Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
Knowledge Partner
Knowledge Partner
303 views

dxcmd login via NCP fails, LDAP works - why?

Anyone with an idea to explain this:

 

 

root@idv47 $ dxcmd -user admin.sa.system -password myAdminPass

NetIQ Identity Manager Command Line Utility
version 4.7.3.0
Copyright (c) 2017 NetIQ Corporation. All Rights Reserved

Logging in using:
host: localhost/127.0.0.1:524
user: admin.sa.system
Using NDAP protocol
novell.jclient.JCException: login -669 ERR_FAILED_AUTHENTICATION
at novell.jclient.JCContext.login(Native Method)
at com.novell.nds.dirxml.util.DxCommand.jclientLogin(DxCommand.java:1161)
at com.novell.nds.dirxml.util.DxCommand.login(DxCommand.java:1109)
at com.novell.nds.dirxml.util.DxCommand.commandLine(DxCommand.java:556)
at com.novell.nds.dirxml.util.DxCommand.main(DxCommand.java:518)


root@idv47 $ dxcmd -user cn=admin,ou=sa,o=system -password myAdminPass

NetIQ Identity Manager Command Line Utility
version 4.7.3.0
Copyright (c) 2017 NetIQ Corporation. All Rights Reserved

Logging in using:
host: localhost/127.0.0.1:636
user: cn=admin,ou=sa,o=system
Using LDAP protocol with SSL
DirXML version is 4.7.3.0 AE.
Driver set CN=driverset1,O=system is associated with the server.


DirXML commands

1: Start driver
2: Stop driver
3: Driver operations...
4: Driver set operations...
5: Log events operations...
6: Get DirXML version
7: Job operations...
8: Get JVM statstics
99: Quit

Enter choice:

 

 

 

______________________________________________
https://www.is4it.de/identity-access-management
Labels (1)
0 Likes
16 Replies
Knowledge Partner
Knowledge Partner

Re: dxcmd login via NCP fails, LDAP works - why?

Hi Lothar,

I had a "similar" issue with DXCMD, iMonitor NCP login, when NDSD daemon consumed too much memory. (memory leak?)

After NDSD restart, consumed memory back to "normal" and login issues resolved.

0 Likes
Knowledge Partner
Knowledge Partner

Re: dxcmd login via NCP fails, LDAP works - why?

Unlikely to be the cause in this case, it's an IDM 4.7 dev/test system that just booted and has no load whatsoever (4.7 all-in-one install, patched to 4.7.3 when updates became available).
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: dxcmd login via NCP fails, LDAP works - why?

Maybe it looks funny, but I had this issue in my QA environment (without big "load").

Just validate, what is NDSD memory consumption?

In my case, the baseline of memory consumption is 4-5 GB.

When I got issues with login, NDSD consumed 8.6 GB.

0 Likes
Knowledge Partner
Knowledge Partner

Re: dxcmd login via NCP fails, LDAP works - why?

Here's what I get immediately after restarting ndsd:

root@idv47 $ ndsmanage stopall ; ndsmanage startall ; pmap `pidof ndsd` | egrep 'START|Total'

Server instances management utility for NetIQ eDirectory 9.1.4 v40105.10
Instance at /etc/opt/novell/eDirectory/conf/nds.conf.....
Stopping NetIQ eDirectory server...

Server instances management utility for NetIQ eDirectory 9.1.4 v40105.10
Instance at /etc/opt/novell/eDirectory/conf/nds.conf.....
Starting NetIQ eDirectory server...

START               SIZE     RSS     PSS   DIRTY PERM MAPPING
Total:           2705016K 192560K 186011K 125516K

root@idv47 $ dxcmd -user cn=admin.ou=sa.o=system -password MyAdminPass

NetIQ Identity Manager Command Line Utility
version 4.7.3.0
Copyright (c) 2017 NetIQ Corporation. All Rights Reserved

Logging in using:
	host: localhost/127.0.0.1:524
	user: cn=admin.ou=sa.o=system
Using NDAP protocol
novell.jclient.JCException: login -669 ERR_FAILED_AUTHENTICATION
	at novell.jclient.JCContext.login(Native Method)
	at com.novell.nds.dirxml.util.DxCommand.jclientLogin(DxCommand.java:1161)
	at com.novell.nds.dirxml.util.DxCommand.login(DxCommand.java:1109)
	at com.novell.nds.dirxml.util.DxCommand.commandLine(DxCommand.java:556)
	at com.novell.nds.dirxml.util.DxCommand.main(DxCommand.java:518)

root@idv47 $ dxcmd -user cn=admin,ou=sa,o=system -password MyAdminPass    

NetIQ Identity Manager Command Line Utility
version 4.7.3.0
Copyright (c) 2017 NetIQ Corporation. All Rights Reserved

Logging in using:
	host: localhost/127.0.0.1:636
	user: cn=admin,ou=sa,o=system
Using LDAP protocol with SSL
DirXML version is 4.7.3.0 AE.
Driver set CN=driverset1,O=system is associated with the server.


DirXML commands

 1: Start driver
 2: Stop driver
 3: Driver operations...
 4: Driver set operations...
 5: Log events operations...
 6: Get DirXML version
 7: Job operations...
 8: Get JVM statstics
99: Quit
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: dxcmd login via NCP fails, LDAP works - why?

Repeated your case. with both type-less and type-full naming convention.

No issue detected

idmqa47se:~ # dxcmd

NetIQ Identity Manager Command Line Utility
version 4.7.3.0
Copyright (c) 2017 NetIQ Corporation. All Rights Reserved

Enter user name: admin.sa.system
Enter user's password:
Logging in using:
        host: idmqa47se/10.34.85.50:524
        user: admin.sa.system
Using NDAP protocol
DirXML version is 4.7.3.0 AE.
Driver set driverset1.system.IDMQA47SE_TREE. is associated with the server.


DirXML commands

 1: Start driver
 2: Stop driver
 3: Driver operations...
 4: Driver set operations...
 5: Log events operations...
 6: Get DirXML version
 7: Job operations...
 8: Get JVM statstics
99: Quit

Enter choice:

 

idmqa47se:~ # dxcmd

NetIQ Identity Manager Command Line Utility
version 4.7.3.0
Copyright (c) 2017 NetIQ Corporation. All Rights Reserved

Enter user name: cn=admin.ou=sa.o=system
Enter user's password:
Logging in using:
        host: idmqa47se/10.34.85.50:524
        user: cn=admin.ou=sa.o=system
Using NDAP protocol
DirXML version is 4.7.3.0 AE.
Driver set CN=driverset1.O=system.T=IDMQA47SE_TREE. is associated with the server.


DirXML commands

 1: Start driver
 2: Stop driver
 3: Driver operations...
 4: Driver set operations...
 5: Log events operations...
 6: Get DirXML version
 7: Job operations...
 8: Get JVM statstics
99: Quit

Enter choice:
0 Likes
Knowledge Partner
Knowledge Partner

Re: dxcmd login via NCP fails, LDAP works - why?

Repeated your command line

idmqa47se:~ # ndsmanage stopall ; ndsmanage startall ; pmap `pidof ndsd` | egrep 'START|Total'
Server instances management utility for NetIQ eDirectory 9.1.4 v40105.10
Instance at /etc/opt/novell/eDirectory/conf/nds.conf.....
Stopping NetIQ eDirectory server...
Server instances management utility for NetIQ eDirectory 9.1.4 v40105.10
Instance at /etc/opt/novell/eDirectory/conf/nds.conf.....
Starting NetIQ eDirectory server...
START               SIZE     RSS     PSS   DIRTY PERM MAPPING
Total:           2711536K 162276K 150227K  94884K
idmqa47se:~ #
idmqa47se:~ # dxcmd -user cn=admin.ou=sa.o=system

NetIQ Identity Manager Command Line Utility
version 4.7.3.0
Copyright (c) 2017 NetIQ Corporation. All Rights Reserved

Enter user's password:
Logging in using:
        host: idmqa47se/10.34.85.50:524
        user: cn=admin.ou=sa.o=system
Using NDAP protocol
DirXML version is 4.7.3.0 AE.
Driver set CN=driverset1.O=system.T=IDMQA47SE_TREE. is associated with the server.


DirXML commands

 1: Start driver
 2: Stop driver
 3: Driver operations...
 4: Driver set operations...
 5: Log events operations...
 6: Get DirXML version
 7: Job operations...
 8: Get JVM statstics
99: Quit

Enter choice:
0 Likes
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: dxcmd login via NCP fails, LDAP works - why?

Hi Lothar,

Have you tried to login in with ndslogin (sorry if I missed something), if that also does not work, then it could be a password problem.

Have you tried to reset the password?

And do you have a password policy assigned to admin?

Cheers,

Casper

0 Likes
Frozenola Contributor.
Contributor.

Re: dxcmd login via NCP fails, LDAP works - why?

Hi,

Could it be an extended/special character in the password?

0 Likes
Knowledge Partner
Knowledge Partner

Re: dxcmd login via NCP fails, LDAP works - why?

No, just plain ascii, letters + digits, no umlaute etc.
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: dxcmd login via NCP fails, LDAP works - why?

Created another admin account, same effect, so it's not the user object causing this. Interestingly I can log in via iManager, so it seems not to be NCP logins in general. "set dstrace = debug" gives me (SPKT aside):

2888943360 AUTH: [2019/11/09  8:33:45.280] Starting SEV calculation for conn 22, entry .[Public]..
2888943360 AUTH: [2019/11/09  8:33:45.281] Could not set connection privilege flags: connID 22, entry .[Public]., 255 (0xff)
2888943360 AUTH: [2019/11/09  8:33:45.281] SEV calculation complete for conn 22, (0:1 s:ms).

 Looks like dxcmd never gets far enough to authenticate with the admin credentials. Ideas anyone?

______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Frozenola Contributor.
Contributor.

Re: dxcmd login via NCP fails, LDAP works - why?

Has the server been renamed and/or ip-address changed? In your dxcmd host is: localhost/127.0.0.1:524

I tested with my setup and changed in ndsd.conf the server name and ip-address to localhost and 127.0.0.1. eDirectory started fine, however the dxcmd login stopped working, however with different error than yours:

novell.jclient.JCException: connect (to address) 111 UNKNOWN ERROR
at novell.jclient.JCContext.connect(Native Method)
at com.novell.nds.dirxml.util.DxCommand.initBaseContext(DxCommand.java:1035)
at com.novell.nds.dirxml.util.DxCommand.jclientLogin(DxCommand.java:1158)
at com.novell.nds.dirxml.util.DxCommand.login(DxCommand.java:1109)
at com.novell.nds.dirxml.util.DxCommand.commandLine(DxCommand.java:556)
at com.novell.nds.dirxml.util.DxCommand.main(DxCommand.java:518)

The dxcmd still showed the old server name and ip-address, however when I used the dxcmd with ldap syntax I was able to get in. I also tested with ldap browser and it worked. So, could it be the issue with localhost and/or 127.0.0.1?

0 Likes
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: dxcmd login via NCP fails, LDAP works - why?

This is interesting, has anyone looked at an nmas dstrace?

+time +tags +nmas 

Something could be wacky in eDirectory.

 

Casper

0 Likes
Knowledge Partner
Knowledge Partner

Re: dxcmd login via NCP fails, LDAP works - why?

I did, see above. Those three lines are all I got with "set dstrace = debug; dstrace -SPKT"

______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Frozenola Contributor.
Contributor.

Re: dxcmd login via NCP fails, LDAP works - why?

Is this working:

dxcmd -host 127.0.0.1 -user admin.sa.system -password myAdminPass

What about this:

dxcmd -host localhost -user admin.sa.system -password myAdminPass

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.