Greetings,
Just finished an upgrade from OES2023 to OES23.4 and patched to OES24.1.1. This server is our "Mater" server, meaning it holds the rootCA, all of the mater replicas for all of our partitions, roughly six partitions, SLP DA, main LDAP server, etc....
During the upgrade when it got to the LUM screen where it re-configures all of the service property's it displayed an error message.
""Unable to connect to LDAP server xxx.xxx.xxx.xxx or the specified user cn=admin,o=xxxxxxxx does not have enough privileges to configure Linux User Management. Error returned it 49:LDAP_INVALID_CREDENTIALS. Please correct the problem and re-run namconfig after the install. Other products dependant on LUM will also need to be reconfigured."
Attempting to reconfigure LUM in Yast post upgrade resulted in the same message. Running "namconfig -k" rebuilds the certificates in /var/lib/novell-lum/, but does resolve the issue, the namcd service has stopped, logs state that it cannot connect to preferred servers or alternate servers.
I have also recreated server certificates and checked the server ldap by ldapsearch tests, all without issue. I have gone through an ldap trace with ndstrace, only remarkable point was during the shutdown/restart of ldap during the trace was disconnect error messages, I am "assuming" that it is normal, but.....
LDAP Shut down on one connection:
3334125312 LDAP: [2024/04/11 5:53:34.806] Monitor 0xc6bab700 shutdown destroying connection 0xf65b920
3202348800 LDAP: [2024/04/11 5:53:34.806] (xxx.xxx.xxx.xxx:48916)(0x0000:0x00) nds_back_unbind: Connection 0xf65b920
3202348800 LDAP: [2024/04/11 5:53:34.806] Server closing connection 0xf65b920, reason = 52
3202348800 LDAP: [2024/04/11 5:53:34.806] (xxx.xxx.xxx.xxx:48916)(0x0000:0x77) Sending operation result 52:"":"" to connection 0xf65b920
3202348800 LDAP: [2024/04/11 5:53:34.806] (xxx.xxx.xxx.xxx:48916)(0x0000:0x00) TLS shutdown failure 5 on connection 0xf65b920, setting err = -5875. Error stack:
3202348800 LDAP: [2024/04/11 5:53:34.806] Connection 0xf65b920 closed
LDAP Start, appears well:
3267852032 LDAP: [2024/04/11 5:53:35.201] LDAP Agent for NetIQ eDirectory 9.2.8 (40209.00) started
3267852032 LDAP: [2024/04/11 5:53:35.201] Updating server configuration
3267852032 LDAP: [2024/04/11 5:53:35.201] Work info status: Total:2 Peak:2 Busy:0
2713712384 LDAP: [2024/04/11 5:53:35.374] Listener applying new configuration
2713712384 LDAP: [2024/04/11 5:53:35.374] LDAPURL: ldap://xxx.xxx.xxx.xxx:389
2713712384 LDAP: [2024/04/11 5:53:35.374] LDAPURL: ldaps://xxx.xxx.xxx.xxx:636
2713712384 LDAP: [2024/04/11 5:53:35.374] Listener setting up cleartext port 389
2713712384 LDAP: [2024/04/11 5:53:35.374] Listener setting up TLS port 636
2713712384 LDAP: [2024/04/11 5:53:35.375] SSLv3 disabled for secure LDAP connections.
2713712384 LDAP: [2024/04/11 5:53:35.375] TLSv1 disabled for secure LDAP connections.
2713712384 LDAP: [2024/04/11 5:53:35.375] TLSv1.1 disabled for secure LDAP connections.
2713712384 LDAP: [2024/04/11 5:53:35.375] TLS HIGH ciphers required for TLS connections
2713712384 LDAP: [2024/04/11 5:53:35.375] TLS initialization successfully completed
2713712384 LDAP: [2024/04/11 5:53:35.379] Server certificate or certificate(s) in the Trusted Root Container has changed
2713712384 LDAP: [2024/04/11 5:53:35.457] TLS configured successfully
2713712384 LDAP: [2024/04/11 5:53:35.457] LDAPURL: ldap://xxx.xxx.xxx.xxx:389
2713712384 LDAP: [2024/04/11 5:53:35.457] LDAPURL: ldaps://xxx.xxx.xxx.xxx:636
2713712384 LDAP: [2024/04/11 5:53:35.457] LDAPURL: ldap://xxx.xxx.xxx.xxx:389
2713712384 LDAP: [2024/04/11 5:53:35.457] LDAPURL: ldaps://xxx.xxx.xxx.xxx:636
2713712384 LDAP: [2024/04/11 5:53:35.457] Adding SASL module dependencies
2713712384 LDAP: [2024/04/11 5:53:35.457] SASL initialized successfully
2713712384 LDAP: [2024/04/11 5:53:35.457] SASL configured successfully
Current status of namcd:
systemctl status namcd.service
× namcd.service - Novell Linux User Management(LUM)
Loaded: loaded (/usr/lib/systemd/system/namcd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2024-04-11 07:55:01 CDT; 3min 15s ago
Docs: man:namcd
man:namconfig
Process: 22587 ExecStartPre=/usr/bin/rm -f /var/lib/novell-lum/.namcdloaded (code=exited, status=0/SUCCESS)
Process: 22588 ExecStartPre=/usr/bin/rm -f /var/lib/novell-lum/.namcdnotloaded (code=exited, status=0/SUCCESS)
Process: 22589 ExecStartPre=/usr/bin/rm -f /var/lib/novell-lum/.group_info.* (code=exited, status=0/SUCCESS)
Process: 22590 ExecStartPre=/usr/bin/rm -f /var/lib/novell-lum/.user_info.* (code=exited, status=0/SUCCESS)
Process: 22591 ExecStartPre=/usr/bin/rm -f /var/lib/novell-lum/.refresh_info (code=exited, status=0/SUCCESS)
Process: 22592 ExecStartPre=/usr/bin/rm -f /var/lib/novell-lum/.flush_check_file (code=exited, status=0/SUCCESS)
Process: 22593 ExecStart=/usr/sbin/namcd (code=exited, status=1/FAILURE)
Process: 22600 ExecStopPost=/usr/bin/rm -f /var/lib/novell-lum/.flush_check_file (code=exited, status=0/SUCCESS)
Apr 11 07:54:49 hcczen /usr/sbin/namcd[22594]: main: Created PID file: /var/run/novell-lum/namcd.pid
Apr 11 07:54:49 hcczen /usr/sbin/namcd[22594]: main: Language tables initialized
Apr 11 07:54:49 hcczen /usr/sbin/namcd[22594]: readConfigParameter: Base context = o=hazelden
Apr 11 07:54:53 hcczen namcd[22594]: ldap_initconn: LDAP bind failed to Preferred Server (error = [49]), trying to connect to alternative LDAP server
Apr 11 07:54:59 hcczen namcd[22594]: ldap_initconn: Unable to bind to alternative LDAP servers either, error [49].
Apr 11 07:54:59 hcczen namcd[22594]: main: init_pre_threads failed, err code is 206: Unknown error 206. Problem in namcd initialization, exiting...
Apr 11 07:55:01 hcczen /usr/sbin/namcd[22593]: daemonize: Parent Process: LUM has failed to start
Apr 11 07:55:01 hcczen systemd[1]: namcd.service: Control process exited, code=exited, status=1/FAILURE
Apr 11 07:55:01 hcczen systemd[1]: namcd.service: Failed with result 'exit-code'.
Apr 11 07:55:01 hcczen systemd[1]: Failed to start Novell Linux User Management(LUM).
Any help would be appreciated...
Thanks!