DSfW: failed to read defaultNamingContext

  • 7015037
  • 08-May-2014
  • 09-May-2014


Novell Open Enterprise Server 11 SP2 (OES 11 SP2)
Novell Open Enterprise Server 11 SP1 (OES 11 SP1)
Novell Open Enterprise Server 2 SP3 (OES 2SP3)
Domain Services for Windows


Kerberos fails to start
/var/log/messages shows failed to read defaultNamingContext

Doing a ldapsearch for the 1.2.840.113556.1.4.1339 LDAP control returns null instead of supportedControl: 1.2.840.113556.1.4.1339

/usr/bin/ldapsearch -x -LLL -b "" -s base "supportedControl" | grep 1.2.840.113556.1.4.1339

Should return:
supportedControl: 1.2.840.113556.1.4.1339

The following ldap extensions are missing:
supportedExtension: 1.2.840.113556.1.4.1781
supportedExtension: 2.16.840.1.113719.1.513.3.1

The following ldap controls are missing:
supportedControl: 2.16.840.1.113719.1.513.4.6
supportedControl: 2.16.840.1.113719.1.513.4.1
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.1340
supportedControl: 1.2.840.113556.1.4.1339
supportedControl: 1.2.840.113556.1.4.528
supportedControl: 1.2.840.113556.1.4.802
supportedControl: 1.2.840.113556.1.4.619
supportedControl: 1.2.840.113556.1.4.1338
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 1.2.840.113556.1.4.417
supportedControl: 1.2.840.113556.1.4.529
supportedControl: 2.16.840.1.113719.1.513.4.8
supportedControl: 2.16.840.1.113719.1.513.4.7


Copy the section regarding the LDAP Server from  /var/opt/novell/xad/ds/domain/nldap.ldif to a file called ldapServerObjects.ldif

The file should look something like this:
dn: CN=LDAP Server - OES11-DSFW1,ou=OESSystemObjects,o=novell
control: 1.2.840.113556.1.4.1339
changetype: modify
add: extensionInfo
extensionInfo: 0#object#nad_object_init#nad-plugin
extensionInfo: 1#object#subschema_object_init#subschema-plugin
extensionInfo: 2#preoperation#crossref_preop_init#crossref-plugin
extensionInfo: 3#object#anr_object_init#anr-plugin
extensionInfo: 4#object#tokengroups_object_init#tokengroups-plugin
extensionInfo: 5#extendedop#netlogon_extop_init#netlogon-plugin
extensionInfo: 6#object#ntacl_object_init#ntacl-plugin
extensionInfo: 7#extendedop#whoami_extop_init#whoami-plugin
extensionInfo: 8#object#dsearch_object_init#dsearch-plugin

The information above can be used to create the file if the nldap.ldif file can not be located or is missing the needed information.  Correct the name and context from the example above to achieve the same results.  Then apply the file using ldapmodify.  Change the cn=admin,o=context to the appropriate context.  Enter the path for the file if the file is not located.

  1. ldapmodify -x -H ldaps:// -D cn=admin,o=context -W -Q -f  ldapServerObjects.ldif
    for user user (-D) enter the appropriate username and context
  2. Restart DSfW services (xadcntrl reload)
  3. Do a ldapsearch for defaultnamingcontext
    ldapsearch -x -LLL -b "" -s base defaultnamingcontext
  4. The defaultNamingContext should be returned
    Example for a domain with the name of dsfw.lan:
    defaultNamingContext: DC=dsfw,DC=lan

If the LDAP server object was deleted be sure to add the interfaces as described in TID 7010319
Example for using ldapconfig to add the interfaces:
At the "User FDN:" prompt enter an admin user in .x500 format, example admin.novell or use the -a switch
        ldapconfig -s "ldapinterfaces=ldaps://:1636" -a admin.novell
        ldapconfig -s "ldapinterfaces=ldap://:1389" -a admin.novell
        ldapconfig -s "ldapinterfaces=ldap://:389 ldaps://:636 ldapi://%2fvar%2fopt%2fnovell%2fxad%2frun%2fldapi cldap:// ldap://:3268 ldaps://:3269" -a admin.novell


LDAP Extentions are missing