Environment
Novell eDirectory 8.7.3.10 for Linux
Novell eDirectory 8.7.3.9 for Linux
Novell eDirectory 8.7.3.9 for Linux
Situation
Admin upgraded Edir 8.7.3 Sp10/SS205 server to SS206. On ndsd
startup, it was observed that ldap failed on 636. The
PKIHealth log shows the following in section 4:
INFO: kmo SSL CertificateDNS - server1.SERVERS.tree should probably be deleted.
INFO: kmo SSL CertificateIP - server1.SERVERS.tree should probably be deleted.
INFO: kmo SSL CertificateDNS - server1.SERVERS.tree should probably be deleted.
INFO: kmo SSL CertificateIP - server1.SERVERS.tree should probably be deleted.
Resolution
There was a non standard configuration on the server that caused a
problem with the ss206 install. The admin migrated the nds
dib to new hardware. The initial 8.7.3x nds install adds the
null nici to /var/novell/nici. The admin moved the source
server's nici to the target server's /var/opt/novell/nici.
After NDSD was started, the migrated server was working with no
issues with nici. When SS206 was installed, the null nici in
/var/novell/nici was copied over the top of
/var/opt/novell/nici. This broke nici on this server.
If nici has been backed up, a restore of /var/opt/novell/nici will fix this issue. If there are no backups, then the server will need to have the SAS and any associated certs reconfigured. If the problem server is the CA for the tree, there are far more serious problems to deal with. If there are no backups of /var/opt/novell/nici, then the CA will need to be recreated.
This is not an issue with eDir 8.8x.
If nici has been backed up, a restore of /var/opt/novell/nici will fix this issue. If there are no backups, then the server will need to have the SAS and any associated certs reconfigured. If the problem server is the CA for the tree, there are far more serious problems to deal with. If there are no backups of /var/opt/novell/nici, then the CA will need to be recreated.
This is not an issue with eDir 8.8x.