OpenSLP DA returns AUTHENTICATION_FAILED in response to SrvReg registration request for ndap.novell service

  • Document ID:7000199
  • Creation Date:24-Apr-2008
  • Modified Date:30-Apr-2012
    • Micro Focus Products:
      eDirectory
      Open Enterprise Server
    • SUSE Products:
      SUSE Linux Enterprise Desktop
      SUSE Linux Enterprise Point of Service
      SUSE Linux Enterprise Real Time Extension
      SUSE Linux Enterprise Server

Environment

Novell Directory Services
Novell eDirectory
Novell Connectivity Products
Novell NDS for NT
Novell Open Enterprise Server (OES)
Novell openSUSE
Novell SUSE Linux Enterprise Server

Situation

The Novell eDirectory database is distributed by partitioning and replication.
The collection of all eDirectory servers with a replica of the same partition is called a replica ring.
Each eDirectory server with partition replicas registers for each partition replica a service of type ndap.novell (Novell Directory Access Protocol) and the partition name as the service URL, plus attributes with connectivity information (transports and sockets) of all known eDirectory servers in the replica ring, the eDirectory version of the registering eDirectory server, availability of the eDirectory service at the registering eDirectory server and the WinSock GUID of the eDirectory service.

Hence, if each eDirectory server in a replica ring runs the same eDirectory version and has the same SLP Directory Agent and SLP Scope configuration, then they will all register a ndap.novell service with exactly the same URL and exactly the same attributes with the same Directory Agent(s) in the same Scope(s).

By default, the boolean 'net.slp.checkSourceAddr' in the Security section of the OpenSLP configuration file (/etc/slp.conf) is set to 'true'. In case OpenSLP is configured to have the Directory Agent component enabled (net.slp.isDA = true), then the effect of this parameter is that regardless to the usage of Authentication Blocks, the SLP Directory Agent will only allow registration of exactly the same service from the eDirectory replica that registers the ndap.novell service for a given partition first and returns an AUTHENTICATION_FAILED error (error code 7) to any other eDirectory replica in the ring that tries to register the same service later.

Resolution

The "AUTHENTICATION_FAILED" error can be avoided by setting the boolean 'net.slp.checkSourceAddr=false' in the Security section of the OpenSLP configuration file (/etc/slp.conf).

+ Advanced eDirectory Troubleshooting