When I install OES2 SP3 SLES 10SP4 unable to bind to edirectory through ldap - Micro Focus Community

ahleia · ‎2019-10-10

When adding new server to existing edirectory, getting message unable to bind to eDirectory through ldap. The details shows a warning message Unable to check the duplicate server context NW19OES.ou=SERVERS.o=AL-AHLEIA.AHLEIA.

Please help to resolve the issue

ahleia · ‎2019-10-10

Detail of the error shows at the end, ERROR: /opt/novell/eDirectory/bin/ndsconfig return value=78

mathiasbraun · ‎2019-10-10

A view on the ndsd.log might help here.

That being said, there's a ton of possible reasons for this issue. I'd check certificates and the CA first. If you're really running OES2 it might even be possible that your CA did expire. If left untouched, an out-of-the-box CA had a 10 year lifetime IIRC. An attempt to install a new box into a tree would always fail if

- the CA has expired

- the CA server cannot get contacted

- there is no CA

- there a rights issues on the CA

a.s.o.

If you like it: like it.

ahleia · ‎2019-10-12

Thanks for your support and advise.

Following are shown under CA. This was expired and renewed now. Even after renewal, getting same error message unable to bind to eDirectory through LDAP.

Properties of AHLEIA CA
General tab shows,
Designated host name: AHLEIA CA.Security
Host server: ASC_NW4.SERVERS.AL-AHLEIA

subject name: O=ahleia.OU=Organizational CA
issuer name: O=NICI Licensed CA.CN=NICI Machine-Unique CA 0562E55D-2A38B8D21589862F658158541867553A
effective date: October 10, 2019 12:15:52 PM AST
expiration date: October 10, 2029 12:15:52 PM AST

NDS rights shows as below
ASC_NW4.SERVERS.AL-AHLEIA and Public (tree symbol)
assginged rights on ASC_NW4 shows Supervsor checked
and unchecked compare,read, write, add self properties.

assigned rights on public shows only read.

Replica server is not there in CA trustees. Is it required to add replica servers as a trustee?

Please your advise and support will be most appreciated.

KonecnyA · ‎2019-10-13

Following are shown under CA. This was expired and renewed now. Even after renewal, getting same error message unable to bind to eDirectory through LDAP.

all the server certs now need to be renewed as the old ones where all tied to the expired CA

we then need to restart LDAP on each of the existing boxes :
nldap -u
nldap -l

confirm that /etc/nam.conf on all the existing servers point to valid servers, then we get LUM working on each of the servers with the new LDAP certs with the command
namconfig -k

given we hit the wall with the certs, it might not be a bad idea to reboot the servers when you can. and check eDir health on each box with
   ndsrepair -T
   ndsrepair -E
   ndsrepair -C -Ad -A
making sure they run without errors, otherwise drill in an sort the errors out.

and now you can install that new server into the tree

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!