearchString(LDAPStore.java:60)
at sirrus.da.ldap.admin.factory.LDAPAdministrativeGroupFactory.searchForAdministrativeGroupByName(LDAPAdministrativeGroupFactory.java:219)
at sirrus.da.ldap.admin.factory.LDAPAdministrativeGroupFactory.getAdministrativeGroupByName(LDAPAdministrativeGroupFactory.java:265)
at sirrus.da.admin.factory.sort.SortingAdministrativeGroupFactory.getAdministrativeGroupByName(SortingAdministrativeGroupFactory.java:58)
at sirrus.da.admin.AdministrativeGroup.getByName(AdministrativeGroup.java:173)
at sirrus.api.command.read.specific.GetAdminGroupByNameCmd.execute(GetAdminGroupByNameCmd.java:48)
at sirrus.api.command.APICmdStrategy.executeCmd(APICmdStrategy.java:209)
at sirrus.api.command.APICmdStrategy.executeOn(APICmdStrategy.java:89)
at sirrus.util.strategy.StrategyManager.executeStrategyFor(StrategyManager.java:141)
at sirrus.api.server.APIClientProxy.executeCmd(APIClientProxy.java:1002)
at sirrus.api.server.APIClientProxy.run(APIClientProxy.java:742)
12:52:13:014 [*] [APIClientProxy-0] - Return code is 5 msg is java.lang.NullPointerException
ResolutionRegardless of whether the AXM 6.02 installation is a brand new installation, if the backend ldap datastore previously was supporting an older instance CT 5.5.3 then migrated, you must run ldap_5.5_to_6.0.bat on windows or ldap_5.5_to_6.0.sh on unix.  This script is available in the 6.02 patch installation bundle upgrade.  If the ldap datastore server and the AXM server are run on independent servers, you will run the  ldap_5.5_to_6.0 on the AXM server.
Legacy Article IDa39523

Attachments

    Outcomes