If you are running in to the Opensso issue 3955


While configuring the OpenSSO(build 6) server
against Sun Directory Server to store the configuration data, if you
have selected  different passwords for the ‘amadmin’ user and for the
DSEE Bind DN user(for eg: cn=directory manager), then  the command line
tool ‘ssoadm’ will fail on certain circumstances.

This issue
does not happen when OpenSSO server is configured with default
configuration store. There are two workarounds to resolve the issue.

  1. Create cn=dsameuser entry under the configuration directory server
  2. Update the serverconfig.xml in the configuration store

later option is recommended to the production customers

for instance when you invoke the ‘list-server-cfg’ subcommand you might see following type of error messages in the command window 

Run the following sequence of steps 

Step 1

Login as amadmin user to the OpenSSO Console, and access ssoadm.jsp

Step 2

Get the existing serverconfig.xml and save it in a text file

Step 3

Encode the ‘amadmin’ passwd using the encode.jsp

Step 3a

Edit the serverconfig.xml dumped from step 1 to include the correct encrypted password of amadmin to the  following users

  • User1: puser
  • User2: dsameuser

Make sure you dont update the password for the Server group named ‘sms’ that has the correct password

Step 4

Load the new serverconfig.xml with the change

Workaround Option 2

 Create following entries in your Configuration Directory Server

dn: ou=dsame users,ROOT_SUFFIX
objectClass: top
objectClass: organizationalUnit
dn: cn=dsameuser,ou=DSAME Users, ROOT_SUFFIX
objectclass: inetuser
objectclass: organizationalperson
objectclass: person
objectclass: top
cn: dsameuser
sn: dsameuser
userPassword: AMADMIN_PASSWD