We have some Zenworks 7 and LDAP errors on a SLES 9 server to resolve. We could use some help figuring out what to do next, and we're also wondering if our errors are separate or linked.

Background: In our environment, we have three servers configured as follows:

- Server 1 = Novell Netware 6.5, primary eDirectory and File server (IP
- Server 2 = Novell SLES 9, primary Groupwise and Zenworks, secondary DNS, eDirectory replica (IP
- Server 3 = Novell SLES 9, primary DNS and DHCP, eDirectory replica (IP

I noticed a pair of errors in Server2's /var/log/messages recently. They appear every 60 seconds:

Date Time Server2 /usr/sbin/namcd[6432]: ldap_initconn: LDAP bind failed, trying to connect to alternative LDAP server
Date Time Server2 /usr/sbin/namcd[6432]: ldap_initconn: Unable to bind to alternative LDAP servers either.

I also noticed that the Zenworks inventory service now fails to load:

server2:~ # /etc/init.d/novell-zdm-inv status
Novell ZENworks Inventory server daemon dead

server2:~ # /etc/init.d/novell-zdm-inv start
Starting Novell ZENworks Inventory server daemon failed

I checked the Zenworks Automatic Workstation Inventory log (/var/opt/novell/log/zenworks/awsi.log) and found this entry repeated:

Feb 6, 2008 2:35:46 PM OS = <linux>
Feb 6, 2008 2:35:46 PM ENTER getDirContext - localhost389
Feb 6, 2008 2:35:46 PM javax.naming.CommunicationException: anonymous bind failed: localhost:636 [Root exception is javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateExpiredException: NotAfter: Sat Oct 27 11:03:18 PDT 2007]
Feb 6, 2008 2:35:46 PM No import policy found.

I also checked the Zenworks Inventory service log (/var/opt/novell/log/zenworks/inv/novell-zdm-inv.log) and found this entry repeated:

pid: 6075
Starting Inventory services. Please wait...
Corrupted or missing exceptions properties file. Using defaults.
Inventory Service Error Code 610
610: The Database Location policy is not configured.

So I started checking the logs for the LDAP error ....

- I verified that eDirectory was installed, running, and current:

server2:~ # ndsstat
Tree Name: OUR_TREE
Server Name: .CN=server2.O=OUR.T=OUR_TREE.
Binary Version: 10552.79
Root Most Entry Depth: 0
Product Version: eDirectory for Linux v8.7.3.7 [DS]

- I checked the namcd service:

server2:~ # rcnamcd status
Checking for LUM NAMCD daemon NAMCD is running

- I checked the nam.conf file configuration:

/etc/nam.conf file

- I checked to see that Server2 speaks LDAP:

banks2:~ # ldapconfig get -a cn=admin.o=our -w password | grep "TCP Port"
LDAP TCP Port: 389


At this point, I'm not sure how to create a plan to find and fix these problems. Are they related?

I have a hunch that I might have a certificate and/or authentication problem outside any eDirectory errors or Zenworks problems, but I don't have a lot of practical experience with "trace" and "dstrace" to find the problems. I inherited the current setup (so I don't have first-hand experience with the existing system design and configuration, just the administration and maintenance). Any thoughts or pointers would be greatly appreciated.


Mike O'Reilly