Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
Novell eDirectory 8.8 Troubleshooting Guide - NetIQ
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
10<strong>Novell</strong> Public Key Infrastructure<br />
Services<br />
• Section 10.1, “PKI Operations Not Working,” on page 59<br />
• Section 10.2, “LDAP Search from Netscape Address Book Fails,” on page 59<br />
• Section 10.3, “Removing the configuration of an <strong>eDirectory</strong> server that is acting as a treekey<br />
server in a multiserver tree after having moved the existing <strong>eDirectory</strong> objects to a different<br />
server fails with the error code for Crucial Replica.,” on page 59<br />
• Section 10.4, “While Uninstalling the <strong>eDirectory</strong> Server holding the CA, the KMOs created on<br />
that server will be moved to another server in the tree and become invalid,” on page 60<br />
10.1 PKI Operations Not Working<br />
If PKI operations in ConsoleOne or iManager are not working, it could be because <strong>Novell</strong> PKI<br />
Services are not running on the Linux, Solaris, AIX, or HP-UX host. Start the PKI Services by<br />
entering npki -1.<br />
If you cannot create certificates, you need to ensure that the NICI module has been properly<br />
installed. See “Initializing the NICI Module on the Server” in the <strong>Novell</strong> <strong>eDirectory</strong> <strong>8.8</strong><br />
Administration <strong>Guide</strong>. To verify if NICI is initialized, see “Verifying Whether NICI Is Installed and<br />
Initialized on the Server” in the <strong>Novell</strong> <strong>eDirectory</strong> <strong>8.8</strong> Administration <strong>Guide</strong>.<br />
10.2 LDAP Search from Netscape Address Book<br />
Fails<br />
If you are using an export version of the Netscape browser and a KMO key size larger than 512 bits<br />
associated with the LDAP Server object, the LDAP search from the Netscape Address Book might<br />
fail.<br />
Use a domestic version of the Netscape browser in such cases.<br />
10.3 Removing the configuration of an<br />
<strong>eDirectory</strong> server that is acting as a treekey<br />
server in a multiserver tree after having moved<br />
the existing <strong>eDirectory</strong> objects to a different<br />
server fails with the error code for Crucial<br />
Replica.<br />
To complete the operation, change the Key Server DN attribute in the W0 object under Security<br />
Container > KAP to another server in the tree that has downloaded the treekey from this server.<br />
1 In <strong>Novell</strong> iManager, click the Roles and Tasks button .<br />
2 Click <strong>eDirectory</strong> Administration > Modify Object.<br />
10<br />
novdocx (ENU) 01 February 2006<br />
<strong>Novell</strong> Public Key Infrastructure Services<br />
59