pranavjo Absent Member.
Absent Member.
1118 views

Migrate SSPR LocalDB data to External DB

Is there any way to migrate data from Local DB that SSPR is using to an external DB (Oracle)?
I am primarily referring to users' challenge-response data.
0 Likes
5 Replies
Knowledge Partner
Knowledge Partner

Re: Migrate SSPR LocalDB data to External DB

I do not see why not. I have heard several times that the database use
for Self Service Password Reset (SSPR) is pretty standard, so it is
probably little more than exporting the database with tables, import into
the new environment, and then change SSPR's configuration to point to the
new setup. I'm not sure if it is exactly that easy, as there may be
environment-specific encryption keys that need to be moved over, but the
database structures themselves are probably compatible.

With that said, I've never pointed SSPR to an Oracle DB so I've never had
a chance to do this. I could probably try it with something PostgreSQL or
MariaDB/MySQL.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
pranavjo Absent Member.
Absent Member.

Re: Migrate SSPR LocalDB data to External DB

Ok, so I found out https://www.netiq.com/documentation/sspr3/adminguide/data/b15m8ho3.html?view=print, which details steps for export/import.
But when I try and run ./Command.sh ExportResponses <filename> it ends up in an error,
(the following is part of the complete trace)
............
WARN , localdb.LocalDBFactory, error while initializing LocalDB instance: 5052 ERROR_PWMDB_UNAVAILABLE (error opening DB: Failed to start database '/var/opt/novell/tomcat7/webapps/sspr/WEB-INF/./LocalDB/derby-db' with class loader sun.misc.Launcher$AppClassLoader@f507d2, see the next exception for details.)
Exception in thread "main" password.pwm.util.localdb.LocalDBException: 5052 ERROR_PWMDB_UNAVAILABLE (error opening DB: Failed to start database '/var/opt/novell/tomcat7/webapps/sspr/WEB-INF/./LocalDB/derby-db' with class loader sun.misc.Launcher$AppClassLoader@f507d2, see the next exception for details.)
...........

The DB is available though, the application is running and using the same DB.

Also, in another environment, running the same does not give the the DB unavailable error (and I can successfully run ./Command.sh with other options), but when I try and export the DB, it throws another error.

WARN , config.ConfigurationReader, configuration settings have been modified since the file was saved by pwm
ERROR, stats.StatisticsManager, unable to write to pwmDB, will remain closed, error: cannot allow mutation operation; LocalDB is in read-only mode
WARN , pwm.PwmApplication, unable to add email to queue: 5039 ERROR_CLOSING
util.IntruderManager, error cleaning userStore: cannot allow mutation operation; LocalDB is in read-only mode
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate SSPR LocalDB data to External DB

Have you tried running the script with a bit more path, kind of like how
it is shown in the example?

Alternatively, have you tried enabling shells script debugging to see if
any of the commands look interesting?


bash -xv ./webapps/sspr/WEB-INF/Command.sh


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
pranavjo Absent Member.
Absent Member.

Re: Migrate SSPR LocalDB data to External DB

Got through the previous one (was making mistake of not shutting down service), but now there is another one when I run the ExportResponses.
The system seems to process for long time when I run ./Command.sh ExportResponses <filename> but then terminates with the below error.
I tried looking for the error code, but didn't find anything concrete.

SSPR v4.1.0.6 b412 r39267 Command Line Utility
applicationPath=/var/opt/novell/ssprconf
environment initialized

password.pwm.error.PwmUnrecoverableException: 5015 ERROR_UNKNOWN (unexpected error during ldap search (profile=default), error: 5015 ERROR_UNKNOWN (ldap error during searchID=0, error=javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]))
at password.pwm.ldap.UserSearchEngine.performMultiUserSearchImpl(UserSearchEngine.java:382)
at password.pwm.ldap.UserSearchEngine.performMultiUserSearch(UserSearchEngine.java:255)
at password.pwm.util.cli.commands.ExportResponsesCommand.doCommand(ExportResponsesCommand.java:64)
at password.pwm.util.cli.commands.AbstractCliCommand.execute(AbstractCliCommand.java:60)
at password.pwm.util.cli.MainClass.executeCommand(MainClass.java:295)
at password.pwm.util.cli.MainClass.main(MainClass.java:266)

TIA
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrate SSPR LocalDB data to External DB

You may want to check the ndstrace to see what is happening LDAP-wise
(assuming you are pointed to eDirectory). NOrmally eDirectory does not
have a time limit,but you may have set one, or your LDAP client (SSPR) may
be setting one. Seeing what ndstrace is doing may help you get some data
to use to speed up the LDAP operations.


ldapconfig set 'LDAP Screen Level=all';
ndstrace
set dstrace=nodebug
dstrace +time +tags +ldap
dstrace file on
set dstrace=*r
#Perform Command.sh test here
dstrace file off
quit


The default path to the log is /var/opt/novell/eDirectory/log/ndstrace.log


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.