Vice Admiral
Vice Admiral
455 views

Can't configure common proxy user for NetStorage

Jump to solution

I have a server that's running GWIA, Groupwise Web, and now NetStorage.  There are no NCP services or eDir replicas on the server.

While installing and then trying to configure NetStorage in yast, I found that there was no OESCommonProxy user for this server.

So after disabling the config for NetStorage I tried to run the script below which should create the OESCommonProxy for this server and assign it to NetStorage.

sv-gwia:/opt/novell/proxymgmt/bin # ./move_to_common_proxy.sh -d cn=admin,o=abc -i 192.168.0.35 -p 636 -s novell-netstorage
Please enter Ldap Admin Password
Common Proxy user does not exist. Creating new common proxy user OESCommonProxy_sv-gwia now.

Enter proxy user context FDN for common proxy user(Optional). For eg:ou=users,o=novell.
If context is not provided, common proxy will be created in local NCP server context:o=abc
Going to create Common Proxy user cn=OESCommonProxy_sv-gwia,o=abc now.
Want to continue?[y/n]:y

Enter Common Proxy User Password(Optional)
If password is not entered, a random password will be set:ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Common Proxy user creation failed with error 4

 

Logins to the tree still work.  Groupwise Web works.

I've restarted the server and also tried pointing the above script at two other eDir replica servers.

Port 636 was checked on one of the LDAP servers.

I was going to raise an SR, but if anyone has any ideas fire away.

Thanks

Gordon

 

 

0 Likes
1 Solution

Accepted Solutions
Knowledge Partner Knowledge Partner
Knowledge Partner

We could of course troubleshoot this from the LDAP / certificate side, but it might be easier to just rerun the eDirectory configuration dialog in yast.

If you like it: like it.

View solution in original post

4 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

We could of course troubleshoot this from the LDAP / certificate side, but it might be easier to just rerun the eDirectory configuration dialog in yast.

If you like it: like it.

View solution in original post

Vice Admiral
Vice Admiral

yast2 edirectory

returned

Unresolved Product Dependencies

The selected items can not be configured until ││
││the following patterns are installed: ││
││ ││
││NetIQ eDirectory ││
││ ││
││Do you want to install them now?

I didn't think I'd need to install eDirectory if ldap is correctly configured with 'yast2 oes-ldap' and points to the master and a rw replica.

0 Likes
Vice Admiral
Vice Admiral

The script create_common_proxyuser.sh is called from the /opt/novell/proxymgmt/bin/move_to_common_proxy.sh

Digging deeper I've found what doesn't look right in the /var/opt/novell/log/proxymgmt/pxymgmt.log

 

Mon Dec 21 14:37:46 AWST 2020:[status] Starting Move To Common Proxy Task
The ldap command to be executed from within create_common_proxyuser script is env LDAPTLS_CACERT=/etc/opt/novell/certs/SSCert.pem /usr/bin/ldapmodify -c -f /tmp/addafpproxy.ldif -D cn=admin,o=abc -w -H ldaps://192.168.0.35:389

The return value of ldap command called from within create_common_proxyuser script is: 255 

 

That CACERT SSCert.pem is not there so no wonder why things aren't working...

I'll try to export the tree CA cert and put a copy there with the same name.

 

Unless TLS is working here, the call to ldaps looks wrong as it's using port 389,  ldaps://192.168.0.35:389

Regards

Gordon

 

 

0 Likes
Vice Admiral
Vice Admiral

I ran the yast2 edirectory anyway and there was the OES Common Proxy setup, and now NetStorage loads!

I initially thought that the yast2 edirectory process was going to install another server in the replica ring, but it didn't, so all is well.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.