namuserlist and namgrouplist command does not work on OES1 and OES2

  • Document ID:7002574
  • Creation Date:06-Feb-2009
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      eDirectory
      Open Enterprise Server

Environment


Novell eDirectory 8.8 for Linux
Novell Open Enterprise Server 1 (OES 1) Linux
Novell Open Enterprise Server 2 (OES 2) Linux

Situation

namuserlist command does not show any information i.e cannot see any thing in "namuserlist -x o=<Org. name>" nor with "namgrouplist -x o=<Org. name>".
Lum was working fine, users can login with using lum.
Able to see information for all the LUM enable users via "id <user>"

Resolution

Linux User Management was working fine. The id and namcd was working fine. All users can login using Linux User Management.

Found out the namuserlist and namgrouplist command does not show any information.

  1. Do a LDAP search by typing "ldapsearch -x -h <ip address of preferred server> -p 389 cn=<lum enable users> " and see if it displays the attributes with their values.  
  2. Then on the server console type "netstat -npl | grep 636 " and "netstat -npl | grep 389 " to check if LDAP port is listning. If it doesn't show then check the following things on the LDAP Server object:-
    • Open Consoleone Right click on the LDAP Server Object, On the General Tab Make sure Host Server and LDAP Group are listed. 
    • On the SSL/TLS Configuration Tab, make sure Server Certificate is listed. You can select either SSL CertificateDNS or SSL CertifictaeIP for that server. Also make sure that Require TLS for ALL Operations is uncheck.
    • Then select the NDS Rights Tab and see if the NCP Server object is listed as a Trustee. If its not listed, then click on Add Trustee then browse to the NCP Server object and hit Ok. Make sure you select all the rights for "Entry Rights" and All "Attribute Rights" .
    • Select the Other Tab and expand the Version attribute and check it the NDSD version is correct. You can also confirm by typing the "ndsstat " command on the server console.
  3. Things to check on the LDAP Group object:
    • Open Consoleone and Right Click on the LDAP Group object, make sure the Require TLS for simple binds with password is uncheck.
    • Select the Server List Tab abd see if the LDAP Server object for that server is listed.
    • Select the NDS Rights Tab and check is the NCP Server object for that server is listed as Trustee. If its not listed, then click on Add Trustee then browse to the NCP Server object and hit Ok. Make sure you select all the rights for "Entry Rights" and All "Attribute Rights".
  4. Then from Consoleone Right click on Unix Workstation object , check Effective Rights and see if you have browse right to public.
  5. Right click on the Tree Root Check to see if Public has Browse rights for Entry Rights.
  6. Restart ndsd by typing "rcndsd restart " without quotes at the console followed "rcnamcd restart " without quotes at the server console. And then execute the namuserlist command by "namuselist -x -o<Org.Name> ".


Status

Top Issue