Error: -1652, retrieving password status from Diagpwd

  • 7000634
  • 26-Feb-2009
  • 26-Apr-2012

Environment

Novell eDirectory 8.7.3 for All Platforms
Novell eDirectory 8.8 for All Platforms

Situation

Error: -1652, retrieving password status

Resolution

Diagpwd makes a secure LDAP connection, requesting the password status through an ldap extension. For Diagpwd to work properly, the LDAP server object must have all the necessary NMAS LDAP extensions.

To troubleshoot -1652 errors with Diagpwd, turn on DSTRACE with +NMAS, +LDAP +TAGS. 

If you are missing LDAP extensions,  messages like the following will show up in DSTRACE.
Unable to find extension handler 2.16.840.1.113719.1.39.42.100.17 in extension list

To add the LDAP extensions back, use  nmasinst -i <adminDN> <treeName> [-h hostname[:port]] [-w pwd]
Example:   nmasinst -i admin.novell  My-tree



With eDirectory 8.8.3 64bit, there is a known bug when ndsd consumes more than 2gb of memory, Diagpwd will fail and return a -1652 error.  When this situation occurs, a message in dstrace states  "Unable to alloc data memory in NLDAPSetResponseBer" and a -1652 is returned to Diagpwd.


This bug have been fixed as of eDirectory 8.8.4 64bit (OES2 and Netware 6.5 SP8 only). All other platforms will need to upgrade to eDirectory 8.8.5.

Additional Information

DSTRACE taken from eDirectory 8.8.3 64bit server when ndsd is consuming more than 2gb of memory and Diagpwd returns a -1652

1106344256 LDAP: Created new monitor 0x0
1103186240 LDAP: Monitor 0x41c14940 started
1106344256 LDAP: New TLS connection 0x1bc8f040 from 137.65.120.35:21381, monitor = 0x41c14940, index = 1
1103186240 LDAP: Monitor 0x41c14940 initiating TLS handshake on connection 0x1bc8f040
1268992320 LDAP: DoTLSHandshake on connection 0x1bc8f040
1268992320 LDAP: BIO ctrl called with unknown cmd 7
1268992320 LDAP:  Completed TLS handshake on connection 0x1bc8f040
1271097664 LDAP:  DoBind on connection 0x1bc8f040
1271097664 LDAP:  Bind name:cn=admin,o=novell, version:3, authentication:simple
1271097664 LDAP:  Sending operation result 0:"":"" to connection 0x1bc8f040
1093712192 LDAP:  DoSearch on connection 0x1bc8f040
1093712192 LDAP:  Search request:
        base: "cn=admin,o=novell"
        scope:0  dereference:0  sizelimit:0  timelimit:0  attrsonly:0
        filter: "(objectclass=ndsLoginProperties)"
        attribute: "mail"
        attribute: "pwdChangedTime"
1093712192 LDAP:  Sending search result entry "cn=admin,o=novell" to connection 0x1bc8f040
1093712192 LDAP:  Sending operation result 0:"":"" to connection 0x1bc8f040
1273203008 LDAP:  DoExtended on connection 0x1bc8f040
1273203008 LDAP:  DoExtended: Extension Request OID: 2.16.840.1.113719.1.39.42.100.17
1273203008 NMAS: Accessing local replica of Security
1273203008 NMAS: Accessing local replica of CN=Login Policy.CN=Security
1273203008 NMAS: Successful get password status for CN=admin.O=novell
1273203008 NMAS: Universal password status 0x0
1273203008 NMAS: Simple password status 0x0
1273203008 LDAP: malloc of 18 bytes failed
1273203008 LDAP:  Unable to alloc data memory in NLDAPSetResponseBer
1273203008 LDAP:  Sending operation result 0:"":"" to connection 0x1bc8f040
1093712192 LDAP:  DoUnbind on connection 0x1bc8f040