Environment
Novell Open Enterprise Server 2 Support Pack 2
Novell eDirectory 8.7.3.x
Novell eDirectory 8.8.x
Novell Cluster Services 1.8.7
Novell NetWare
Novell eDirectory 8.7.3.x
Novell eDirectory 8.8.x
Novell Cluster Services 1.8.7
Novell NetWare
Situation
The issue mostly affects mixed environments (NetWare and OES
Linux).
The Novell schema tool included in OES2 Support Pack 2 removes optional attributes from NCPServer object class during schema extension for Novell clustering, causing the following issues:
1. -608 errors during eDirectory synchronization or while validating the NCP Server objects using iMonitor.
2. (n)dsrepair does remove all the affected attributes from the NCP Server object during a local database repair or unattended full repair.
The Novell schema tool included in OES2 Support Pack 2 removes optional attributes from NCPServer object class during schema extension for Novell clustering, causing the following issues:
1. -608 errors during eDirectory synchronization or while validating the NCP Server objects using iMonitor.
2. (n)dsrepair does remove all the affected attributes from the NCP Server object during a local database repair or unattended full repair.
Resolution
Novell has provided updated media to prevent this issue. Please download the OES2-SP2a media from the following location: https://download.novell.com/patch/finder/
Discard ALL copies of the OES2-SP2 media to prevent any accidental use of the schema tool.
For existing installations of OES2-SP2 the issue has been addressed in the following channel updates :
novell-schema-1.0.0-70.i586.rpmor newer
novell-schema-1.0.0-70.x86_64.rpm or newer
HOWEVER, IF THE SCHEMA TOOL HAS ALREADY BEEN RUN AND ANY OF THE ABOVE SYMPTOMS APPLY, DO NOT RUN ANY (N)DSREPAIR OPERATIONS ON THE eDIRECTORY SERVERS WITHOUT CONSULTING NTS FIRST.
( RUNNING (N)DSREPAIR WILL REMOVE VALUES FOR THE AFFECTED ATTRIBUTES AND IMPACT SEVERAL OES SERVICES LIKE SLP, NLS, DNS, DHCP, BM, AUDIT / SENTINEL INSTRUMENTATION, ETC. )
IF THE ENVIRONMENT IS AFFECTED BY THIS ISSUE NOVELL TECHNICAL SERVICES SHOULD BE CONTACTED IMMEDIATELY.
Add the affected attributes back to the NCPServer objectclass using Novell iManager.
In iManager goto: Schema, Add Attribute, select the NCP Server objectclass and add the affected attributes back from the available optional attributes.
iMonitor - Validate entry - for the NCP Server objects can be used to find the affected attributes in case a local database repair hasn't been executed yet
During the schema extension for Novell Cluster Services using the Novell Schema Tool, the objectclass NCPServer is recreated. Therefore it is not possible for Novell Technical Services to generally determine which attributes are affected and document these in this TID, without knowing what the objectclass looked like before the operation was executed.
Discard ALL copies of the OES2-SP2 media to prevent any accidental use of the schema tool.
For existing installations of OES2-SP2 the issue has been addressed in the following channel updates :
novell-schema-1.0.0-70.i586.rpmor newer
novell-schema-1.0.0-70.x86_64.rpm or newer
HOWEVER, IF THE SCHEMA TOOL HAS ALREADY BEEN RUN AND ANY OF THE ABOVE SYMPTOMS APPLY, DO NOT RUN ANY (N)DSREPAIR OPERATIONS ON THE eDIRECTORY SERVERS WITHOUT CONSULTING NTS FIRST.
( RUNNING (N)DSREPAIR WILL REMOVE VALUES FOR THE AFFECTED ATTRIBUTES AND IMPACT SEVERAL OES SERVICES LIKE SLP, NLS, DNS, DHCP, BM, AUDIT / SENTINEL INSTRUMENTATION, ETC. )
IF THE ENVIRONMENT IS AFFECTED BY THIS ISSUE NOVELL TECHNICAL SERVICES SHOULD BE CONTACTED IMMEDIATELY.
Add the affected attributes back to the NCPServer objectclass using Novell iManager.
In iManager goto: Schema, Add Attribute, select the NCP Server objectclass and add the affected attributes back from the available optional attributes.
iMonitor - Validate entry - for the NCP Server objects can be used to find the affected attributes in case a local database repair hasn't been executed yet
During the schema extension for Novell Cluster Services using the Novell Schema Tool, the objectclass NCPServer is recreated. Therefore it is not possible for Novell Technical Services to generally determine which attributes are affected and document these in this TID, without knowing what the objectclass looked like before the operation was executed.
Status
Top IssueAdditional Information
If the latest channel updates have NOT been applied and/or the updated media is NOT being used, deleting or renaming the following files from an existing OES2-SP2 installation will prevent the above problem.
/opt/novell/ldif/ncpserver.ldif
/opt/novell/ldif/ncs.ldif
For existing OES2-SP2 installations without having the latest channel updates and/or the updated media applied, another approach to avoid the problem is to manually extend the schema for Novell Cluster Services. Follow the instructions in "Extending the eDirectory Schema to Add Cluster Objects" in the OES 2 SP2: Novell Cluster Services 1.8.7 for Linux Administration Guide.
For more information regarding this procedure see the following link:
https://www.novell.com/documentation/oes2/clus_admin_lx/data/bfkqbhf.html
The issue has not been seen during the installation and configuration of Novell Cluster Services using OES Install and Configuration.
Affected packages:
/opt/novell/ldif/ncpserver.ldif
/opt/novell/ldif/ncs.ldif
For existing OES2-SP2 installations without having the latest channel updates and/or the updated media applied, another approach to avoid the problem is to manually extend the schema for Novell Cluster Services. Follow the instructions in "Extending the eDirectory Schema to Add Cluster Objects" in the OES 2 SP2: Novell Cluster Services 1.8.7 for Linux Administration Guide.
For more information regarding this procedure see the following link:
https://www.novell.com/documentation/oes2/clus_admin_lx/data/bfkqbhf.html
The issue has not been seen during the installation and configuration of Novell Cluster Services using OES Install and Configuration.
Affected packages:
novell-schema-1.0.0-68.i586.rpm
novell-schema-1.0.0-68.x86_64.rpm
novell-schema-1.0.0-68.x86_64.rpm
If /var/log/YaST2/y2log contains the entries below, the Novell
Schema Tool has been used to extend the schema for Novell
Clustering.
NovellSchematool.ycp:298 Schematool: entering ExtendSchema
with selected: ["Novell
Clustering=/opt/novell/ldif/ncs.ldif#/opt/novell/ldif/ncpserver.ldif"]
<1> oes2sp2(15229) [YCP] NovellSchematool.ycp:329 Schematool: schema file to extend: /opt/novell/ldif/ncpserver.ldif
<1> oes2sp2(15229) [YCP] NovellSchematool.ycp:349 NovellSchematool:Executing /opt/novell/oes-install/util/extend_schema -d -p 636 'cn=admin.o=nts' 't*****t' <ip address> /opt/novell/ldif/ncpserver.ldif
<1> oes2sp2(15229) [YCP] clients/novell-schematool.ycp:93 NovellSchematool module finished
<1> oes2sp2(15229) [YCP] NovellSchematool.ycp:329 Schematool: schema file to extend: /opt/novell/ldif/ncpserver.ldif
<1> oes2sp2(15229) [YCP] NovellSchematool.ycp:349 NovellSchematool:Executing /opt/novell/oes-install/util/extend_schema -d -p 636 'cn=admin.o=nts' 't*****t' <ip address> /opt/novell/ldif/ncpserver.ldif
<1> oes2sp2(15229) [YCP] clients/novell-schematool.ycp:93 NovellSchematool module finished