• State Not Answered
  • Replies replies
    3
  • Subscribers subscribers
    17
  • Views views
    285
  • Users 0 members are here
Related Discussions
Options

Identity Console - LDAP Password Error

skoehler

Hi, I have installed an Identity Console (without OSP Integration for start) but get the following error when starting the service (seen in edirapi.log)

{"ldapBind":"cn=svc-eDir-Admin1,ou=eDir,o=System","ldapServer":"MyServer:636","level":"fatal","msg":"LDAP Result Code 206 \"Empty password not allowed by the client\": ldap: empty password not allowed by the client","time":"Tuesday, 09-Nov-21 18:40:10 CET"}

I did set the password with 

su - nds -c "LD_LIBRARY_PATH=/opt/novell/lib64/:/opt/novell/eDirectory/lib64/:/opt/netiq/common/openssl/lib64/ /opt/novell/eDirAPI/sbin/passwdstore -a cn=svc-eDir-Admin1,ou=eDir,o=System -w Password"

Successfully written the password of svc-edir-admin1,edir,system to the local secret config file

and I see some files in /var/opt/novell/nici/<ID where nds:nds is owner>/

  • Is it OK that passwdstore confirms in typeless LDAP (looks strange)
  • How can I verify if I have a stored password for my User DN?
    • Are there some nici tools I can use to query the secret files?
    • How can I remove a password entry from the secret files?
    • How can I update my password in the secret files?
  • What else can I do or check to make my config work? For now, the service won't start:

systemctl status netiq-identityconsole.service

netiq-identityconsole.service - Identity Console service
Loaded: loaded (/usr/lib/systemd/system/netiq-identityconsole.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2021-11-09 18:40:10 CET; 7s ago
Process: 5518 ExecStart=/opt/novell/eDirAPI/sbin/edirapi -config /etc/opt/novell/eDirAPI/conf/edirapi.conf (code=exited, status=1/FAILURE)
Main PID: 5518 (code=exited, status=1/FAILURE)

Nov 09 18:40:10 sranel151 systemd[1]: Started Identity Console service.
Nov 09 18:40:10 sranel151 systemd[1]: netiq-identityconsole.service: Main process exited, code=exited, status=1/FAILURE
Nov 09 18:40:10 sranel151 systemd[1]: netiq-identityconsole.service: Unit entered failed state.
Nov 09 18:40:10 sranel151 systemd[1]: netiq-identityconsole.service: Failed with result 'exit-code'.

Thanks in advance

Steffen

  • 0

    The above error seems to go along with this error message, seen when starting the service via su - nds and /opt/novell/eDirAPI/sbin/edirapi -config /etc/opt/novell/eDirAPI/conf/edirapi.conf:

    panic: runtime error: makeslice: len out of range

    goroutine 1 [running]:
    edirapi/localsecret.GetLocalSecret(0xc0000aea60, 0x1b, 0xc0000aea60, 0x1b)
    /home/n4u_cm/jenkins4/workspace/edirapi_trunk-5XGEFNAY22VID53QLQWBWFQ6AJIVJG6A5IP4GZN36OXRVXSDRULQ/build/src/edirapi/localsecret/localsecret.go:97 +0x10c
    edirapi/handlers/schema.InitializeSchemaConnection()
    /home/n4u_cm/jenkins4/workspace/edirapi_trunk-5XGEFNAY22VID53QLQWBWFQ6AJIVJG6A5IP4GZN36OXRVXSDRULQ/build/src/edirapi/handlers/schema/attributesHandler.go:100 +0x269
    main.common(0x89116d, 0x0, 0x0)
    /home/n4u_cm/jenkins4/workspace/edirapi_trunk-5XGEFNAY22VID53QLQWBWFQ6AJIVJG6A5IP4GZN36OXRVXSDRULQ/build/src/edirapi/main_common.go:301 +0x199
    main.main()
    /home/n4u_cm/jenkins4/workspace/edirapi_trunk-5XGEFNAY22VID53QLQWBWFQ6AJIVJG6A5IP4GZN36OXRVXSDRULQ/build/src/edirapi/main_linux.go:55 +0xd9

  • 0
    in reply to skoehler

    Did you ever get any answer on your password error?

    I did a fresh install of Identity Console and I'm getting an LDAP password error as well, but it looks like invalid credentials (-669).  I was pretty sure I put them in right.  I tried to use passwdstore to set it again and I verified the password using ldapsearch.  So I opened a case.  And get this.  Support says there is NO WAY to change the password of the account used for Identity Console.  You must UNINSTALL the product and then REINSTALL it.  Seriously?  Whose ingenious design was that one?  Can anyone confirm?

    Also, what exact rights does this user need?  There is nothing in the documentation on it.

    I've installed it a few time elsewhere and so far I'm pretty underwhelmed by Identity Console.  But Micro Focus is sending end of life emails about iManager out so I think we're going to have to use it.

    Matt

  • 0
    in reply to Matt Weisberg

    Matt,

    Could you please share the support ticket number with me over email?

    Abhishek

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.