Novell eDirectory 8.8 Troubleshooting Guide - NetIQ

More documents

Recommendations

Info

Cause: The realm object’s master key is changed. Cause: The LDAP service principal object was not found in the subtree of the realm to which it belongs. SASL-GSS: Creating GSS context failed novdocx (en) 11 July 2008 Cause: The time is not in sync between the client, KDC and the eDirectory servers. Cause: The key of the LDAP service principal was changed in the Kerberos database, but not updated in eDirectory. Cause: The encryption type is not supported. SASL GSSAPI: Invalid user FDN = user_FDN Cause: The user FDN provided by the client is not valid. SASL GSSAPI: No user DN is associated with principal client_principal_name Cause: A user object under the subtree is not attached with the Kerberos principal name. SASL GSSAPI: More than one user DN is associated with principal client_principal_name Cause: More than one user object under the subtree is associated with the same principal. ldap_simple_bind_s: Invalid credentials major = 1, minor =0 Cause: The cause might be the version mismatch between the ldap service principal on the KDC server and the ldap service principal on the eDirectory server. This is because every time you extract the ldap service principal key to the keytab file, the key version number gets incremented. Action: Do the following: 1 Update the key in eDirectory server so that the version numbers are in sync. 2 Destroy the tickets at the client. 3 Get the TGT again for the principal. 4 Perform the ldap sasl bind operation. 92 Novell eDirectory 8.8 Troubleshooting Guide
19Miscellaneous • Section 19.1, “Backing Up a Container,” on page 93 • Section 19.2, “Repeated eDirectory Logins,” on page 93 • Section 19.3, “Enabling Event System Statistics,” on page 93 • Section 19.4, “Tracking Memory Corruption Issues on Linux,” on page 93 • Section 19.5, “TCP Connection not Terminating after Abnormal Logout,” on page 94 • Section 19.6, “NDS Error, System Failure (-632) Occurs When Doing ldapsearch for the User Objects,” on page 95 • Section 19.7, “Disabling SecretStore,” on page 95 19.1 Backing Up a Container While using ndsbackup to backup a container that has many objects (like a million), it might take some time to get the list of the objects in the container and start their individual backup. 19.2 Repeated eDirectory Logins Repeated eDirectory logins can use up the available memory. Disable the Login Update attribute using ndsimonitor to overcome this problem. 19.3 Enabling Event System Statistics Time related statistics are maintained for every event thrown and consumed in eDirectory. This information is useful for troubleshooting event consumer issues. These statistics are not required for normal functioning of directory; therefore, they are disabled for performance reasons. Event statistics can be enabled at runtime by using iMonitor advanced configuration parameters. To view the event statistics, set the ENABLE_EVENT_STATISTICS parameter and restart the server . It is a permanent configuration parameter. 19.4 Tracking Memory Corruption Issues on Linux On Linux platforms, eDirectory uses google malloc (libtcmalloc) as the default memory allocator. To track memory corruption issues, set the MALLOC_CHECK_ environment variable in the ndsd startup script. The startup script checks for this variable. If set, the default system malloc is used, else google malloc is loaded. 19 novdocx (en) 11 July 2008 MALLOC_CHECK Settings in ndsd • When MALLOC_CHECK_ is set to 0, any detected heap corruption is silently ignored. • When MALLOC_CHECK_ is set to 2, abort is called immediately. Miscellaneous 93
Page 1 and 2:
Troubleshooting Guide AUTHORIZED DO
Page 3 and 4:
Novell Trademarks Client32 is a tra
Page 5 and 6:
Contents About This Book 9 novdocx
Page 7 and 8:
11.4 While Uninstalling the eDirect
Page 9 and 10:
About This Book This Troubleshootin
Page 11 and 12:
1Resolving Error Codes For a comple
Page 13 and 14:
2Installation and Configuration •
Page 15 and 16:
n4u.uam.ncp-retries = 5 n4u.base.sl
Page 17 and 18:
3Determining the eDirectory Version
Page 19 and 20:
• Run iMonitor. On the Agent Summ
Page 21 and 22:
4Log Files This section contains in
Page 23 and 24:
5Troubleshooting LDIF Files The Nov
Page 25 and 26:
Component Record Delimiters Descrip
Page 27 and 28:
The Modify Change Type The modify c
Page 29 and 30:
Field newsuperior (optional) Descri
Page 31 and 32:
5.2 Debugging LDIF Files • “Ena
Page 33 and 34:
Option Base DN Scope Description Ba
Page 35 and 36:
Using the Novell Import Conversion
Page 37 and 38:
5.3.2 Adding a New Attribute To add
Page 39 and 40:
objectclasses: (2.16.840.1.113719.1
Page 41 and 42: 6Troubleshooting SNMP This section
Page 43 and 44: 7Obituaries There has been a great
Page 45 and 46: If the obituary is a Primary obitua
Page 47 and 48: Make sure that the obituaries are c
Page 49 and 50: 8Migrating to Novell eDirectory Thi
Page 51 and 52: dn: cn=schemachangetype: modifyadd:
Page 53 and 54: 8.2.2 Step 2: Rectify the Error LDI
Page 55 and 56: Any errors encountered while compar
Page 57 and 58: 9Schema This section includes infor
Page 59 and 60: 10Replication • Section 10.1, “
Page 61 and 62: 1Novell Public Key Infrastructure S
Page 63 and 64: 12Troubleshooting Utilities on Linu
Page 65 and 66: Option Description -P Replica and P
Page 67 and 68: Option Optional Schema Enhancements
Page 69 and 70: Determines the complete synchroniza
Page 71 and 72: 12.5.2 Troubleshooting ndsrepair Er
Page 73 and 74: Trace Flag DNS DRLK DVRS Descriptio
Page 75 and 76: Trace Flag Parameters Description *
Page 77 and 78: Trace Flag Parameters Description !
Page 79 and 80: 13NMAS on Linux and UNIX • Sectio
Page 81 and 82: 14Troubleshooting on Windows • Se
Page 83 and 84: 15Accessing HTTPSTK When DS Is Not
Page 85 and 86: 16Encrypting Data in eDirectory In
Page 87 and 88: Action 1. Upgrade the server to a c
Page 89 and 90: 17The eDirectory Management Toolbox
Page 91: 18SASL-GSSAPI This section discusse
Page 95 and 96: To make the setting permanent (even
show all

Novell eDirectory 8.8 Troubleshooting Guide - NetIQ

Create successful ePaper yourself

Delete template?

Save as template?