Upgraded "bidirectional" driver changelog module leads to eDiectory crash when engine connects

  • 7019013
  • 18-May-2017
  • 18-May-2017

Environment

NetIQ eDirectory
NetIQ Identity Manager 4.5
NetIQ Identity Manager 4.6
NetIQ Identity Manager Driver - eDirectory "Bidirectional"

Situation

After upgrading the eDirectory "Bidirectional" driver's Changelog (novell-DXMLChlgx) module to 4.0.2.0 or later on the remote eDirectory server, a connection requesting an extended operation from the engine and driver to that remote server via LDAP causes the remote server to crash.

The connection from the engine to the remote tree works at first for some simple information-gathering connections, but the actual connection which queries the Changelog module in the remote tree causes a crash, as can be seen from traces on either the IDM or remote eDirectory side.

The RPM in question is the novell-DXMLChlgx.rpm package which is only installed in the remote tree's servers (not the IDM engine servers).

A "verify" of the novell-DXMLChlgx package shows errors related to symlinks being missing:

> rpm -V novell-DXMLChlgx
missing     /opt/novell/eDirectory/lib64/libdirxml.so
missing     /opt/novell/eDirectory/lib64/libdirxml.so.3
S.5....T    /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.la
S.5....T    /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.so.3.0.0
S.5....T    /opt/novell/eDirectory/lib64/nds-modules/libxclldap.la
S.5....T    /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3.0.0


The 4.0.2.0 version of the module is available from https://dl.netiq.com/protected/Summary.jsp?buildid=Z87PgYd70So~

Resolution

The upgrade of the Changelog's RPM package fails due to a problem with the RPM's scripts.  As a result, the issue can be resolved by removing the RPM and re-installing it again.  Because there are likely two identically-named RPMs now installed because of the script's failure to process correctly, removing the RPMs requires an additional flag.  Before doing this, be sure to stop eDirectory on the remote tree server hosting this package:

#Stop all instances of eDirectory as all are likely impacted.
> ndsmanage stopall

#Remove the packages installed
> rpm -e novell-DXMLChlgx --allmatches

#Install the 4.0.2.0 or later version of the package
> rpm -ivh /path/to/novell-DXMLChlgx*.rpm

#Restart eDirectory
> ndsmanage startall


The engine should now be able to connect and access the Changelog data as before without a crash.

Cause

Incorrect scripting within the RPM package causes the package upgrade to fail to complete resulting in broken symlinks which then prevents eDirectory from finding libraries containing the symbols needed when a request for the extended operation takes place from the engine, which results in a crash of ndsd.

Bug Number

1036063

Additional Information

The ndsd.log file shows the following from the time of the crash:

Apr 17 15:29:23  Received invalid signal -1.
/opt/novell/eDirectory/sbin/
ndsd: symbol lookup error: /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3: undefined symbol: UTFConverter_8to16

The engine side trace shows successful connections at first, but the crash happens when executing an extended operation as shown below:

3720017664 LDAP: [2017/04/17 15:28:05.850] (204.78.125.162:57298)(0x0027:
0x77) DoExtended on connection 0x123fd880
3720017664 LDAP: [2017/04/17 15:28:05.850] (204.78.125.162:57298)(0x0027:
0x77) DoExtended: Extension Request OID: 2.16.840.1.113719.1.14.100.200

The problem happened during the upgrade to the novell-DXMLChlgx package from a version prior to 4.0.2.0 to 4.0.2.0 (or later) as shown in the following command and output:

root@mybox:/home/ab/dnlds# rpm -Uvh IDM45_Changelog_4020/dirxmlchangelogfp/linux-x64/novell-DXMLChlgx.rpm
Preparing...                ########################################### [100%]
   1:novell-DXMLChlgx       ########################################### [100%]
ln: target `/opt/novell/eDirectory/lib64/libdirxml.so' is not a directory
ln: target `/opt/novell/eDirectory/lib64/libdirxml.so.3' is not a directory
error: %post(novell-DXMLChlgx-4.0.2-0.x86_64) scriptlet failed, exit status 1

After the upgrade is complete there will likely be two versions of the package installed:

root@mybox:/home/ab/dnlds# rpm -qa | grep novell-DXMLChlgx
novell-DXMLChlgx-4.0.1-1
novell-DXMLChlgx-4.0.2-0

The release notes of the 4.0.2.0 package specify commands to perform an upgrade in a way that prevents the eDirectory crashes.  If those notes are not consulted properly and the upgrade is done normally then the problem arises.

The missing symlinks are set by the RPM as shown below, and could be created manually to resolve the issue temporarily:

-rwxr-xr-x    1 root    bin               247 Mar 21  2016 /opt/novell/eDirectory/bin/clutil
drwxr-xr-x    2 root    bin                 0 Mar 21  2016 /opt/novell/eDirectory/lib
-rwxr-xr-x    1 root    bin             18932 Mar 21  2016 /opt/novell/eDirectory/lib/clutil.jar
-rwxr-xr-x    1 root    bin            432436 Mar 21  2016 /opt/novell/eDirectory/lib/ldap.jar
-rwxr-xr-x    1 root    bin           2654234 Mar 21  2016 /opt/novell/eDirectory/lib64/libdirxml.so.3.0.500
-rwxr-xr-x    1 root    bin              1111 Mar 21  2016 /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.la
lrwxrwxrwx    1 root    bin                21 Mar 21  2016 /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.so.3 -> libcldxevent.so.3.0.0
-rwxr-xr-x    1 root    bin           7105188 Mar 21  2016 /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.so.3.0.0
lrwxrwxrwx    1 root    bin                21 Mar 21  2016 /opt/novell/eDirectory/lib64/nds-modules/libdxevent.so -> libcldxevent.so.3.0.0
-rwxr-xr-x    1 root    bin               987 Mar 21  2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.la
lrwxrwxrwx    1 root    bin                19 Mar 21  2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so -> libxclldap.so.3.0.0
lrwxrwxrwx    1 root    bin                19 Mar 21  2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3 -> libxclldap.so.3.0.0
-rwxr-xr-x    1 root    bin            496125 Mar 21  2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3.0.0
-rwxr-xr-x    1 root    bin              1172 Mar 21  2016 /opt/novell/eDirectory/lib64/nds-schema/clschema.sch