The documentation from Delete and redeploy AM 's instructions in step 3 explicitly state:
"You should either install a new, clean instance of DS, or delete the entries under the configured AM suffix (by default ou=am-config) of an existing instance."
A potential error that customers might encounter involves accidentally deleting the suffix. This can happen either by inadvertent deletion or by executing a command that inadvertently removes the suffix.
For example
./ldapdelete --deleteSubtree --hostname localhost --port 1636 --useSsl --trustAll --bindDN "uid=admin" --bindPassword password "ou=am-config"
The solution is to recreate the suffix
Step 1.
Create this file : backup.ldif and modify the suffix dn dc=openam,dc=forgerock,dc=org to your preferred suffix
dn: dc=openam,dc=forgerock,dc=org
objectClass: top
objectClass: untypedObject
dc: openam
aci: (targetattr="*")(version 3.0; acl "Read and write application data"; allow (all)(userdn = "ldap:///uid=am-config,ou=admins,dc=openam,dc=forgerock,dc=org");)
aci: (targetattr="+")(version 3.0; acl "Read operational attributes"; allow (read, search, compare)(userdn = "ldap:///uid=am-config,ou=admins,dc=openam,dc=forgerock,dc=org");)
aci: (targetcontrol="PersistentSearch")(version 3.0; acl "Persistent searches"; allow (read)(userdn = "ldap:///uid=am-config,ou=admins,dc=openam,dc=forgerock,dc=org");)
Step 2
import the suffix into the configuration store again
./opendj7/bin/start-ds
./opendj7/bin/import-ldif \
--hostname localhost \
--port 4444 \
--bindDn uid=admin \
--bindPassword Netscape123 \
--backendId cfgStore \
--includeBranch dc=openam,dc=forgerock,dc=org \
--ldifFile /work/backup.ldif \
--usePkcs12TrustStore ./opendj7/config/keystore \
--trustStorePassword:file ./opendj7/config/keystore.pin
Tested with AM 7.3.0
