Environment
Novell eDirectory 8.8 for Linux
Situation
COMMAND: ndsconfig add -a admin.admin -w novell -m nmas
COMMAND: ndsconfig add -a admin.admin -w novell -m sas
COMMAND: ndsconfig add -a admin.admin -w novell -m ldap
The ndsconfig util is not checking the return code from nmas, which results in invalid data being added to:
1. NCP Server object for the Attribute NCPKeyMaterialName with value "SSL CertificateDNS", but no SSL object created.
2. The LDAP server object gets configured to use this cert name, which is invalid
COMMAND: ndsconfig add -a admin.admin -w novell -m sas
COMMAND: ndsconfig add -a admin.admin -w novell -m ldap
The ndsconfig util is not checking the return code from nmas, which results in invalid data being added to:
1. NCP Server object for the Attribute NCPKeyMaterialName with value "SSL CertificateDNS", but no SSL object created.
2. The LDAP server object gets configured to use this cert name, which is invalid
=====================================================================
Example:
server1:/var/opt/novell/eDirectory/conf # ndsconfig add -a
admin.novell -w novell -m nmas
[1] Instance at /var/opt/novell/eDirectory/conf/nds.conf: server1.OU=services.O=novell.tree1
Configuring Novell eDirectory server with the following parameters, Please wait...
Tree Name : TREE1
Server DN : SERVER1.OU=services.O=novell
Admin DN : admin.novell
Module Name : nmas
NCP Interface(s) : 10.1.1.1@524
Configuration File : /var/opt/novell/eDirectory/conf/nds.conf
DIB Location : /var/opt/novell/eDirectory/data/dib
Searching for the Tree "TREE1" in the network. Please wait...
Configuring LDAP service... Done
Configuring SAS service... Failed to configure SAS service: unknown error -1266
(fffffb0e hex) err=-1266
Associating certificate with the NCP server object... Done
[1] Instance at /var/opt/novell/eDirectory/conf/nds.conf: server1.OU=services.O=novell.tree1
Configuring Novell eDirectory server with the following parameters, Please wait...
Tree Name : TREE1
Server DN : SERVER1.OU=services.O=novell
Admin DN : admin.novell
Module Name : nmas
NCP Interface(s) : 10.1.1.1@524
Configuration File : /var/opt/novell/eDirectory/conf/nds.conf
DIB Location : /var/opt/novell/eDirectory/data/dib
Searching for the Tree "TREE1" in the network. Please wait...
Configuring LDAP service... Done
Configuring SAS service... Failed to configure SAS service: unknown error -1266
(fffffb0e hex) err=-1266
Associating certificate with the NCP server object... Done
====================================================================
...results when cert name is already on NCP Server
object:
EFD1POCL1:/var/opt/novell/eDirectory/log # ndsconfig add -a admin.novell -w novell -m sas
[1] Instance at /var/opt/novell/eDirectory/conf/nds.conf: server2.OU=services.O=novell.TREE1
Configuring Novell eDirectory server with the following parameters, Please
wait...
Tree Name : TREE1
Server DN : SERVER1.OU=services.O=novell
Admin DN : admin.novell
Module Name : sas
NCP Interface(s) : 10.50.11.200@524
Configuration File : /var/opt/novell/eDirectory/conf/nds.conf
DIB Location : /var/opt/novell/eDirectory/data/dib
Searching for the Tree "TREE1" in the network. Please wait...
Configuring SAS service... Failed to configure SAS service: unknown error -1266(fffffb0e hex) err=-1266
Associating certificate with the NCP server object... INFO: Server is already associated with a certificate.
====================================================================
EFD1POCL1:/var/opt/novell/eDirectory/log # ndsconfig add -a admin.novell -w novell -m sas
[1] Instance at /var/opt/novell/eDirectory/conf/nds.conf: server2.OU=services.O=novell.TREE1
Configuring Novell eDirectory server with the following parameters, Please
wait...
Tree Name : TREE1
Server DN : SERVER1.OU=services.O=novell
Admin DN : admin.novell
Module Name : sas
NCP Interface(s) : 10.50.11.200@524
Configuration File : /var/opt/novell/eDirectory/conf/nds.conf
DIB Location : /var/opt/novell/eDirectory/data/dib
Searching for the Tree "TREE1" in the network. Please wait...
Configuring SAS service... Failed to configure SAS service: unknown error -1266(fffffb0e hex) err=-1266
Associating certificate with the NCP server object... INFO: Server is already associated with a certificate.
====================================================================
Similar errors can occur when using ndsmanage. The following messages were added to the /var/opt/novell/eDirectory/log/ndsd.log
16:13 SecurityInstall: Using Server Name of server1
May 27 14:16:13 SecurityInstall: Using Server Context of novell
May 27 14:16:13 SecurityInstall: About to load pkiserver.
May 27 14:16:13 Successfully started NetIQ PKI Services
May 27 14:16:13 SecurityInstall: Calling pkiInstallSetIdentity . . .
May 27 14:16:13 SecurityInstall: Returned from pkiInstallSetIdentity.
May 27 14:16:13 SecurityInstall: Calling pkiInstallsetCRLfile . . .
May 27 14:16:13 SecurityInstall: Returned from pkiInstallsetCRLfile.
May 27 14:16:13 SecurityInstall: Calling pkiInstallSetIPAddress . . .
May 27 14:16:13 SecurityInstall: Returned from pkiInstallSetIPAddress.
May 27 14:16:13 SecurityInstall: Error from pkiInstallCreatePKIObjects (ccode = -1266; retval = -4).
May 27 14:16:13 An error occurred while configuring product SAS. Error description unknown error -1266 (fffffb0e hex).-1266
May 27 14:16:13 NDSIInstallDSProduct: Returning -1266.
May 27 14:16:13 DHModuleInit_dsi: Returning -1266.
May 27 14:16:13 Module dsi is not loaded
May 27 14:16:15 LDAP Agent for NetIQ eDirectory 8.8 SP8 (20810.24) started
May 27 14:16:15 NMAS Server Version:8.8.8.9 Build:20161117 started
May 27 14:16:15 SASL Version:8.8.8.9 Build:20161117 started
Resolution
Resolve the error -1266. There could be many reasons for the
error. Ensure for instance that the server's name can be
resolved from an IP address to the hostname (uname -a),
which must be the servername used in nds.conf.
To test:
Added the servername used during the ndsmanage configuration to the /etc/hosts file with the ipaddress used eDirectory
Cause
ipaddress used for configuration must be resolvable to the name used for the server