Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
jano2 Absent Member.
Absent Member.
1692 views

nssAdminInstall error FFFFFD88

Hello!

I just would like to tell what I've experienced. Suppose this could be posted in Administration/Installation also. After some trouble I was reinstalling a server with nss volumes to the tree. There was already another machine installed with nss in the eDirectory. I searched the problem in nam as when i was doing:

getent passwd

i got three lines of admin one in the right place and the other twos at the end.

id admin showed me one line but where was a group missing that i added as a test. My first idea was that the nam cache was corrupt but that wasn't the case. namconfig cache_refresh and namconfig -k didn't help.

getent group showed that admin was a member of the test group.

What i did was probably unnecessary when i now know the answer. I removed all of OES2 and added it step by step. First the edirectory and ldap and checked that it work with an ldap tool. Then i added the replica to the server.

The second step was to make lum/nam work. I had hoped that the reinstall should fix but that didn't help.

Then i got a crazy idea as Linux i case sensitive.

id admin
and
id Admin
and got two different answers.

The correct answer came from admin so i made sure my admin user was named admin and not Admin. I then rerun getent passwd and it still showed 3 admins in the list and now i knew it couldn't be the right admin showing up at the end. (did a namconfig refresh_cache to check)

I searched the eDirectory and couldn't find anything with Admin. Then yet another idea popped up. Maybe there could be an object with another name and a cn with Admin. I had read about orphaned leaves.

I found some unknown objects named 0_1 etc. And when checking them there was two of them with cn=Admin.....

I checked and they didn't show up as lum-objects. I then removed them and getent and id showed the right stuff after an namconfig refresh_cache.

Then I installed nss again it worked fine!

It could be a bug or that I in some point added the user with the wrong case with admin. But isn't eDirectory case insensitive....

With this message i hope that someone doesn't need to spend hours of searching for this problem.

Also a big thanks to the people thats answer the posts at this place. I have had a lot of help from reading the posts.
Labels (2)
0 Likes
2 Replies
Brunold Rainer
New Member.

Re: nssAdminInstall error FFFFFD88

Jano,

two things on this. eDirectory Objects like 0_1 happen when name collisions occur. You create on different replicas user with the same name in the same container at the exact same time. When they sync you will have such a name collisions. But this can also happen when you move a user and that moved hasn't finished and you create the same user in the same context again. So there are different ways how this could happened.

Regarding the case sensitive of edirectory or better lum in this case. By default lum is configured to be not case sensitive. But you can configure that wuth the lum parameters:

# namconfig get
...
case-sensitive=no
...



It would have been interesting when that case sensitive had been enabled and what you would have seen then. But anyway you could fix it and it works now.

Rainer
0 Likes
Highlighted
jano2 Absent Member.
Absent Member.

Re: nssAdminInstall error FFFFFD88

Rainer,

I installed my servers one by one and added a replica to each server and every replica was on before attempting to add an other one. I also made sure that the servers "talked" to each other with iMonitor and checked that slp was working and that the servers where synced in time.

Regarding Case Sensivity I didn't know about the "case-sensitive=no" so i'm sure i didn't turn it on by myself. I assumed that it was impossible to allow case sensitive object to the edir.

Janne
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.