Cannot change the simple or UP password of a user after upgrading to OES2018SP1

  • 7023971
  • 25-Jun-2019
  • 25-Jun-2019


Open Enterprise Server 2018 SP1 (OES 2018 SP1) Linux
Open Enterprise Server 2015 SP1 (OES 2015 SP1) Linux
iManager 3.1.3
eDirectory 9.1.3


Multiple problems using certain plugins (those that use LDAPS) after upgrading from OES2015SP1 to OES2018SP1:

- NMAS error -1681 changing a user's UP

- Groups plugin reports it is unable to obtain a valid LDAP context.

- Changing the simple password results in:
Simple password could not be set.   Unable to create a LDAP connection usng SSL to eDirectory server.
Creating secure SSL LDAP context failed.


1. Recreate iMKS keystore:
systemctl stop novell-tomcat
mv /var/opt/novell/tomcat/webapps/nps/WEB-INF/iMKS /tmp
systemctl start novell-tomcat

Other causes:

2. Ensure TreeName provided during login is:
- not or localhost
- resolvable to CN of LDAP server certificate

Note: if treename is not resolvable via DNS or SLP create DNS server A record or a local /etc/hosts.nds file pointing to a copy of root.


The appended period is important so the domain is not appended.

3.  Symptoms like this can also result from not having the IP address in the Subject Alternative Name - only DNS in subject.


This failure is caused by novell-imanager.rpm not deleting old iMKS file which contains the keystore type values as JKS. This was fixed in iMgr 3.1.3 standalone by deleting the old JKS file.  Once someone logs into iManager it will import the certificate automatically into the trust store as well as validate it against the server certificate during LDAP secure connections.