Highlighted
Absent Member.
Absent Member.
877 views

Adding new server to existing User Source fails

I have a eDirectory User source where i want to Add a new connection, in order to remove an old server later. The 'new' server is an OES11SP3 server, and handles the master replica of the other two servers (r/w) in the user Source. However, when i want to add the server i get the following message:

The wizard cannot continue for the following reason(s):
Error The connection specified does not belong to the same directory as the selected authoritative source.


I have looked at the LDAP certificate's, if there's someting wrong, but i can't find a clue what's wrong. Anyone any idea's?

ZCM version 11.4.0.0
Labels (2)
0 Likes
10 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Adding new server to existing User Source fails

gdoornenbal;2408061 wrote:
I have a eDirectory User source where i want to Add a new connection, in order to remove an old server later. The 'new' server is an OES11SP3 server, and handles the master replica of the other two servers (r/w) in the user Source. However, when i want to add the server i get the following message:

The wizard cannot continue for the following reason(s):
Error The connection specified does not belong to the same directory as the selected authoritative source.


I have looked at the LDAP certificate's, if there's someting wrong, but i can't find a clue what's wrong. Anyone any idea's?

ZCM version 11.4.0.0


Do the Certs chain to the same CA?
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Adding new server to existing User Source fails

Hi Craig,
Thanks for your reply.

Yes, the Certs are chained to the same CA (Same serial nummer). I also restarted the affected server last night, but that doesn't help either.

I am very courious how the Connection Wizard checks for the correct/incorrect directory instance...
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Adding new server to existing User Source fails

Does the 2nd Server Hold Full R/W Replicas of the Entire Tree?
I've seen chaining cause some issues..........
Might also want to make sure you can connect using an LDAP Browser using Port 389 or 636 depending on how your Source is setup.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Adding new server to existing User Source fails

All servers hold Full R/W Replica's of the Entire tree (Divided in 3 partitions). LDAP is fully operational on the 'new' server.
The 'new' server is also hosting IDM v4.0.2. I don't know if that can be a problem...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Adding new server to existing User Source fails

New fun errors:
I tried to create a new user source with the 'new' server. Just to test de ldap connection etc. 🙂
All goes well, until i want to finish the wizard. Message:
The wizard cannot continue for the following reason(s):
Error: Unable to complete your request for the following reason: A user source already exists for the specified directory.


So here it recognizes the tree as already existing, but when i want to add the server to the existing user source it gives my initial error....
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Adding new server to existing User Source fails

That failure is expected.....Removing the Existing one would cause all assignments to be lost.

I presume your CA Cert lists a CN in it's name?
There are some issues with 11.4 where the eDIR CA does not have a CN.
It seems that some eDIR Certs have a CN name and others do not.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Adding new server to existing User Source fails

Oh and being an IDM Server is fine......
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Adding new server to existing User Source fails

I expected that failure of course :), but i wanted to make sure the connection to that server is operational.

But about the CN.. that could be the problem, but i find it a bit vague.
The CA is issued to: "Organizational CA", and Issued by "NICI Machine-unique CA <hexcode>". The subject says "OU=Organizational CA,O=<TREENAME>"
But i don't know exactly what to expect.. The certificate is also 7 year old, and needs to be replaced in 2017..

I could try to replace the CA, but that could have some (or more) impact. Before i take that step i'd be better opening a SR with novell..
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Adding new server to existing User Source fails

Oh Don't Make any change for sure........

There were some changes in 11.4 to allow for Chained CAs.
This impacted some but not all eDIR CAs....part of why the issue was not detected.

I'm not sure I even know the exact details.....I would need to go back and re-read a few things.
Nor am I even sure this issue would impact you....
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Adding new server to existing User Source fails

Your issue MIGHT be related to Defect#945656

There is an assumption that the Subject Line will start with "CN=...."
The exact error messages are different and details are a little different but I could see the problem impacting what you are doing as well.

If you CAN open an SR, I would recommend doing so to keep as much pressure on this defect as possible.
If not, I can try and keep you updated here on what I learn.

Again....I cannot be 100% certain that the issue in that bug is what you are seeing but I suspect it is related.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.