The current versions of script on both OES2015 and 2018 has a bug. After you execute the script with the required information, it asks for the context where to create the common proxy user, and states that if you don't fill it in, it would create it in the server context. That exactly (not specifying the context) doesn't work, and fails with a ldap error, being unable to connect to the ldap server.
If, however, you explicitly enter the server context here, the script works.


A quick look in the script seems to show the root of the problem:


#Get the NCP Server context from Root DSE #Read RootDSE of local LDAP Server ROOTDSE=`env LDAPTLS_CACERT=/etc/opt/novell/certs/SSCert.pem /usr/bin/ldapsearch -D "" -s base -H ldaps:// | grep dsaName`



ldaps and port 389? But even replacing that with 636, this command only produces a "can't contact ldap server (-1). Equally, trying without ldaps against 389 produces "ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:"

I didn't dive too deep into it, but I think eDirectory simply doesn't allow this unauthenticated.

  • And here are some more:

    1. If you mistype the server context as per above, or whatever context you want to specify for the common proxy user, the script will simply create whatever context you typoed, and create the CP user there. *Very* nasty.
    2. If whenever the script asks for confirmation, aka "[y/n] questions, and instead of answering y/n you just hit enter, you get two error messages "unary operator expected", and the script will continue as if you had typed "y".