Troubleshooting guide
Table Of Contents
- Novell eDirectory 8.8 SP7 Troubleshooting Guide
- About This Book
- 1 Resolving Error Codes
- 2 Installation and Configuration
- 2.1 Installation
- 2.1.1 Fatal Error Occurs in Schema Sync When Installing a Second eDirectory Server into the Tree on a SLES 11 Machine
- 2.1.2 Installation Not Successful
- 2.1.3 Installation Takes a Long Time
- 2.1.4 eDirectory Install Fails for Container Administrators
- 2.1.5 NICI Installation Failed - 1497
- 2.1.6 Naming Objects
- 2.1.7 NICI Does Not Get Installed in the Server Mode on Windows
- 2.1.8 Tarball Upgrade Fails With "Cannot open or remove a file containing a running program" Error Message
- 2.1.9 Installing the Library Patches
- 2.2 Configuration
- 2.2.1 Loopback Referrals Are Returned By a Directory Server
- 2.2.2 Tree Name Lookup Failed: -632 Error While Configuring eDirectory 8.8 on Linux
- 2.2.3 Adding New Servers
- 2.2.4 Excluding the DIB directory from Backup or Antivirus Processes
- 2.2.5 eDirectory ndsconfig Displays an Error on RHEL 32-bit System
- 2.3 Upgrade
- 2.3.1 The Integrated Installer Fails to Upgrade on Windows 2003
- 2.3.2 Upgrade Fails from Prior Versions of eDirectory 8.7.3 SP9 to eDirectory 8.8 SP7
- 2.3.3 Upgrade Fails if the Mount Point Is Set to /var/opt/novell/eDirectory/ data
- 2.3.4 Upgrading eDirectory After Applying a Patch Does Not Remove the Patch Version on a Windows System
- 2.4 Multiple Instances
- 2.1 Installation
- 3 Determining the eDirectory Version Number
- 4 Log Files
- 5 Troubleshooting LDIF Files
- 6 Troubleshooting SNMP
- 7 iMonitor
- 7.1 Browsing for Objects Containing Double-Byte Characters in iMonitor
- 7.2 Agent Health Check on a Single-Server Tree
- 7.3 iMonitor Report Does Not Save the Records for Each Hour
- 7.4 Creation and Modification Time Stamps
- 7.5 iMonitor Issues in Older Versions of Mozilla
- 7.6 Run Report Screen Layout Not Aligned on iMonitor
- 7.7 iMonitor Displays Error -672
- 7.8 Time Stamps Displayed in Hexadecimal Format
- 8 iManager
- 9 Obituaries
- 10 Migrating to Novell eDirectory
- 11 Schema
- 12 DSRepair
- 13 Replication
- 14 Clone DIB Issues
- 15 Novell Public Key Infrastructure Services
- 15.1 PKI Operations Not Working
- 15.2 LDAP Search from Netscape Address Book Fails
- 15.3 Removing the configuration of an eDirectory server that is acting as a treekey server in a multiserver tree after having moved the existing eDirectory objects to a different server fails with the error code for Crucial Replica.
- 15.4 While uninstalling the eDirectory Server holding the CA, the KMOs created on that server will be moved to another server in the tree and become invalid
- 16 Troubleshooting Utilities on Linux and UNIX
- 17 NMAS on Linux and UNIX
- 18 Troubleshooting on Windows
- 19 Accessing HTTPSTK When DS Is Not Loaded
- 20 Encrypting Data in eDirectory
- 20.1 Error Messages
- 20.2 Problem With Duplicate Encryption Algorithms
- 20.3 Encryption of Stream Attributes
- 20.4 Configuring Encrypted Replication through iManager
- 20.5 Viewing or Modifying Encrypted Attributes through iManager
- 20.6 Merging Trees With Encrypted Replication Enabled Fails
- 20.7 Limber Displays -603 Error
- 21 The eDirectory Management Toolbox
- 22 SASL-GSSAPI
- 23 Miscellaneous
- 23.1 Backing Up a Container
- 23.2 Repeated eDirectory Logins
- 23.3 Enabling Event System Statistics
- 23.4 Tracking Memory Corruption Issues on Linux
- 23.5 TCP Connection not Terminating after Abnormal Logout
- 23.6 NDS Error, System Failure (-632) Occurs When Doing ldapsearch for the User Objects
- 23.7 Disabling SecretStore
- 23.8 Viewing SLP Man Pages
- 23.9 dsbk Configuration File Location
- 23.10 SLP Interoperability Issues on OES Linux
- 23.11 ldif2dib Fails to Open the Error Log File When the DIB Directory Exists In the Custom Path
- 23.12 eDirectory Server Does Not Start Automatically in the Virtual SLES 10
- 23.13 ndsd Does Not Start After a System Crash
- 23.14 Do not Execute DSTrace With All Tags Enabled on UNIX Systems
- 23.15 LDAP is Not RFC Compliant For Anonymous Search Requests
- 23.16 Troubleshooting Ports with Custom eDirectory 8.8 Instances
- 23.17 Rebooting the Host
- 23.18 ndsd Not Listening at the Loopback Address on a Given NCP Port
- 23.19 LDAP Transaction OIDs
- 23.20 Errors -5871 and -5875 in LDAP Trace
- 23.21 NDSCons Gives -625 Error if a Tree is Renamed
- 23.22 Listening on Multiple NICs Slows Down eDirectory ldapsearch Performance
- 23.23 Unable to Limit the Number of Concurrent Users on UNIX/ Linux Platforms
- 23.24 ndsd Fails to Shut Down Due to SLP
- 23.25 eDirectory Does Not Support Symbolic Links for DIB Location
54 Novell eDirectory 8.8 SP7 Troubleshooting Guide
removed after the Primary obituary is ready to be removed or, in the case of
Inhibit_move
, the
Tracking obituary is removed after the Primary obituary has moved to the
OBF_NOTIFIED
state on the
master replica.
The replica responsible for processing obituaries does so on a background process (the Obituary
Process), which is scheduled on a per-partition basis after a given partition finishes an inbound
synchronization cycle. If there are no other replicas of the partition, the Outbound Replication
Process is still scheduled on the heartbeat interval. The Outbound Replication Process then starts the
Obituary Process. The Obituary Process cannot be manually scheduled, nor does it need to be. As
synchronization occurs, the transitive vectors are updated, thus advancing the Purge Vector and Obit
Vector. As these vectors move forward, the obituary states are allowed to move forward. This,
together with the automatic scheduling done upon inbound synchronization, completes the obituary
processing cycle. Therefore, the lifeblood of obituary processing is object synchronization.
For an object that is being removed, after all obituaries whose associated Primary obituary is of type
Dead have been advanced to the last state (Purgeable), and that state has been synchronized to all
replicas, a new process is responsible for removing the remaining entry husk from the database. The
Purge Process runs automatically to remove these husks. You can manually schedule the Purge
Process and modify its automatic schedule interval by using the Agent Configuration page in
iMonitor.
9.1 Examples
This section contains the following examples:
“Deleting an Object” on page 54
“Moving an Object” on page 55
9.1.1 Deleting an Object
1 Add the Primary obituary OBT_DEAD.
The Back Link attribute contains a list of servers that have an interest in this object and need to
be notified of changes to this entry. For every DN listed in the Back Link attribute and all servers
listed in the entry's partition replica attribute, eDirectory adds a Back Link obituary. The creation
time of the Primary obituary, OBT_DEAD, is stored in the Secondary obituary.
The Used By attribute contains a list of partitions that have an interest in this object and need to
be notified of changes to this entry. For every DN listed in the Used By attribute, eDirectory adds
a Used By obituary. The creation time of the Primary obituary, OBT_DEAD, is stored in the
Secondary obituary.
2 Remove all attributes but the obituaries.
The Outbound Replication Process then synchronizes this change to all other servers in the
replica ring.
On the next inbound synchronization of this partition, the Obituary Process is started, which
does the following:
Computes a time vector which is a minimum transitive vector, referred to as the purge
vector. Later versions of eDirectory compute a second minimum vector, called the obituary
vector, which does not consider replicas which are subordinate references.
Each Obituary in this partition is now examined.
If the obituary is a Primary obituary, there are no Secondary obituaries, and the attribute's
modification time (MTS) on the obituary is older than the Purge Vector, then all servers
have seen the change and this obituary will be removed.