Skip to main content
H
HJ115-Moonstone
15-Moonstone
October 1, 2024
Solved

OpenDJ Control Panel error "The entry is not correct..."

  • October 1, 2024
  • 1 reply
  • 2624 views

Version: Windchill 12.1

 

Use Case: OpenDJ Control Panel issue.


Description:

Hi,

 

I'm very much feeling like a noobie with everything related to Windchill DS and now OpenDJ (ver. 4.6.5 on Win Server 2022)...

 

In Control Panel I started encountering issues with accessing the lowest levels of the branches. If I click on them the entries are not shown and the GUI starts asking about Unsaved Changes. When I clicked the save option there's "Error: The entry is not correct. Details: the DN is not valid."

 

I've read the Control Panel may have issues with ldif file encoding, characters etc. Could this be it? Looking at the file contents it seems ok compared to similar from WindchillDS on another server.

 

What to do?

 

Best answer by HJ1

After a while...

Came across something possibly related. There was / is in our OpenDJ log file errors e.g.

"The import has been aborted because the entry 'ou=people,cn=AdministrativeLdap,cn=Windchill_11.1,o=ptc' does not have a parent entry"

which is mentioned here.

 

The import has been aborted because the entry does not have a parent entry · Issue #438 · OpenIdentityPlatform/OpenDJ

 

Version was 4.6.5, fix provided in 4.8.2

Releases · OpenIdentityPlatform/OpenDJ

 

 

1 reply

avillanueva
23-Emerald I
avillanueva23-Emerald I
23-Emerald I
October 1, 2024

Screen shots or more detailed logs would help. Did you successfully import your data? 

H
HJ115-MoonstoneAuthor
15-Moonstone
October 2, 2024

It is the configuration branch entries namingService, servlet, rpc etc from WindchillDS (used for upgrade 11.1 -> 12.1) and which were there also when migrating to OpenDJ (yes I know "configuration" can be deleted, but should it be). This level shows nothing and clicking elsewhere suggests Unsaved changes.

During migration I've followed all the CS related and it worked ok. Now I did some tests with OpenDJ, prior to it took a backup and export ldif. Now reimporting the same is successful, but there's the mentioned issues.

I don't see anything in the logs. I did "Rebuild Indexes" but this changed nothing. 

In the screenshot notice how "Base DN:" selection is greyed out.

M
mmeadows-316-Pearl
16-Pearl
October 2, 2024

We must use PTC's WindchillDS for the upgrade process.

During upgrade, organizations and groups are migrated into Windchill and the entire cn=configuration,cn=Windchill_11.1,o=ptc structure is migrated into JSON files in %wt_home%\IEConf.

Post-upgrade, we must cleanup the DN structure.  I would do this in WindchillDS, before export/import into OpenDJ.

 

1. Delete cn=configuration,cn=Windchill_11.1,o=ptc

Compare the entries in cn=Windchill_11.1,o=ptc and cn=Windchill_12.1,o=ptc to determine where your user accounts reside.  They should be in the cn=Windchill_12.1,o=ptc structure, but just ensure they aren't in both.

Check the database to see where Windchill thinks they reside:

select remoteObjectId from RemoteObjectId where remoteObjectId like '%cn=Windchill_11.1,o=ptc';

select remoteObjectId from RemoteObjectId where remoteObjectId like '%cn=Windchill_12.1,,o=ptc';

The goal is to migrate everything to the cn=Windchill_12.1,o=ptc node and delete the cn=Windchill_11.1,o=ptc node.

When cleanup is complete, the only structure remaining in WindchillDS should be the participants (users) under cn=Windchill_12.1,o=ptc.

 

2. Determine if both Administrative and Enterprise branches are necessary.  They are in my environments because I separate organization participants from site participants.  But many companies don't bother with that distinction and ignore WinDU when it complains about participants assigned to the wrong domains.  If all accounts are in the Administrative LDAP, you could eliminate the EnterpriseLDAP branch and JNDI Adapter.

 

3. Ensure the upgrade Site Administrator account's name is wcadmin and no longer includes 'Administrator' as a second name.  Also ensure 'wcadmin', and not 'Administrator' is used in site.xconf.

 

4. This is the last upgrade that will mess with LDAP entries.  So, when continuing forward with OpenDJ, I clean up the structure to remove the Windchill version from the DNs (cn=Windchill,o=ptc).  Export the LDIF, use search and replace in the LDIF file, and then import into OpenDJ.  On the DB side, update all DNs (SQL Server command): update RemoteObjectID set remoteObjectId=replace(remoteObjectId,cn=windchill_11.1,o=ptc,cn=windchill_12.1,o=ptc) where remoteObjectId like '%cn=windchill_11.1,o=ptc';

When migrating to Active Directory or any other corporate LDAP, the entire nodal structure changes anyway.

 

At this point, the entire structure should only have user accounts in it.  Now export from WindchillDS and import into OpenDJ.

https://www.ptc.com/en/support/article/CS392017

https://community.ptc.com/t5/Windchill/who-is-using-V3-ldaps-other-than-WCDS11-2-for-windchill-12-0-1-x/m-p/797478#M66922

Only OpenDJ should be running and Windchill should start without issue.

 

FYI: For OpenDJ, I use "cn=Manager" like PTC did with WindchillDS.

https://community.ptc.com/t5/Windchill/Problem-Installing-OpenDJ/m-p/939834#M79374%3Fsource=search

Terms & ConditionsAccessibility statement