Anonymous_User Absent Member.
Absent Member.
16961 views

LDAP server is not associated with a certificate?!

Something has gone terrible wrong with one of my LDAP servers in the tree.
OES2 Linux.
When I try to restart eDierctory /etc/init/ndsd restart it give me error
msg:

Novell eDirectory LDAP server if not listening on the TCP port.
LDAP Server is not associated with a certificate.
Validation failed in post_ndsd_start script.

I tried to recreate the servers certificate from iManager 2.70 (Create
default certificate) but the same
error message occurs. How to get my LDAP server working? I had to move all
my services that depends
on LDAP to another server.. puh.

So whats the next step? The server is NOT a CA anymore, recreated the CA on
another server and
recreated all the certs as well....

Thx!

Labels (2)
0 Likes
18 Replies
linova Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

Hi,

The LDAP Group object is probably not associated to a certificate.

A "ndsconfig upgrade -j" on your server should resolve it.

Let us know if it's better.

Regards,

Sébastien Pulvérin
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

Well, this is a very strange behavior... All that servers certificate is
corrupted. And when I re-create them
they are corrupted again... I've tried to ndsconfig upgrade, and recreated
from iManager, same problem.
Then I removed the "LDAP-proxy" user from the LDAP group/server and suddenly
the ldap server was
working... and dhcpd was working as well. I cant explain everything i did
cuz i got stuck for like 8 hrs with
this problem... and i read so many error messageslog.

It's working by now so thx anyway




"linova" <linova@no-mx.forums.novell.com> skrev i meddelandet
news:linova.31291z@no-mx.forums.novell.com...
>
> Hi,
>
> The LDAP Group object is probably not associated to a certificate.
>
> A "ndsconfig upgrade -j" on your server should resolve it.
>
> Let us know if it's better.
>
> Regards,
>
> Sébastien Pulvérin
>
>
> --
> linova
> ------------------------------------------------------------------------
> linova's Profile: http://forums.novell.com/member.php?userid=893
> View this thread: http://forums.novell.com/showthread.php?t=301979
>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

Same thing happened to me and was also resolved by removing the LDAP proxy
user.

0 Likes
Thorumnz Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

You probably had a password set for the ldap proxy user. if you set a null
password for this user it should work. Supposedly you do not have to have
a null password for this user, but I still haven't found a definitive
answer yet on it.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

Bryant wrote:

> You probably had a password set for the ldap proxy user. if you set a null
> password for this user it should work. Supposedly you do not have to have
> a null password for this user, but I still haven't found a definitive
> answer yet on it.

Tried to implement a proxy user (with and without) password on oes2 and the
nldap never started with proxy user. Maybe there is something missing. At
the moment i just configured ldap with proxy user and restarted. I do NOT
issue any ndsconfig commands.
--
Netprofi
Germany
MCNE, CLP
0 Likes
brucetimberlake Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

Any update to this? I'm seeing the same error and can't find a solution anyplace.
0 Likes
rcore Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

I am not sure if this has any relevance - I had the same issue and it turned out to be a firewall issue
0 Likes
uberkind Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

Thorumnz;1459950 wrote:
You probably had a password set for the ldap proxy user. if you set a null
password for this user it should work. Supposedly you do not have to have
a null password for this user, but I still haven't found a definitive
answer yet on it.


I've had this issue several times and it never appears to have any rhyme or reason to it.

I set a password for the proxy user and everything is fine until the server gets hammered by a lot of users logging in at once. The LDAP server WON'T restart until I go and reset the passwd to NULL.

Then when I go to configure a SLED10 workstation's LUM settings, it won't let me proceed until I enter the proxy users password (which is NULL)... Ugh... SP2 and still not fixed wherever it needs to be??? 😞

I too would like a definitive answer for this to work as consistently as other eDirectory services...
0 Likes
Knowledge Partner
Knowledge Partner

Re: LDAP server is not associated with a certificate?!

John Yorke;1459126 wrote:
Same thing happened to me and was also resolved by removing the LDAP proxy
user.


This solved the same problem for us. Did you ever find out how we can configure the proxyuser?

Thomas
0 Likes
ics_novell Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

Hi, what kind of firewall issue??
0 Likes
JensF1 Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

We have the same problem here.
Someone resolved it meanwhile?

Cheers
Jens
0 Likes
chfritsche Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

Same problem here with OES2 SP2 and eDirectory 8.8.5. When i set a Proxy-User (for Contextless Login) then i receive the message "LDAP Server is not associated with a certificate" when i restart ndsd.

Is there a solution?
0 Likes
Marcel_Cox Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

The source of your problem might be the LDAP proxy user.
You have to make sure the proxy user has a password set, but that password must be empty. There is an important distionction between a user having no password and a user having an empty password.
In fact, tools like ConsoleOne and iManager allow you to define users with no password at all. Such user object don't have a "key pair" and therefore cannot be used for login at all. OTOH if you define an empty password, the user can be used for login but doesn't need a password for login. This second case is what's needed for the LDAP proxy user.
You also have to make sure that the user is associated with a password policy that allows for empty passwords. It is probably best to create a separate password policy just for the proxy user and assign this password policy to the proxy user. My personal preference is to use a password policy that disabled universal password and so that only the NDS password is used, and then use NDS password restrictions to allow empty passwords and to disable the changing of the password by the user himself.

Another dicussion of this issue can be found in the following thread:

http://forums.novell.com/novell-product-support-forums/edirectory/edir-linux/367618-ldap-wont-start-ndsd_try_nmaslogin_first-post1767541.html
0 Likes
Marcel_Cox Absent Member.
Absent Member.

Re: LDAP server is not associated with a certificate?!

JensF;1965866 wrote:
We have the same problem here.
Someone resolved it meanwhile?

Cheers
Jens


See my reply to chfritsche

Note that you have replied to a very old thread here and your reply contains no actual information beside "I have the same problem." As most of the Kowlegde partners use NNTP access and not the web interface, they won't see messages that are more than a few months old. Because of this, messages like yours are likely to go unanswered because it would take too much effort upfront to even get an idea of what problem you are talking about.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.