Environment
Novell eDirectory 8.7.3.10a for Solaris
Novell eDirectory 8.7.3.10a for Linux
Novell eDirectory 8.7.3.10a for AIX
Novell eDirectory 8.7.3.10a for HP-UX
Novell eDirectory 8.7.3.10a for Linux
Novell eDirectory 8.7.3.10a for AIX
Novell eDirectory 8.7.3.10a for HP-UX
Situation
ERROR:
Attribute type is not valid schema, ID: 00000181, attribute is purged
Attribute 403f5977, GUID
Object ID: 00008020, DN: CN=admin.O=novell
During an ndsrepair different attributes are purged from objects with an error message "Attribute type is not valid schema, ID: xxxx, attribute is purged". So far GUID and ACL attributes were mainly affected, however other attributes are possibly affected as well.
Trustees might get inconsistent on the file system in case the GUIDs are purged. Also, if GUIDs are not available Novell Identity Manager can be affected because driver associations are based on GUIDs.
Attribute type is not valid schema, ID: 00000181, attribute is purged
Attribute 403f5977, GUID
Object ID: 00008020, DN: CN=admin.O=novell
During an ndsrepair different attributes are purged from objects with an error message "Attribute type is not valid schema, ID: xxxx, attribute is purged". So far GUID and ACL attributes were mainly affected, however other attributes are possibly affected as well.
Trustees might get inconsistent on the file system in case the GUIDs are purged. Also, if GUIDs are not available Novell Identity Manager can be affected because driver associations are based on GUIDs.
Resolution
The issue only happens on Unix platforms with the ndsrepair
included in eDirectory 8.7.3 SP10a and only in given circumstances.
All previous versions are not affected.
The issue has been reported to engineering and the Unix builds of 8.7.3 SP10a were removed from the download site temporarily until a fix is available.
The attributes are only purged from the local database they don't synchronize to other servers, therefore once the issues happened you can synchronize them back from a server which still has the attributes using the "Send entry to all replicas" function of iMonitor:
-Go to iMonitor on a server which has the attributes
-Browse to the object
-Select "Send entry to all replicas" from the left upper corner
If multiple objects are affected then the best solution is to remove the affected replica and add it back after doing a basic health check of eDirectory.
The issue has been reported to engineering and the Unix builds of 8.7.3 SP10a were removed from the download site temporarily until a fix is available.
The attributes are only purged from the local database they don't synchronize to other servers, therefore once the issues happened you can synchronize them back from a server which still has the attributes using the "Send entry to all replicas" function of iMonitor:
-Go to iMonitor on a server which has the attributes
-Browse to the object
-Select "Send entry to all replicas" from the left upper corner
If multiple objects are affected then the best solution is to remove the affected replica and add it back after doing a basic health check of eDirectory.
Status
Reported to EngineeringTop Issue