Environment
Novell eDirectory 8.8
Novell eDirectory 8.7.3
Novell eDirectory 8.7.3
Situation
How to re-create the LDAP objects for a server
Resolution
Do not use ConsoleOne to recreate the LDAP server and group objects.
Use the most recent version of iManager to manage the LDAP server and group objects.
Do not delete the LDAP group and server object if the objects were created via the eDirectory installation process. Rarely are the objects corrupted and need a deletion. Capture an LDAP trace initially to troubleshoot any LDAP issues.
If this is a NetWare box, do the following:
Use the most recent version of iManager to manage the LDAP server and group objects.
Do not delete the LDAP group and server object if the objects were created via the eDirectory installation process. Rarely are the objects corrupted and need a deletion. Capture an LDAP trace initially to troubleshoot any LDAP issues.
If this is a NetWare box, do the following:
1) Delete the LDAP server and group objects for the problem server
2) Confirm that the obituaries processed.
2) Confirm that the obituaries processed.
3) Create the ldap server object by doing the following steps:
- load nwconfig on the NetWare server in question
- directory options
- extend schema
- login as the admin user
- F3 to specify a path
- point to the sys:system\schema\ldap.sch directory and hit <enter>. Then repeat the process for sys:\system\schema\ldapupdt.sch and hit <enter>
- The above process re-extends the default schema that is on the box. As the schema is already there, it really isn't re-extending it. But in this process it does create the ldap server and group object if they were not previously there. If an error is seen when extending the schema, run the schema extention a second time.
- After the objects have been recreated reassociate the SSL Certificate DNS to the LDAP server object in ConsoleOne or iManager.
If it is a Linux box:
- delete the LDAP server and group objects and make sure the obituaries process
- at the console screen on the Linux box in question, type "ndsconfig upgrade"
- If LDAP fails to function properly make sure to take an LDAP trace using iMonitor to troubleshoot any further issues, make sure that the properties of the ldap server object has the appropriate trace screens options enabled. To unload and re-load nldap on Linux, go into ndstrace on the box and do a Load nldap or an unload nldap. The modules command shows what modules are currently loaded on the box.
- After the objects have been recreated reassociate the SSL Certificate DNS to the LDAP server object in ConsoleOne or iManager.
Additional Information
Notes:
If there is a LDAP server and group object with a letter after the server name, such as edir01a when the server object is just edir01, these LDAP objects were created due to other LDAP objects already existing in the tree with the default name. These objects are most likely the ones used by the server for LDAP. Check to see if the host server is populated on the LDAP server object if both the default LDAP objects and the LDAP objects with the appended letter are both present.
eDirectory 8.8.1, 8.8.2, 8.8.3: There is a defect with nldap that will not allow the objects to be recreated if the server cannot contact the master replica server for the ldap objects partitiion (servers partition). If you make the server the master of the partition, then it will recreate the objects. This issue will also cause ldap not to load if the master is not available as well. This issue is resolved in 8.8.4.1 or later versions of eDirectory / ldap.
Search: ldap.sch ldapupdt.sch
Remember that this process is not recreating your certificates. If your certificates are expired, the default being an age of 2 years, you may need to recreate your certificates through iManager.