Novell Open Enterprise Server 2 (OES 2) Linux
Domain Services for Windows
Novell iPrint for Linux Open Enterprise Server
Radius LDAP Authentication Server
Installed Domain Services for Windows
in an existing tree. When the first DSFW server is down applications that
utilize LDAP to authenticate to eDirectory no longer work.
In this example the domain is mapped to ou=MyDomain,o=DSFW in the eDirectory Tree.
LDAP trace show the following:
scope:2 dereference:0 sizelimit:1 timelimit:0 attrsonly:0
Empty attribute list implies all user attributes
Sending search result entry "cn=Admin,o=DSFW" to connection 0x5d7ea08
Cannot resolve NDS name 'CN=Configuration.OU=MyDomain.O=DSFW' in ResolveAndAuthNDSName, err = no referrals (-634)
LDAPSearchToCB: Cannot Resolve and Auth base DN, err = no referrals (-634)
LDAPSearchToCB failed, err = no referrals (-634)
Sending operation result 80:"":"NDS error: no referrals (-634)" to connection 0x5d7ea08
Monitor 0x49db5935 found connection 0x5d7ea08 ending TLS session
DoUnbind on connection 0x5d7ea08
Preempting operation 0x0:0x0 on connection 0x5d7ea08 before processing because connection is closing
Connection 0x5d7ea08 closed
The application is doing a subtree search (scope:2) and is trying to search the CN=Configuration,OU=MyDomain,O=DSFW container. Since the DSFW server is the only server with a real copy (R/W or Master) of the Configuration partition and the server is down a 634 error is returned.
After DSFW is installed a configuration
partition is created in side the domain and a partition called schema
is created under the configuration container. Most likely the DSFW
server is the only server with a real copy of both partitions. Add a
replica of both the Configuration (CN=Configuration,OU=MyDomain,O=DSFW container) and Schema partitions CN=Schema,CN=Configuration,OU=MyDomain,O=DSFW container) to other
servers, preferably LDAP servers and all DSFW servers the tree.
Also, their Radius LDAP authentication server failed.