Observing the error "OpenLDAP password could not be changed" during LDAP upgrade

We are seeing the following error during LDAP upgrade:

Error: OpenLDAP password could not be changed 
Error: /apigee/apigeeinst/apigee-service/bin/apigee-service exited with unexpected status 1 [2017-11-24 08:56:18 PM] 
Error: update.sh: /apigee/apigeeinst/apigee-service/bin/apigee-service exited with unexpected status 1 

Can someone please help on this one ?

Solved Solved
0 3 1,315
1 ACCEPTED SOLUTION

Investigated the issue as follows and was able to resolve the issue:
  1. Added "set -x" at the beginning of the following file /opt/apigee/apigee-openldap/lib/actions/setup
  2. Re-ran the LDAP upgrade script.
  3. Checked the debug information and found the following information:
    ++ echo 'Set LDAP ROOTDN password'
    Set LDAP ROOTDN password
    ++ echo
    ++ CHECKED_LDAP_CALL 49 /apigee/apigeeinst/apigee-service/bin/apigee-service apigee-openldap change-ldap-password -o secret -n apimgmtroot
    Error: OpenLDAP password could not be changed
    Error: /apigee/apigeeinst/apigee-service/bin/apigee-service exited with unexpected status 1
    Error: update.sh: /apigee/apigeeinst/apigee-service/bin/apigee-service exited with unexpected status 1
  4. This explained that the upgrade script is trying to change the old password "secret" to the new password "apimgmtroot", but it failed.
    • This could be possible most likely because the old password is incorrect or in other words it is modified to something else.
  5. We checked and found that the LDAP password was set as "apimgmtroot" by someone.
  6. We changed the password back to "secret" as follows:
    /apigee/apigeeinst/apigee-service/bin/apigee-service apigee-openldap change-ldap-password -o apimgmtroot -n secret
    	
  7. Re-ran the LDAP upgrade script.

The upgrade completed successfully.

View solution in original post

3 REPLIES 3

Investigated the issue as follows and was able to resolve the issue:
  1. Added "set -x" at the beginning of the following file /opt/apigee/apigee-openldap/lib/actions/setup
  2. Re-ran the LDAP upgrade script.
  3. Checked the debug information and found the following information:
    ++ echo 'Set LDAP ROOTDN password'
    Set LDAP ROOTDN password
    ++ echo
    ++ CHECKED_LDAP_CALL 49 /apigee/apigeeinst/apigee-service/bin/apigee-service apigee-openldap change-ldap-password -o secret -n apimgmtroot
    Error: OpenLDAP password could not be changed
    Error: /apigee/apigeeinst/apigee-service/bin/apigee-service exited with unexpected status 1
    Error: update.sh: /apigee/apigeeinst/apigee-service/bin/apigee-service exited with unexpected status 1
  4. This explained that the upgrade script is trying to change the old password "secret" to the new password "apimgmtroot", but it failed.
    • This could be possible most likely because the old password is incorrect or in other words it is modified to something else.
  5. We checked and found that the LDAP password was set as "apimgmtroot" by someone.
  6. We changed the password back to "secret" as follows:
    /apigee/apigeeinst/apigee-service/bin/apigee-service apigee-openldap change-ldap-password -o apimgmtroot -n secret
    	
  7. Re-ran the LDAP upgrade script.

The upgrade completed successfully.

Hi Amar,

We are also facing same issue but above solution didn't work. We had separate password during ldap instllation and during upgrade getting below error:

Set LDAP ROOTDN password
Error: OpenLDAP password could not be changed
Importing ppolicy olcOverlay
Configure Apigee DIT
ldap_add: Already exists (68)
adding new entry "dc=apigee,dc=com"
ldap_add: Already exists (68)
adding new entry "ou=global,dc=apigee,dc=com"
ldap_add: Already exists (68)
adding new entry "ou=organizations,dc=apigee,dc=com"
ldap_add: Already exists (68)
adding new entry "ou=permissions,dc=apigee,dc=com"
ldap_delete: Operation not allowed on non-leaf (66)
        additional info: subordinate objects must be deleted first
Error: ldapdelete exited with unexpected status 66 

Not applicable
@Amar - ldap_delete: No such object (32)
        matched DN: ou=pwpolicies,dc=apigee,dc=com
ldap_delete: No such object (32)
        matched DN: ou=pwpolicies,dc=apigee,dc=com
ldap_delete: Operation not allowed on non-leaf (66)
        additional info: subordinate objects must be deleted first
Error: ldapdelete exited with unexpected status 66
Error: update.sh: /opt/apigee/apigee-service/bin/apigee-service exited with unexpected status 66