Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Enable Universal Password in edir882 without imanager

32 views
Skip to first unread message

Peter Kuo

unread,
Jan 8, 2010, 4:23:17 AM1/8/10
to
ambarish mitra wrote:

> Ideally, I would like to do without installing, configuring iManager,
> but if there is no other way, then I will have to install imanager.

You really don't want to go down that path - it can be done via LDAP but I
don't think there's enough hair in this universe to prevent one from going
bald doing it without using iMan; do as Massimo suggested, install iMan
Workstation ...


--


Peter
eDirectory Rules!
http://www.DreamLAN.com

Massimo Rosen

unread,
Jan 8, 2010, 4:16:29 AM1/8/10
to
Hi,

ambarish mitra wrote:
>
> Ideally, I would like to do without installing, configuring iManager,
> but if there is no other way, then I will have to install imanager.

There's no other way. Note that you can install iManager on a
workstation, that's probably the easiest thing to do.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de

Massimo Rosen

unread,
Jan 8, 2010, 8:50:48 AM1/8/10
to
Hi,

ambarish mitra wrote:
>
> Obviously, something is wrong with the tree name. But this treename is
> the same that I gave during the imanager install. Where does the
> imanager look up for treename?

Make your life easy, simply put the IP of the eDir server into the
treename field.

Massimo Rosen

unread,
Jan 8, 2010, 9:37:44 AM1/8/10
to
Hi,

ambarish mitra wrote:
> >
> > NDSNamespaceImpl...4832 Unable to determine treename for 10.88.164.58
> > (novell.jclient.JCException: connect (to address) 111 UNKNOWN ERROR)

Hmm. That sounds as if iManager can't even connect. Are you possibly
running eDir on a non-standard port? Does it listen on port 524, and is
reachable (e.g through telnet) locally from the same server? Firewall
issue maybe?

a...@novell.com

unread,
Jan 8, 2010, 10:28:16 AM1/8/10
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The username should be in dot notation....

manager.users.myorg.us

Otherwise it looks fine, but you will never get in with the username you
specified. See the iManager documentation for details.

Good luck.

ambarish mitra wrote:
> ...


> , install iMan Workstation ...
> --
>
>

> I installed iManager workstation 2.7.x remotely on Windows2003. The
> problem is now about log in.
>
> In the log in dialog, I give the following:
>
> Username: cn=manager,ou=users,o=myorg,c=us
> Password: password
> Tree: <IP Address where Edir is installed>
>
> But Imanager reports:
>
> (Error -635) The target server does not have the correct information
> about the source server.
>
>
> From the same workstation host, I can connect to the ldap port (389) of
> the edirectory with the same credentials given above.
>
> What can be wrong?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLR08QAAoJEF+XTK08PnB5lLQP/0jTYHh4wF8x5J0s5nqjZKVE
PUkffO8dq7edMmn/Pn+PpiqAljrK0JsfD20BfO5T2s+Zn6q4+FIRkLu/7WZfm714
LTX+C4wIToCq+9cD2FW3F8GO6i5m83O+NCQSbuhzrqHeMLptCyLIDyBiJPZ2L98H
1Fi8+mBmr5/5h9Z19le2jbeorvR0jLpFmk+6c+c9PgLNQAX9ULL9n5waCXsh03n3
ctEUxCKIGncB27SnydgeaZhcrcUn3I890/LWbsDloSOIJtQLlUPJUmxdjNcw9NSv
mxhCvfgRBux78ALxWQap/tEVAR+AaYOTtvh3UTX7c2AL9J4FHa0yOkJY8kWRg6Cu
LgII4AUwe/Jvkmmq8L01+rRQIgxXhTDjLf9u9p0214pLv0WD8Brc96abpy4FDKop
8gCgz/SRbHFoyOGB8mwGQEN+EFwwuwNzUBWQYzZyq5Vhnv+1dJGpo+usXIXK8614
jH+EIq/MaBi8yNuefV1uXK5idOulHY+vNC58ZvFEhpm3mlmlkAzKJEI9MfvndMAv
frKDlzXjfVjms/LSKY4GseGgJ4O8oqrUnrXJcwPTAWYQ4cZ+CWBSW8TydKhQ0BEk
RFgCkDopCGXUuRFyXFi/T2py/exPcdCC5yjQgHMapkew4bNcTUXXuUCzdDqyt/sH
BuVY2To7qPSN3I97cgVp
=CFgg
-----END PGP SIGNATURE-----

a...@novell.com

unread,
Jan 8, 2010, 10:29:45 AM1/8/10
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Also in another post the username entered was in LDAP format and must not
be. Be sure you are using dot notation in the username field:

manager.users.myorg.us

Good luck.

Massimo Rosen wrote:
> Hi,
>
> ambarish mitra wrote:
>>> NDSNamespaceImpl...4832 Unable to determine treename for 10.88.164.58
>>> (novell.jclient.JCException: connect (to address) 111 UNKNOWN ERROR)
>
> Hmm. That sounds as if iManager can't even connect. Are you possibly
> running eDir on a non-standard port? Does it listen on port 524, and is
> reachable (e.g through telnet) locally from the same server? Firewall
> issue maybe?
>
> CU,

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLR09pAAoJEF+XTK08PnB5DpUQAKM5ofui7xizZlQCHR7lMr4/
4f/cloUumrbdp6eVf3S4wGFtmlHoEm0/VdroBgbohHbTmXo///7t2ZA4bf/vohF5
i76ivF1m19EsrEqZ5ULTQwNux2N4sucG9vYbIrYslbyTBsWVbJVRBWZBdEfDmzu/
MlO73zoDYJFkuRli+A0jQ7oWuM3932H575EQHRdrQeOnbs0a6iqj+/3WT2GXHHQG
90NEZDn0HL769qOD9gQm3WW7QyQVmEqb8E/Cc3DhHeOTsuEKMtGa20g3GErULnp7
21Jv457L/Scp3I2m2AHWg/n+abGhf+Y7FcvkAPHx4cXjaxd5uviOlsY2FaI4NknZ
Xz1tOKl3GMYp1WzLSEEKOq7oM/dmZQ2mn+x7FbdnutnQOg+5JfDsn7jmBabiiUvF
Gwr8596aUWrtYUTjqjYpo3hGhi83f/haLIBF8lXtOaF48mSyroNVw24ZGguSe8Pe
5jBh1KdbYf2hY+txhicSi4zfHCf7yx3TCaooh2CW7hCQj23x5sx2i9QTgBV54W1Y
yQiN8SNlEwPD1iNFJrIYKVEdLuLOdYGKc5ed8nX3rhMCxjbo/VkSzkfvwCg7jr8D
8SIvemPATY6HNu3vUIMk5JoE+KMpmEoxBhU4Yy5zHY4uDQ5+E2ZjecdmiaoImwtA
S7E1vFa8c90iJwZvxEmv
=Smg3
-----END PGP SIGNATURE-----

Massimo Rosen

unread,
Jan 8, 2010, 11:59:59 AM1/8/10
to
Aaron,

"a...@novell.com" wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Also in another post the username entered was in LDAP format and must not
> be. Be sure you are using dot notation in the username field:

Oh yes. Thanks for catching it.

Massimo Rosen

unread,
Jan 11, 2010, 4:21:32 AM1/11/10
to
Hi,

ambarish mitra wrote:
>
> Hmm. That sounds as if iManager can't even connect. Are you possibly
> running eDir on a non-standard port? Does it listen on port 524, and
> is
> reachable (e.g through telnet) locally from the same server? Firewall
> issue maybe?
>

> ------
>
> Hi Massimo,
>
> It is true that nothing is running on port 524. I checked this using
> netstat on the server. However, it is running on port 389 and 636 (ssl)
> i can connect to these ports using any ldap client.

iManager doesn't use ldap it uses NCP, the native eDir interface. NCP by
default listens on port 524.

> When I start edir with the ndsd script, it stars fine:
>
> [root@rhel5-32-ned init.d]# /etc/init.d/ndsd start
> Executing customized settings before starting the Novell eDirectory
> server...
> Starting Novell eDirectory server...
> [ OK ]
>
> Novell eDirectory LDAP Server is listening on the TCP port.
> Novell eDirectory LDAP Server is listening on the TLS port.
>
> But even then the port 524 is not listening.
>
> During the install, I had kept all defaults.

Well, then the only explanation would be a firewall that stops access to
524. "Do a netstat -l -p -n | grep ndsd" to see if ndsd is listening on
524.

Massimo Rosen

unread,
Jan 11, 2010, 5:41:28 AM1/11/10
to
Hi,

ambarish mitra wrote:
>
> Well, doing a netstat gave the port no as 5678, which i used in the
> tree as:
>
> IP:5678
>
> Again, in another post Peter advised me to use the dotted name for
> login. Using both of these, the imanager login worked successfully.

Well, that means you didn't use the default port during eDir
installation. ;)

> Thank you very very much.

You're welcome.

Marcel Cox

unread,
Jan 11, 2010, 7:46:05 AM1/11/10
to
ambarish mitra wrote:

>Do I have to download and configure an external plugin for this?

You need this one:

http://download.novell.com/SummaryFree.jsp?buildid=zSNjgXlhecw~

and read the documentation here:

http://www.novell.com/documentation/password_management33/pwm_administration/data/bookinfo.html

--
Marcel Cox
http://support.novell.com/forums
------------------------------------------------------------------------
Marcel Cox's Profile: http://forums.novell.com/member.php?userid=8

Marcel Cox

unread,
Jan 12, 2010, 3:16:06 AM1/12/10
to
What is confusing in iManager is that you have 3 different categories of
rights that influence what you can do in iManager.

- authorized users. These are users that can configure iManager itself,
like add plugins, change settings etc. By default, the user used at
iManager installation time is defined as authorized user. In your case,
you are not an authorized user and therefore you can't install plugins.

- RBS (Role Based Services). This type of rights settings determine what
tasks people can perform with iManager. This is completely independent of
the rights to manage the iManager settings (e.g. authroized user above).
You are "collection owner" and therefore you have all possible RBS rights.

- standard eDirectory rights. Independently of the RBS configuration, you
are still limited in the actions you can perform based on the eDirectory
rights of the user.


Now to solve your problem, you need to add yourself as an authorized user.
See the documentation here for details on how to do this:
http://www.novell.com/documentation/imanager27/imanager_admin_273/data/b8qrh89.html#buf795q
and the following TID gives details on how to do it in case you want to
manually edit the configiman.properties file:
http://www.novell.com/support/viewContent.do?externalId=7002140

Marcel Cox

unread,
Jan 12, 2010, 6:26:07 AM1/12/10
to
ambarish mitra wrote:

>cn=manager,ou=users,o=myorg,c=us.RHEL5-32-NED=eDir

That syntax is wrong. Also, I wonder if the country doesn't create problems.

The correct syntax should probably be:

manager.users.myorg.us.RHEL5-32-NED=eDirectory

alternately, if that doesn't work, you can also try the line:

AllUsers=true

Which simply turns off this type of security.

Note that you have to restart tomcat for the change to be recognized.

a...@novell.com

unread,
Jan 12, 2010, 10:56:05 AM1/12/10
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I hate disagreeing with Marcel (because I'm usually wrong) but you should
not need to restart Tomcat to apply changes in this file, though you will
need to login/login.

Good luck.

Marcel Cox wrote:
> ambarish mitra wrote:
>
>> cn=manager,ou=users,o=myorg,c=us.RHEL5-32-NED=eDir
>
> That syntax is wrong. Also, I wonder if the country doesn't create
> problems.
>
> The correct syntax should probably be:
>
> manager.users.myorg.us.RHEL5-32-NED=eDirectory
>
> alternately, if that doesn't work, you can also try the line:
>
> AllUsers=true
>
> Which simply turns off this type of security.
>
> Note that you have to restart tomcat for the change to be recognized.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLTJuUAAoJEF+XTK08PnB5RAgP/2gJalNbLDZ+N3vayBwzQesJ
D7G945jj7YOL41MUAkGnlfvP9WEdlUbcJunO+6KTvdVZHK+D5lZYrZZ/mF9OkgNo
hvKAP6XIvQVvLfKvvJhpZkal8xYMQHBu0ERubz3k3BrT8RNZANjSLJr7lKjzHraN
4ZBPC63DYEGTfILzQ2x3LKvlR7WV4bG7PkbO8McihiQF61qLtgA7TmB62ut7BgU9
mgvGrjd4TdwKe1gP7IhhT6LveeLRvMURMEyCEpBs8bpuJjEGe1P2Rf/C1N2Q7Bml
hURE4wGZ3CCMDqgS6DjAQETqQel2SuBkzMah0S30IEeIstAHoFVlAORTftfs3l2H
+p9nu1egezvUWIV9GhjA7VtJDd3eDVls3SVs2AdFjrgO+tQtH0HORfQaReAAmNOF
JxvCpHT2V4Fcnnn/KNyUKbf5/sR2uabsdxSzqV1bISeUpeJ8PR3cswa4CydShEH/
jOJRCVVdPjH9BIZKlJ25qT1oE+vQtdowxfQsKkfgfRNT4DBkRAYGwgBoBjo5MDjP
uamTf75SFi8jHQiiEFF5xDAtjkFYP4kS+nBh2map6XicFZ65/0lJz1PZKQMQWDeH
7wdR1c1/NTH4ZIAep1e2MdnQH8nFBKWXNDNjc5r7ryussB4eGdfq9S0NQey4KHsN
Mp6/1MVYjhJM5FhaAE0N
=Ot1r
-----END PGP SIGNATURE-----

Marcel Cox

unread,
Jan 12, 2010, 12:40:54 PM1/12/10
to
I'm so used that almost any change in iManager requires a restart that I
thought it would be the case here as well. So it seems that its not the
case.
0 new messages