Infrastructure at your Service

Morgan Patou

Documentum – Database password validation rule in 16.4

A few months ago, I started working with the CS 16.4 (always using silent installation) and I had the pleasant surprise to see a new error message in the installation log. It’s always such a pleasure to lose time on pretty stupid things like the one I will talk about in this blog.

So what’s the issue? Well upon installing a new repository, I saw an error message around the start of the silent installation. In the end, the process didn’t stop and the repository was actually installed and functional – as far as I could see – but I needed to check this deeper, to be sure that there were no problem. This is an extract of the installation log showing the exact error message:

[[email protected] ~]$ cd $DM_HOME/install/logs
[[email protected] logs]$ cat install.log
14:45:02,608  INFO [main] com.documentum.install.shared.installanywhere.actions.InitializeSharedLibrary - The product name is: UniversalServerConfigurator
14:45:02,608  INFO [main] com.documentum.install.shared.installanywhere.actions.InitializeSharedLibrary - The product version is: 16.4.0000.0248
14:45:02,608  INFO [main]  -
14:45:02,660  INFO [main] com.documentum.install.shared.installanywhere.actions.InitializeSharedLibrary - Done InitializeSharedLibrary ...
14:45:02,698  INFO [main] com.documentum.install.server.installanywhere.actions.DiWAServerInformation - Setting CONFIGURE_DOCBROKER value to TRUE for SERVER
14:45:02,699  INFO [main] com.documentum.install.server.installanywhere.actions.DiWAServerInformation - Setting CONFIGURE_DOCBASE value to TRUE for SERVER
14:45:03,701  INFO [main] com.documentum.install.server.installanywhere.actions.DiWAServerCheckEnvrionmentVariable - The installer was started using the dm_launch_server_config_program.sh script.
14:45:03,701  INFO [main] com.documentum.install.server.installanywhere.actions.DiWAServerCheckEnvrionmentVariable - The installer will determine the value of environment variable DOCUMENTUM.
14:45:06,702  INFO [main] com.documentum.install.server.installanywhere.actions.DiWAServerCheckEnvrionmentVariable - The installer will determine the value of environment variable PATH.
14:45:09,709 ERROR [main] com.documentum.install.server.installanywhere.actions.DiWAServerValidteVariables - Invalid database user password. Valid database user password rules are:
1. Must contain only ASCII alphanumeric characters,'.', '_' and '-'.
Please enter a valid database user password.
14:45:09,717  INFO [main]  - The license file:/app/dctm/server/dba/tcs_license exists.
14:45:09,721  INFO [main] com.documentum.install.server.installanywhere.actions.DiWASilentConfigurationInstallationValidation - Start to validate docbase parameters.
14:45:09,723  INFO [main] com.documentum.install.server.installanywhere.actions.DiWAServerPatchExistingDocbaseAction - The installer will obtain all the DOCBASE on the machine.
14:45:11,742  INFO [main] com.documentum.install.server.installanywhere.actions.DiWAServerDocAppFolder - The installer will obtain all the DocApps which could be installed for the repository.
...
[[email protected] logs]$

 

As you can see above, the error message is self-explanatory: the Database password used doesn’t comply with the so-called “rules”. Seeing this kind of message, you would expect the installer to stop since the password doesn’t comply. It shouldn’t install the Repository. Yet it just skip it and completes without problem.

On my side, I have always been using the same rule for passwords in Documentum: at least 1 lowercase, 1 uppercase, 1 figure, 1 special character and a total of 15 or more characters. Just comparing the password that has been used for the Database with what is printed on the log, the only reason why the password wouldn’t be correct is because I put a ‘+’ in it. In previous versions of Documentum, I often used a ‘+’ and I never had any issue or errors with it.

So I checked with the OpenText Support (#4240691) to have more details on what is happening here. Turns out that starting with the CS 16.4, OpenText added a new password validation for the Database account and that this password must indeed only contain alphanumeric characters, ‘.’, ‘_’ or ‘-‘… So they added a password validation which complains but it’s not doing anything. Actually, it’s even worse because the CS Team added this password validation with the CS 16.4 and they enforced this rule but only for the GUI installer. The same check was added only later to the silent installation but it was not enforced at that time. That’s the reason why if you would try using the same password on the GUI, it should fail while with the silent installation, it prints an error but it still complete successfully… Therefore, with the same binaries, you have two different behaviors. That’s pretty cool, right? Right? RIGHT?

In the end, a new defect (#CS-121161) has been raised and they will enforce the rule in a coming patch it seems. Therefore, if you are planning to use ‘+’ characters in your Database passwords, consider changing it upfront to avoid a failure in the Repository installation. Looks like this time I should have stayed quiet and maybe I would have been able to use ‘+’ for the next 10 years using the silent installations… Sorry!

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Morgan Patou
Morgan Patou

Senior Consultant & Technology Leader ECM