Nds Error, System Failure (-632) Occurs When Doing Ldapsearch For The User Objects - Novell EDIRECTORY 8.8 SP2 Troubleshooting Manual

Modify these three parameters in a way that the change does not generate a lot of extra network
traffic and still solves the problem. A sample modification could be as follows (a 3-minute detection
time):
NOTE: Be careful with the parameter settings and avoid setting the already valid connections.
The settings take effect immediately after the files are modified. You need not restart any services.
However, the settings are valid for the current session only. Once the server is re-booted, the settings
revert to the default settings.
To make the setting permanent (even after a reboot), do the following:
Add the following entries in /etc/sysctl.conf.
We recommend these settings only if all the clients and servers are connected through LAN.
18.4 NDS Error, System Failure (-632) Occurs
When Doing ldapsearch for the User Objects
Import the user objects with simple password and then enable universal password for the container
where the user objects are imported. Stop the DS server and set the environment as
NDSD_TRY_NMASLOGIN_FIRST=true and then start DS Server. Then when you do and
ldapsearch for the user objects, which were imported with simple password, you get the following
error:
ldap_bind: Unknown error,
(-632)
To resolve this issue, set the default login sequence as simple password for the container where user
objects are imported before doing ldapsearch for those user objects.
When LDAP requests NMAS to log in a user, NMAS uses the default login sequence. If you do not
specify a default login sequence for these users, then it will use the NDS sequence. If these users are
not given an NDS password when you imported them, then the NDS sequence will not work. If you
enable universal password, then the simple password will be synchronized with the NDS password
and universal password when the user logs in with the simple password.
96 Novell eDirectory 8.8 Troubleshooting Guide
tcp_keepalive_intvl: Determines the duration for a reply for each keepalive probe. This value
is important to calculate the time before your connection has a keepalive death.
The tcp_keepalive_intvl takes an integer value, the default is 75 seconds. So, 9 probes with 75
seconds each will take approximately 11 minutes. The default values of the
tcp_keepalive_probes and tcp_keepalive_intvl variables can be used to evaluate the default
time before the connection is timed out because of keepalive.
tcp_keepalive_time set -120
tcp_keepalive_probes - 3
tcp_keepalive_intvl - 20
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_keepalive_probes=3
net.ipv4.tcp_keepalive_intvl=20
additional info: NDS error: system failure