Novell EDIRECTORY 8.8 Troubleshooting Manual
Hide thumbs
Also See for EDIRECTORY 8.8:
- Manual (574 pages) ,
- Installation manual (119 pages) ,
- Manual (68 pages)
Related Manuals for Novell EDIRECTORY 8.8
Summary of Contents for Novell EDIRECTORY 8.8
- Page 1 Novell eDirectory w w w . n o v e l l . c o m 8 . 8 T R O U B L E S H O O T I N G G U I D E S e p t e m b e r 3 0 , 2 0 0 5...
- Page 2 Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
- Page 3 Novell Client is a trademark of Novell, Inc. Novell Directory Services and NDS are registered trademarks of Novell, Inc. in the United States and other countries. Ximiam is a registerd trademark of Novell, Inc. in the United States and other countries.
- Page 4 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 5: Table Of Contents
Contents About This Book Resolving Error Codes Installation and Configuration Installation ............9 Installation Not Successful . - Page 6 Making PAM Work with Novell eDirectory After Migration ....... 55...
- Page 7 12 NMAS on Linux and UNIX Unable to Log In Using Any Method ......... . . 77 The User Added Using the ICE Utility Is Unable to Log In Using Simple Password .
- Page 8 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 9: About This Book
For documentation on managing and administering eDirectory, see the Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/index.html). Documentation Updates For the most recent version of the Novell eDirectory 8.8 Installation Guide, see the Novell eDirectory 8.8 Documentation (http://www.novell.com/documentation/edir88/index.html) site. Documentation Conventions In this documentation, a greater-than symbol (>) is used to separate actions within a step and items within a cross-reference path. - Page 10 ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux and UNIX*, should use forward slashes as required by your software.
-
Page 11: Resolving Error Codes
Resolving Error Codes For a complete list and explanation of eDirectory error codes, see the Novell Error Codes Web page (http://www.novell.com/documentation/lg/nwec/index.html). Resolving Error Codes... - Page 12 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 13: Installation And Configuration
-632: Error description System failure installation, exit from the installation process. Set the n4u.base.slp.max-wait parameter to a larger value, such as 50, in the /etc/opt/novell/ eDirectory/conf/nds.conf file, then restart the installation process. If you are installing eDirectory into a NetWare 5.1 tree, upgrade the eDirectory Master to NetWare 5.1 Support Pack 5 or later. -
Page 14: Edirectory Install Fails For Container Administrators
Do not configure the product. See “Linux, Solaris, AIX, and HP-UX Packages for Novell eDirectory ” in the Novell eDirectory 8.8 Installation Guide for more information. Edit the /etc/opt/novell/eDirectory/conf/nds.conf and add the following parameters: n4u.uam.ncp-retries = 5 n4u.base.slp.max-wait = 20 Edit the /etc/slpuasa.conf to add the following parameter:... -
Page 15: Nici Installation Failed - 1497
Group or user names field, then this issue occurs. To work around this problem, do the following: Remove the NICIFK file. This is present in C:/Windows/system32/novell/nici if the system root is C:/Windows/ system32. If the system root is F:/Windows/system32 then this file is present in F:/Windows/ system32/novell/nici. - Page 16 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 17: Determining The Edirectory Version Number
On the Agent Summary page, click Known Servers. Then under Servers Known to Database, click Known Servers. The Agent Revision column displays the internal build number for each server. For example, an Agent Revision number for Novell eDirectory 8.7.1 might be 10510.64. -
Page 18: Windows
On the Agent Summary page, click Known Servers. Then under Servers Known to Database, click Known Servers. The Agent Revision column displays the internal build number for each server. For example, an Agent Revision number for Novell eDirectory 8.7.1 might be 10510.64. -
Page 19: Solaris
For information on running ndsd, see “Novell eDirectory Linux and UNIX Commands and Usage” in the Novell eDirectory 8.8 Administration Guide, or the ndsd man page (ndsd.1m). Run iMonitor. On the Agent Summary page, click Known Servers. Then under Servers Known to Database, click Known Servers. -
Page 20: Aix
For information on running ndsd, see “Novell eDirectory Linux and UNIX Commands and Usage” in the Novell eDirectory 8.8 Administration Guide, or the ndsd man page (ndsd.1m). Run iMonitor. On the Agent Summary page, click Known Servers. Then under Servers Known to Database, click Known Servers. - Page 21 For information on running ndsd, see “Novell eDirectory Linux and UNIX Commands and Usage” in the Novell eDirectory 8.8 Administration Guide, or the ndsd man page (ndsd.1m). Run iMonitor. On the Agent Summary page, click Known Servers. Then under Servers Known to Database, click Known Servers.
- Page 22 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 23: Log Files
Log Files This section contains information on the following log files: “modschema.log” on page 19 “dsinstall.log” on page 19 modschema.log The modschema.log file contains the results of all schema extensions that are applied when an eDirectory server is installed into an existing tree. Each line of the log states which class or attribute is being added or modified and gives the status of the modification attempt. - Page 24 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 25: Troubleshooting Ldif Files
Novell eDirectory 8.8 Administration Guide. In order for an LDIF import to work properly, you must start with an LDIF file that the Novell Import Conversion Export utility can read and process. This section describes the LDIF file format and syntax and provides examples of correct LDIF files. -
Page 26: Ldif Content Records
If the version line is missing, any application processing the LDIF file is allowed to assume that the file is version 0. It's also possible that the LDIF file could be rejected as syntactically incorrect. Novell utilities that process LDIF assume a file version of 0 when the version line is missing. -
Page 27: Ldif Change Records
Component Description Record Delimiters Blank lines (lines 5, 10, 15, and 26 in the example above) are used as record delimiters. Every record in an LDIF file including the last record must be terminated with a record delimiter (one or more blank lines). Although some implementations will silently accept an LDIF file without a terminating record delimiter, the LDIF specification requires it. - Page 28 14 changetype: delete The Modify Change Type The modify change type lets you to specify the addition, deletion, and replacement of attribute values for an entry that already exists. Modifications take one of the following three forms: Novell eDirectory 8.8 Troubleshooting Guide...
- Page 29 Element Description add: attribute type A keyword indicating that subsequent attribute value specifiers for the attribute type should be added to the entry. delete: attribute type A keyword indicating that values of the attribute type are to be deleted. If attribute value specifiers follow the delete field, the values given are deleted.
- Page 30 The new superior specifier is optional in LDIF records with a modify DN change type. It is only given in cases where you want to reparent the entry. The following is an example of a modify DN change type that shows how to rename an entry: Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 31: Line Folding Within Ldif Files
1 version: 1 3 # Rename ou=Artists to ou=West Coast Artists, and leave 4 # its old RDN value. 5 dn: ou=Artists,l=San Francisco,c=US 6 changetype: moddn 7 newrdn: ou=West Coast Artists 8 deleteoldrdn: 1 The following is an example of a modify DN change type that shows how to move an entry: 1 version: 1 3 # Move cn=Peter Michaels from 4 # ou=Artists,l=San Francisco,c=US to... -
Page 32: Hashed Password Representation In Ldif Files
2 dn: cn=Peter Michaels, ou=Artists, l=San Francisco, c=US 3 sn: Michaels 4 userpassword: {MD5}a45lkSDF234SDFG62dsfsf2DG2QEvgdmnk430 5 objectclass: inetOrgPerson Debugging LDIF Files “Enabling Forward References” on page 29 “Checking the Syntax of LDIF Files” on page 31 Novell eDirectory 8.8 Troubleshooting Guide... -
Page 33: Enabling Forward References
Using the Novell eDirectory Import Convert Export Wizard To enable forward references during an LDIF import: In Novell iManager, click the Roles and Tasks button Click eDirectory Maintenance > Import Convert Export Wizard. Click Import Data from File on Disk, then click Next. - Page 34 Under Advanced Settings, click Allow Forward References. Click Next, then click Finish. To enable forward references during a data-to-data server migration: In Novell iManager, click the Roles and Tasks button Click eDirectory Maintenance > Import Convert Export Wizard. Click Migrate Data Between Servers, then click Next.
-
Page 35: Checking The Syntax Of Ldif Files
Click Next, then click Finish. NOTE: Ensure that the schema is consistent across LDAP Services. Using the Novell Import Conversion Export Utility Command Line Interface To enable forward references in the command line interface, use the -F LDAP destination handler option. -
Page 36: Using The Ldif Error File
Administration Guide. Using the LDIF Error File The Novell Import Conversion Export utility automatically creates an LDIF file listing any records that failed processing by the destination handler. You can edit the LDIF error file generated by the utility, fix the errors, then reapply it to the server to finish an import or data migration that contained failed records. -
Page 37: Using Ldap Sdk Debugging Flags
Using the Novell Import Conversion Export Utility Command Line Interface To configure error log options in the command line utility, use the -l general option. For more information, see “General Options” in the Novell eDirectory 8.8 Administration Guide. Using LDAP SDK Debugging Flags To understand some LDIF problems, you might need to see how the LDAP client SDK is functioning. -
Page 38: Adding A New Attribute
Adding a New Attribute To add an attribute, simply add an attribute value that conforms to the specification for NDSAttributeTypeDescription to the attributes attribute of the subschemaSubentry. NDSAttributeTypeDescription = "(" whsp numericoid whsp ; AttributeType identifier Novell eDirectory 8.8 Troubleshooting Guide... - Page 39 [ "NAME" qdescrs ] ; name used in AttributeType [ "DESC" qdstring ] ; description [ "OBSOLETE" whsp ] [ "SUP" woid ] ; derived from this other AttributeType [ "EQUALITY" woid] ; Matching Rule name [ "ORDERING" woid] ; Matching Rule name [ "SUBSTR"...
-
Page 40: Adding Or Removing Auxiliary Classes
'bearFeatures' MAY (bearHair $ bearPicture) AUXILIARY) # now create a user named bobby dn: cn=bobby,o=bearcave changetype: add cn: bobby sn: bear givenName: bobby bearHair: Short bearHair: Brown bearHair: Curly bearPicture:< file:///c:/tmp/alien.jpg objectClass: top objectClass: person objectClass: inetOrgPerson Novell eDirectory 8.8 Troubleshooting Guide... - Page 41 objectClass: bearFeatures # now create a person named john that will later be changed # into a bear when bearFeatures is added to its objectClass # list dn: cn=john,o=bearcave changetype: add cn: John sn: bear givenName: john objectClass: top objectClass: person objectClass: inetOrgPerson # now morph john into a bear by adding bearFeatures dn: cn=john,o=bearcave...
- Page 42 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 43: Troubleshooting Snmp
If the installation of the SNMP Group object fails, you can rectify this problem by executing the following command on the server console: snmpinst -c admin_FDN_with_tree_name password server_FDN_with_tree_name For example: snmpinst -c admin.novell.test-tree novell nds-server.novell.test- tree SNMP Initializing Errors eDirectory SNMP initialization component. Error code: -255 Initialization failure. Error code: -255 The possible cause could be that you have not specified hostname:port or IP_address:port as a paramater to the SERVER command in eDirectory SNMP configuration file. -
Page 44: Snmp Subagent Does Not Start
Installing net-snmp-5.0.9 We recommend you to use Option 1 as mentioned in Novell eDirectory 8.8 Administration Guide as uninstalling system installed SNMP packages may require to uninstall all the dependent RPMs. Issues While Starting the Subagent While starting the subagent, you might get the following error: /opt/novell/eDirectory/bin/ndssnmpsa: error while loading shared libraries: /usr/lib/libnetsnmp.so.5: undefined symbol: EVP_md5. -
Page 45: Problems Configuring Net-Snmp-5.0.8
Unable to Get the SNMP Query Result from the MIB Browser Ensure that net-snmp-5.0.8 is configured, up, and running. For any problem configuring the eDirectory SNMP subagent (ndssnmpsa), see the /etc/opt/novell/ eDirectory/conf/ndssnmp/ndssnmpsa.log file. To get the debug messages, start ndssnmpsa in... - Page 46 NCP port (that is 524). If eDirectory is running on a different port (for ex: 1524), the entry should be as follows: SERVER test-server:1524 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 47: Obituaries
Unlike some directory products, Novell eDirectory ensures referential integrity between objects. For example, if Group A has a member, User B, and User B is deleted, the directory automatically removes the reference to User B from Group A. -
Page 48: Examples
Computes a time vector which is a minimum transitive vector, referred to as the purge vector. Later versions of eDirectory compute a second minimum vector, called the obituary vector, which does not consider replicas which are subordinate references. Novell eDirectory 8.8 Troubleshooting Guide... -
Page 49: Moving An Object
If selected in the configuration page, the server can also generate NDS Agent Health information for every server in the tree. See “Configuring and Viewing Reports” in the Novell eDirectory 8.8 Administration Guide for more information on running the Server Information report. Obituaries... -
Page 50: Troubleshooting Tips
Based on the information in the ndsimonhealth configuration file stored with iMonitor (see “Configuration Files” in the Novell eDirectory 8.8 Administration Guide), this report will check the eDirectory agent version to ensure you are running the correct directory patches tree-wide. -
Page 51: Solutions
Obituaries can change states only after all agents holding a copy of the replica ring have seen the state change. There are several ways to ensure that every replica has seen the data: While browsing the entry with obituaries, click the Entry Synchronization link. The page displayed will show all attributes that have not been synchronized to all replicas. -
Page 52: Previous Practices
This forces the entry to become authoritative and synchronize out to all other replicas. This should be done with great care because you might lose data changed on other servers. We recommend that this be a rarely employed method of obituary cleanup. Novell eDirectory 8.8 Troubleshooting Guide... -
Page 53: Migrating To Novell Edirectory
“Migrating the Sun ONE Schema to Novell eDirectory” on page 49 “Migrating the Active Directory Schema to Novell eDirectory Using ICE” on page 52 Migrating the Sun ONE Schema to Novell eDirectory To migrate the Sun ONE* schema to Novell eDirectory, complete the following steps: “Step 1: Perform the Schema Cache Update Operation”... - Page 54 DESC 'iPlanet defined objectclass' SUP top AUXILIARY ) To modify the objectclass definition of objectclass “netscapeMachineData” from “STRUCTURAL” to “ABSTRACT”, modify the err.ldf file entry (that is emphasized in the example below) as shown below: dn: cn=schema changetype: modify Novell eDirectory 8.8 Troubleshooting Guide...
- Page 55 -SLDIF -f topsch.ldf -DLDAP -s edir_srv2 -p edir_port2 -d cn=admin,o=org -w pwd1 Method 2: 1. In Novell iManager, click the Roles and Tasks button 2. Click Schema > Add Attribute. 3. In the Available Classes list, select Top, then click OK.
-
Page 56: Step 3: Import The Ldif File
“Step 3: Import the LDIF File” on page 52 Step 1: Perform the Schema Cache Update Operation While migrating schema from Active Directory to Novell eDirectory using ICE, ensure that you have provided the error log option (-e) of ICE as follows:... -
Page 57: Step 2: Rectify The Error Ldif File To Eliminate The Errors
-NDS_NONREMOVABLE '1' X-NDS_NAME 'Computer' ) Step 3: Import the LDIF File Now, import the modified entry using the following ICE command: ice -S ldif -f LDIF_file -D ldap -s Novell_eDirectory_server -p port_number -d full_admin_context -w password For example: Migrating to Novell eDirectory... -
Page 58: Migrating From Openldap To Novell Edirectory
The data that is migrated from an OpenLDAP server can have MD5 passwords, which may cause the applications to break if the appropriate NMAS methods are not installed. The NMAS method, SimplePassword, needs to be installed for the Novell eDirectory using the command as below: nmasinst -addmethod admin_context treename configfile -h Hostname:port-w password Example: nmasinst -addmethod admin.novell eDir-Tree /Linux/eDirectory/nmas/NmasMethods/... -
Page 59: Migrating The Open Ldap Data To Novell Edirectory
(LDAP error : 65 (Object class violation)) (Defect against ldap is already filed on this (DEFECT000404118)) Migrating the Open LDAP Data to Novell eDirectory Execute the following command to migrate the data: ice -e error_data.ldif -SLDAP -s OpenLDAP_server -p OpenLDAP_port... - Page 60 This change is only specific to the scenario where the users objects in OpenLDAP have CRYPT as the password hash algorithm. Using iManager, add the following attribute with the specified value to the container having all the user objects: Attribute: sasDefaultLoginSequence Value: Simple Password Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 61: Replication
“Recovering from eDirectory Replica Problems” on page 57 Recovering from eDirectory Replica Problems eDirectory offers the Novell robust directory service and the fault tolerance inherent in replication. Replication allows you to keep copies of the eDirectory database, or portions of it, on multiple servers at once. - Page 62 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 63: Novell Public Key Infrastructure Services
60 PKI Operations Not Working If PKI operations in ConsoleOne or iManager are not working, it could be because Novell PKI Services are not running on the Linux, Solaris, AIX, or HP-UX host. Start the PKI Services by entering npki -1. -
Page 64: While Uninstalling The Edirectory Server Holding The Ca, The Kmos Created On That Server Will Be Moved To Another Server In The Tree And Become Invalid
“Creating an Organizational Certificate Authority Object” “Creating a Server Certificate Object” in the Novell eDirectory 8.8 Administration Guide for more information. We recommend that you do not uninstall the eDirectory server where the CA for the tree has been created. -
Page 65: Troubleshooting Utilities On Linux And Unix
“Using Ndsrepair” on page 62 “Using ndstrace” on page 69 Novell Import Convert Export Utility If an LDAP server is refreshed or unloaded, while a Novell Import Conversion Export operation is running, the message is displayed on the Novell Import LBURP operation is timed out Conversion Export screen. -
Page 66: Ndsbackup Utility
-R [-l yes|no [-u yes|no] [-m yes|no] [-i yes|no] [-f yes|no] [-d yes|no] [-t yes|no] [-o yes|no] [-r yes|no] [-v yes|no] [-c yes|no] [-A yes|no] [-O yes|no] [-F filename] IMPORTANT: The -Ad option should not be used without prior direction from Novell Support personnel. Novell eDirectory 8.8 Troubleshooting Guide... - Page 67 Unattended Full Repair option. Instructs ndsrepair to run and exit without further user intervention. This is the suggested means of repair unless you are told by Novell Support to perform certain operations manually. You can view the log file after the repair has completed to determine what changes ndsrepair has made.
- Page 68 This option is unavailable if executed from the master replica of the Tree partition. This is to ensure that all servers in the tree are not reset at the same time. Novell eDirectory 8.8 Troubleshooting Guide...
- Page 69 Option Description Post NetWare 5 Schema Update Extends and modifies the schema for compatibility with post-NetWare 5 DS changes. This option requires that the server where ndsrepair is run contains a replica of the Tree partition, and that the state of the replica is On. Optional Schema Enhancements Extends and modifies the schema for containment and other schema enhancements.
- Page 70 This option displays a warning message if synchronization has not completed within 12 hours. Synchronize the Replica on the Selected Server Novell eDirectory 8.8 Troubleshooting Guide...
- Page 71 WARNING: Misuse of this operation can cause irrevocable damage to the eDirectory database. You should not use this option unless directed by Novell Support personnel. View Entire Partition Name Determines the complete distinguished partition name when the width of the partition is too great to view from within the replica table.
-
Page 72: Troubleshooting Ndsrepair
If the contents are not in the proper sequence, the results will be unpredictable. Troubleshooting ndsrepair Error -786 While Running Ndsrepair While doing ndsrepair you need to have three times the size of DIB free in that specific partition of your machine. Novell eDirectory 8.8 Troubleshooting Guide... -
Page 73: Using Ndstrace
View the status of the ndstrace screen in Linux, Solaris, AIX, or HP-UX. Initiate limited synchronization processes. To start the ndstrace screen, enter the following command at the server prompt: /opt/novell/eDirectory/bin/ndstrace To initiate the basic ndstrace functions, enter commands at the server prompt using the following syntax: ndstrace command_option The following table lists the command options that you can enter. - Page 74 Messages about the eDirectory-integrated DNS server processes. DRLK Distributed reference link messages. DVRS ® Messages to show DirXML driver-specific areas that eDirectory might be working on. Novell eDirectory 8.8 Troubleshooting Guide...
- Page 75 Trace Flag Description DXML Messages to show details of DirXML events. FRAG Messages from the NCP fragger which breaks eDirectory messages into NCP-sized messages. Messages related to inbound requests and processes. INIT Messages related to the initialization of eDirectory. INSP Messages related to the integrity of objects in the source server's local database.
-
Page 76: Background Processes
As you use the debugging messages in ndstrace, you will find that some of the trace flags are more useful than others. One of the favorite ndstrace settings of Novell Support is actually a shortcut: set ndstrace = A81164B91 This setting enables a group of debugging messages. - Page 77 Trace Flag Parameters Description None Schedules the backlink process to begin execution on the source server in one second. Time Sets the interval (in minutes) for the backlink process. Default=1500 minutes (25 hours) Range=2 to 10080 minutes (168 hours) None Displays the source server's outbound connection table and the current statistical information for the table.
- Page 78 None Reports the maximum memory used by eDirectory. Sets the name form. 0=hex only 1=full dot form None Displays the tunable parameters and their default settings. Novell eDirectory 8.8 Troubleshooting Guide...
- Page 79 Trace Flag Parameters Description None Resets the TTF file, which is the sys:system\ndstrace.dbg file by default. This command is the same as the SET parameter NDS Trace File Length Set to Zero. None Schedules the Skulker process, which checks whether any of the replicas on the server need to be synchronized.
- Page 80 A list Lists the restricted eDirectory versions. If no versions are listed, there are no restrictions. Each version is separated by a comma. None Displays the currently scheduled tasks. Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 81: Nmas On Linux And Unix
After reinstalling a method after you have uninstalled a previous instance of that method, restart NDS Server. The User Added Using the ICE Utility Is Unable to Log In Using Simple Password While adding users with simple passwords through the Novell Import Conversion Export utility, use the -l option. NMAS on Linux and UNIX... - Page 82 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 83: Troubleshooting On Windows
Troubleshooting on Windows “The eDirectory for Windows Server Won't Start” on page 79 “The Windows Server Can't Open the eDirectory Database Files” on page 79 “Restoring eDirectory on Windows after an Emergency Repair” on page 80 The eDirectory for Windows Server Won't Start If the eDirectory server fails to start when you boot the Windows server, a message will notify you that the service failed to start. -
Page 84: Restoring Edirectory On Windows After An Emergency Repair
Start Novell iManager from an administrative workstation. Remove the corrupted replica from the replica ring. “Deleting a Replica” in the Novell eDirectory 8.8 Administration Guide for more information. Run the sammig.exe utility in the system directory (usually c:\winnt\system32) on the NT server or from the Start menu (Start >... -
Page 85: Accessing Httpstk When Ds Is Not Loaded
Accessing HTTPSTK When DS Is Not Loaded You can set up a preconfigured admin user that allows access to the HTTP Protocol Stack (HTTPSTK) when DS is not loaded. The preconfigured admin user, SAdmin, has rights that are equivalent to the eDirectory Admin User object. If the server is in a state where eDirectory is not functioning correctly, you can log in to the server as this user and perform all the diagnostic and debugging tasks necessary that do not require eDirectory. -
Page 86: Setting The Sadmin Password On Linux, Solaris, Aix, And Hp-Ux
Use the DHOST remote manager page (accessible through the /dhost URL or from the root page) to set the SAdmin password. Novell eDirectory server must be running on the eDirectory server in order for you to set or change the SAdmin password. -
Page 87: Encrypting Data In Edirectory
8.8 and later. For more information on encrypted attributes and replication, refer to Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/ index.html). For information on other error messages in eDirectory, refer to NDS or Novell eDirectory Error Codes (http://www.novell.com/documentation/nwec/index.html) -
Page 88: 666 Fffffd66 Incompatible Nds Version
8.8 servers, on merging, sensitive data is exposed when replicating to pre-eDirectory 8.8 servers. Action 1. Upgrade the server to a compatible version of eDirectory. 2. Disable ER at the parent or child partition. NOTE: On disabling ER, replication will happen in the clear text form. Novell eDirectory 8.8 Troubleshooting Guide... -
Page 89: Problem With Duplicate Encryption Algorithms
Problem With Duplicate Encryption Algorithms If you add an attribute for encryption using LDIF, do not associate duplicate algorithms with one attribute. For example, marking title as an encrypted attribute with AES and DES encryption algorithms makes it unclear as to which algorithm is ultimately considered. Each time when limber is run it appears the title attribute toggles between AES and DES. - Page 90 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 91: The Edirectory Management Toolbox
Management Toolbox (eMBox) lets you access all of the eDirectory backend utilities remotely as well as on the server. eMBox works with Novell iManager to provide Web-based access to eDirectory utilities such as DSRepair, DSMerge, Backup and Restore, and Service Manager. - Page 92 Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 93: Sasl-Gssapi
SASL-GSSAPI This section discusses the error messages logged by the SASL-GSSAPI authentication mechanism. “Log File Locations” on page 89 “Error Messages” on page 89 Log File Locations The error messages are logged as follows: Linux and UNIX: ndsd.log NetWare: logger screen Windows: c:\temp\saslgss.log Error Messages SASL-GSSAPI: Reading Object user_FDN FAILED eDirectory error code... - Page 94 Do the following: Update the key in eDirectory server so that the version numbers are in sync. Destroy the tickets at the client. Get the TGT again for the principal. Perform the ldap sasl bind operation. Novell eDirectory 8.8 Troubleshooting Guide...
-
Page 95: Miscellaneous
Miscellaneous “Backing Up a Container” on page 91 “Repeated eDirectory Logins” on page 91 “NDS Error, System Failure (-632) Occurs When Doing ldapsearch for the User Objects” on page 91 “Disabling SecretStore” on page 92 Backing Up a Container While using ndsbackup to backup a container that has many objects (like a million), it might take some time to get the list of the objects in the container and start their individual backup. -
Page 96: Disabling Secretstore
Restart the server Alternatively, you can also comment out the line in the autoexec.ncf file that loads ssncp. On Windows Go to the novell\nds directory and rename or move the following SecretStore modules: lsss.dll sss.dlm ssncp.dlm ssldp.dlm Restart the server.