The node service system can not operate normally

  • 7025179
  • 01-Jul-2021
  • 01-Jul-2021

Environment

SSPR 4.5
eDirectory environment
Node Service Enabled

Situation

5093 Node Service Error
5079 LDAP Data error
Error is shown in the Configuration Manager Health screen:"The node service system can not operate normally: error writing node service heartbeat: 5079 ERROR_LDAP_DATA_ERROR (error writing node service data: javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - NDS error: illegal attribute (-608)])"

Resolution

Solutions:

1. If node service is not needed, disable it in SSPR Configuration Editor under Settings, Application, Session Management
2. If node service is desired, extend the schema to add the pwmData attribute (new in SSPR 4.4 or later).

The eDirectory schema can be extended in multiple ways.   See "Manually Extending the Schema" in the eDirectory documentation at https://www.netiq.com/documentation/edirectory-92/edir_admin/data/amijij0.html

Use the "edirectory-schema.ldif," the  "edirectory-schema-update.ldif, or " edirectory-schema.sch file included with SSPR.  These can be found in Configuration Editor by clicking the "book" icon in the top right to open the reference documentation. Select "LDAP Schema Definition" and download  schema LDIFs.

When properly extended the objectclass pwmUser will include the pwmData attribute.  All users will have an objectclass attribute value of pwmUser on all the servers that SSPR would connect to.


Cause

The NDS illegal attribute error occurs when the schema is not properly extended.

Additional Information

The node service allows SSPR to detect and identify when multiple application nodes are similar configured and can share user sessions.  It must be enabled for Password Expiration Notification Emails to work properly.  

Feedback service temporarily unavailable. For content questions or problems, please contact Support.