Solved: Re: Can't configure common proxy user for NetStorage - Micro Focus Community

Jesus · ‎2020-12-20

I have a server that's running GWIA, Groupwise Web, and now NetStorage. There are no NCP services or eDir replicas on the server.

While installing and then trying to configure NetStorage in yast, I found that there was no OESCommonProxy user for this server.

So after disabling the config for NetStorage I tried to run the script below which should create the OESCommonProxy for this server and assign it to NetStorage.

sv-gwia:/opt/novell/proxymgmt/bin # ./move_to_common_proxy.sh -d cn=admin,o=abc -i 192.168.0.35 -p 636 -s novell-netstorage
Please enter Ldap Admin Password
Common Proxy user does not exist. Creating new common proxy user OESCommonProxy_sv-gwia now.

Enter proxy user context FDN for common proxy user(Optional). For eg:ou=users,o=novell.
If context is not provided, common proxy will be created in local NCP server context:o=abc
Going to create Common Proxy user cn=OESCommonProxy_sv-gwia,o=abc now.
Want to continue?[y/n]:y

Enter Common Proxy User Password(Optional)
If password is not entered, a random password will be set:ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Common Proxy user creation failed with error 4

Logins to the tree still work. Groupwise Web works.

I've restarted the server and also tried pointing the above script at two other eDir replica servers.

Port 636 was checked on one of the LDAP servers.

I was going to raise an SR, but if anyone has any ideas fire away.

Thanks

Gordon

mathiasbraun · ‎2020-12-21

We could of course troubleshoot this from the LDAP / certificate side, but it might be easier to just rerun the eDirectory configuration dialog in yast.

If you like it: like it.

View solution in original post

mathiasbraun · ‎2020-12-21

We could of course troubleshoot this from the LDAP / certificate side, but it might be easier to just rerun the eDirectory configuration dialog in yast.

If you like it: like it.

View solution in original post

Jesus · ‎2020-12-21

yast2 edirectory

returned

Unresolved Product Dependencies

The selected items can not be configured until ││
││the following patterns are installed: ││
││ ││
││NetIQ eDirectory ││
││ ││
││Do you want to install them now?

I didn't think I'd need to install eDirectory if ldap is correctly configured with 'yast2 oes-ldap' and points to the master and a rw replica.

Jesus · ‎2020-12-21

The script create_common_proxyuser.sh is called from the /opt/novell/proxymgmt/bin/move_to_common_proxy.sh

Digging deeper I've found what doesn't look right in the /var/opt/novell/log/proxymgmt/pxymgmt.log

Mon Dec 21 14:37:46 AWST 2020:[status] Starting Move To Common Proxy Task
The ldap command to be executed from within create_common_proxyuser script is env LDAPTLS_CACERT=/etc/opt/novell/certs/SSCert.pem /usr/bin/ldapmodify -c -f /tmp/addafpproxy.ldif -D cn=admin,o=abc -w -H ldaps://192.168.0.35:389
The return value of ldap command called from within create_common_proxyuser script is: 255

That CACERT SSCert.pem is not there so no wonder why things aren't working...

I'll try to export the tree CA cert and put a copy there with the same name.

Unless TLS is working here, the call to ldaps looks wrong as it's using port 389, ldaps://192.168.0.35:389

Regards

Gordon

Jesus · ‎2020-12-21

I ran the yast2 edirectory anyway and there was the OES Common Proxy setup, and now NetStorage loads!

I initially thought that the yast2 edirectory process was going to install another server in the replica ring, but it didn't, so all is well.