Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Reinstall LDAP on NW6 Server

151 views
Skip to first unread message

KJ

unread,
Jan 26, 2004, 8:28:59 AM1/26/04
to
Hi all.

I am trying to reinstall LDAP on a NW6 sp3 server. I have read
several posts about this and have tried to follow TID 10060250 with no
luck. Here's what I'm doing (in a test environment):

I delete the LDAP server and group objects from the tree. At the
server console, I execute UINSTALL EDIR. I have followed that up with
UINSTALL LDAP also, based on a prior post. Then I restart the server.

The reinstall of eDirectory is where things get a little dicey for me.
From the GUI, I run install, select "Add" and browse to the PRODUCT.NI
file at the root of the NW6 sp3 overlay CD. I clear all check marks
and select "Next>". (Don't see a selection for eDirectory or LDAP, so
I'm assuming these are getting reinstalled by default. Maybe this is
where I'm messing up?) I verify the LDAP Configuration, then select
"Next>". At the summary, I select "Finish". I then receive an "LDAP
Configuration Error" that states "LDAP Configuration failed with error
novell.jclient.JCException: readEntry (JCValue[] form) -603
ERR_NO_SUCH_ATTRIBUTE. The LDAP Server SSL configuration will need to
be completed manually with ConsoleOne. Please refer to product
documenation for complete instructions on completing this task." The
error is listed in NI.LOG with a code of 6pkLdap that states its a
Recoverable Error. BTW, what's "documenation"? :-)

Any help on this would be greatly appreciated. I'm at a loss.

BTW, recreating the LDAP server and group objects manually worked ok
with NDS Import / Export, but did not work well with NAM 3, which I
have installed. I see some differenced between installed LDAP objects
and ones that are manually created.

Thanks,
Kyle

kbright

unread,
Jan 26, 2004, 10:31:35 AM1/26/04
to

Kyle, I just did this very procedure on Saturday with Netware 6.5. My
previous post "LDAP Broken (DSTrace shows error -603)" on 1/10 went
unanswered (surprised?). You are correct to follow TID 10060250, though
lately the TIDs seem to be getting shorter on detail as to the exact
steps to fix the problem.

My LDAP problem resulted from a Netware 5.0 to 6.5 migration that
appeared to work, but probably created a few new problems. NW6.5 SP1
probably broke it further. For one, NLDAP was not binding on either
port and fixing the certificates with PKIDIAG didn't really help.
Without NLDAP working, Tomcat fails, the keystore utility fails and
iMangler (sorry Novell) fails. Without iManager working you can't
add/remove licenses (something they SHOULD HAVE LEFT IN NWCONFIG!!!!).
The Migration Wizard installed the licenses but left my tree without the
visible objects.

I started by deleting the LDAP group, LDAP server objects and SAS
objects on my NW6.5 server, then ran UNINSTALL EDIR at the console.
Next I fired up the GUI console and ran Install. It is important that
you use the overlay CD for your current patch level when you do this.
The TID fails to say that you are essentially doing a server UPGRADE
here and it does notice that eDirectory has been removed. Make sure
that you check off the items in the list of things you want reinstalled.
eDirectory will NOT be on that list. I was a little nervous to watch
this process, especially when the system rebooted and came up wanting to
verify the LAN and disk drivers.

Did it work? Yes, it did and I verified that LDAP was visible on ports
389 and 636 with TCPCON. True to Novell form (sorry again) I had two
WORSE problems that cost me another two hours to figure out. During the
upgrade my SmartCert 100-user license was rejected as being an
"unrecognizable format", but it took the server license okay. Ouch,
Novell! The major problem came when I could not map drives to either
volume. The solution to this was to delete the volume objects in NDS
and then recreate them using DSRepair, NSS MENU or ConsoleOne. I did
this but it took me almost an hour to realize that I had to reboot the
server before NDS would reread all the volume attributes (trustees,
etc.) and allow the volumes to be mapped.

The second problem had to do with the user licenses, which the upgrade
had refused to read. My server was running on 3 three grace logins and
I was the only one who could map to the volumes. Though iManager was
still iManagled, I decided to use my Netware 6.0 BorderManager server to
read in the licenses and restore the system. I am now only left with
what looks like a minor problem with iManager and the upgrade process
seemed to fix most of the other problems it had before.

Kyle, I couldn't answer your specific issue, but the process in 10060250
did fix my problem with Netware 6.5.

To Novell,a hint here: I've been working with your software since the
Netware 2.15 days and still rely on the TIDs to get through undocumented
or defect-related problems. A little more detail and accuracy in the
TIDs would REALLY help us over-stretched admins/CNEs solve the problems
faster. We need more detail on the exact procedure and what to look for
when things go wrong. Thanks!

Ken Bright
Network Administrator
P&P Transport, Inc.

KJ

unread,
Jan 27, 2004, 6:14:58 PM1/27/04
to
Ken,

Thanks for your reply.

Well, I'm completely frustrated at this point. I have followed
TID10060250, along with your suggestions, and still cannot get past
the LDAP configuration error that I receive during the install. I
have tried this several times in a test environment, with no luck.
Hopefully, someone can shed some light on this problem. I need to get
this issue resolved. I have plenty more issues to work on! :-)

Thanks again,

KJ

unread,
Jan 28, 2004, 9:39:44 AM1/28/04
to
I know I'm talking to myself, but I just want to let everyone know
that TID 10060250 does not work for NetWare 6, sp3. You will receive
an error that states "LDAP Configuration failed with error

novell.jclient.JCException: readEntry (JCValue[] form) -603
ERR_NO_SUCH_ATTRIBUTE. The LDAP Server SSL configuration will need to
be completed manually with ConsoleOne. Please refer to product
documenation for complete instructions on completing this task."
during the install.

If anyone has had positive results with this on NetWare 6, then I
would be very interested in how you got it to work.

Thanks,
Kyle

KJ

unread,
Jan 30, 2004, 8:41:23 AM1/30/04
to
Talking to myself again, but hopefully this will help someone else
out...

TID 10060250 does not work for NetWare 6 sp3, however, manually
recreating the LDAP Server and Group objects through ConsoleOne does,
with a few notes...

If you just need basic LDAP functionality to work, then the manually
created objects should be ok. I'd suggest to run PKIDIAG after
creating them to verify that everything is set up properly and correct
any issues that you may have. However, if you have applications that
rely on special LDAP server attributes, then read on...

The LDAP Server and Group objects created through ConsoleOne are not
the same as the ones created during the server install. There are
several LDAP Group Attribute Mappings and LDAP Group Class Mappings
that are not created. Also, the extensionInfo attributes are not
created for the LDAP Server, which was a major problem for me. I am
running NAM3, which relies on these attributes being set up properly.
Without them, you cannot authenticate to the NAM Web Management page.

Anyway, to fix this problem, I had to use ICE to export the
extensionInfo attributes from another LDAP Server object, modify the
LDIF file for import to the manually created LDAP Server object, then
import the attributes using ICE again.

After weeks of frustration and a few Tylenol, success!

Happy LDAPing,

Kyle
CNE NW6

Peter Kuo

unread,
Jan 31, 2004, 10:26:21 PM1/31/04
to
Kj,

Thank you for sharing your experience!


Peter
Novell Product Support Forum
'NDS Rules!'


0 new messages