Extend LDAP Schema Errors Echoed During Setup Completion with Active Directory

[Hanalei Boy]

Hi,

I have setup the latest version of WebADM with Active Directory. I am unable to complete the last setup step in the Admin Console to "Setup LDAP Schema". The proxy user is a Schema Admin in Active Directory.

What do you think may be the issue?

The error output is outlined below:

Your WebADM installation is not completely configured!
Please run the following setup actions to finish configuring WebADM.

Checking LDAP schema
Reading schema objectclasses... Ok
Reading schema attributes... Ok
Checking account objectclass... Missing
Checking group objectclass... Missing
Checking config objectclass... Missing
Checking data attribute... Missing
Checking settings attribute... Missing
Checking type attribute... Missing
Checking voice attribute... Missing

Thank you!

[Support RCDevs]

Hello,

You need to adjust your objectclass and LDAP attributes according to your old schema (extended or not extended) in webadm.conf and also replace object.xml file by the new one located in the new server.

The files in the new server :

/opt/webadm/doc/ActiveDirectory/

Regards,

[Hanalei Boy]

Hi,

   

Thank you for your expeditious response. Your suggested resolution has not been easy to implement.

What if I wanted to start from scratch? What would I have to do in AD to revert it back to it's state prior to the WebADM implementation?

Thank you!

[Support RCDevs]

Hi,

In your old server, your schema is extended or not ?

Regards,

[Hanalei Boy]

I'm not sure what you mean by old server? The WebADM server perhaps?

In all cases though, my implementation was and is extended with AD.

[Support RCDevs]

Sorry, my bad. So you are doing a new installation and you encounter these errors :

Checking account objectclass... Missing...

Can you click to run the following setup actions to finish configuring WebADM ?

What is the result ?

And during the installation process, did you choose the option AD with extended schema or not ?

https://docs.rcdevs.com/howtos/schema/schema/

Regards,

[Hanalei Boy]

Correct. This is a new installation.

I am no longer able to access the Web Admin Console to finish the installation.

 

I did choose the AD with extended schema when initiating the installation.

At this point, I would prefer to start the installation from scratch. Are there any rollback procedures I need to perform in AD to initiate a new clean install?

[Support RCDevs]

Hello,

To initiate a new install, you can follow this procedure :

https://docs.rcdevs.com/howtos/webadm_install/webadm_install/

Or you can start from our VM appliance if you encounter installation problems because it is already pre-installed and the script will guide you :

https://www.rcdevs.com/downloads/vmware-appliances/

Regards,

[Hanalei Boy]

Hi,

This is not my first rodeo with implementing WebADM. I am a huge fan of the solution. As a result, I am well versed in conducting fresh installs.

I just need guidance on rolling back/eliminating the objects in AD that were created by the WebADM install. Or are you saying rollback is not necessary in AD?

Thank you.

[Support RCDevs]

Hello,

Are you talking about webadmAccount, webadmGroup and webadmConfig object classes ? If yes, you can't roll back when you extend your schema. And yes you can start with a new install, the difference is your schema is already extended (the object class webadmAccount, webadmGroup and webadmConfig already exist in AD).

Regards,

[Hanalei Boy]

Yes, exactly.

Thank you for your response.

[Hanalei Boy]

Hi Again,

After performing a fresh install, I am still experiencing the  same problem as outlined below when attempting to "Extend The LDAP Schema". Any guidance you could provide would be greatly appreciated!

Thank you.

Adding oject CN=webadmSettings,CN=Schema,CN=Configuration,DC=thd,DC=thehouseofdesign,DC=com... Failed
Adding oject CN=webadmData,CN=Schema,CN=Configuration,DC=thd,DC=thehouseofdesign,DC=com... Failed
Adding oject CN=webadmType,CN=Schema,CN=Configuration,DC=thd,DC=thehouseofdesign,DC=com... Failed
Adding oject CN=webadmVoice,CN=Schema,CN=Configuration,DC=thd,DC=thehouseofdesign,DC=com... Failed
Updating schema cache... Success
Adding oject CN=webadmAccount,CN=Schema,CN=Configuration,DC=thd,DC=thehouseofdesign,DC=com... Failed
Adding oject CN=webadmConfig,CN=Schema,CN=Configuration,DC=thd,DC=thehouseofdesign,DC=com... Failed
Adding oject CN=webadmGroup,CN=Schema,CN=Configuration,DC=thd,DC=thehouseofdesign,DC=com... Failed
Updating schema cache... Success
Modifying objectclass User... Failed
Modifying objectclass Group... Failed
Updating schema cache... Success

On Friday, March 17, 2023 at 4:49:57 AM UTC-6 Support RCDevs wrote:

[Support RCDevs]

Hello,

Try to extend the schema again and send us logs from webadm.log.

I think it's a permission issue here.

Regards,

[Hanalei Boy]

Hi,

Per your request, please see attached log file.

Thank you!

[Support RCDevs]

Thank you, can you send us your webadm.conf file ? You can hide password and encryption key before.

Regards,

[Support RCDevs]

Hello,

There are another points to verify :

The first domain controller defined in /opt/webadm/conf/servers.xml should be a schema master.

You can check which domain controller is the schema master with Get-ADForest in PowerShell :

(Get-ADForest).SchemaMaster

The WebADM admin should be a schema admin, you can add it temporarily in the schema admins group in the AD.

Command to check Schema admin :

Get-ADGroupMember "schema admins"

For more infos :

https://docs.rcdevs.com/howtos/schema/schema/#31-active-directory-prerequisite

Regards,

[Hanalei Boy]

Hi,

 Please see attached obfuscated "webadm.conf".

Thank you.

[Support RCDevs]

Hello,

Did you receive my last email regarding the schema master and schema admin ?

Regards,

[Hanalei Boy]

Hi,

You are absolutely correct. The DC I was connecting to was not the schema master. I configured the primary in webadm.conf and all is well.

Thank you again for your patience and diligence to resolve this.

Hope you have a wonderful day!