Error: Unable to obtain an LDAP context, when accessing Role Base Entitlement Policy

  • 7008836
  • 16-Jun-2011
  • 26-Apr-2012


Novell Identity Manager iManager Plug-ins


When accessing Role-Based Entitlements | Modify Entitlement Policy from iManager originally installed while accessing a different tree.

Unable to obtain an LDAP context.  Possible causes: the LDAP server is not running, or the LDAP server if for a tree other than the one iManager was originally set up to, and SSL has not been setup between the iManager server and the LDAP server.  Either start the LDAP server, or set up SSL by importing a trusted certificate.

Under Entitlments tab:

Error retrieving entitlement values: com.novell.admin.sharedprofiles.NoCachedQueryAttribute: No DirXML-SPCachedExternalQuery attribute on object ...


Import the trusted root certificate export for the certificate associated with the LDAP server for the server being pointed to during the iManager login.

Use the following link for instructions on how to export the trusted root certificate

  1. Open a command window.

  2. Change to the \bin directory where you have installed the JDK.

    For example, on a Windows system, you would enter the following command:

    cd j2sdk1.5.0_11\bin
  3. Import the certificate into the keystore with the keytool, executing the following keytool commands (platform specific):

    • Linux

      keytool -import -alias [alias_name] -file [full_path]/trustedrootcert.der -keystore [full_path]/jre/lib/security/cacerts
    • Windows

      keytool -import -alias [alias_name] -file [full_path]\trustedrootcert.der -keystore [full_path]\jre\lib\security\cacerts

    Replace alias_name with a unique name for this certificate and make sure you include the full path to trustedrootcert.der and cacerts.

    The last path in the command specifies the keystore location. This varies from system to system because it is based on where iManager is installed. The following are the examples of default locations for iManager on Windows and Linux:

    • On Windows: C:\Program Files\Novell\jre\lib\security\cacerts
    • On Linux /usr/lib/jvm/<java-1_4_2-sun->/jre/lib/security/cacerts
    • On Linux: /usr/lib/jvm/<java-1_4_2-sun->/jre/bin/keytool
  4. Enter changeit for the keystore password.

  5. Click Yes to trust this certificate.