Environment
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Novell Identity Server
Situation
Administrator wanted to remove the Linux Access Gateway (LAG) from
the existing setup and re-import the device into the Administration
Console (AC). To do so, the administrator manually deleted the LAG
device under the Access Gateway section of the AC. All appeared to
go successfully and no errors were reported.
The administrator then used the lagconfigure.sh script on the LAG to re-import the device into the AC. After selecting option 3 to re-import the proxy and nesp services, the IP address and credentials for the AC were given. After a few minutes, the lagconfigure script finished with no errors reported. When the administrator looked at the AC, no LAG device would be visible. Multiple re-installs failed to re-import the device into the AC.
The administrator then used the lagconfigure.sh script on the LAG to re-import the device into the AC. After selecting option 3 to re-import the proxy and nesp services, the IP address and credentials for the AC were given. After a few minutes, the lagconfigure script finished with no errors reported. When the administrator looked at the AC, no LAG device would be visible. Multiple re-installs failed to re-import the device into the AC.
Resolution
Fixed in 3.1 Support Pack 2 or greater.
For systems pre 3.1.2, the following workaround holds:
Using an LDAP browser, connect to the LDAP server (needs to be a secure LDAP session!) on the Administration Console and delete the following objects, after first backing up the AC configuration store with the ambkup.sh script:
- ag* and idp-esp* objects and attributes from partition.PartitionsContainer.VCDN_ROOT.accessManagerContainer.novell
- SCC* object that referenced the AG cluster.nids.accessManagerContainer.novell. Look at the nidsBaseURL attribute of each of these objects to determine that it is the Access Gateway and not the IDP SCC object that the administrator is deleting
- the idp-esp* object in server.nids.accessManagerContainer.novell
Once these objects are deleted, re-running the lagconfigure script (option 3) will allow the LAG to re--import successfully.
For systems pre 3.1.2, the following workaround holds:
Using an LDAP browser, connect to the LDAP server (needs to be a secure LDAP session!) on the Administration Console and delete the following objects, after first backing up the AC configuration store with the ambkup.sh script:
- ag* and idp-esp* objects and attributes from partition.PartitionsContainer.VCDN_ROOT.accessManagerContainer.novell
- SCC* object that referenced the AG cluster.nids.accessManagerContainer.novell. Look at the nidsBaseURL attribute of each of these objects to determine that it is the Access Gateway and not the IDP SCC object that the administrator is deleting
- the idp-esp* object in server.nids.accessManagerContainer.novell
Once these objects are deleted, re-running the lagconfigure script (option 3) will allow the LAG to re--import successfully.