The node service system can not operate normally

Document ID:7025179
Creation Date:01-Jul-2021
Modified Date:01-Jul-2021
- Micro Focus Products:
  Self Service Password Reset

Environment

SSPR 4.5

eDirectory environment

Node Service Enabled

Situation

5093 Node Service Error

5079 LDAP Data error

Error is shown in the Configuration Manager Health screen:"The node service system can not operate normally: error writing node service heartbeat: 5079 ERROR_LDAP_DATA_ERROR (error writing node service data: javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - NDS error: illegal attribute (-608)])"

Resolution

Solutions:

1. If node service is not needed, disable it in SSPR Configuration Editor under Settings, Application, Session Management

2. If node service is desired, extend the schema to add the pwmData attribute (new in SSPR 4.4 or later).

The eDirectory schema can be extended in multiple ways. See "Manually Extending the Schema" in the eDirectory documentation at https://www.netiq.com/documentation/edirectory-92/edir_admin/data/amijij0.html

Use the "edirectory-schema.ldif," the "edirectory-schema-update.ldif, or " edirectory-schema.sch file included with SSPR. These can be found in Configuration Editor by clicking the "book" icon in the top right to open the reference documentation. Select "LDAP Schema Definition" and download schema LDIFs.

When properly extended the objectclass pwmUser will include the pwmData attribute. All users will have an objectclass attribute value of pwmUser on all the servers that SSPR would connect to.

Cause

The NDS illegal attribute error occurs when the schema is not properly extended.

Additional Information

The node service allows SSPR to detect and identify when multiple application nodes are similar configured and can share user sessions. It must be enabled for Password Expiration Notification Emails to work properly.