It's all about the answers!

Ask a question

Using LDCLIENT to load new URLS into JAS


Ryan McBryde (5911233) | asked Jan 13 '23, 12:36 p.m.

 CLM version = 6.0.6.1

O/S = Windows

I have two separate environments; prod & stage, each with their own CLM and JAS servers.  When I export the client configuration from JAS in my stage environment, I used the following command: 

lsclient -u adminUser:adminPassword > stagejas.backup

from the cli folder under JAS

When I review the contents of the stagejas.backup file I see URLs for the registered apps that reflect the prod env instead of the stage env:


versus



I should be able to correct the URLs in the stagejas.backup file and then load the corrected URLs back into JAS

ldclient -u adminUser:adminPassword stagejas.backup

However, when I try the command as shown, I get this error message

{
  "error" : "Missing client data file! Use --help for usage instructions."
}

There is a -c option available which is described as follows:

If a client ID is specified in the file and the -c option is not specified, the corresponding client will be updated.

This is what I am trying to do, change the line for ccm which is represented by this client_id

  "client_id" : "04f9c9aa839d4c8a9d3d75fe168b6fe7",


The example provided simply passes the "backup" file as an argument to the command.  I also tried renaming the file as a json file but no change.

I also tried redirecting the input from the json file, "< modified_stagejas_backup.json"  with the same result.

Has anyone successfully used the ldclient command to load client info into JAS 6.0.6.1?




Comments
Ryan McBryde commented Jan 13 '23, 1:21 p.m.

Apparently this is one command where the order of the arguments matter. Putting the -u for user credentials ahead of the -h for host fails, reversing their order succeeds, except now it's complaining that access is denied so I figure that it's not reading the creds arg correctly so I am playing with quotes around the creds and escaping the special chars in the passwd. Fingers crossed

Accepted answer


permanent link
Shubjit Naik (1.5k1613) | answered Jan 16 '23, 2:40 a.m.

Hi Ryan


We have an article written on this scenario and have included the syntax for ldclient

Command Syntax on Windows for Update (add -c if clientId does not exist on the server)
ldclient.bat -a https://<JazzAuthServerURL>/oidc/endpoint/jazzop -u UserName:Password prod02jas.json 

In later version of Liberty (the one embedded with JAS 7.x) you can use the UI to update the values.

Hope this helps!

Regards
Shubjit

Ryan McBryde selected this answer as the correct answer

Comments
Ryan McBryde commented Jan 30 '23, 11:39 a.m.

Thank you Shubjit,


2 questions:

I am currently moving off of it, but for now, I am still on 6.0.6.1.  Does this work in that version?

When I try that exact syntax that you show above, I get the following error message:

 ldclient -a https://<server>; /oidc/endpoint/jazzop -u Userid:Password updated_230127_1821_stagejas.json

"failed_modifications" : [ {

And then, for each app, this:

    "client_id" : "0143a6370dd742b287df86aff67fe8a5",
    "server_response" : {
      "error" : "access_denied",
      "error_description" : "The user is not authenticated, or is not in the role that is required to complete this request"

What are the rules for escaping special characters in the password field?


Shubjit Naik commented Jan 31 '23, 4:20 a.m. | edited Jan 31 '23, 4:21 a.m.

Hi Ryan


ldclient does work with 6.0.6.1 as well. I dont think we have a way to escape special characters on these commands.
Does the clientsecret have special characters? and/or does the user password include special characters?

If yes, can you share the special characters used?
And if the ClientSecret is the one with special characters, could you try one without those special characters as a test?

 


David Honey commented Jan 31 '23, 6:31 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Please be aware that CLM 6.0.6.1 went end of service 2021-10-31 and is no longer being remediated for security vulnerabilities. You can find details at https://www.ibm.com/support/pages/collaborative-lifecycle-management-end-support-dates-60x. I recommend that you upgrade to 7.0.2.


Ryan McBryde commented Feb 01 '23, 8:52 a.m.

 Thank you David Honey.  I am encountering this problem because I am in the process of trying to upgrade from 6.0.6.1 to 7.0.2, which requires a switch off of SQL Server to Oracle, which has to be tested in a stage environment before attempting in production, which required a production copy and a server rename, and we have JAS, which complicated the server rename and now I am trying to follow the "Addendum" instructions to get JAS updated with the correct stage URLs and it keeps failing,  Hence my question.


Ryan McBryde commented Feb 01 '23, 8:59 a.m.

 Shubjit,  the special chars used are @  and !   

I don't believe that the client secret has any special chars in it but how can I confirm that.
According to the logs, there is an error coming from LDAP, "LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447" and suggests that "check that the account is enabled and not locked."    I don't know how to check on an AD account being locked or not.  I suspect the problem is due to this username not being correct in the clientmanager section of the AppConfig file.   "<user name = "rmcbryde" />"  I am not sure if that id, which is mine, requires any further qualification.   Any help with the client manager config would be appreciated.

One other answer



permanent link
Ryan McBryde (5911233) | answered Mar 20 '23, 8:15 a.m.

 Closing this question.  It turned out that the account was appearing as locked to LDCLIENT even though I was able to login.  Changed the password and the LDCLIENT began to work.  Resolved, but not sure why.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.