OES11SP2 move_to_common_proxy.sh script is unable to move DNS & DHCP procyusers to CommonProxy.

Customer has performed an OES2 SP3 upgrade to OES11 SP2, and this upgrade was performed offline using the OES11 SP2 Overlay DVD.

As per the documentation, as post-upgrade activity it is advised to run the 'move_to_common_proxy.sh' script, to move any services which use a service-specific proxy user, and move the same to a single 'CommonProxy' user.

This upgrade action fails executing for the DNS & DHCP component with the following results :

Starting Change proxy for DNS
Server Context: O=<context>.C=CN
Server Context in LDAP: O=<context>,C=CN
Failed to retrieve NCP Server context from nds.conf:1
[Error] Unable to move DNS to common proxy: 1
Tue Apr 15 20:04:06 CST 2014:[status] Starting Move To Common Proxy Task
[Status] novell-dhcp is chosen to move to common proxy
[Error] dhcp_proxy_rights_assign error in opening DHCP YaST config file.
 [Error] Unable to move DHCP to common proxy: 1
Tue Apr 15 20:04:07 CST 2014:[status] Starting Move To Common Proxy Task
[Error] iFolder service is not yet installed on this machine
Tue Apr 15 20:04:07 CST 2014:[status] Starting Move To Common Proxy Task
[Error] NetStorage service is not yet installed on this machine
Tue Apr 15 20:04:07 CST 2014:[status] Starting Move To Common Proxy Task
[Error] NCS service is not yet installed on this machine
Tue Apr 15 20:04:07 CST 2014:[status] Starting Move To Common Proxy Task
[Status] novell-lum is chosen to move to common proxy
[status] LUM is not using any proxy user on the system. Not reconfguring LUM

In "/var/opt/novell/log/proxymgmt/pxymgmt.log" it is observed that  the error "Failed to retrieve NCP Server context from nds.conf:1" is logged.

The issue has been reported to engineering.

The 'move_to_common_proxy.sh' script in turn calls :
/opt/novell/named/bin/dns_change_proxy "$LDAP_ADM" "$CP_FDN" $LDAP_IP $LDAP_PORT 1

This reads the admin password from the environment variable, but before being able to do so as required, it needs to export the password to that variable first. 
The password can be properly read, but not be exported which is the step that is failing here.

Workaround #1

Customers that already have an OES11 SP1 server in their environment could use /opt/novell/named/bin/dns_change_proxy from the OES11 SP1 server on the OES11 SP2 server as quick workaround.

Workaround #2

To verify which credential sets are maintained by CASA, enter the following command :  CASAcli -l  (without the quotation marks).

Customer that either want, or are required, to use the Common Proxy User for DNS (when using CASA for storing the novell-named Proxy User credentials), please use the following steps below.

1) Execute the following command from a console prompt to add the Common Proxy User's FDN and password to the dns-ldap credentials in CASA:

KEYVALUE=`/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred UserName` CASAcli -s -n dns-ldap -k CN
KEYVALUE=`/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred Password` CASAcli -s -n dns-ldap -k <Password>

2) Check the Common Proxy User's FDN:

/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred UserName

3) In eDirectory, make the Common Proxy User that you found with step '2' a member of the DNSDHCP-GROUP object.