Environment
Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 Access Administration
Situation
Access Manager 3.1 setup and working fine ie. all users can successfully authenticate to the Identity server and access protected resources behind the Linux Access Gateway (LAG).
After making a configuration change to the LAG, the Administrator did a purge cache on the LAG before the change had been applied. The documentation clearly states the following:
IMPORTANT:Do not issue a purge cache command when an Access Gateway has a
pending configuration change. Wait until the configuration change is
complete.
AFter the change was applied, the LAG remained in the pending state despite everything working correctly ie. no visible errors reported by any users on the original and changed configuration settings. The problem was purely cosmetic in nature, but administrator wanted to get out of the pending state.
Resolution
Manually edit the Admin Console configuration store LAG with an LDAP browser and reset the UpdateStatus flag for the LAG under the LAG device romaAGDeviceSAXMLDoc attribute. The value must be set to 0 to get it back to the 'Current' state from the 'Pending' state. The full path to get the current
state. After connecting with the LDAP browser, browse to the following location to verify the value of the UpdateStatus flag:
novell->VCDN_Root-->PartitionContainer--> Partition --> ApplinaceContainer-->ou=ag-deviceID and locate the attribute romaAGDeviceSAXMLDoc. This is where the UpdateStatus flag will be set to 0.
The DeviceID for the LAG device is available under the Auditing -> General Logging field in the Admin Console, where a mapping between the device ID and the IP address of the LAG is displayed.