Problem running diagpwd

Hi!

We need to troubleshoot some universal password errors but having problems running diagpwd utility.

eDirectory runs on OES 24.1 (eDirectory 9.2.8) and when running we get following error:

# diagpwd <serverIP> 636 /etc/opt/novell/certs/SSCert.pem <LDAP DN of user to check> base <LDAP DN of admin account>

ERROR -1 ldap_simple_bind_s
Segmentation fault (core dumped)

Please note that:

- LDAP authentication on that server works without any problems

- LDAP SSL certificate has not expired

- LDAP SSL certificate has both DNS and IP as SAN

- We get same error if we use serverDNS name instead of serverIP whe running diagpwd

diagpwd -v returns "diagpwd version 5"

We tested that on multiple servers in same tree with same result, so either we are using utility wrong way or there is something wrong with that version of diagpwd.

Any help appreciated Blush

Kind regards,

Sebastijan

PS: Just for info, on OES servers diagpwd is automatically installed by edirectory-oes-nmas-ldap-extensions-client-9.2.8-150400.1.46.x86_64 package

Kind regards,

Sebastijan

If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

Parents
  • 0

    Hi Seb

    I am having a similar issue today (without the core dump) not got to the bottom of it yet.

    I did however note that you are using a PEM and not a DER

    diagpwd usage: <ldap ip addr> <ssl port> <der file> <searchBase> <searchScope> <bind DN> [<bind Pwd>] [<-t>]

    HTH

    Tim

    (See you in Amberg?)

Reply
  • 0

    Hi Seb

    I am having a similar issue today (without the core dump) not got to the bottom of it yet.

    I did however note that you are using a PEM and not a DER

    diagpwd usage: <ldap ip addr> <ssl port> <der file> <searchBase> <searchScope> <bind DN> [<bind Pwd>] [<-t>]

    HTH

    Tim

    (See you in Amberg?)

Children
  • 0   in reply to 

    Hi Tim

    I did however note that you are using a PEM and not a DER

    Ha, interesting, completely missed that in documentation (obviously getting old - and I thought I will become wiser, not more careless... Sweat smile).

    Anyway, I need to check if that removes segmentation fault.

    Regarding universal password problem, colleague reminded me of very nice universal password features of Console2 (I can only say kudos to  , a "must" tool for any IDM developer), so I have not spent any more time on troubleshooting diagpwd.

    Kind regards

    Sebastijan

    (See you in Amberg?)

    Unfortunately not this year, Amberg this year overlaps with some of my other responsibilities that I cannot ditch (although I'd like to...). But sending two of my colleagues there.

    Kind regards,

    Sebastijan

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button