Anonymous_User Absent Member.
Absent Member.
526 views

Exporting Users and their pwd's from eDirectory issue


Hello evry one,

We have recently set a TESTING environment of eDirectory from the
PRODUCTION environment , all the users have been exported from
PRODUCTION, their passwords ( Universal Passwords) too

We are having NICI/NMAS error -1418 when attempting to set the
universal passwords for the imported users on TESTING environment
(http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3833399&sliceId=1&docTypeID=DT_TID_1_1&dialogID=6600027&stateId=0%200%209874168)

Our environment is made up by 3 eDir servers

1- Master : eDirectory for Linux v8.8 SP1 - NMAS 3.1.0.1-20060519
2- Read/Write Replica : eDirectory for Linux x86_64 v8.8 SP6 - NMAS
3.3.3.4-20110708
3- Read/Write Replica : eDirectory for Linux x86_64 v8.8 SP6 - NMAS
3.3.3.4-20110708


The import from the PRODUCTION is ok and the replication is ok ( 0
error )

SDIDIAG on the master server shows the keys are OK ( unable to run on
replicas because there is no SDIDIAG 64 bits )


The problem is that when attempting to change the Universal Password
for a given user via iManager NICI/NMAS error -1418 shows up on
iMonitor trace

It's most probably because Universal passwords have been encrypted in
PRODUCTION environment with key 'A' and TESTING is attempting to decrypt
them with key 'B' (another Key)

My question is how to export the Universal password Encryption key from
PRODUCTION environment to TESTING environment

How to solve this issue

Regards


--
iammi
------------------------------------------------------------------------
iammi's Profile: http://forums.novell.com/member.php?userid=71308
View this thread: http://forums.novell.com/showthread.php?t=454788

Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Exporting Users and their pwd's from eDirectory issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

How did you export/import the users?

Go through TID# 3455150 and post the resulting process.txt file contents
here, or use the 'tkinfo.pl' tool to parse it and post the output from
that here.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPjwzCAAoJEF+XTK08PnB5Gl0QALcl+JBS3TroLdytHFiQ6idj
26Xd/GL6tkilBP456TaevbY1Pr83pjb6X4aOmm4IOweok7te0Mrv4xLLyrzzK2Zx
or+AhmlxKQaFa3Kj0/zr5NwMbXFp5fyHnqZ69O24Y0sLyNfx6myK7o6ZsQDcqGmD
1pdt20rB/EYsv+wbDRfzixvlsSg6d5PV4DqDamiFxAEhJo00raSYd4e6WsOlNwaz
KKWqhfeOz5wKQbStPEW2Sp5c7yzLcQUVkDlpf7Uv/6uqHjNHhmPp+nTHxYSk4A6E
ljzdikw3lvuqCJz+K/StdVZL3OhbXJUlfRmKyqZWlF1kNN+ZrvPe6l8c9/e9rDZS
5gPXmKF7MDi+dZew1jFEz+WzZmGvN07/y+pnVvB4LWVVYigjs/I98WGK2DU5so38
xejTb4GqSutN+WG6BPxAfUfXRPM0GHaEu4SHjAwilhy7xGaeoUMh+xpNo6z7y0ka
NJ/FfkaLRxK660ES/t1FIermvwKaOlsAGNazm8pl4675u5SPyibuFK406BaBTW6n
zOtBSzB92r/6tYsyhay3ocuQv+Q8RT+6sm3mw9F9P6ij2RAIu5CP1o31s0EFAl/R
BJ8XVkbYoeCKo2DddEJTlBvXUjNvDpgTioKRDVNDRxAhn2RskTMzOI41SCZgjXzo
sfWltcbhKyqwXq5a1glg
=O6vY
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exporting Users and their pwd's from eDirectory issue


Hello,

'ab' thanks for your help

This is the outcoming report : '-----Keys On Servers Report----- 4D EF
F6 30 40 A6 3C D7 A4 2E A0 10 CF 0D 12 - Pastebin.com'
(http://pastebin.com/i37uERKc)

My servers are well-behaved !! but the error is still here


You asked me "How did you export/import the users?", honestly that's
not me who did this, that has been done by another consultant from
another company I can not get the info.

The question now is how to fix that ? since they may did a bad
import/export of data

What do you sugget?

The idea I have is : how to clean up all password information for the
users ?

Regards,


--
iammi
------------------------------------------------------------------------
iammi's Profile: http://forums.novell.com/member.php?userid=71308
View this thread: http://forums.novell.com/showthread.php?t=454788

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exporting Users and their pwd's from eDirectory issue


I tried 'Universal Password Removal Utility, Version 3'
(http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005380.html)

The command as follow :
Code:
--------------------
./rmupwd -pwd 192.168.128.96 636 cert.der "cn=BACHA Aicha,ou=People,ou=Department,ou=FR,o=company" base cn=AdminLDAP,ou=Ressources,o=company MyPassword
--------------------



The error is as follow :


Code:
--------------------
cn=BACHA Aicha,ou=People,ou=Department,ou=FR,o=company: password delete failed (-1697)
--------------------



It's Strange !

Help is needed please


--
iammi
------------------------------------------------------------------------
iammi's Profile: http://forums.novell.com/member.php?userid=71308
View this thread: http://forums.novell.com/showthread.php?t=454788

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exporting Users and their pwd's from eDirectory issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are getting a -1418 then the problem is almost certainly that
your keys are not working properly. This can happen if you create a
test environment the wrong way, for example by copying the eDirectory
DIB (the whole database) from one machine to another without copying the
NICI files used for data encryption. The DIB will work, at least until
you need to do something in the encryption area. If that is the case
you should call your consultant and have them come back and do the job
properly, or get a refund, or something else to correct that situations
since a test environment that doesn't really match production
semi-closely isn't a valid test environment at all (assuming "close to
production" is the service for which you paid).

To fix this, rebuild the environment by copying over the DIB as well as
the required NICI files. The ndsrc.pl (shameless plug; Google for it)
script does the backup of both at the same time to avoid this type of thing.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPkA3gAAoJEF+XTK08PnB5lMQQAI69kXQ9D6BOYZSAQcImplwO
2qR3flx5BHTh1Wj0lGrFwXQ01oZ527ecbcA8836+QpQvpIur5k5SbvKcPtmPROfK
sdjWF2jS4g/Xi9CgbmEAAkZg2AizKByy7c2K/2ajah+KsRqVnZ/hNKefe/aadDEM
t1n2IZk+mJ7dT/C8oyd3sZ2Vrx54alDQjp1tXArU7bzYbSTliLe24W4FdV6juqLk
Zg1UmIS31oEfLfCXFGYrBf5F4af/CC7PP0VJ9RB6doBCmaUR57TFI5ktVmYqkjPC
sNhFGR0rSEtgf6a7TuCapS328XEj+f79nGq6TgBjraZHqLNtui8WmWWIDZ9rqfli
h8JZRNHzZllDFjz2MYS+BrUkqUsexgimn5zWuRXciQNfYsOZ5+4vicJDUbFqT0Tp
qDhh/2ifNHiIeUvlUyCKfCN4+bbluowLepJAQnxzd0edGErvicWXwWzqdMhcuwCD
cRELJMXgmWyuQ3ygIwCPpWcXRPUrftOmREaxuY3G+mZeg9/6nJt95aJByci3+z8i
hhAWb+hMcikASNmwyYbQ1AGRloT+PYxuywUG91Ae8YMH7bPZcvnlW/fVwTLYK2Ho
STdXAj2cYCdOtm/YR9zdsaFi6uEk/Srh3iQFK3bwKat7PATJAlAcIhmuCPOFiZ5h
HGGXPJ7qbVvSDVq2XFDz
=Mnbt
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exporting Users and their pwd's from eDirectory issue


Thank you 'ab


So do you think I can correct this situation by copying NICI stuff
without rebuilding from scratch ? or that's not possible and I have to
rebuild from scratch ?

Could you please tell me brefly the steps to copy NICI stuff properly
?

In my opinion we must do a backup as stated here :'Important Notice'
(http://www.novell.com/communities/node/3860/offline-backup-edirectory-88-linux)

And performe a restore after that. how to restore exactly ? juste by
copying files into the suitable locations ?


Regards,


--
iammi
------------------------------------------------------------------------
iammi's Profile: http://forums.novell.com/member.php?userid=71308
View this thread: http://forums.novell.com/showthread.php?t=454788

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Exporting Users and their pwd's from eDirectory issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've never used that CoolSolution before, just the 'ndsrc.pl' (still,
Google for it) script. It is made to be restored by simply extracting
the .tar from the root of the filesystem.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPkItxAAoJEF+XTK08PnB5/YcQALok13L2k7MDM0LTf3KUtIyX
XYyxBLkR/LPBsN8yARaDLEhzRwN8fYOsFRdjF+NuqHU2T2r2kW8Ujgr5B4D01J9n
VsiUmanKqB+rbQcC3u9XCkqhjx9jiE8R3DBLn0fGOspk/OMVqCgu9ORwXeBiKJxX
lkdK6N+Y+TaXO/3yoO4cw4XojxV5fp3mZesLRyUqSExx1Y9cIJ9/KtwvX3+lGiWl
jQXEOmuIStEEkok7oUnYzqvA4U650twM+CD9BOuxJugqZihNVwRuV83i8dkSLNbS
8P2rA5gFi76bL3heb6Ow9xkphuTy7ZpZUaaqHUM/8NnGFzCiHm+Y9dRAJWRzMtU2
2hAe9smmGZR1IpgjXWLijUd+pw+Jog6mykFZjnIonfyPL66u5kfLUfrcc34kBSgj
jFcBWN/y5X7ypQjZ7zQUose4I5rZrfAT1LRfdnXfb48Wl/Lrt7MaBqKo0khtrIy4
96/wQvIX1uNdfa+qwa8j4v+4cuLUfm8rA+6UpQCUNlqqYF42ysVCWipY5VEPtTFX
Nthk2MuBD1aaQ4h8wcGG60SGNSdU2UNv1IC68wImBwn3I2iIgehCLvxGOJLxpHWC
QPqJe0auaZw4/Zs882HQxoKBIRoK6MOY1R5K5hSlo5ytfEA7qMogo6jweNDKN2m4
exsWKhYizyBWY2UmkEV1
=4698
-----END PGP SIGNATURE-----
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.