BorderManager 3.9 Access Control rules not working, getting "Could NOT find ACL" error on the logger screen

  • 7001558
  • 08-Oct-2008
  • 26-Apr-2012

Environment


Novell BorderManager 3.9 Support Pack 1
Novell BorderManager 3.9

Situation

Access Rules can be viewed, created, and edited in iManager, but the rules do not seem to be working.  For example, a URL rule is created to block http://*.novell.com/*, but users are able to access www.novell.com.  The following error is seen on the NetWare logger screen when administering the rules with iManager:
xpath is ACL/AccessRule[@RuleNumber='032b30aa']AcessRule[@RuleNumber='032b30aa']
/URL[1]/Configured[@Value='http://*.novell.com/*']
Value is null
Setting the value of field = checkboxURL127, XPath = ACL/AccessRule[@RuleNumber=
'032b30aa']AcessRule[@RuleNumber='032b30aa']/URL[1]/Configured[@Value='http://*.
novell.com/*'], Value = 0
Could NOT find ACL/AccessRule[@RuleNumber='032b30aa']AcessRule[@RuleNumber='032b
30aa']/URL[1]/Configured[@Value='http://*.novell.com/*']

Resolution


If running the shipping build of BorderManager 3.9, update to Service Pack 1.  Run the fillattr command to convert rules and proxy configuration to the format recognized by the BorderManager plug-ins for iManager.  The following is the syntax for the fillattr command:
fillattr <host ip> <login dn> <password> <server dn> <search base dn>
For example,
fillattr 192.10.10.10 cn=admin,o=novell novell cn=nwserver-38,o=novell o=novell
If running fillattr does not resolve the issue, try removing and reinstalling the BorderManager plug-ins in iManager:
  1. In iManager, go to Configure -> Plug-in Installation -> Installed Novell Plug-in Modules.  Select the BorderManager Proxy and Access Control NPM's, and remove them

  2. Restart tomcat with these commands:

    For iManager 2.7:
    tc5stop
    (wait for tomcat to stop)
    tomcat5

    For iManager 2.6:

    tc4stop (wait for tomcat to stop)
    tomcat4

  3. Go back into iManager and verify if the Proxy and Access Control plug-ins were removed.  If they were removed successfully, skip to step 9.  If the plug-ins were not moved, continue with step 4 to manually remove them.

  4. Stop tomcat.

  5. Delete the following files and directories:
    sys:\tomcat\5.0\work\Catalina\localhost\nps\org\apache\jsp\portal\modules\bmpxy\
    sys:\tomcat\5.0\work\Catalina\localhost\nps\org\apache\jsp\portal\modules\bmacl\
    sys:\tomcat\5.0\webapps\nps\portal\modules\bmacl
    sys:\tomcat\5.0\webapps\nps\portal\modules\bmpxy
    sys:\tomcat\5.0\webapps\nps\WEB-INF\modules\NBMAclConfig
    sys:\tomcat\5.0\webapps\nps\WEB-INF\modules\NBMPxyConfig
    sys:\tomcat\5.0\webapps\nps\WEB-INF\lib\bmpxy.jar
    sys:\tomcat\5.0\webapps\nps\UninstallerData\Uninstall_bmacl
    sys:\tomcat\5.0\webapps\nps\UninstallerData\Uninstall_bmpxy

    For iManager 2.6, search in sys:\tomcat\4.0\ instead of sys:\tomcat\5.0\.

  6. Start tomcat.

  7. Wait for iManager to come back up, then log in.  Check that the BorderManager Proxy and Access Control plug-ins are gone.

  8. Go to Configure -> Plug-in Installation -> Installed Novell Plug-in Modules.  Ensure that the BM modules are gone.

  9. Go to Available Novell Plug-in Modules.  Select and remove the NBM ACL and NBM Proxy Configuration modules if the file locations appear as 'Local Directory'.

  10. Click on Add, and navigate to the bmacl_2.7.npm and bmpxy_2.7.npm files (or bmacl_2.7.npm and bmpxy_2.6.npm for iManager 2.6) in the BORDER directory on the BM 3.9 SP 1 media.  Select the NBM ACL and NBM Proxy Configuration modules and install.

  11. Stop and start tomcat, then test the newly installed BorderManager snap-ins.

  12. Test the Access Rules.  If they still do not work correctly, delete and recreate the rules using the newly installed BorderManager plug-ins.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.