Environment
Novell Open Enterprise Server 11 SP2 (OES 11 SP2)
Novell Open Enterprise Server 11 SP1 (OES 11 SP1)
Novell Open Enterprise Server 2 SP3 (OES 2SP3)
Domain Services for Windows
DSfW
Situation
Kerberos fails to start
/var/log/messages shows failed to read defaultNamingContext
Doing a ldapsearch for the 1.2.840.113556.1.4.1339 LDAP control returns null instead of supportedControl: 1.2.840.113556.1.4.1339
Example:
/usr/bin/ldapsearch -x -LLL -b "" -s base "supportedControl" | grep 1.2.840.113556.1.4.1339
Should return:
supportedControl: 1.2.840.113556.1.4.1339
The following ldap extensions are missing:
supportedExtension: 1.2.840.113556.1.4.1781
supportedExtension: 2.16.840.1.113719.1.513.3.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
The following ldap controls are missing:
supportedControl: 2.16.840.1.113719.1.513.4.6
supportedControl: 2.16.840.1.113719.1.513.4.1
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.1340
supportedControl: 1.2.840.113556.1.4.1339
supportedControl: 1.2.840.113556.1.4.528
supportedControl: 1.2.840.113556.1.4.802
supportedControl: 1.2.840.113556.1.4.619
supportedControl: 1.2.840.113556.1.4.1338
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 1.2.840.113556.1.4.417
supportedControl: 1.2.840.113556.1.4.529
supportedControl: 2.16.840.1.113719.1.513.4.8
supportedControl: 2.16.840.1.113719.1.513.4.7
Resolution
Copy the section regarding the LDAP Server from /var/opt/novell/xad/ds/domain/nldap.ldif to a file called ldapServerObjects.ldif
The file should look something like this:
dn: CN=LDAP Server - OES11-DSFW1,ou=OESSystemObjects,o=novell
control: 1.2.840.113556.1.4.1339
changetype: modify
add: extensionInfo
extensionInfo: 0#object#nad_object_init#nad-plugin
extensionInfo: 1#object#subschema_object_init#subschema-plugin
extensionInfo: 2#preoperation#crossref_preop_init#crossref-plugin
extensionInfo: 3#object#anr_object_init#anr-plugin
extensionInfo: 4#object#tokengroups_object_init#tokengroups-plugin
extensionInfo: 5#extendedop#netlogon_extop_init#netlogon-plugin
extensionInfo: 6#object#ntacl_object_init#ntacl-plugin
extensionInfo: 7#extendedop#whoami_extop_init#whoami-plugin
extensionInfo: 8#object#dsearch_object_init#dsearch-plugin
control: 1.2.840.113556.1.4.1339
changetype: modify
add: extensionInfo
extensionInfo: 0#object#nad_object_init#nad-plugin
extensionInfo: 1#object#subschema_object_init#subschema-plugin
extensionInfo: 2#preoperation#crossref_preop_init#crossref-plugin
extensionInfo: 3#object#anr_object_init#anr-plugin
extensionInfo: 4#object#tokengroups_object_init#tokengroups-plugin
extensionInfo: 5#extendedop#netlogon_extop_init#netlogon-plugin
extensionInfo: 6#object#ntacl_object_init#ntacl-plugin
extensionInfo: 7#extendedop#whoami_extop_init#whoami-plugin
extensionInfo: 8#object#dsearch_object_init#dsearch-plugin
The information above can be used to create the file if the nldap.ldif file can not be located or is missing the needed information. Correct the name and context from the example above to achieve the same results. Then apply the file using ldapmodify. Change the cn=admin,o=context to the appropriate context. Enter the path for the file if the file is not located.
- ldapmodify -x -H ldaps:// -D cn=admin,o=context -W -Q -f ldapServerObjects.ldif
for user user (-D) enter the appropriate username and context - Restart DSfW services (xadcntrl reload)
- Do a ldapsearch for defaultnamingcontext
ldapsearch -x -LLL -b "" -s base defaultnamingcontext - The defaultNamingContext should be returned
Example for a domain with the name of dsfw.lan:
dn:
defaultNamingContext: DC=dsfw,DC=lan
If the LDAP server object was deleted be sure to add the interfaces as described in TID 7010319:
Example for using ldapconfig to add the interfaces:
At the "User FDN:" prompt enter an admin user in .x500 format, example admin.novell or use the -a switch
ldapconfig -s "ldapinterfaces=ldaps://:1636" -a admin.novell
ldapconfig -s "ldapinterfaces=ldap://:1389" -a admin.novell
ldapconfig -s "ldapinterfaces=ldap://:389 ldaps://:636 ldapi://%2fvar%2fopt%2fnovell%2fxad%2frun%2fldapi cldap:// ldap://:3268 ldaps://:3269" -a admin.novell
Cause
LDAP Extentions are missing