Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Imanager ICE error Exit code 239

594 views
Skip to first unread message

a...@novell.com

unread,
Sep 28, 2009, 5:18:24 PM9/28/09
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, I cannot say for sure but one reason for the '239' error per the
documentation is that there is an illegal DS name.

Which key did you export? How did you export it? Which LDAP utility are
you using? Is your LDAP certificate chained back to a trusted third-party
CA? If not then any utility worth its salt should prompt you stating as
much as that is a security warning. Try LDAP Browser/Editor (LBE) which
is free, Java-based, and therefore cross-platform and great for tests like
this. Apache Directory Studio is also nice.

Good luck.

moserse wrote:
> I am trying to use iManager on an OES2 SP1 server to import an LDif
> File. I have exported the key and am using a secure port 636. When it
> errors I get the following message:
> The ice Process returned an exit code of 239.
>
> In the text where the ice engine returns the errors it says
> ldap_simple_bind failed: 81 (Can't contact LDAP server)
>
> I have an ldap browser that I use with ssl but it doesn't ask for the
> certificate and It works fine.
>
> I need to import a large amount of data into the edirectory and ICE
> would be a terrific tool to use.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJKwSggAAoJEF+XTK08PnB5WAoQAMj601iUI9oJnXZ2fnO9Oh2O
ytdEP8siRGAgsumyPK+DBlRsolcaD7BzuNK9Ne3pI283aIF9mjkTbqHe9/sSxiIw
kqzL34+CFPO+qQR+J1uC8Qn9xhY4hLMHO0HH1LQ+RXZYrINCTHpFlbi5qcWPqkyb
h+SORmzukYpEoTw9uW16lTb0CEYLvT+j+DO5FN3s0RQTCrKBfrssRmB5tUr/EFdv
vhka2vdSS9LmWSYlAIKOquYtvj04YNXs2APsGwJ3dUnhv/z6K1FNsOtZo51Mh50B
tTqbyWynDvdfeXxPX2F4WJAK8O+rP5L2QmBPOstmshxkRBq4jrRKOVhI9+KVSAOa
ieF2TMJggvtHQIG8zhFXBeHZZJjPHlgk9X6UsVkujRHoN6iTf2xyM/Upn/bHYDqN
ocHS4pTDgXWUEc2ScTrEGTjoD+zvcbrmbQ+0dN2RofMa1KS5uZjPzyGSp07xlpD+
n1VPkvVx5j+1X38m/ekfsQG8XBM7NuxiTImV4ANxTxU+euLuh0Hsj5eRslKGKda5
ui2e8vYyc0xHlv96+OWluOu1mPnprLMol4dESb1QWERVumMHN7VuvVnKiZYmoWX7
Gb95hfhUr1JSReGLagbemzVIyTNF2v+hsmyPoze5uX9mkAF1KL1v+djw0FxoHAjj
nr0e45GWp3WzEregE6tx
=hFR+
-----END PGP SIGNATURE-----

Edward van der Maas

unread,
Sep 28, 2009, 6:51:10 PM9/28/09
to
moserse wrote:

>
> I am trying to use iManager on an OES2 SP1 server to import an LDif
> File. I have exported the key and am using a secure port 636. When
> it errors I get the following message:
> The ice Process returned an exit code of 239.
>
> In the text where the ice engine returns the errors it says
> ldap_simple_bind failed: 81 (Can't contact LDAP server)
>
> I have an ldap browser that I use with ssl but it doesn't ask for the
> certificate and It works fine.
>
> I need to import a large amount of data into the edirectory and ICE
> would be a terrific tool to use.

To add to AB's response, enable all but packet trace options on the
LDAP server object (screen options tab I believe) and then enable
dstrace (+LDAP) and try it again. It gives you more debug output.

--
Cheers,
Edward

Peter Kuo

unread,
Sep 28, 2009, 7:24:08 PM9/28/09
to
moserse wrote:

> I need to import a large amount of data into the edirectory and ICE
> would be a terrific tool to use.

Any reason ldapmodify is not an option?


--


Peter
eDirectory Rules!
http://www.DreamLAN.com

Peter Kuo

unread,
Sep 28, 2009, 7:24:08 PM9/28/09
to
a...@novell.com wrote:

> Which LDAP utility are
> you using?

Which part of "Imanager ICE" got you confused? <G>

a...@novell.com

unread,
Sep 28, 2009, 7:46:59 PM9/28/09
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Move past the subject line next time. :-)

<quote>


I have an ldap browser that I use with ssl but it doesn't ask for the
certificate and It works fine.

</quote>

Good luck.

Peter Kuo wrote:
> a...@novell.com wrote:
>
>> Which LDAP utility are
>> you using?
>
> Which part of "Imanager ICE" got you confused? <G>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJKwUrzAAoJEF+XTK08PnB5sHoP/1iEJCpt5jogOaDhoiprestg
jyA69Kc7NuWiscPv03w7/dy2eBCJpXsahVsXPJMQTiLkth4l5A4SntueoJNChBKS
gS2sDG/fWYSvUQPd73haSXSBnqYGUVlwRDXerP7jdP2dnkigxa3kyTDbj0+ppl7K
DClKgZp2GpscVm34nYs2zFXtl/CsmrgmS5BtriJywr4bCcy4UmLHcc1NwngJ7MEq
z1n2K8KA4uEPwHIKFrN3H+dwyje1tNDPBtOyAAx4URh6Nbv3QV5tNN1PFgoUWIpU
zOtV/QQVc1V1W1QZlmcIwQGgxzXC/3A4RhiAOtziFWwZLDiDzCCNHJjSq6kiMpr9
VqDinwwtFpmjbkR1ohbsKXWEKvpqoX+2ESm9tHMWnDB41wK32hiK6L24wpTPO7z0
hxvtxL8jfjuSrMxr50h+b3UfvUYShn0XKFC1w7FsXhLc6CiQ014PYmsrDuWzeqOZ
smgu80eEkd3UsnnIKwa0lXON/K9rT5ZjPyWvFNQYcPOW0wRsXc2ZxvSehRiwJYQw
JgnzsL64W1y0SBfIUZ1RZGZzDgxtIOuW03C1192haA7ZvCV5K0szKPz+M4Iihejc
nNlb3zPLrBVUgKPwtzb9PmnHj99fudApEJw+6Oz6ZFpC35r5XwN5ojHFxoxDYYXZ
tOUdVC+xA72L+zSM3oK1
=plAp
-----END PGP SIGNATURE-----

Peter Kuo

unread,
Sep 28, 2009, 10:13:20 PM9/28/09
to
And it WORKS fine. So, what's the problem there?

a...@novell.com

unread,
Sep 28, 2009, 10:58:16 PM9/28/09
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

LDAP browsers shouldn't work with untrusted keys. That it did makes me
suspicious its test was not valid enough to conclude everything was as it
should have been; thus the question and mention about a third-party
trusted CA.

Good luck.

Peter Kuo wrote:
> And it WORKS fine. So, what's the problem there?
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJKwXfHAAoJEF+XTK08PnB5Uo0QAJmnGcKf4D9jeBTtVD2fGmzu
J/kayRdT2uk2CZjYyT8FT1W2gOV/IG0igwH/0mUyqZgqoef6ToR9pZV5Bhad6qyF
KzFpTVTOAfOA7TfXcwdjJe16LST1Ij0Z7nW7HkClbhc6sAn2UdBP++vs3rMnvEEE
XomzPAqEQ1/VwhSE+Bskgy8XexYCmonR3PCGzTnj1jpr5bQkryYB0mTt7McizDsg
yFhBI2B8Wlmp0C5IAb2dsqmSFYrVhNO6rfyFQuOpwtoNsIO8lON6K6cKxymHVlSh
WAij/5gaZOpFz1vbP5bqtFhB+mknAPljD2faCud2dc+LovTFYrJzh3qhUXbNoOln
6e+OpuTrNFL+7DDq66pbuN/GbyfqLKfe8mPfMn/wKMy/QtlpfONbJzot4pEUXQnh
Cdxf3OqYLBZL+x4bf+NYPs4p6KjSBHKAnyP88U2zttmgFssSqQzCJAIum1IdwmKB
YII5NB8bdynfV4l62EmXVa8yyuU66pR4PkRkHtSt3f/WE1wfnnDp+j4Ri1lGq2Ux
HF6w8I79xgCEKgHjdb1PAB3nbxsbdDc67k+i2d21/Uz4yR8mi1WY9TS0q7Q9M0Mx
XIHu1XGwRGK1UJtDQdTs1TYB7V/RKm+XTEIFFFcD1KZw3NM+hrD+vF+cu4qvzF/V
ZGpvE7Rd3SKct5HVAVjb
=QVJx
-----END PGP SIGNATURE-----

a...@novell.com

unread,
Sep 29, 2009, 2:47:25 PM9/29/09
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you get nothing on the screen from +LDAP then something else is amuck.
Go to your LDAP Server object and enable all of the checkboxes under
'Screen Options' or whatever. When done restart eDirectory and test
again. You should get a bit of data from an LDAP trace showing the
connection, the requests, even the data sent back in some small way.

Good luck.

moserse wrote:
> I used iManager to export the certificate from the server that I am
> running iManager from. The detailed steps are below.
>
> iManager version 2.7.2 on MPSC-Srvr01
> Novell Certificate Access
> Server Certificates
> Selected the server that I wanted to export the certificate from
> Selected the SSL CertificateDNS
> Selected Export
> Selected SSL CertificateDNS
> Unselected export private key
> Export format: DER
> Next
> Saved the certificate on my local
> workstation
>
> The LDap Browser utility that I am using is LDAP Browser\Editor version
> 2.8.2 by Jarek Gawor
>
> We are using our eDirectory as our certificate of authority.
>
> I configured the LDAP and checked all items in iManager and ran
> ndstrace with the following messages:
>
> I get nothing on the ndstrace screen when I enable +LDAP
>
>
>
> This is the iManager command that is running for ICE and the error
>
> Novell Import Convert Export utility for Novell eDirectory
> version: 20215.04e
> Copyright 2000-2005 Novell, Inc. All rights reserved. U.S. Patent No.
> 6,915,287.
> Source Handler: ICE LDIF handler for Novell eDirectory (version:
> 20216.02e)
> Destination Handler: ICE LDAP handler for Novell eDirectory (version:
> 20216.02e)
> ldap_simple_bind failed: 81(Can't contact LDAP server), dn:
> cn=moserse,ou=admin,o=pwcs
> You may type 'ice' to see the command line help.
> Options Used:
>
> -l/var/opt/novell/iManager/nps/WEB-INF/temp/ice2223764059885835641/ice.log
> -e/var/opt/novell/iManager/nps/WEB-INF/temp/ice2223764059885835641/error.ldf
> -v -SLDIF
> -f/var/opt/novell/iManager/nps/WEB-INF/temp/ice2223764059885835641/ice7436127020506826015.tmp
> -c -v -DLDAP -s10.23.2.18 -p636 -dcn=moserse,ou=admin,o=pwcs -L
> var/opt/novell/iManager/nps/WEB-INF/temp/ice2223764059885835641/ice5505192288492506957.tmp
> -F -B
>
>
> Thanks, Susan


>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJKwlY8AAoJEF+XTK08PnB5EPsP/jRgviGwg/UYKn4JPNwysjZ9
p69ugP0JYZsTiqPrXpARnEaEfzHLpbBz4cMfvZv7MKhABE0OYMiQkXu1sOoSMl37
PkMSaVEqkvd2v7SQzqztiQidHln1lmaoKnLAQxJ/4ELZu/n5B9ztGjbg+q9k+lHN
LoY7dM7YqBtTLtou/h5QOZjjDzc5/pDGx88HNWc8eSzzCqkChaMKg66HK0va4dRa
P28HWzFnOi90fp8H1tyua/gUpcyp0mHsr+qzKJp5xihryFsVVZtUSx/lV+kI15dI
PNSiRjWRx3VlAxDJciQb9z9lHa3OVHAZubgE/EP2dqO75utK/g9cJXlJqlep2lEf
OGXLXFaWSHmLAO0cYB70GOhOzTm10l1WTg3/13K/4+ztgZ3ueOCggh/6R+42O2qt
v5SimKLMiNnK4fWCcj8ko1vC7L5mv2IezytaHzGuPXkuRt7sZXjIT/NwwenxKqfd
ybRM3idW0FdVc9vj+DmSK8ibqQ1IE4ueKygqRhEP/WobYoM/0ZRHXc0Pvj+xQESq
iAKOjjzNFWdV/q3llN8cecWX0n77yf6vnaF8lU8b+fHxGRH9a5SBIraSoJQXzNwI
FU6u0G1C6CDAM3xcD6wyJSgJ9msCVmauP0elUbV3vALwojHHz0T/zCP2CLjDbRMk
hmraMDG8dtvo+tJVs988
=Br2P
-----END PGP SIGNATURE-----

David Gersic

unread,
Sep 29, 2009, 5:29:32 PM9/29/09
to
On Tue, 29 Sep 2009 19:16:02 +0000, moserse wrote:

> It says that I have a bad certificate. I have through iManager repaired
> the certificates and replaced them. Still doesn't work.

The cert object in eDirectory is fine. The problem is in the cert that
the client side is trying to use.

--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.

0 new messages