really simple - discovered that the SSL certificates of the OES2 Linux
server were invalid/expired.
The action in iManager fails, and ndscheck reveals this in the log

Configuring HTTP service... Done
Configuring LDAP service... Failed to configure LDAP service: No access
An error has occured while configuring the Novell eDirectory Server.
Please look /var/opt/novell/eDirectory/log/ndsd.log file for more

The instance at /etc/opt/novell/eDirectory/conf/nds.conf is upgraded

ERROR: ndsconfig return value = 9.
harald:/etc/sysconfig/novell/ldap_servers # less
.CN=valdemar.OU=SERVICE.O=CFH.T... UP YES 0 m:0 s

ERROR -672: Failed to get server background process intervals.
Checking replication delta on the partition...
Maximum replica ring delta "0:2:43 (hh:mm:ss)"
Perishable delta on this server: "0:2:43 (hh:mm:ss)"
Skulk Interval: 0 (mm)

WARNING: Data in the replica ring of the partition ".T=CFHTREE." are
not synchronized for a period greater than the skulk interval 0 min

So ndsrepair -U and -R and -E on both servers alle succesfull, but
doesnt solve the problem.

Manual delete of the 2 SSL certificates from iManager also not
posssible - so whats next ?

The failing server is Master an CA, so one option is to move the Master
and CA roles to the other server, remove the replica completely and put
it back on again.

To sum things up:
1. we know we have 2 invalid SLL certs
2. normal methods of recreating these fails (imanager Repair Default
Cert or ndsconfig upgrade)

Would moving the master role be a risk ?

Any other easy-fix ?

bkelsen's Profile:
View this thread: