Problem with eDir Bi-Directional driver (started with errors

I am trying to configure Bidirectional eDir driver, but i just can't get it working.

When i start driver i get that driver is running and it looks like eveything works like it should, but users are not synced.

I have checked logs and there was an error inside.


14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: OpenLDAPConnection - Connect to the server
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: Opening SSL connection
14:11:18 89D0A700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni :EDIRGenLan-Zaposleni: ---------------------------------------------------------------------
14:11:18 89D0A700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni :EDIRGenLan-Zaposleni: Using Server Certificate
14:11:18 89D0A700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni :EDIRGenLan-Zaposleni: ---------------------------------------------------------------------
14:11:18 89D0A700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni :EDIRGenLan-Zaposleni: Subject name: CN=dsfw.genlan.si, O=GENLAN-TREE
14:11:18 89D0A700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni :EDIRGenLan-Zaposleni: Issuer: C=SI, O=GenLan, OU=GenLan CA
14:11:18 89D0A700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni :EDIRGenLan-Zaposleni: Fingerprint (SHA-1): 20:05:D1:9E:24:78:62:03:13:DB:46:A5:96:8B:E7:B1:C1:D1:E1:A3
14:11:18 89D0A700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni :EDIRGenLan-Zaposleni: Valid from: Thu Nov 30 13:48:03 CET 2017
14:11:18 89D0A700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni :EDIRGenLan-Zaposleni: Valid upto: Sat Nov 30 13:48:03 CET 2019
14:11:18 89D0A700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni :EDIRGenLan-Zaposleni: ---------------------------------------------------------------------
14:11:18 89D0A700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni :Restricting file Permission for /var/opt/novell/eDirectory/data/dib/eDir2eDir-7086DF2F-FF31-4abf-9410-2FDF867031FF.keystore
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: Host name: 10.10.2.6
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: Port: 1636
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: DN: CN=idm-proxy,ou=config,o=genlan
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: Protocol version=3
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: SDK version=4.6
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: EdirPublisher - Initiating agent registration...
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: LDAPInterface.registerDriverInstance() : Exception occured while registration - Protocol Error
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: LDAPException: Protocol Error (2) Protocol Error
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: LDAPException: Server Message: Unrecognized extended operation
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: LDAPException: Matched DN:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at com.novell.ldap.LDAPResponse.getResultException(Unknown Source)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at com.novell.ldap.LDAPResponse.chkResultCode(Unknown Source)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at com.novell.ldap.LDAPConnection.chkResultCode(Unknown Source)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at com.novell.ldap.LDAPConnection.extendedOperation(Unknown Source)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at com.novell.ldap.LDAPConnection.extendedOperation(Unknown Source)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at com.novell.nds.dirxml.driver.edir.LDAPInterface.registerDriverInstance(LDAPInterface.java:1124)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at com.novell.nds.dirxml.driver.edir.EdirPublisher.register(EdirPublisher.java:88)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at com.novell.nds.dirxml.driver.edir.EdirPublisher.WaitAndRestoreConnection(EdirPublisher.java:674)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at com.novell.nds.dirxml.driver.edir.EDIRPublicationShim.start(EDIRPublicationShim.java:101)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at com.novell.nds.dirxml.engine.Publisher.run(Publisher.java:607)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: at java.lang.Thread.run(Thread.java:745)
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: Cannot establish ldap connection to remote eDir yet ... waiting for 30 sec.
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:EDIRGenLan-Zaposleni: EDIRPublicationShim.start() stopping
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:PublicationShim.start() returned:
14:11:18 87BCB700 FFFFFFFF -1 Drvrs: EDIRGenLan-Zaposleni PT:
<nds dtdversion="4.0">


On internet I have found that it looks like changelog is missing, but DSFW has DXMLChlgx 4.0.3 installed.


dsfw:~ # rpm -qa | grep DXMLChlg
novell-DXMLChlgx-4.0.3-0.x86_64


What am i missing? What can i check?
  • Please show us which modules are showing as loaded on the "remote"
    (changelog) eDirectory side:


    ndstrace -c modules



    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.
  • It looks like changelog is not correctly installed/loaded?


    dsfw:~ # ndstrace -c modules

    [1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: dsfw.OU=OESSystemObjects.O=genlan.GENLAN-TREE

    xclldap Not Loaded
    ssncp Not Loaded
    snmpinst Not Loaded
    repair Not Loaded
    pkiinst Not Loaded
    password-plugin Not Loaded
    nmasldap Running
    nmasinst Not Loaded
    ndsinfo Not Loaded
    ndsclone Not Loaded Directory Clone Agent For NetIQ eDirectory 9.0.3
    ncpns Not Loaded
    merge Not Loaded
    lsss Running
    ldapxs Running
    lburp Running
    krbpwd Not Loaded
    ebassl_srv Not Loaded
    ebasrv Not Loaded
    dxevent Running
    dstrace Not Loaded Trace For NetIQ eDirectory 9.0.3
    dsr Not Loaded
    dsi Not Loaded
    dsbk Not Loaded
    backupcr Running
    xdasauditds Running
    samspm Running
    sasl Running [ nldap ]
    sss Running [ ssldp ]
    ssldp Running [ nldap ]
    spmdclnt Running
    nmas Running [ sasl ]
    pkiserver Running
    embox Running
    imon Running
    nldap Running LDAP Agent for NetIQ eDirectory 9.0.3
    hconserv Running HTTP Console Server For NetIQ eDirectory 9.0.3
    snmp Running SNMP Trap Server for NetIQ eDirectory 9.0.3
    gams Running
    niciext Running
    httpstk Running HTTP Protocol Stack For NetIQ eDirectory 9.0.3 [ nds hconserv imon embox ]
    nds Running Directory Agent For NetIQ eDirectory 9.0.3
    masv Running [ gams ]
    dsloader Running [ httpstk hconserv nldap ]
    dhlog Running DHost message logging module for NetIQ eDirectory 9.0.3
    ncpengine Running
    ndsd Running NetIQ eDirectory 9.0.3 Host Environment
  • On 2/21/2018 3:04 AM, seba4 wrote:
    >
    > It looks like changelog is not correctly installed/loaded?
    >
    >
    > Code:
    > --------------------
    >
    > dsfw:~ # ndstrace -c modules
    >
    > [1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: dsfw.OU=OESSystemObjects.O=genlan.GENLAN-TREE
    >
    > xclldap Not Loaded
    > ssncp Not Loaded
    > snmpinst Not Loaded
    > repair Not Loaded
    > pkiinst Not Loaded
    > password-plugin Not Loaded
    > nmasldap Running
    > nmasinst Not Loaded
    > ndsinfo Not Loaded
    > ndsclone Not Loaded Directory Clone Agent For NetIQ eDirectory 9.0.3
    > ncpns Not Loaded
    > merge Not Loaded
    > lsss Running
    > ldapxs Running
    > lburp Running
    > krbpwd Not Loaded
    > ebassl_srv Not Loaded
    > ebasrv Not Loaded
    > dxevent Running
    > dstrace Not Loaded Trace For NetIQ eDirectory 9.0.3
    > dsr Not Loaded
    > dsi Not Loaded
    > dsbk Not Loaded
    > backupcr Running
    > xdasauditds Running
    > samspm Running
    > sasl Running [ nldap ]
    > sss Running [ ssldp ]
    > ssldp Running [ nldap ]
    > spmdclnt Running
    > nmas Running [ sasl ]
    > pkiserver Running
    > embox Running
    > imon Running
    > nldap Running LDAP Agent for NetIQ eDirectory 9.0.3
    > hconserv Running HTTP Console Server For NetIQ eDirectory 9.0.3
    > snmp Running SNMP Trap Server for NetIQ eDirectory 9.0.3
    > gams Running
    > niciext Running
    > httpstk Running HTTP Protocol Stack For NetIQ eDirectory 9.0.3 [ nds hconserv imon embox ]
    > nds Running Directory Agent For NetIQ eDirectory 9.0.3
    > masv Running [ gams ]
    > dsloader Running [ httpstk hconserv nldap ]
    > dhlog Running DHost message logging module for NetIQ eDirectory 9.0.3
    > ncpengine Running
    > ndsd Running NetIQ eDirectory 9.0.3 Host Environment
    >
    > --------------------


    Oddly the changelog facility is dxevent. However, I think it gets
    renamed to cldxevent or somesuch and seeing dxevent makes me wonder if
    this server ever had IDM engine installed on it? they cannot coexist as
    of previous versions. (Maybe that changed?)


  • xclldap is the one I think you mean, Geoffrey, and it is present but not
    loaded.

    I would probably go into ndstrace, as shown below, to try to load it
    manually to see if you can get any interesting messages:


    ndstrace
    set dstrace=nodebug
    dstrace time tags dxml dbg
    dstrace file on
    set dstrace=*r
    load xclldap
    dstrace file off
    quit


    The (default) path of the resulting file is
    /var/opt/novell/eDirectory/log/ndstrace.log so please post the results here.

    Also I see you have xdasauditds loaded; as you using that for auditing, or
    did you set it up manually to load? Have you tried having it unloaded
    when you try to get the changelog module working?

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.
  • On 2/21/2018 8:28 AM, ab wrote:
    > xclldap is the one I think you mean, Geoffrey, and it is present but not
    > loaded.
    >
    > I would probably go into ndstrace, as shown below, to try to load it
    > manually to see if you can get any interesting messages:


    That is good advice.

    I have had issues with jvmload.so fails to load, causing vrdim to fail
    to load, which your approach of traceing everything, trying to load it,
    looking at the logs.

    Wish that error bubbled up higher, automatically.


  • Maybe it does, but it would be on the remote side, probably in ndsd.log;
    that may be something else for seba4 to check on that side. Maybe schema
    is not extended, and maybe that matters (I do not know that it does).

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.
  • On 2/21/2018 10:16 AM, ab wrote:
    > Maybe it does, but it would be on the remote side, probably in ndsd.log;
    > that may be something else for seba4 to check on that side. Maybe schema
    > is not extended, and maybe that matters (I do not know that it does).


    Do you recall if they fixed the issue that if IDM had been installed in
    the server or maybe it was tree, you could not run the changelog? My
    recollection is that the DirXml-Driverset association to a server is on
    the Pseudo server object, not accessible to mere mortals, and thus
    causes an issue when the modified dxevent of changelog tries to load.

    Or somesuch...


  • On 02/21/2018 08:27 AM, Geoffrey Carman wrote:
    > Do you recall if they fixed the issue that if IDM had been installed in
    > the server or maybe it was tree, you could not run the changelog? My
    > recollection is that the DirXml-Driverset association to a server is on
    > the Pseudo server object, not accessible to mere mortals, and thus causes
    > an issue when the modified dxevent of changelog tries to load.


    As far as I know you still cannot run the Changelog piece on the same box
    as an IDM engine, and I believe that makes sense and is by design. Is
    that what you mean? I think you probably could run the changelog piece
    elsewhere in the tree, so long as it is in another install of eDirectory
    (I do not know that you could have two instances from one install where
    one is the engine and the other has the Changelog piece since they are
    both seem to be auto-loaded at startup).

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.
  • Ok now xclldap is running but i still get same error at the driver.

    Nothing special inside log files.


    dsfw:/var/opt/novell/eDirectory/log # ndstrace -c modules

    [1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: dsfw.OU=OESSystemObjects.O=genlan.GENLAN-TREE

    dstrace Not Loaded Trace For NetIQ eDirectory 9.0.3
    xdasauditds Not Loaded
    ssncp Not Loaded
    snmpinst Not Loaded
    repair Not Loaded
    pkiinst Not Loaded
    password-plugin Not Loaded
    nmasldap Running
    nmasinst Not Loaded
    ndsinfo Not Loaded
    ndsclone Not Loaded Directory Clone Agent For NetIQ eDirectory 9.0.3
    ncpns Not Loaded
    merge Not Loaded
    lsss Running
    ldapxs Running
    lburp Running
    krbpwd Not Loaded
    ebassl_srv Not Loaded
    ebasrv Not Loaded
    dxevent Running
    dsr Not Loaded
    dsi Not Loaded
    dsbk Not Loaded
    backupcr Running
    xclldap Running
    samspm Running
    sasl Running [ nldap ]
    pkiserver Running
    sss Running [ ssldp ]
    ssldp Running [ nldap ]
    spmdclnt Running
    nmas Running [ sasl ]
    embox Running
    imon Running
    nldap Running LDAP Agent for NetIQ eDirectory 9.0.3
    hconserv Running HTTP Console Server For NetIQ eDirectory 9.0.3
    snmp Running SNMP Trap Server for NetIQ eDirectory 9.0.3
    gams Running
    niciext Running
    httpstk Running HTTP Protocol Stack For NetIQ eDirectory 9.0.3 [ nds hconserv imon embox ]
    nds Running Directory Agent For NetIQ eDirectory 9.0.3
    masv Running [ gams ]
    dsloader Running [ httpstk hconserv nldap ]
    dhlog Running DHost message logging module for NetIQ eDirectory 9.0.3
    ncpengine Running
    ndsd Running NetIQ eDirectory 9.0.3 Host Environment


    I have even stopped xdasauditds.



    dsfw:/var/opt/novell/eDirectory/log # cat ndsd.log



    dsfw:/var/opt/novell/eDirectory/log # cat ndstrace.log
    2199746304 DBG : [2018/02/22 9:12:37.218] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2199746304 DBG : [2018/02/22 9:12:37.493] SAM: [00008dfe] <.nam-proxy.Config.genlan.GENLAN-TREE.>: object type is SamClassUser
    2316269312 DBG : [2018/02/22 9:12:37.661] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2316269312 DBG : [2018/02/22 9:12:37.662] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2201851648 DBG : [2018/02/22 9:12:39.004]
    ARCBackGroundResolveTimerThread started Interval = 60 MaxWait = 180000
    2201851648 DBG : [2018/02/22 9:12:39.004] ARCBackGroundResolveTimerThread completed in 0 seconds
    2-total timers 0-stale timers 0-timers updated
    2316269312 DBG : [2018/02/22 9:12:53.215] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2187036416 DBG : [2018/02/22 9:12:53.239] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2187036416 DBG : [2018/02/22 9:12:53.239] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2201851648 DBG : [2018/02/22 9:13:05.198] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2187036416 DBG : [2018/02/22 9:13:05.235] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2187036416 DBG : [2018/02/22 9:13:05.235] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2187036416 DBG : [2018/02/22 9:13:09.189] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2197640960 DBG : [2018/02/22 9:13:09.252] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
    2197640960 DBG : [2018/02/22 9:13:09.252] SAM: Objecttype is unknown [00008032] <.genlan.GENLAN-TREE.> 8032
  • Should i post complete Driver logs when i start the driver?