Setting Universal Password through iManager is throwing "NMAS LDAP Transport Error "

  • 7014457
  • 27-Jan-2014
  • 23-Dec-2017


iManager 2.7 SP7
eDirectory 8.8 SP8


Upgraded from to eDirectory 8.8.8.  When setting a user's Universal Password (UP) through iManager the error "NMAS LDAP Transport Error " is returned.  The issue is seen in StandAlone iManager and Workstation versions of iManager.
Running "ldapconfig get" shows there are no IP addresses for ldapInterfaces:
ldapInterfaces: ldap://:389,ldaps://:636
Note: this affects other operations besides setting a user's Universal Password.  Other tasks affected:
- Groups plugin (865164/893994)
- Radius plugin extending schema (914006)


1. Run ldapconfig get ldapInterfaces -a admin.novell  (change the user and context to your environment) to verify that the addresses are not shown for ldapInterfaces.

2. Change the ldapInterface to reflect the IP address on the server for each ldap port.
For example, on an eDirectory server with the address configured for both LDAP standard ports the following commands can be used to correctly populate the configuration:

ldapconfig set "ldapInterfaces=ldap://" -a admin.novell
ldapconfig set "ldapInterfaces=ldaps://" -a admin.novell


eDirectory 8.8.8 adds ldapInterfaces of:


Previously no interface was listed.  The Password Plugin is unable to locate the server when the interface is specified with no IP address

Additional Information

Note: there are three other conditions in which this error can be observed:

  1. If non-standard LDAP ports are being used on the server.
  2. The option 'Use Secure LDAP for auto-connection' under Configure iManager > Authentication has been unchecked. 
    By default this is checked.  The screen also warns some plugins may not work if this is unchecked.
  3. Use of a certificate signed by an external CA that is not trusted by the iManager/tomcat.
    Therefore, when iManager/tomcat goes to make a secure connection, it cannot.  To remedy, the CA needs to be imported into cacerts with the keytool utility.  For further information, look for tomcat documentation on "keytool -import -trustcacerts ...."