Knowledge Partner Knowledge Partner
Knowledge Partner
245 views

sdidiag no key domain for W0 ( eDirectory for Linux x86_64 v9.1.3)

Hello

When I do a LK in sdidiag in a tree it doesn't show any Key Domain for
the W0 key, while in other trees it shows the DN to the W0 object.

it shows a key domain for the AES key:

SDKey : 1
Object Class : Secret Key
Key Size : 168 bits
Key Usage : 0x4400C0
Key Format : DES-EDE3-CBC-IV8
Key Id : XX
Validity : Thu Mar 7 12:26:37 2013 - Sun Feb 3 23:59:00 2036
Key Domain:
SDKey : 2
Object Class : Secret Key
Key Size : 256 bits
Key Usage : 0x4400C0
Key Format : AES-256-CBC
Key Id : YY
Validity : Tue May 30 12:09:19 2017 - Sun Feb 3 23:59:00 2036
Key Domain: CN=W1.KAP.Security

If I then do a SD -G to create new keys it doesn't create them; it only
shows this:

create on .blablabla.MYTREE.: [ WARN ] rc=-601
*** The Security Domain is synchronized.
*** The Security Domain is synchronized.

I'm troubleshooting another issue that points to NICI so that's why I'm
looking at this.

Any idea why it wouldn't generate a new key?

The tree only has a single server.

CK claims everything is OK:

CK
*** [Key Consistency Check - BEGIN] ***
[Checking SDI Domain]
SDI Check Domain Configuration...
SDI Domain Key Server .blablabla.MYTREE.
- Configuration is good.
*** SDI Check Domain Configuration is [GOOD]
SDI Check Domain Keys...
SDI Domain Key Server .blablabla.MYTREE.
- Keys are good.
*** SDI Check Domain Keys are [GOOD]

[Checking SDI Domain: GOOD]

*** No Problems Found ***

*** [Key Consistency Check - END] ***


Thanks!

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
Labels (1)
0 Likes
1 Reply
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: sdidiag no key domain for W0 ( eDirectory for Linux x86_

For guess would be a rights issue, while i'm sure you've checked this before...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.