Environment
SSPR 4.5
eDirectory environment
Node Service Enabled
Situation
5093 Node Service Error
5079 LDAP Data error
Error is shown in the Configuration Manager Health screen:"The node service system can
not operate normally: error writing node service heartbeat: 5079
ERROR_LDAP_DATA_ERROR (error writing node service data:
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - NDS error:
illegal attribute (-608)])"
Resolution
Solutions:
2. If node service is desired, extend the schema to add the pwmData attribute (new in SSPR 4.4 or later).
The eDirectory schema can be extended in multiple ways. See "Manually Extending the Schema" in the eDirectory documentation at https://www.netiq.com/documentation/edirectory-92/edir_admin/data/amijij0.html
Use the "edirectory-schema.ldif," the "edirectory-schema-update.ldif, or " edirectory-schema.sch file included with SSPR. These can be found in Configuration Editor by clicking the "book" icon in the top right to open the reference documentation. Select "LDAP Schema Definition" and download schema LDIFs.
When properly extended the objectclass pwmUser will include the pwmData attribute. All users will have an objectclass attribute value of pwmUser on all the servers
that SSPR would connect to.
Cause
The NDS illegal attribute error occurs when the schema is not properly extended.
Additional Information
The node service allows SSPR to detect and identify when multiple application nodes are similar configured and can share user sessions. It must be enabled for Password Expiration Notification Emails to work properly.