iManager 2.7 SP7
eDirectory 8.8 SP8
Upgraded from 126.96.36.199 to eDirectory 8.8.8. When setting a user's Universal Password (UP) through iManager the error "NMAS LDAP Transport Error " is returned. The issue is seen in StandAlone iManager and Workstation versions of iManager.
Running "ldapconfig get" shows there are no IP addresses for ldapInterfaces:
Note: this affects other operations besides setting a user's Universal Password. Other tasks affected:
- Groups plugin (865164/893994)
- Radius plugin extending schema (914006)
1. Run ldapconfig get ldapInterfaces -a admin.novell (change the user and context to your environment) to verify that the addresses are not shown for ldapInterfaces.
2. Change the ldapInterface to reflect the IP address on the server for each ldap port.
For example, on an eDirectory server with the address 192.168.0.10 configured for both LDAP standard ports the following commands can be used to correctly populate the configuration:
ldapconfig set "ldapInterfaces=ldap://192.168.0.10:389" -a admin.novell
ldapconfig set "ldapInterfaces=ldaps://192.168.0.10:636" -a admin.novell
eDirectory 8.8.8 adds ldapInterfaces of:
Previously no interface was listed. The Password Plugin is unable to locate the server when the interface is specified with no IP address
Note: there are three other conditions in which this error can be observed:
- If non-standard LDAP ports are being used on the server.
- The option 'Use Secure LDAP for auto-connection' under Configure iManager > Authentication has been unchecked.
By default this is checked. The screen also warns some plugins may not work if this is unchecked.
- Use of a certificate signed by an external CA that is not trusted by the iManager/tomcat.
Therefore, when iManager/tomcat goes to make a secure connection, it cannot. To remedy, the CA needs to be imported into cacerts with the keytool utility. For further information, look for tomcat documentation on "keytool -import -trustcacerts ...."