Environment
Novell iFolder
Novell Open Enterprise Server 11 (OES 11) Linux
Situation
After upgrading to OES11 from OES2SP3, iFolder client no longer connects to server.
Error on attempt to login into the admin web console: Failed to authenticate, Problem with Ldap or iFolder Server Certificate.
Resolution
This is a defect and has been reported to engineering.
Currently the work around is check the mono keystore and verify if one certificate needs to be uninstalled and reinstalled, or, if the entire mono keystore needs to be rebuilt:
Analyze the output of: certmgr -list -c -m Trust
If, a list of certificates is returned, verify the certificate data for the LDAP server, and confirm the certificate has NOT expired. If the certificate is not longer valid, it may be possible to resolve this problem by following the steps outlined in TID 3248305 which are summarized here:
- certmgr -del -c -m Trust <the unique hash value of the cert to delete>
- rcapache2 stop
- certmgr -ssl ldaps://0.0.0.0:636 -c -m Trust (Note: the IP address of 0.0.0.0 may be replaced with the IP address of the correct LDAP server where appropriate)
- rcapache2 start
If instead of a list of certificates, mono returns an unhandled exception, the problem may be resolved by following the steps outlined in TID 3646970. The are summarized here:
- rcapache2 stop
- Move the content of the following directories to a temporary location, and make sure that the following directories are empty (note this is to make a backup of the files contained here in case these steps to not resolve the problem)
/root/.config/.mono/certs/AddressBook/
/root/.config/.mono/certs/Trust/
/usr/share/.mono/certs/Trust/
/var/lib/wwwrun/.config/.mono/certs/Trust/ - Reimport the certificates:
certmgr -ssl ldaps://<IP address of LDAP server>:636 -c -m Trust
certmgr -https://<IP address of Apache server>:443 -c -m Trust - Check the certificates
certmgr -list -c -m Trust - rcapache2 start
Note, these summaries provide the basic steps, further information may found in the Tids linked to this docuemtn.