Environment
Novell Identity Manager 3.5.1
Novell Identity Manager 3.5
NetIQ Identity Manager 4.7 - Non-Root install
Novell Identity Manager Engine Functionality
Novell SUSE Linux Enterprise Server
OES2 SP1
Situation
The error may show up in iManager, DXCMD or in IDM Driver trace during driver startup. The VRDIM module is not loaded when looking at the output from:
ndstrace -c modules
Further troubleshooting using ndstrace with DVRS, DXML, MISC, TIME, TAGS may show the following errors:
dlopen() error: /opt/novell/eDirectory/lib/nds-modules/jre/lib/i386/libjava.so: symbol JVM_GetClassSignature, version SUNWprivate_1.1 not defined in file libjvm.so with link time reference
No JVM module found
DirXML JVM interface initialization failed <failed, -299 (0xfffffed5)>, unloading DIRXML
Errors show up after a reboot of the server or after eDirectory
is reloaded.
Resolution
The installed Java based application caused IDM to lose a reference to where its own JRE is loaded.
To temporarily fix the issue for a default root-based installation you can place the following command in the eDirectory startup script. This puts the IDM related paths in the LD_LIBRARY_PATH without any other paths:
export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib
Running this command will only overwrite the variable until the server is rebooted. To permanently fix the issue, either remove the other Java-based application or find where the application is setting the LD_LIBRARY_PATH (probably in /etc/profile.d directory) and remove or adjust the settings. Some applications do not need to have a path in the LD_LIBRARY_PATH and the normal PATH variable is sufficient.
Another possible resolution would be to remove IDM and reinstall. It seems that when the JAVA application was installed prior to IDM there were no issues; however, that may not be the case with all applications, just the one that was used in this particular issue.
If this issue happens on a system with eDirectory 8.7.3.x here are the steps to resolve.- Edit the ndsd startup script (/etc/init./ndsd)
- Look for the line LD_LIBRARY_PATH. It should look something like the following: LD_LIBRARY_PATH=/usr/lib/nds-modules/jre/lib/i386:$LD_LIBRARY_PATH
- Change the like so that it looks like this: LD_LIBRARY_PATH=/usr/lib/nds-modules/jre/lib/i386
- Restart eDirectory and the IDM engine should load.
II. This issue has also been seen on a non-root install of IDM 4.7. This is due to missing Java Runtime Edition not being installed correct. Workaround: sudo su as root and install the following package from the IDM 4.7 installation media. Then restart eDirectory and the driver should load.
rpm -ihv /common/packages/java/netiq-jrex-1.8.0-162.noarch.rpm
Additional Information
rpm -qi <package name>
Here is an example of the non-functioning LD_LIBRARY_PATH:
LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib:/opt/CA/SharedComponents/JRE/1.4.2_09/lib/i386/client:/opt/CA/SharedComponents/JRE/1.4.2_09/lib/i386:/opt/CA/SharedComponents/ccs/dia/dna/lib:/opt/CA/SharedComponents/ccs/dia/lib:/usr/lib:/opt/CA/CAlib:/opt/CA/SharedComponents/lib:/opt/CA/SharedComponents/Csam/SockAdapter/lib
The above LD_LIBRARY_PATH was on a server
where CA was installed AFTER IDM. Notice that IDM related
path statements are preceding the CA paths but it still has an
impact on the IDM JAVA.
Here is an example of a working LD_LIBRARY_PATH on a server where CA was installed BEFORE IDM.
LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib