Environment
NetIQ Identity Manager 4.5 Roles Based Provisioning Module
Situation
When launching configupdate.sh an warning is received but it launches.
Warning: Unable to initialize values from Identity Vault: com.novell.security.sso.SSException: [LDAP: error code 2 - Unrecognized extended operation]
However when trying to save the configuration the following error is received:
Error saving configuraino
Email Server Configuration: 'Server requires authentication' cannot be empty
[Fatal Error] blockpage.cgi?ws-session-18446744072242283665:1:3: The markup declarations contained or pointed to by the document type declaration must be well-formed.
com.netiq.internal.installer.idm.ldap.ConfiStoreException: Error storing configuration.
...
If you capture a LDAP Server trace of the eDirectory server User Application is pointing to, it shows the following error in the trace:
3575486208 LDAP: [2015/10/20 15:25:12.592] Unable to find extension handler 2.16.840.1.113719.1.148.100.3 in extension list
3575486208 LDAP: [2015/10/20 15:25:12.592] Sending operation result 2:"":"Unrecognized extended operation" to connection 0xe12380
2995476224 LDAP: [2015/10/20 15:25:12.594] DoExtended on connection 0xe12380
2995476224 LDAP: [2015/10/20 15:25:12.594] DoExtended: Extension Request OID: 2.16.840.1.113719.1.148.100.3
2995476224 LDAP: [2015/10/20 15:25:12.594] Unable to find extension handler 2.16.840.1.113719.1.148.100.3 in extension list
2995476224 LDAP: [2015/10/20 15:25:12.594] Sending operation result 2:"":"Unrecognized extended operation" to connection 0xe12380
3580749568 LDAP: [2015/10/20 15:25:12.598] DoUnbind on connection 0xe12000
3580749568 LDAP: [2015/10/20 15:25:12.598] Connection 0xe12000 closed
Warning: Unable to initialize values from Identity Vault: com.novell.security.sso.SSException: [LDAP: error code 2 - Unrecognized extended operation]
However when trying to save the configuration the following error is received:
Error saving configuraino
Email Server Configuration: 'Server requires authentication' cannot be empty
[Fatal Error] blockpage.cgi?ws-session-18446744072242283665:1:3: The markup declarations contained or pointed to by the document type declaration must be well-formed.
com.netiq.internal.installer.idm.ldap.ConfiStoreException: Error storing configuration.
...
If you capture a LDAP Server trace of the eDirectory server User Application is pointing to, it shows the following error in the trace:
3575486208 LDAP: [2015/10/20 15:25:12.592] Unable to find extension handler 2.16.840.1.113719.1.148.100.3 in extension list
3575486208 LDAP: [2015/10/20 15:25:12.592] Sending operation result 2:"":"Unrecognized extended operation" to connection 0xe12380
2995476224 LDAP: [2015/10/20 15:25:12.594] DoExtended on connection 0xe12380
2995476224 LDAP: [2015/10/20 15:25:12.594] DoExtended: Extension Request OID: 2.16.840.1.113719.1.148.100.3
2995476224 LDAP: [2015/10/20 15:25:12.594] Unable to find extension handler 2.16.840.1.113719.1.148.100.3 in extension list
2995476224 LDAP: [2015/10/20 15:25:12.594] Sending operation result 2:"":"Unrecognized extended operation" to connection 0xe12380
3580749568 LDAP: [2015/10/20 15:25:12.598] DoUnbind on connection 0xe12000
3580749568 LDAP: [2015/10/20 15:25:12.598] Connection 0xe12000 closed
Resolution
Delete the LDAP Server and Group objects in eDirectory for the server that RBPM is pointing to. Then recreate the objects with "ndsconfig upgrade" from a terminal window on the linux server. Then restart ldap or ndsd on the server.
If you are running eDirectory on another platform, please contact eDirectory Support for additional assistance.
If you are running eDirectory on another platform, please contact eDirectory Support for additional assistance.
Cause
The LDAP Server object in eDirectory was missing the required 2.16.840.1.113719.1.148.100.3 extension in the extensionInfo attribute.