Problem running diagpwd

Hi!

We need to troubleshoot some universal password errors but having problems running diagpwd utility.

eDirectory runs on OES 24.1 (eDirectory 9.2.8) and when running we get following error:

# diagpwd <serverIP> 636 /etc/opt/novell/certs/SSCert.pem <LDAP DN of user to check> base <LDAP DN of admin account>

ERROR -1 ldap_simple_bind_s
Segmentation fault (core dumped)

Please note that:

- LDAP authentication on that server works without any problems

- LDAP SSL certificate has not expired

- LDAP SSL certificate has both DNS and IP as SAN

- We get same error if we use serverDNS name instead of serverIP whe running diagpwd

diagpwd -v returns "diagpwd version 5"

We tested that on multiple servers in same tree with same result, so either we are using utility wrong way or there is something wrong with that version of diagpwd.

Any help appreciated Blush

Kind regards,

Sebastijan

PS: Just for info, on OES servers diagpwd is automatically installed by edirectory-oes-nmas-ldap-extensions-client-9.2.8-150400.1.46.x86_64 package

Kind regards,

Sebastijan

If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

Parents Reply Children
  • 0   in reply to   

    No difference in the symptoms, even after confirming the path is set, and on a box I haven't tried this yet.

    and those ldd commands don't work for me either syntax

    ds2:~ # ldd diagpwd
    ldd: ./diagpwd: No such file or directory
    ds2:~ # ldd ./diagpwd
    ldd: ./diagpwd: No such file or directory

    ahh, that KB needs updating to include the path.    and both with or without that environment path set, both show
       libnmasext.so => /opt/novell/eDirectory/lib64/libnmasext.so (0x00007f9011a00000)

    something else is afoot.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

  • 0   in reply to   

    Please check a small addition for validity.. In the field I always have the issue that /etc/ssl/servercerts/ the certifcates have a problem for whatever reason. Please include in the KM to check the certificates with openssl that are in the path and also to check the certificates in the /kmocache directory before starting the diagnosis.

    Thanks

    George

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei