Environment
Novell eDirectory 8.8 for All Platforms
Novell Open Enterprise Server 1 (OES 1) Linux
Novell Open Enterprise Server 2 (OES 2) Linux
Situation
Symptoms:
Command "id <User_Name>" displays uid=0(root) gid=0(root) groups=0(root)
Linux User Management is not working even though NAMCD Daemon is up and running
Command "id <User_Name>" displays uid=0(root) gid=0(root) groups=0(root)
Linux User Management is not working even though NAMCD Daemon is up and running
Resolution
Note: Fix2 is required only if the issue can't be fixed by configuring another server as Preferred-LDAP-Server as mentioned in Fix 1
Fix 1: Define another eDirectory server as Preferred-LDAP-Server
Fix 2 is required only if fix 1 does not work with any of the available eDirectory servers (Main servers in the Tree with replicas of [Root] and otehr partitions. Make a note that creating and using a new LDAP Group object with default configuration can cause issues with other LDAP based applications, in case the same LDAP server is used by those applications and at the same time thedefault LDAP Group Object configuration is customized. Old configuration can be restored by re-associating the default LDAP Server and LDAP Group objects. So don't delete the default LDAP Group object even if LUM works with new LDAP Group Object.
Fix 2: Create and use a new LDAP Group Object for the preferred-LDAP-Server with default LDAP Configuration
Fix 1: Define another eDirectory server as Preferred-LDAP-Server
- Use tool like LDAP Browser or Novell ICE and make sure that LDAP is working fine on both ports 389 and 636.
- Set the required server as Preferred-LDAP-Server by performing step 9 of the TID: 7002981
- Stop and restart Daemon NSCD and NAMCD and also execute command "namconfig cache_refresh" as per step 14 of the TID: 7002981
- Check again whether LUM is working or not
Fix 2 is required only if fix 1 does not work with any of the available eDirectory servers (Main servers in the Tree with replicas of [Root] and otehr partitions. Make a note that creating and using a new LDAP Group object with default configuration can cause issues with other LDAP based applications, in case the same LDAP server is used by those applications and at the same time thedefault LDAP Group Object configuration is customized. Old configuration can be restored by re-associating the default LDAP Server and LDAP Group objects. So don't delete the default LDAP Group object even if LUM works with new LDAP Group Object.
Fix 2: Create and use a new LDAP Group Object for the preferred-LDAP-Server with default LDAP Configuration
- Find out the Preferred-LDAP-Server defined on the problem OES Linux server as per step 7 of the TID: 7002981 - Troubleshooting Linux User Management - Step by step
- Launch iManager (With latest plug-ins) or ConsoelOne (Launch ConsoleOne from latest NetWare server's sys:\public\mgmt\consoelone\1.2\bin folder) and login to the eDirectory Tree
- Create a new LDAP Group Object under the context same as that of the NCP server object of the Preferred-LDAP-Server with a different name.
- Verify the eDirectory Version on the Preferred-LDAP-Server (Use command " m ds" on NetWare server and "ndsstat" on Linux server)
- Make sure that the attribute "ldapconfigversion" available on the "Other" tab of the new LDAP Group object has the same value as that of the same atribute available on the "Other" tab of the default LDAP Server object. Correct it for the new LDAP Group Objet and proceed. Also add and correct "Version" attribute on the "Other" tab of the new LDAP Group Object (Optional).
- Take properties of the new LDAP Group Object, add the default LDAP Server object for the Preferred-LDAP-Server and apply the change.
- Unload and reload NLDAP on the Preferred-LDAP-Server (Commands "unload nldap" and "nldap" on a NetWare server and commands "nldap -u" and "nldap -l" on Linux Server)
- Unload and reload daemons NSCD and NAMCD on the problem OES server and also execute the command "namconfig cache_refresh" as per step 14 of the TID: 7002981
- Check LUM as per step 14 of the TID: 7002981