Common Proxy Repair Script for OES2018, OES2015, and OES11



I recommend running this script if you have services that are failing to start due to authentication, or if you suspect an issue with the Common Proxy User, such as missing user or incorrect password.


The Common Proxy Repair script checks and fixes all aspects of the Common Proxy user including:

  • Common Proxy user is set in /etc/opt/novell/proxymgmt/proxy_users.conf
  • Common Proxy credentials are set in CASA
  • Common Proxy credentials for OES services (stored in CASA or file)
  • Common Proxy User exists in edir
  • Common Proxy User does not have Intruder Lockout
  • Common Proxy Universal Password Policy exists
  • Common Proxy User is assigned to Common Proxy UP Policy
  • Proxy user setting in /etc/sysconfig/novell/ files
  • script is in crontab

Executing this script on a working system is not harmful as long as the correct user is selected/specified.

See /var/log/common-proxy-fix.log for debug messages



Usage: -u ADMIN_DN [options]
-u ADMIN_DN Admin username in LDAP syntax (required)
-w ADMIN_PASS Admin password
-h LDAPS_IP LDAPS IP, default is
-p LDAPS_PORT LDAPS port, default is 636
-f SERVICE_LIST Comma separated list of services to force config for CASA

Example: -u cn=admin,o=org
Example: -u cn=admin,o=org -w P@ssw0rd
Example: -u cn=admin,o=org -h -p 1636
Example: -u cn=admin,o=org -f cifs,dns,dhcp


Sample Output:


pluto:~ # -u cn=admin,o=mf

Logging to /var/log/common-proxy-fix.log . . .

Enter password for cn=admin,o=mf:
Verifying authentication for ADMIN_DN....SUCCESS

Retrieving Common Proxy username and,ou=servers,o=mf
Retrieving CIFS username and,o=mf
Retrieving AFP username and,ou=servers,o=mf
Retrieving DNS username and,ou=servers,o=mf
Retrieving DHCP username and password............FAILURE
Retrieving LUM username and,ou=servers,o=mf

/etc/opt/novell/proxymgmt/proxy_users.conf is empty

1) Default Common Proxy User: cn=OESCommonProxy_pluto,ou=servers,o=mf (in eDir)
2) Common Proxy set in CASA: cn=OESCommonProxy_pluto,ou=servers,o=mf (in eDir)
3) Common Proxy set in CONF:
4) Enter Common Proxy Username

Select the correct CP Username (1/2/3/4/q): 2

Checking Common Proxy UP Policy....SUCCESS
Verifying authentication with the existing common proxy password....SUCCESS
Assigning Common Proxy User to Common_Proxy_Policy....SUCCESS
Adding user to /etc/opt/novell/proxymgmt/proxy_users.conf....SUCCESS
Checking Crontab for

Setting credentials for cifs....username does not match

Setting credentials for afp....ALREADY SET

Setting credentials for dns....ALREADY SET

dhcp is installed, but credentials were not found.
Force dhcp credentials into CASA using CASAcli? (y/n): y
Forcing CASA credentials for dhcp using CASAcli....SUCCESS

Not setting credentials for ifolder....not installed

Not setting credentials for netstorage....not installed

Not setting credentials for ncs....not installed

Setting credentials for lum....ALREADY SET

Log File: /var/log/common-proxy-fix.log



Version 1.6

  • Added "-o ldif-wrap=no" to ldapsearch to prevent wrapping, which caused problems with long object paths

Version 1.5

  • Added the -P option to not check or fix the Universal Password Policy
  • "-f lum" is now needed to set the lum creds, since they are not set on a server by default

Version 1.4

  • Improved the common proxy user selection interface
  • A few other minor improvements

Version 1.3

  • Fixed a small issue with the Default Common Proxy Name
  • Added additional handling for /etc/sysconfig/novell/ files

Version 1.2

  • The proxy user is now updated in the files in /etc/sysconfig/novell/
  • Added additional checking for the common proxy user in eDirectory

Version 1.1

  • Added checking for Intruder Lockout
  • Added additional checking for Common Proxy UP Policy


How To-Best Practice
Support Tip
Comment List
  •   in reply to jlodom

    Good afternoon, 

    If you need the script please just let me know I have version 1.4 and 1.5 as needed. 

    Thank you, 


  • Is this script still available? I cannot see it for download on the page.


    I will review the logic for the script, but I'm not sure there will be an easy way for the script to know if the Common Proxy user is properly configured when assigned to a non-default Universal Password Policy.


    Good afternoon, 


    My customer has been using this script to fix Common Proxy User issues. However; they have a Common Proxy Policy for each site so for example, Common_ Proxy_policy.Sitename.region.tree so when the script runs it attempts to put the user back in the top level Policy, and we would like to keep it in the site policy. Is that possible. 

    Thank you,