Environment
NetIQ Access Manager 4.1.1
NetIQ Access Manager Administration Console on SLES 12
NetIQ eDirectory 8.8.5
NetIQ Access Manager Administration Console on SLES 12
NetIQ eDirectory 8.8.5
Situation
Access Manager 4.0 working without issue on SLES11 SP3 platform. Administrator successfully upgraded all components to 4.1.1 to get latest security patches and get support for SLES12 OS, and users continued to be able to access protected resources behind the Access Gateway after authenticating to the Identity Server.
The next step was to upgrade the underlying OS from SLES11 SP3 to SLES12, starting with the Admin Consoles and finishing with the Identity Servers (Access Gateway were appliance based and would remain on the default SLES11 SP3 platform). After upgrading the OS to SLES12 on the Admin Console, messages appeared to indicate that the upgrade was successful yet the Admin Console failed to start correctly. Looking at the services and logs in more detail, it was clear that eDirectory did not start up automatically after the reboot on SLES12. The following output was seen manually trying to start the eDir services:
# "/etc/init.d/ndsd start" returns
SysVinit eDirectory system is not supported on this platform. Refer to documentation for eDirectory usage on this platform
# "ndsmanage startall" returns
Starting NetIQ eDirectory server...
Failed to start ndsdtmpl-etc-opt-novell-eDirectory-conf-nds.conf@-etc-opt-novell-eDirectory-conf-env.service:
Unit ndsdtmpl-etc-opt-novell-eDirectory-conf-nds.conf@-etc-opt-novell-eDirectory-conf-env.service failed to load: No such file or directory.
The next step was to upgrade the underlying OS from SLES11 SP3 to SLES12, starting with the Admin Consoles and finishing with the Identity Servers (Access Gateway were appliance based and would remain on the default SLES11 SP3 platform). After upgrading the OS to SLES12 on the Admin Console, messages appeared to indicate that the upgrade was successful yet the Admin Console failed to start correctly. Looking at the services and logs in more detail, it was clear that eDirectory did not start up automatically after the reboot on SLES12. The following output was seen manually trying to start the eDir services:
# "/etc/init.d/ndsd start" returns
SysVinit eDirectory system is not supported on this platform. Refer to documentation for eDirectory usage on this platform
# "ndsmanage startall" returns
Starting NetIQ eDirectory server...
Failed to start ndsdtmpl-etc-opt-novell-eDirectory-conf-nds.conf@-etc-opt-novell-eDirectory-conf-env.service:
Unit ndsdtmpl-etc-opt-novell-eDirectory-conf-nds.conf@-etc-opt-novell-eDirectory-conf-env.service failed to load: No such file or directory.
Resolution
The following steps must be used after having upgraded the NAM 4.1.1 Admin Console to SLES 12
a) run 'ndsconfig upgrade' manually at the SLES12 server console post upgrade of Admin Console. This will generate the necessary template files that ndsmanage requires for eDir to startup correctly
b) run 'ndsmanage startall' to manually start eDir services on SLES12
a) run 'ndsconfig upgrade' manually at the SLES12 server console post upgrade of Admin Console. This will generate the necessary template files that ndsmanage requires for eDir to startup correctly
b) run 'ndsmanage startall' to manually start eDir services on SLES12
Cause
SLES12 is Systemd based while previous versions of SLES were sysVinit based. This is the reason why the /etc/init.d/ndsd script can no longer be used.