[#1007] Fix setup error "embedded config"+"external user store": missing schema attribute type (#1012)

Author: maximthomas

.github/workflows/build.yml

@@ -102,6 +102,62 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
+      - name: Docker test with an external OpenDJ identity store and an embedded OpenDJ configuration store
+        shell: bash
+        run: |
+          docker network create test-openam
+          docker run --rm -it -d --hostname opendj -p 1389:1389 -p 4444:4444 --name test-opendj --network test-openam openidentityplatform/opendj:latest
+          docker run --rm -it -d --memory="2g" -h openam.example.org --name=test-openam --network test-openam localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
+          
+          echo "waiting for OpenDJ to be alive..."
+          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test-opendj | grep -q \"healthy\"; do sleep 10; done'
+          echo "waiting for OpenAM to be alive..."
+          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test-openam | grep -q \"healthy\"; do sleep 10; done'
+          
+          docker exec -w '/usr/openam/ssoconfiguratortools' test-openam bash -c \
+          'echo "ACCEPT_LICENSES=true
+          SERVER_URL=http://openam.example.org:8080
+          DEPLOYMENT_URI=/$OPENAM_PATH
+          BASE_DIR=$OPENAM_DATA_DIR
+          locale=en_US
+          PLATFORM_LOCALE=en_US
+          AM_ENC_KEY=
+          ADMIN_PWD=ampassword
+          AMLDAPUSERPASSWD=password
+          COOKIE_DOMAIN=example.org
+          DATA_STORE=embedded
+          DIRECTORY_SSL=SIMPLE
+          DIRECTORY_SERVER=localhost
+          DIRECTORY_PORT=1389
+          DIRECTORY_ADMIN_PORT=5444
+          DIRECTORY_JMX_PORT=1689
+          ROOT_SUFFIX=dc=openam,dc=openidentityplatform,dc=org
+          DS_DIRMGRDN=cn=Directory Manager
+          DS_DIRMGRPASSWD=password
+          USERSTORE_TYPE=LDAPv3ForOpenDS
+          USERSTORE_SSL=SIMPLE
+          USERSTORE_HOST=opendj
+          USERSTORE_PORT=1389
+          USERSTORE_SUFFIX=dc=example,dc=com
+          USERSTORE_MGRDN=cn=Directory Manager
+          USERSTORE_PASSWD=password
+          " > conf.file && java -jar openam-configurator-tool*.jar --file conf.file'
+          
+          docker exec test-openam bash -c \
+          'curl \
+           --request POST \
+           --header "Content-Type: application/json" \
+           --header "X-OpenAM-Username: amadmin" \
+           --header "X-OpenAM-Password: ampassword" \
+           --data "{}" \
+           http://openam.example.org:8080/openam/json/authenticate | grep tokenId'
+          
+          docker inspect --format="{{json .State.Health.Status}}" test-openam | grep -q \"healthy\"
+          
+          echo "Stopping containers and removing the network"  
+          docker stop test-opendj test-openam
+          docker network rm test-openam          
+
       - name: Docker test with a dedicated OpenDJ container
         shell: bash
         run: |

openam-core/src/main/java/com/sun/identity/setup/UserIdRepo.java

@@ -282,7 +282,6 @@ private void loadSchema(
                 SetupProgress.reportStart("emb.loadingschema", params);
                 LdifUtils.createSchemaFromLDIF(file, conn);
                 SetupProgress.reportEnd("emb.success", null);
-
                 File f = new File(file);
                 f.delete();
             }

openam-server-only/src/main/resources/config/schemaNames.properties

@@ -25,10 +25,11 @@
 # $Id: schemaNames.properties,v 1.14 2009/10/27 05:30:41 hengming Exp $
 #
 # Portions Copyrighted 2013-2016 ForgeRock AS.
-# Portions Copyrighted 2025 3A Systems LLC.
+# Portions Copyrighted 2025-2026 3A Systems LLC.
 #
 ## OpenDJ external SMS/Configuration Datastore Schema.
 dsSmsSchema=/WEB-INF/template/ldif/opendj/opendj_config_schema.ldif \
+    /WEB-INF/template/ldif/opendj/opendj_config_index.ldif \
     /WEB-INF/template/ldif/sfha/cts-container.ldif \
     /WEB-INF/template/ldif/sfha/cts-add-schema.ldif \
     /WEB-INF/template/ldif/sfha/cts-add-multivalue.ldif \
@@ -79,6 +80,7 @@ tivoliUserSchema=/WEB-INF/template/ldif/tivoli/tivoli_user_schema.ldif \
 
 ##  OpenDJ User Management and SMS/Configuration Datastore Schema. Currently only used by embedded
 opendsSmsSchema=/WEB-INF/template/ldif/opendj/opendj_config_schema.ldif \
+    /WEB-INF/template/ldif/opendj/opendj_config_index.ldif \
     /WEB-INF/template/ldif/opendj/opendj_user_schema.ldif \
     /WEB-INF/template/ldif/opendj/opendj_embinit.ldif \
     /WEB-INF/template/ldif/opendj/opendj_user_index.ldif \

openam-server-only/src/main/webapp/WEB-INF/template/ldif/odsee/odsee_user_index.ldif

@@ -29,14 +29,6 @@ nsSystemIndex: false
 cn: iplanet-am-modifiable-by
 nsIndexType: eq
 
-dn: cn=sunxmlkeyvalue,cn=index,cn=@DB_NAME@,cn=ldbm database,cn=plugins,cn=config
-objectClass: top
-objectClass: nsIndex
-nsSystemIndex: false
-cn: sunxmlkeyvalue
-nsIndexType: eq
-nsIndexType: sub
-
 dn: cn=@ORG_NAMING_ATTR@,cn=index,cn=@DB_NAME@,cn=ldbm database,cn=plugins,cn=config
 objectClass: top
 objectClass: nsIndex

openam-server-only/src/main/webapp/WEB-INF/template/ldif/odsee/odsee_user_schema.ldif

@@ -52,7 +52,6 @@ attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.844 NAME 'sunIdentityServerDeviceType'
 attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.845 NAME 'sunIdentityServerDeviceKeyValue' DESC 'Device Key Value Pair' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sun Java System Identity Management' )
 attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.846 NAME 'sunIdentityServerDeviceStatus' DESC 'Device Status' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Sun Java System Identity Management' )
 attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.847 NAME 'sunIdentityServerSupportedTypes' DESC 'Container Supported Types' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  X-ORIGIN 'Sun Java System Identity Management' )
-attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.84 NAME ( 'sunxmlkeyvalue' ) DESC 'Attribute to store the key values in xml format' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sun Java System Identity Management' )
 attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.73 NAME 'iplanet-am-user-federation-info-key' DESC 'User Federation Information Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sun Java System Identity Management' )
 attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.74 NAME 'iplanet-am-user-federation-info' DESC 'User Federation Information' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sun Java System Identity Management' )
 attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.821 NAME 'sunIdentityServerDiscoEntries' DESC 'User DiscoEntries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sun Java System Identity Management' )

openam-server-only/src/main/webapp/WEB-INF/template/ldif/opendj/opendj_config_index.ldif

@@ -0,0 +1,7 @@
+dn: ds-cfg-attribute=sunxmlkeyvalue,cn=Index,ds-cfg-backend-id=@DB_NAME@,cn=Backends,cn=config
+objectClass: top
+objectClass: ds-cfg-backend-index
+ds-cfg-attribute: sunxmlkeyvalue
+ds-cfg-index-type: equality
+ds-cfg-index-type: substring
+

openam-server-only/src/main/webapp/WEB-INF/template/ldif/opendj/opendj_user_index.ldif

@@ -1,10 +1,3 @@
-dn: ds-cfg-attribute=sunxmlkeyvalue,cn=Index,ds-cfg-backend-id=@DB_NAME@,cn=Backends,cn=config
-objectClass: top
-objectClass: ds-cfg-backend-index
-ds-cfg-attribute: sunxmlkeyvalue
-ds-cfg-index-type: equality
-ds-cfg-index-type: substring
-
 dn: ds-cfg-attribute=memberof,cn=Index,ds-cfg-backend-id=@DB_NAME@,cn=Backends,cn=config
 objectClass: top
 objectClass: ds-cfg-backend-index

openam-server-only/src/main/webapp/WEB-INF/template/ldif/opendj/opendj_user_schema.ldif

@@ -25,6 +25,7 @@
 ##   $Id: opends_user_schema.ldif,v 1.3 2009/11/13 00:16:03 qcheng Exp $
 ##
 ##   Portions Copyrighted 2013-2015 ForgeRock AS.
+##   Portions Copyrighted 2026 3A Systems LLC.
 ##
 
 dn: cn=schema