The current versions of move_to_common_proxy.sh script on both OES2015 and 2018 has a bug. After you execute the script with the required information, it asks for the context where to create the common proxy user, and states that if you don't fill it in, it would create it in the server context. That exactly (not specifying the context) doesn't work, and fails with a ldap error, being unable to connect to the ldap server.
If, however, you explicitly enter the server context here, the script works.
A quick look in the script seems to show the root of the problem:
#Get the NCP Server context from Root DSE #Read RootDSE of local LDAP Server ROOTDSE=`env LDAPTLS_CACERT=/etc/opt/novell/certs/SSCert.pem /usr/bin/ldapsearch -D "" -s base -H ldaps://127.0.0.1:389 | grep dsaName`
ldaps and port 389? But even replacing that with 636, this command only produces a "can't contact ldap server (-1). Equally, trying without ldaps against 389 produces "ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:"
I didn't dive too deep into it, but I think eDirectory simply doesn't allow this unauthenticated.