Who Me Too'd this topic

Who Me Too'd this topic

tschloesser Outstanding Contributor.
Outstanding Contributor.

Possible bug in IDM 4.7 eDirectory Driver

After upgrading the first environment to eDir 9.1 and IDM 4.7 I found, the eDir driver would not be able to be started.

In this case the only meaningful information on the driver trace is:

[03/07/18 07:11:40.233]:LegacyNDS ST:LegacyNDS: Error occured while getting socket factory. Reason : null

On the changelog side nothing actually happens. I deleted the whole configuration and cache files there and those files were not re-ccreated.

Diving deeper into it, I found that it is an LDAPS negotiation problem. The driver was configured to "Always trust the certificate" but for one or the other reason the temporay keystore was not created. The hint to this issue is coming up at the time the driver is stopped.

[03/07/18 07:11:40.772]:LegacyNDS ST:LegacyNDS: EdirPublisher.stop() : Unexpected error occured while stopping driver. Reason : Other
[03/07/18 07:11:40.773]:LegacyNDS ST:LegacyNDS: Cleaning up auto keystore : eDir2eDir-972304D5-91CB-4055-12BF-D5042397CB91.keystore

During runtime there is not such a file created! As long as I understood from one or the other article this file should be available!

The only way I found to start the updated eDirectory drivers again, was to re-configure the drivers to use a individual keystore. This keystore must contain the trusted root CA certificates from the CA chain used to singn the remote's server LDAP certificate.

Even strange: I was only able to stert the driver with the individual keystore configured - putting the same CA certificates to the keystore of the engines JRE (/opt/novell/eDirectory/lib64/nds-module/(jre/lib/security/cacerts) did not help to start the drivers.

I have an open SR on this issue, but I wanted to check if anybody else had run into this one. In this case, did you found an other solution?

Kind regards,

Labels (1)
Who Me Too'd this topic
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.