Environment
Novell Identity Manager iManager Plug-ins
Situation
When accessing Role-Based Entitlements | Modify Entitlement Policy from iManager originally installed while accessing a different tree.
Unable to obtain an LDAP context. Possible causes: the LDAP server is not running, or the LDAP server if for a tree other than the one iManager was originally set up to, and SSL has not been setup between the iManager server and the LDAP server. Either start the LDAP server, or set up SSL by importing a trusted certificate.
Under Entitlments tab:
Error retrieving entitlement values: com.novell.admin.sharedprofiles.NoCachedQueryAttribute: No DirXML-SPCachedExternalQuery attribute on object ...
Unable to obtain an LDAP context. Possible causes: the LDAP server is not running, or the LDAP server if for a tree other than the one iManager was originally set up to, and SSL has not been setup between the iManager server and the LDAP server. Either start the LDAP server, or set up SSL by importing a trusted certificate.
Under Entitlments tab:
Error retrieving entitlement values: com.novell.admin.sharedprofiles.NoCachedQueryAttribute: No DirXML-SPCachedExternalQuery attribute on object ...
Resolution
Import the trusted root certificate export for the certificate associated with the LDAP server for the server being pointed to during the iManager login.
Use the following link for instructions on how to export the trusted root certificate https://www.novell.com/documentation/crt32/?page=/documentation/crt32/crtadmin/data/a2ebopb.html
Use the following link for instructions on how to export the trusted root certificate https://www.novell.com/documentation/crt32/?page=/documentation/crt32/crtadmin/data/a2ebopb.html
Open a command window.
Change to the \bin directory where you have installed the JDK.
For example, on a Windows system, you would enter the following command:
cd j2sdk1.5.0_11\bin
Import the certificate into the keystore with the keytool, executing the following keytool commands (platform specific):
Linux
keytool -import -alias [alias_name] -file [full_path]/trustedrootcert.der -keystore [full_path]/jre/lib/security/cacerts
Windows
keytool -import -alias [alias_name] -file [full_path]\trustedrootcert.der -keystore [full_path]\jre\lib\security\cacerts
Replace alias_name with a unique name for this certificate and make sure you include the full path to trustedrootcert.der and cacerts.
The last path in the command specifies the keystore location. This varies from system to system because it is based on where iManager is installed. The following are the examples of default locations for iManager on Windows and Linux:
- On Windows: C:\Program Files\Novell\jre\lib\security\cacerts
- On Linux /usr/lib/jvm/<java-1_4_2-sun-1.4.2.19>/jre/lib/security/cacerts
- On Linux: /usr/lib/jvm/<java-1_4_2-sun-1.4.2.17>/jre/bin/keytool
Enter changeit for the keystore password.
Click to trust this certificate.