Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
matt4 Honored Contributor.
Honored Contributor.
1651 views

Cannot deploy drivers on added server

I have an existing environment with IdM 4.6.2 on eDir 9.0.4 running on SLES 11 SP3. I've just added a new server the tree running eDir 9.1.1 and IdM 4.7.1 on RHEL 7.5. I've added the new server to the existing IdM driver set which is running on the IdM 4.6/eDir 9.0.4/SLES 11 SP3 server. Now I am trying to move drivers one-by-one onto the new sever. I can add the new server to the driver set and copy the server specific parameters, but when I go to deploy the driver from Designer, I get a series of errors that say:

The resource object named 'cn=myserver,o=o' cannot be found in the eDirectory tree.

Where cn=myserver,o=o is the actual new server. I get that about a dozen times. I also get two errors that say:

The <unknown item> object named 'NOVLADPWDSYNC-GCVs' could not be created.
The <unknown item> object named 'NOVLADDCFG-GCVs' could not be created.


The most (but not all) of the GCVs are missing on the new server.

I even tried doing a simple driver, the Work Order driver, and I get the same problem with the GCVs.

Any ideas how to get around this or what I'm missing here?

Thanks.

Matt
Labels (1)
0 Likes
12 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Cannot deploy drivers on added server

Are you using Designer 4.7, which is an LDAP version of Designer, or are
you still using a 4.6 version of Designer which may be using NDAP? Once
you go to 4.7, you must use Designer 4.7 which is LDAP-only, where there
were two different builds in 4.6 (the traditional NDAP/NCP one, and a new
LDAP one that few people used much, or so it seems).


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
matt4 Honored Contributor.
Honored Contributor.

Re: Cannot deploy drivers on added server

ab;2486920 wrote:
Are you using Designer 4.7, which is an LDAP version of Designer, or are
you still using a 4.6 version of Designer which may be using NDAP? Once
you go to 4.7, you must use Designer 4.7 which is LDAP-only, where there
were two different builds in 4.6 (the traditional NDAP/NCP one, and a new
LDAP one that few people used much, or so it seems).


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.



4.7 (LDAP) version with latest patches/updates.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Cannot deploy drivers on added server

I assume you have LDAP access, right? I've helped one client so far as
they used the new Designer and did not realize the firewall team did not
have allowance for LADPS access while they did for NCP, thus LDAP Designer
failed and the older one still worked.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
matt4 Honored Contributor.
Honored Contributor.

Re: Cannot deploy drivers on added server

ab;2486923 wrote:
I assume you have LDAP access, right? I've helped one client so far as
they used the new Designer and did not realize the firewall team did not
have allowance for LADPS access while they did for NCP, thus LDAP Designer
failed and the older one still worked.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.



Yes, all the obvious has been checked. I was able to deploy a new null driver no problem on the new server.

I'm stumped here as to how to get around this problem.

Matt
0 Likes
Knowledge Partner
Knowledge Partner

Re: Cannot deploy drivers on added server

On 9/4/2018 2:14 PM, matt wrote:
>
> ab;2486923 Wrote:
>> I assume you have LDAP access, right? I've helped one client so far as
>> they used the new Designer and did not realize the firewall team did
>> not
>> have allowance for LADPS access while they did for NCP, thus LDAP
>> Designer
>> failed and the older one still worked.
>>
>> --
>> Good luck.
>>
>> If you find this post helpful and are logged into the web interface,
>> show your appreciation and click on the star below.
>>
>> If you want to send me a private message, please let me know in the
>> forum as I do not use the web interface often.

>
>
> Yes, all the obvious has been checked. I was able to deploy a new null
> driver no problem on the new server.
>
> I'm stumped here as to how to get around this problem.


I had something similar and it looked like the Server object in my
project was goofy. So I deleted the server (Lost all server specific
info) and remiported it from the tree, then brought in the drivers
(Server Specific stuff) and then was able to deploy.

(So copy your project first before deleting the server , since fixing it
is a pain if it does not help).

0 Likes
matt4 Honored Contributor.
Honored Contributor.

Re: Cannot deploy drivers on added server

geoffc;2486927 wrote:
On 9/4/2018 2:14 PM, matt wrote:
>
> ab;2486923 Wrote:
>> I assume you have LDAP access, right? I've helped one client so far as
>> they used the new Designer and did not realize the firewall team did
>> not
>> have allowance for LADPS access while they did for NCP, thus LDAP
>> Designer
>> failed and the older one still worked.
>>
>> --
>> Good luck.
>>
>> If you find this post helpful and are logged into the web interface,
>> show your appreciation and click on the star below.
>>
>> If you want to send me a private message, please let me know in the
>> forum as I do not use the web interface often.

>
>
> Yes, all the obvious has been checked. I was able to deploy a new null
> driver no problem on the new server.
>
> I'm stumped here as to how to get around this problem.


I had something similar and it looked like the Server object in my
project was goofy. So I deleted the server (Lost all server specific
info) and remiported it from the tree, then brought in the drivers
(Server Specific stuff) and then was able to deploy.

(So copy your project first before deleting the server , since fixing it
is a pain if it does not help).


Unfortunately that did not work.

Matt
0 Likes
Knowledge Partner
Knowledge Partner

Re: Cannot deploy drivers on added server

On 9/4/2018 4:44 PM, matt wrote:
>
> geoffc;2486927 Wrote:
>> On 9/4/2018 2:14 PM, matt wrote:
>>>
>>> ab;2486923 Wrote:
>>>> I assume you have LDAP access, right? I've helped one client so far

>> as
>>>> they used the new Designer and did not realize the firewall team did
>>>> not
>>>> have allowance for LADPS access while they did for NCP, thus LDAP
>>>> Designer
>>>> failed and the older one still worked.
>>>>
>>>> --
>>>> Good luck.
>>>>
>>>> If you find this post helpful and are logged into the web interface,
>>>> show your appreciation and click on the star below.
>>>>
>>>> If you want to send me a private message, please let me know in the
>>>> forum as I do not use the web interface often.
>>>
>>>
>>> Yes, all the obvious has been checked. I was able to deploy a new

>> null
>>> driver no problem on the new server.
>>>
>>> I'm stumped here as to how to get around this problem.

>>
>> I had something similar and it looked like the Server object in my
>> project was goofy. So I deleted the server (Lost all server specific
>> info) and remiported it from the tree, then brought in the drivers
>> (Server Specific stuff) and then was able to deploy.
>>
>> (So copy your project first before deleting the server , since fixing
>> it
>> is a pain if it does not help).

>
> Unfortunately that did not work.


Drat. There is a Designer log file somewhere in the Workspace
directory... Forget where that might have some hints there.


0 Likes
Knowledge Partner
Knowledge Partner

Re: Cannot deploy drivers on added server

One of the reported bugs for Designer 4.7.1.
Designer loses connectivity and not able to deploy driver to the server. Connectivity recovered after the Designer restart.

Dev did dupe the issue. It will be fixed in 4.7.1.1.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Cannot deploy drivers on added server

al_b;2487074 wrote:
One of the reported bugs for Designer 4.7.1.
Designer loses connectivity and not able to deploy driver to the server. Connectivity recovered after the Designer restart.

Dev did dupe the issue. It will be fixed in 4.7.1.1.


A number of similar bugs open Bugzilla.
My case: Bug 1103905 - Designer loses connection to Vault during deploy
Status: RESOLVED FIXED

Other similar bugs: 1100414, 1101051
0 Likes
matt4 Honored Contributor.
Honored Contributor.

Re: Cannot deploy drivers on added server

geoffc;2486941 wrote:
On 9/4/2018 4:44 PM, matt wrote:
>
> geoffc;2486927 Wrote:
>> On 9/4/2018 2:14 PM, matt wrote:
>>>
>>> ab;2486923 Wrote:
>>>> I assume you have LDAP access, right? I've helped one client so far

>> as
>>>> they used the new Designer and did not realize the firewall team did
>>>> not
>>>> have allowance for LADPS access while they did for NCP, thus LDAP
>>>> Designer
>>>> failed and the older one still worked.
>>>>
>>>> --
>>>> Good luck.
>>>>
>>>> If you find this post helpful and are logged into the web interface,
>>>> show your appreciation and click on the star below.
>>>>
>>>> If you want to send me a private message, please let me know in the
>>>> forum as I do not use the web interface often.
>>>
>>>
>>> Yes, all the obvious has been checked. I was able to deploy a new

>> null
>>> driver no problem on the new server.
>>>
>>> I'm stumped here as to how to get around this problem.

>>
>> I had something similar and it looked like the Server object in my
>> project was goofy. So I deleted the server (Lost all server specific
>> info) and remiported it from the tree, then brought in the drivers
>> (Server Specific stuff) and then was able to deploy.
>>
>> (So copy your project first before deleting the server , since fixing
>> it
>> is a pain if it does not help).

>
> Unfortunately that did not work.


Drat. There is a Designer log file somewhere in the Workspace
directory... Forget where that might have some hints there.



Well I figured it out. You're never gonna believe what the issues was.

So the new server is running a non-root instance of eDirectory (the old server was traditional root install). This means LDAP on this server is on port 1636. I do have an iptables redirect that redirects 636 to 1636 though for ease of use.

My Designer was configured to talk to the server on 636. What I didn't realize is that for ONLY the server specific settings, Designer appears to read the server object (or maybe the LDAP server settings?) to find the connection info for the server. It read that as being on port 1636. So when it went to deploy GCVs or other server specific settings, it switched to LDAP over 1636 instead of 636.

Well, unbeknownst to me, port 1636 was not open on my VPN connection. It was blocked by a firewall. So Designer could not make the connection. Once I got the firewall changed, presto, everything worked perfectly.

The only other bad thing that happened is that during all the troubleshooting, I had re-deployed everything, including some RBE policies (this site still uses the old role-based entitlement policies). Well, for some reason, this wiped out the DirXML-EntitlementRef attribute on the entitlement policies. So even though in iManager and Designer it looked like the Entitlements were still on the policies, they were not. So this caused some users to not get entitlements (and then in my troubleshooting, I re-evaluated entitlements for a whole bunch of users and ended up wiping out their access to some things.. whoops!). The easy fix was just to remove the entitlements in iManager and re-add them.

I keep tripping up on more and more issues with non-root instances of eDir it seems!

Matt
0 Likes
Knowledge Partner
Knowledge Partner

Re: Cannot deploy drivers on added server

On 9/10/2018 9:14 PM, matt wrote:
>
> geoffc;2486941 Wrote:
>> On 9/4/2018 4:44 PM, matt wrote:
>>>
>>> geoffc;2486927 Wrote:
>>>> On 9/4/2018 2:14 PM, matt wrote:
>>>>>
>>>>> ab;2486923 Wrote:
>>>>>> I assume you have LDAP access, right? I've helped one client so

>> far
>>>> as
>>>>>> they used the new Designer and did not realize the firewall team

>> did
>>>>>> not
>>>>>> have allowance for LADPS access while they did for NCP, thus LDAP
>>>>>> Designer
>>>>>> failed and the older one still worked.
>>>>>>
>>>>>> --
>>>>>> Good luck.
>>>>>>
>>>>>> If you find this post helpful and are logged into the web

>> interface,
>>>>>> show your appreciation and click on the star below.
>>>>>>
>>>>>> If you want to send me a private message, please let me know in

>> the
>>>>>> forum as I do not use the web interface often.
>>>>>
>>>>>
>>>>> Yes, all the obvious has been checked. I was able to deploy a new
>>>> null
>>>>> driver no problem on the new server.
>>>>>
>>>>> I'm stumped here as to how to get around this problem.
>>>>
>>>> I had something similar and it looked like the Server object in my
>>>> project was goofy. So I deleted the server (Lost all server

>> specific
>>>> info) and remiported it from the tree, then brought in the drivers
>>>> (Server Specific stuff) and then was able to deploy.
>>>>
>>>> (So copy your project first before deleting the server , since

>> fixing
>>>> it
>>>> is a pain if it does not help).
>>>
>>> Unfortunately that did not work.

>>
>> Drat. There is a Designer log file somewhere in the Workspace
>> directory... Forget where that might have some hints there.

>
>
> Well I figured it out. You're never gonna believe what the issues was.
>
> So the new server is running a non-root instance of eDirectory (the old
> server was traditional root install). This means LDAP on this server is
> on port 1636. I do have an iptables redirect that redirects 636 to 1636
> though for ease of use.
>
> My Designer was configured to talk to the server on 636. What I didn't
> realize is that for ONLY the server specific settings, Designer appears
> to read the server object (or maybe the LDAP server settings?) to find
> the connection info for the server. It read that as being on port 1636.
> So when it went to deploy GCVs or other server specific settings, it
> switched to LDAP over 1636 instead of 636.
>
> Well, unbeknownst to me, port 1636 was not open on my VPN connection. It
> was blocked by a firewall. So Designer could not make the connection.
> Once I got the firewall changed, presto, everything worked perfectly.
>
> The only other bad thing that happened is that during all the
> troubleshooting, I had re-deployed everything, including some RBE
> policies (this site still uses the old role-based entitlement policies).
> Well, for some reason, this wiped out the DirXML-EntitlementRef
> attribute on the entitlement policies. So even though in iManager and
> Designer it looked like the Entitlements were still on the policies,
> they were not. So this caused some users to not get entitlements (and
> then in my troubleshooting, I re-evaluated entitlements for a whole
> bunch of users and ended up wiping out their access to some things..
> whoops!). The easy fix was just to remove the entitlements in iManager
> and re-add them.
>
> I keep tripping up on more and more issues with non-root instances of
> eDir it seems!


Well that is quite unexpected!

0 Likes
Knowledge Partner
Knowledge Partner

Re: Cannot deploy drivers on added server

geoffc;2487432 wrote:
On 9/10/2018 9:14 PM, matt wrote:
>
> geoffc;2486941 Wrote:
>> On 9/4/2018 4:44 PM, matt wrote:
>>>
>>> geoffc;2486927 Wrote:
>>>> On 9/4/2018 2:14 PM, matt wrote:
>>>>>
>>>>> ab;2486923 Wrote:
>>>>>> I assume you have LDAP access, right? I've helped one client so

>> far
>>>> as
>>>>>> they used the new Designer and did not realize the firewall team

>> did
>>>>>> not
>>>>>> have allowance for LADPS access while they did for NCP, thus LDAP
>>>>>> Designer
>>>>>> failed and the older one still worked.
>>>>>>
>>>>>> --
>>>>>> Good luck.
>>>>>>
>>>>>> If you find this post helpful and are logged into the web

>> interface,
>>>>>> show your appreciation and click on the star below.
>>>>>>
>>>>>> If you want to send me a private message, please let me know in

>> the
>>>>>> forum as I do not use the web interface often.
>>>>>
>>>>>
>>>>> Yes, all the obvious has been checked. I was able to deploy a new
>>>> null
>>>>> driver no problem on the new server.
>>>>>
>>>>> I'm stumped here as to how to get around this problem.
>>>>
>>>> I had something similar and it looked like the Server object in my
>>>> project was goofy. So I deleted the server (Lost all server

>> specific
>>>> info) and remiported it from the tree, then brought in the drivers
>>>> (Server Specific stuff) and then was able to deploy.
>>>>
>>>> (So copy your project first before deleting the server , since

>> fixing
>>>> it
>>>> is a pain if it does not help).
>>>
>>> Unfortunately that did not work.

>>
>> Drat. There is a Designer log file somewhere in the Workspace
>> directory... Forget where that might have some hints there.

>
>
> Well I figured it out. You're never gonna believe what the issues was.
>
> So the new server is running a non-root instance of eDirectory (the old
> server was traditional root install). This means LDAP on this server is
> on port 1636. I do have an iptables redirect that redirects 636 to 1636
> though for ease of use.
>
> My Designer was configured to talk to the server on 636. What I didn't
> realize is that for ONLY the server specific settings, Designer appears
> to read the server object (or maybe the LDAP server settings?) to find
> the connection info for the server. It read that as being on port 1636.
> So when it went to deploy GCVs or other server specific settings, it
> switched to LDAP over 1636 instead of 636.
>
> Well, unbeknownst to me, port 1636 was not open on my VPN connection. It
> was blocked by a firewall. So Designer could not make the connection.
> Once I got the firewall changed, presto, everything worked perfectly.
>
> The only other bad thing that happened is that during all the
> troubleshooting, I had re-deployed everything, including some RBE
> policies (this site still uses the old role-based entitlement policies).
> Well, for some reason, this wiped out the DirXML-EntitlementRef
> attribute on the entitlement policies. So even though in iManager and
> Designer it looked like the Entitlements were still on the policies,
> they were not. So this caused some users to not get entitlements (and
> then in my troubleshooting, I re-evaluated entitlements for a whole
> bunch of users and ended up wiping out their access to some things..
> whoops!). The easy fix was just to remove the entitlements in iManager
> and re-add them.
>
> I keep tripping up on more and more issues with non-root instances of
> eDir it seems!


Well that is quite unexpected!


It is unexpected, but it makes sense. They're replacing the NDAP direct access to server to update server specific / non-replicating data with an LDAP extension to do the same thing. They need to talk directly to the server, so what better way to do that than to get the server's address that it's listening on, and connect directly to it?

That's good to know. It'll probably come up again.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.