On the changelog side nothing actually happens. I deleted the whole configuration and cache files there and those files were not re-ccreated.
Diving deeper into it, I found that it is an LDAPS negotiation problem. The driver was configured to "Always trust the certificate" but for one or the other reason the temporay keystore was not created. The hint to this issue is coming up at the time the driver is stopped.
[03/07/18 07:11:40.772]:LegacyNDS ST:LegacyNDS: EdirPublisher.stop() : Unexpected error occured while stopping driver. Reason : Other [03/07/18 07:11:40.773]:LegacyNDS ST:LegacyNDS: Cleaning up auto keystore : eDir2eDir-972304D5-91CB-4055-12BF-D5042397CB91.keystore
During runtime there is not such a file created! As long as I understood from one or the other article this file should be available!
The only way I found to start the updated eDirectory drivers again, was to re-configure the drivers to use a individual keystore. This keystore must contain the trusted root CA certificates from the CA chain used to singn the remote's server LDAP certificate.
Even strange: I was only able to stert the driver with the individual keystore configured - putting the same CA certificates to the keystore of the engines JRE (/opt/novell/eDirectory/lib64/nds-module/(jre/lib/security/cacerts) did not help to start the drivers.
I have an open SR on this issue, but I wanted to check if anybody else had run into this one. In this case, did you found an other solution?
I can confirm the problem. See LDAP Trace: [04/25/18 13:54:46.979]:NATDIREXT ST:NATDIREXT: OpenLDAPConnection - Connect to the server [04/25/18 13:54:46.980]:NATDIREXT ST:NATDIREXT: Error occured while getting socket factory. Reason : null [04/25/18 13:54:46.982]:NATDIREXT ST:NATDIREXT: EdirPublisher.stop() : Unexpected error occured while stopping driver. Reason : Other [04/25/18 13:54:46.982]:NATDIREXT ST:NATDIREXT: Cleaning up auto keystore : eDir2eDir-0E51D475-54CA-4132-A199-75D4510ECA54.keystore
We also used the option "Always trust the certificate".
I changed the config value to the engine certificate store located under /opt/netiq/common/jre/lib/security.
After changing to this configuration the driver was able to establish an ldap connection to the remote tree with the changelog module.