DSfW: failed to read defaultNamingContext

Document ID:7015037
Creation Date:08-May-2014
Modified Date:09-May-2014
- Micro Focus Products:
  eDirectory
  Open Enterprise Server
- SUSE Products:
  SUSE Linux Enterprise Server

Environment

Novell Open Enterprise Server 11 SP2 (OES 11 SP2)

Novell Open Enterprise Server 11 SP1 (OES 11 SP1)

Novell Open Enterprise Server 2 SP3 (OES 2SP3)

Domain Services for Windows

DSfW

Situation

Kerberos fails to start

/var/log/messages shows failed to read defaultNamingContext

Doing a ldapsearch for the 1.2.840.113556.1.4.1339 LDAP control returns null instead of supportedControl: 1.2.840.113556.1.4.1339

Example:

/usr/bin/ldapsearch -x -LLL -b "" -s base "supportedControl" | grep 1.2.840.113556.1.4.1339

Should return:

supportedControl: 1.2.840.113556.1.4.1339

The following ldap extensions are missing:

supportedExtension: 1.2.840.113556.1.4.1781

supportedExtension: 2.16.840.1.113719.1.513.3.1

supportedExtension: 1.3.6.1.4.1.4203.1.11.3

The following ldap controls are missing:

supportedControl: 2.16.840.1.113719.1.513.4.6

supportedControl: 2.16.840.1.113719.1.513.4.1

supportedControl: 1.2.840.113556.1.4.801

supportedControl: 1.2.840.113556.1.4.1340

supportedControl: 1.2.840.113556.1.4.1339

supportedControl: 1.2.840.113556.1.4.528

supportedControl: 1.2.840.113556.1.4.802

supportedControl: 1.2.840.113556.1.4.619

supportedControl: 1.2.840.113556.1.4.1338

supportedControl: 1.2.840.113556.1.4.1413

supportedControl: 1.2.840.113556.1.4.417

supportedControl: 1.2.840.113556.1.4.529

supportedControl: 2.16.840.1.113719.1.513.4.8

supportedControl: 2.16.840.1.113719.1.513.4.7

Resolution

Copy the section regarding the LDAP Server from /var/opt/novell/xad/ds/domain/nldap.ldif to a file called ldapServerObjects.ldif

The file should look something like this:

dn: CN=LDAP Server - OES11-DSFW1,ou=OESSystemObjects,o=novell
control: 1.2.840.113556.1.4.1339
changetype: modify
add: extensionInfo
extensionInfo: 0#object#nad_object_init#nad-plugin
extensionInfo: 1#object#subschema_object_init#subschema-plugin
extensionInfo: 2#preoperation#crossref_preop_init#crossref-plugin
extensionInfo: 3#object#anr_object_init#anr-plugin
extensionInfo: 4#object#tokengroups_object_init#tokengroups-plugin
extensionInfo: 5#extendedop#netlogon_extop_init#netlogon-plugin
extensionInfo: 6#object#ntacl_object_init#ntacl-plugin
extensionInfo: 7#extendedop#whoami_extop_init#whoami-plugin
extensionInfo: 8#object#dsearch_object_init#dsearch-plugin

The information above can be used to create the file if the nldap.ldif file can not be located or is missing the needed information. Correct the name and context from the example above to achieve the same results. Then apply the file using ldapmodify. Change the cn=admin,o=context to the appropriate context. Enter the path for the file if the file is not located.

ldapmodify -x -H ldaps:// -D cn=admin,o=context -W -Q -f ldapServerObjects.ldif
for user user (-D) enter the appropriate username and context
Restart DSfW services (xadcntrl reload)
Do a ldapsearch for defaultnamingcontext
ldapsearch -x -LLL -b "" -s base defaultnamingcontext
The defaultNamingContext should be returned
Example for a domain with the name of dsfw.lan:
dn:
defaultNamingContext: DC=dsfw,DC=lan

If the LDAP server object was deleted be sure to add the interfaces as described in TID 7010319:

Example for using ldapconfig to add the interfaces:

At the "User FDN:" prompt enter an admin user in .x500 format, example admin.novell or use the -a switch

ldapconfig -s "ldapinterfaces=ldaps://:1636" -a admin.novell

ldapconfig -s "ldapinterfaces=ldap://:1389" -a admin.novell

ldapconfig -s "ldapinterfaces=ldap://:389 ldaps://:636 ldapi://%2fvar%2fopt%2fnovell%2fxad%2frun%2fldapi cldap:// ldap://:3268 ldaps://:3269" -a admin.novell

Cause

LDAP Extentions are missing