NetIQ-ACDI: Error 500 and 403 after installing ACDI

Hi
I have installed ACDI available in the IDM 4.9 release connecting to a NetIQ eDirectory 9.2.7 v40208.00 (I don't feel like the eDirectory version could be important).
When I log in to "">server:3190/opensearch" with osadmin I get an error with message "403 Forbidden: You seem to be trying to find his way home".
When I log in to "">https://server:3190/home" i Get these errors
> GET_DASHBOARDS: Request failed with status code 500
> GET_DASHBOARDS_ADDONS: Request failed with status code 500
> GET_REPORTS: Request failed with status code 500
> GET_STATUS: Request failed with status code 500

I have followed all the installations steps described in "NetIQ Identity Manager Audit, Compliance & Data Intelligence Guide" of May 2024
I have also modified the java options in all scripts or config files I have found adding -Xms512m -Xmx4096m.
But nothing works.
What I'm doing wrong?

Thanks and best regards

Thanks and best regards

Tags:

  • 0  

    Hi Jordi

    Do you have FW on your Linux box disabled (or enabled)?

    Do you have OpenSearch started?

  • 0 in reply to   

    Hi al_b, thanks for your help

    I have disabled firewall and restarted the opensearch service but still have the same error: 

    suseacdi:/opt/acdi/acdi_v24_2 # systemctl stop firewalld.service

    suseacdi:/opt/acdi/acdi_v24_2 # systemctl status firewalld
    â—‹ firewalld.service - firewalld - dynamic firewall daemon
    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
    Active: inactive (dead) since Tue 2024-11-12 07:57:03 CET; 9min ago
    Docs: man:firewalld(1)
    Process: 758 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
    Main PID: 758 (code=exited, status=0/SUCCESS)

    Nov 12 07:50:56 suseacdi systemd[1]: Starting firewalld - dynamic firewall daemon...
    Nov 12 07:51:03 suseacdi systemd[1]: Started firewalld - dynamic firewall daemon.
    Nov 12 07:57:03 suseacdi systemd[1]: Stopping firewalld - dynamic firewall daemon...
    Nov 12 07:57:03 suseacdi systemd[1]: firewalld.service: Deactivated successfully.
    Nov 12 07:57:03 suseacdi systemd[1]: Stopped firewalld - dynamic firewall daemon.
    suseacdi:/opt/acdi/acdi_v24_2 #

    suseacdi:/opt/acdi/acdi_v24_2 # sudo systemctl stop opensearch
    suseacdi:/opt/acdi/acdi_v24_2 # sudo systemctl start opensearch
    suseacdi:/opt/acdi/acdi_v24_2 # sudo systemctl status opensearch
    â—Ź opensearch.service - Opensearch
    Loaded: loaded (/etc/systemd/system/opensearch.service; enabled; vendor preset: disabled)
    Active: active (running) since Tue 2024-11-12 08:05:32 CET; 3s ago
    Main PID: 12468 (bash)
    Tasks: 16
    CGroup: /system.slice/opensearch.service
    ├─ 12468 /bin/bash /opt/acdi/acdi_v24_2/opensearch-2.8.0/bin/opensearch
    ├─ 12525 bash bin/opensearch-keystore has-passwd --silent
    └─ 12527 /opt/acdi/acdi_v24_2/opensearch-2.8.0/jdk/bin/java -Xshare:auto -Xms512m -Xmx4096m -XX:+UseSerialGC -Xms512m -Xmx1024m -Dopensearch.path.home=/opt/acdi/acdi_v24_2/opensear>

    Nov 12 08:05:32 suseacdi systemd[1]: Started Opensearch.

  • 0   in reply to 

    Hi Jordi,

    What OS did you install ACDI on? Were there other services running on the server as well or was it dedicated for ACDI? How much memory did the server have? Please notice that the system requirements for ACDI ask for 16 Gb of memory in the server. Is this condition met?

    If the problem persists, I'd suggest that you log a case with support so we can take a closer look at the problem.

  • 0 in reply to   

    Hi

    Is a suse server

    NAME="SLES"
    VERSION="15-SP5"
    VERSION_ID="15.5"
    PRETTY_NAME="SUSE Linux Enterprise Server 15 SP5"

    there were no other services, I created the machine from scratch.

    Is running as a guest in a Virtualbox machine.

    The host has 16GB ram and virutalbox only allow me to use GB

    suseacdi:~ # free -m
    total used free shared buff/cache available
    Mem: 10251 804 9248 17 451 9446
    Swap: 2045 0 2045

    Is there any configuration to skip the check of this requirement of ram?

  • Verified Answer

    +1   in reply to 

    Jordi, the least amount I've managed to get ACDI to run on was 12 Gb. The reason why it fails to load is that most processes preallocate a considerable amount of memory for Heap space. The parameters:


    -Xms4g
    -Xmx4g

    In file /opt/acdi/opensearch-2.8.0/config/jvm.options is one of the biggest chunks. For a demo system and low load, you could try reducing the Xms or both. 

    If this is not sufficient, try editing file /opt/acdi/AuditExport/audit-export.service and modify the Xms and Xmx parameters there (2G each)

    I expect that if you reduce Xms of opensearch to 2g and the audit export to 1g, you might be able to start it. The alternative is to get yourself some more memory and meet the minimal requirements.

  • 0 in reply to   

    Hi

    I jave tested modifying 

    /opt/acdi/acdi_v24_2/opensearch-2.8.0/config/jvm.options

    with

    -Xms1g
    -Xmx1g

    and

    -Xms2g
    -Xmx2g

    /opt/acdi/acdi_v24_2/AuditExport/audit-export.service

    with

     -J-Xmx1G -J-Xms1G 

    and

     -J-Xmx2G -J-Xms2G 

    and in any of the tests works, still have the same 403 forbidden error and 500 error

  • 0   in reply to 

    I'd suggest you log a case for this.

  • 0 in reply to   

    the problem is that is a poc without a customer assigned...I will talk to my manager to see how manage it

    thanks a lot :)