Environment
NetIQ eDirectory
NetIQ Identity Manager 4.5
NetIQ Identity Manager 4.6
NetIQ Identity Manager Driver - eDirectory "Bidirectional"
NetIQ Identity Manager 4.5
NetIQ Identity Manager 4.6
NetIQ Identity Manager Driver - eDirectory "Bidirectional"
Situation
After upgrading the eDirectory "Bidirectional" driver's Changelog (novell-DXMLChlgx) module to 4.0.2.0 or later on the remote eDirectory server, a connection requesting an extended operation from the engine and driver to that remote server via LDAP causes the remote server to crash.
The connection from the engine to the remote tree works at first for some simple information-gathering connections, but the actual connection which queries the Changelog module in the remote tree causes a crash, as can be seen from traces on either the IDM or remote eDirectory side.
The RPM in question is the novell-DXMLChlgx.rpm package which is only installed in the remote tree's servers (not the IDM engine servers).
A "verify" of the novell-DXMLChlgx package shows errors related to symlinks being missing:
> rpm -V novell-DXMLChlgx
missing /opt/novell/eDirectory/lib64/libdirxml.so
missing /opt/novell/eDirectory/lib64/libdirxml.so.3
S.5....T /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.la
S.5....T /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.so.3.0.0
S.5....T /opt/novell/eDirectory/lib64/nds-modules/libxclldap.la
S.5....T /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3.0.0
The 4.0.2.0 version of the module is available from https://dl.netiq.com/protected/Summary.jsp?buildid=Z87PgYd70So~
The connection from the engine to the remote tree works at first for some simple information-gathering connections, but the actual connection which queries the Changelog module in the remote tree causes a crash, as can be seen from traces on either the IDM or remote eDirectory side.
The RPM in question is the novell-DXMLChlgx.rpm package which is only installed in the remote tree's servers (not the IDM engine servers).
A "verify" of the novell-DXMLChlgx package shows errors related to symlinks being missing:
> rpm -V novell-DXMLChlgx
missing /opt/novell/eDirectory/lib64/libdirxml.so
missing /opt/novell/eDirectory/lib64/libdirxml.so.3
S.5....T /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.la
S.5....T /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.so.3.0.0
S.5....T /opt/novell/eDirectory/lib64/nds-modules/libxclldap.la
S.5....T /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3.0.0
The 4.0.2.0 version of the module is available from https://dl.netiq.com/protected/Summary.jsp?buildid=Z87PgYd70So~
Resolution
The upgrade of the Changelog's RPM package fails due to a problem with the RPM's scripts. As a result, the issue can be resolved by removing the RPM and re-installing it again. Because there are likely two identically-named RPMs now installed because of the script's failure to process correctly, removing the RPMs requires an additional flag. Before doing this, be sure to stop eDirectory on the remote tree server hosting this package:
#Stop all instances of eDirectory as all are likely impacted.
> ndsmanage stopall
#Remove the packages installed
> rpm -e novell-DXMLChlgx --allmatches
#Install the 4.0.2.0 or later version of the package
> rpm -ivh /path/to/novell-DXMLChlgx*.rpm
#Restart eDirectory
> ndsmanage startall
The engine should now be able to connect and access the Changelog data as before without a crash.
#Stop all instances of eDirectory as all are likely impacted.
> ndsmanage stopall
#Remove the packages installed
> rpm -e novell-DXMLChlgx --allmatches
#Install the 4.0.2.0 or later version of the package
> rpm -ivh /path/to/novell-DXMLChlgx*.rpm
#Restart eDirectory
> ndsmanage startall
The engine should now be able to connect and access the Changelog data as before without a crash.
Cause
Incorrect scripting within the RPM package causes the package upgrade to fail to complete resulting in broken symlinks which then prevents eDirectory from finding libraries containing the symbols needed when a request for the extended operation takes place from the engine, which results in a crash of ndsd.
Bug Number
1036063
Additional Information
The ndsd.log file shows the following from the time of the crash:
Apr 17 15:29:23 Received invalid signal -1.
/opt/novell/eDirectory/sbin/ndsd: symbol lookup error: /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3: undefined symbol: UTFConverter_8to16
The engine side trace shows successful connections at first, but the crash happens when executing an extended operation as shown below:
3720017664 LDAP: [2017/04/17 15:28:05.850] (204.78.125.162:57298)(0x0027:0x77) DoExtended on connection 0x123fd880
3720017664 LDAP: [2017/04/17 15:28:05.850] (204.78.125.162:57298)(0x0027:0x77) DoExtended: Extension Request OID: 2.16.840.1.113719.1.14.100.200
The problem happened during the upgrade to the novell-DXMLChlgx package from a version prior to 4.0.2.0 to 4.0.2.0 (or later) as shown in the following command and output:
After the upgrade is complete there will likely be two versions of the package installed:
The release notes of the 4.0.2.0 package specify commands to perform an upgrade in a way that prevents the eDirectory crashes. If those notes are not consulted properly and the upgrade is done normally then the problem arises.
The missing symlinks are set by the RPM as shown below, and could be created manually to resolve the issue temporarily:
-rwxr-xr-x 1 root bin 247 Mar 21 2016 /opt/novell/eDirectory/bin/clutil
drwxr-xr-x 2 root bin 0 Mar 21 2016 /opt/novell/eDirectory/lib
-rwxr-xr-x 1 root bin 18932 Mar 21 2016 /opt/novell/eDirectory/lib/clutil.jar
-rwxr-xr-x 1 root bin 432436 Mar 21 2016 /opt/novell/eDirectory/lib/ldap.jar
-rwxr-xr-x 1 root bin 2654234 Mar 21 2016 /opt/novell/eDirectory/lib64/libdirxml.so.3.0.500
-rwxr-xr-x 1 root bin 1111 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.la
lrwxrwxrwx 1 root bin 21 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.so.3 -> libcldxevent.so.3.0.0
-rwxr-xr-x 1 root bin 7105188 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.so.3.0.0
lrwxrwxrwx 1 root bin 21 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libdxevent.so -> libcldxevent.so.3.0.0
-rwxr-xr-x 1 root bin 987 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.la
lrwxrwxrwx 1 root bin 19 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so -> libxclldap.so.3.0.0
lrwxrwxrwx 1 root bin 19 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3 -> libxclldap.so.3.0.0
-rwxr-xr-x 1 root bin 496125 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3.0.0
-rwxr-xr-x 1 root bin 1172 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-schema/clschema.sch
Apr 17 15:29:23 Received invalid signal -1.
/opt/novell/eDirectory/sbin/
The engine side trace shows successful connections at first, but the crash happens when executing an extended operation as shown below:
3720017664 LDAP: [2017/04/17 15:28:05.850] (204.78.125.162:57298)(0x0027:
3720017664 LDAP: [2017/04/17 15:28:05.850] (204.78.125.162:57298)(0x0027:
The problem happened during the upgrade to the novell-DXMLChlgx package from a version prior to 4.0.2.0 to 4.0.2.0 (or later) as shown in the following command and output:
root@mybox:/home/ab/dnlds# rpm -Uvh IDM45_Changelog_4020/dirxmlchangelogfp/linux-x64/novell-DXMLChlgx.rpm Preparing... ########################################### [100%] 1:novell-DXMLChlgx ########################################### [100%] ln: target `/opt/novell/eDirectory/lib64/libdirxml.so' is not a directory ln: target `/opt/novell/eDirectory/lib64/libdirxml.so.3' is not a directory error: %post(novell-DXMLChlgx-4.0.2-0.x86_64) scriptlet failed, exit status 1
After the upgrade is complete there will likely be two versions of the package installed:
root@mybox:/home/ab/dnlds# rpm -qa | grep novell-DXMLChlgx novell-DXMLChlgx-4.0.1-1 novell-DXMLChlgx-4.0.2-0
The release notes of the 4.0.2.0 package specify commands to perform an upgrade in a way that prevents the eDirectory crashes. If those notes are not consulted properly and the upgrade is done normally then the problem arises.
The missing symlinks are set by the RPM as shown below, and could be created manually to resolve the issue temporarily:
-rwxr-xr-x 1 root bin 247 Mar 21 2016 /opt/novell/eDirectory/bin/clutil
drwxr-xr-x 2 root bin 0 Mar 21 2016 /opt/novell/eDirectory/lib
-rwxr-xr-x 1 root bin 18932 Mar 21 2016 /opt/novell/eDirectory/lib/clutil.jar
-rwxr-xr-x 1 root bin 432436 Mar 21 2016 /opt/novell/eDirectory/lib/ldap.jar
-rwxr-xr-x 1 root bin 2654234 Mar 21 2016 /opt/novell/eDirectory/lib64/libdirxml.so.3.0.500
-rwxr-xr-x 1 root bin 1111 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.la
lrwxrwxrwx 1 root bin 21 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.so.3 -> libcldxevent.so.3.0.0
-rwxr-xr-x 1 root bin 7105188 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libcldxevent.so.3.0.0
lrwxrwxrwx 1 root bin 21 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libdxevent.so -> libcldxevent.so.3.0.0
-rwxr-xr-x 1 root bin 987 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.la
lrwxrwxrwx 1 root bin 19 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so -> libxclldap.so.3.0.0
lrwxrwxrwx 1 root bin 19 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3 -> libxclldap.so.3.0.0
-rwxr-xr-x 1 root bin 496125 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-modules/libxclldap.so.3.0.0
-rwxr-xr-x 1 root bin 1172 Mar 21 2016 /opt/novell/eDirectory/lib64/nds-schema/clschema.sch