Highlighted
tschloesser
New Member.
956 views

Possible bug in IDM 4.7 eDirectory Driver

After upgrading the first environment to eDir 9.1 and IDM 4.7 I found, the eDir driver would not be able to be started.

In this case the only meaningful information on the driver trace is:

[03/07/18 07:11:40.233]:LegacyNDS ST:LegacyNDS: Error occured while getting socket factory. Reason : null

On the changelog side nothing actually happens. I deleted the whole configuration and cache files there and those files were not re-ccreated.

Diving deeper into it, I found that it is an LDAPS negotiation problem. The driver was configured to "Always trust the certificate" but for one or the other reason the temporay keystore was not created. The hint to this issue is coming up at the time the driver is stopped.

[03/07/18 07:11:40.772]:LegacyNDS ST:LegacyNDS: EdirPublisher.stop() : Unexpected error occured while stopping driver. Reason : Other
[03/07/18 07:11:40.773]:LegacyNDS ST:LegacyNDS: Cleaning up auto keystore : eDir2eDir-972304D5-91CB-4055-12BF-D5042397CB91.keystore


During runtime there is not such a file created! As long as I understood from one or the other article this file should be available!

The only way I found to start the updated eDirectory drivers again, was to re-configure the drivers to use a individual keystore. This keystore must contain the trusted root CA certificates from the CA chain used to singn the remote's server LDAP certificate.

Even strange: I was only able to stert the driver with the individual keystore configured - putting the same CA certificates to the keystore of the engines JRE (/opt/novell/eDirectory/lib64/nds-module/(jre/lib/security/cacerts) did not help to start the drivers.

I have an open SR on this issue, but I wanted to check if anybody else had run into this one. In this case, did you found an other solution?

Kind regards,

Thorsten
Labels (1)
0 Likes
7 Replies
lehlert Regular Contributor.
Regular Contributor.

Re: Possible bug in IDM 4.7 eDirectory Driver

Hello Thorsten,

I can confirm the problem.
See LDAP Trace:
[04/25/18 13:54:46.979]:NATDIREXT ST:NATDIREXT: OpenLDAPConnection - Connect to the server
[04/25/18 13:54:46.980]:NATDIREXT ST:NATDIREXT: Error occured while getting socket factory. Reason : null
[04/25/18 13:54:46.982]:NATDIREXT ST:NATDIREXT: EdirPublisher.stop() : Unexpected error occured while stopping driver. Reason : Other
[04/25/18 13:54:46.982]:NATDIREXT ST:NATDIREXT: Cleaning up auto keystore : eDir2eDir-0E51D475-54CA-4132-A199-75D4510ECA54.keystore

We also used the option "Always trust the certificate".

I changed the config value to the engine certificate store located under /opt/netiq/common/jre/lib/security.

After changing to this configuration the driver was able to establish an ldap connection to the remote tree with the changelog module.

Do you have a news update your SR?


Regards,
Lutz
0 Likes
tschloesser
New Member.

Re: Possible bug in IDM 4.7 eDirectory Driver

Hello Lutz,

so far I received no news on this issue - only that a bug was logged in. So let_s hope the next version of the driver will fix this!

Kind regards,

Thorsten
0 Likes
rmkreddy Absent Member.
Absent Member.

Re: Possible bug in IDM 4.7 eDirectory Driver

This issue is fixed in 4.0.5 version of the driver.

https://download.microfocus.com/Download?buildid=sidmnw1tqbk~

Regards,
Mahesh

tschloesser
New Member.

Re: Possible bug in IDM 4.7 eDirectory Driver

Hi Mahlesh,

meanwhile I updated the driver and the issue reported here is solved - anyway there is a new one: The DirXML-DriveVersion attriburte is not updated anymore!

Today talking to a temamate he reported, that one of his customer has got an updated driver fixing this issue. Do you know if we can expect another official update for the DirverVersion issue soon?




Kind regards
0 Likes
rmkreddy Absent Member.
Absent Member.

Re: Possible bug in IDM 4.7 eDirectory Driver

Yes. This issue will be fixed in the next driver update. I am not sure about the timeline though.

Regards,
Mahesh

0 Likes
mreddy2 Contributor.
Contributor.

Re: Possible bug in IDM 4.7 eDirectory Driver

You can all update information on inside the packages ,

>Right click the driver> Properties>  Packages > you see Available tab (If any update it shows )

0 Likes
dbuschke Super Contributor.
Super Contributor.

Re: Possible bug in IDM 4.7 eDirectory Driver

Hi,

I have the same issue on the newest driver 4.0.7.0 (2019-06-12) on IDM 4.7.2.

Can someone else confirm? BTW: Looks like ldap driver is also effected.

regards
Daniel

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.