Home

Results 1 to 7 of 7

Thread: Exporting Users and their pwd's from eDirectory issue

  1. #1
    iammi NNTP User

    Exporting Users and their pwd's from eDirectory issue


    Hello evry one,

    We have recently set a TESTING environment of eDirectory from the
    PRODUCTION environment , all the users have been exported from
    PRODUCTION, their passwords ( Universal Passwords) too

    We are having NICI/NMAS error -1418 when attempting to set the
    universal passwords for the imported users on TESTING environment
    (http://www.novell.com/support/search...%200%209874168)

    Our environment is made up by 3 eDir servers

    1- Master : eDirectory for Linux v8.8 SP1 - NMAS 3.1.0.1-20060519
    2- Read/Write Replica : eDirectory for Linux x86_64 v8.8 SP6 - NMAS
    3.3.3.4-20110708
    3- Read/Write Replica : eDirectory for Linux x86_64 v8.8 SP6 - NMAS
    3.3.3.4-20110708


    The import from the PRODUCTION is ok and the replication is ok ( 0
    error )

    SDIDIAG on the master server shows the keys are OK ( unable to run on
    replicas because there is no SDIDIAG 64 bits )


    The problem is that when attempting to change the Universal Password
    for a given user via iManager NICI/NMAS error -1418 shows up on
    iMonitor trace

    It's most probably because Universal passwords have been encrypted in
    PRODUCTION environment with key 'A' and TESTING is attempting to decrypt
    them with key 'B' (another Key)

    My question is how to export the Universal password Encryption key from
    PRODUCTION environment to TESTING environment

    How to solve this issue

    Regards


    --
    iammi
    ------------------------------------------------------------------------
    iammi's Profile: http://forums.novell.com/member.php?userid=71308
    View this thread: http://forums.novell.com/showthread.php?t=454788


  2. #2
    ab NNTP User

    Re: Exporting Users and their pwd's from eDirectory issue

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    How did you export/import the users?

    Go through TID# 3455150 and post the resulting process.txt file contents
    here, or use the 'tkinfo.pl' tool to parse it and post the output from
    that here.

    Good luck.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.18 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJPjwzCAAoJEF+XTK08PnB5Gl0QALcl+JBS3T roLdytHFiQ6idj
    26Xd/GL6tkilBP456TaevbY1Pr83pjb6X4aOmm4IOweok7te0Mrv4xL LyrzzK2Zx
    or+AhmlxKQaFa3Kj0/zr5NwMbXFp5fyHnqZ69O24Y0sLyNfx6myK7o6ZsQDcqGmD
    1pdt20rB/EYsv+wbDRfzixvlsSg6d5PV4DqDamiFxAEhJo00raSYd4e6WsO lNwaz
    KKWqhfeOz5wKQbStPEW2Sp5c7yzLcQUVkDlpf7Uv/6uqHjNHhmPp+nTHxYSk4A6E
    ljzdikw3lvuqCJz+K/StdVZL3OhbXJUlfRmKyqZWlF1kNN+ZrvPe6l8c9/e9rDZS
    5gPXmKF7MDi+dZew1jFEz+WzZmGvN07/y+pnVvB4LWVVYigjs/I98WGK2DU5so38
    xejTb4GqSutN+WG6BPxAfUfXRPM0GHaEu4SHjAwilhy7xGaeoU Mh+xpNo6z7y0ka
    NJ/FfkaLRxK660ES/t1FIermvwKaOlsAGNazm8pl4675u5SPyibuFK406BaBTW6n
    zOtBSzB92r/6tYsyhay3ocuQv+Q8RT+6sm3mw9F9P6ij2RAIu5CP1o31s0EFA l/R
    BJ8XVkbYoeCKo2DddEJTlBvXUjNvDpgTioKRDVNDRxAhn2RskT MzOI41SCZgjXzo
    sfWltcbhKyqwXq5a1glg
    =O6vY
    -----END PGP SIGNATURE-----

  3. #3
    iammi NNTP User

    Re: Exporting Users and their pwd's from eDirectory issue


    Hello,

    'ab' thanks for your help

    This is the outcoming report : '-----Keys On Servers Report----- 4D EF
    F6 30 40 A6 3C D7 A4 2E A0 10 CF 0D 12 - Pastebin.com'
    (http://pastebin.com/i37uERKc)

    My servers are well-behaved !! but the error is still here


    You asked me "How did you export/import the users?", honestly that's
    not me who did this, that has been done by another consultant from
    another company I can not get the info.

    The question now is how to fix that ? since they may did a bad
    import/export of data

    What do you sugget?

    The idea I have is : how to clean up all password information for the
    users ?

    Regards,


    --
    iammi
    ------------------------------------------------------------------------
    iammi's Profile: http://forums.novell.com/member.php?userid=71308
    View this thread: http://forums.novell.com/showthread.php?t=454788


  4. #4
    iammi NNTP User

    Re: Exporting Users and their pwd's from eDirectory issue


    I tried 'Universal Password Removal Utility, Version 3'
    (http://support.novell.com/docs/Readm...e_5005380.html)

    The command as follow :
    Code:
    --------------------
    ./rmupwd -pwd 192.168.128.96 636 cert.der "cn=BACHA Aicha,ou=People,ou=Department,ou=FR,o=company" base cn=AdminLDAP,ou=Ressources,o=company MyPassword
    --------------------



    The error is as follow :


    Code:
    --------------------
    cn=BACHA Aicha,ou=People,ou=Department,ou=FR,o=company: password delete failed (-1697)
    --------------------



    It's Strange !

    Help is needed please


    --
    iammi
    ------------------------------------------------------------------------
    iammi's Profile: http://forums.novell.com/member.php?userid=71308
    View this thread: http://forums.novell.com/showthread.php?t=454788


  5. #5
    ab NNTP User

    Re: Exporting Users and their pwd's from eDirectory issue

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    If you are getting a -1418 then the problem is almost certainly that
    your keys are not working properly. This can happen if you create a
    test environment the wrong way, for example by copying the eDirectory
    DIB (the whole database) from one machine to another without copying the
    NICI files used for data encryption. The DIB will work, at least until
    you need to do something in the encryption area. If that is the case
    you should call your consultant and have them come back and do the job
    properly, or get a refund, or something else to correct that situations
    since a test environment that doesn't really match production
    semi-closely isn't a valid test environment at all (assuming "close to
    production" is the service for which you paid).

    To fix this, rebuild the environment by copying over the DIB as well as
    the required NICI files. The ndsrc.pl (shameless plug; Google for it)
    script does the backup of both at the same time to avoid this type of thing.

    Good luck.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.18 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJPkA3gAAoJEF+XTK08PnB5lMQQAI69kXQ9D6 BOYZSAQcImplwO
    2qR3flx5BHTh1Wj0lGrFwXQ01oZ527ecbcA8836+QpQvpIur5k 5SbvKcPtmPROfK
    sdjWF2jS4g/Xi9CgbmEAAkZg2AizKByy7c2K/2ajah+KsRqVnZ/hNKefe/aadDEM
    t1n2IZk+mJ7dT/C8oyd3sZ2Vrx54alDQjp1tXArU7bzYbSTliLe24W4FdV6juqLk
    Zg1UmIS31oEfLfCXFGYrBf5F4af/CC7PP0VJ9RB6doBCmaUR57TFI5ktVmYqkjPC
    sNhFGR0rSEtgf6a7TuCapS328XEj+f79nGq6TgBjraZHqLNtui 8WmWWIDZ9rqfli
    h8JZRNHzZllDFjz2MYS+BrUkqUsexgimn5zWuRXciQNfYsOZ5+ 4vicJDUbFqT0Tp
    qDhh/2ifNHiIeUvlUyCKfCN4+bbluowLepJAQnxzd0edGErvicWXwWz qdMhcuwCD
    cRELJMXgmWyuQ3ygIwCPpWcXRPUrftOmREaxuY3G+mZeg9/6nJt95aJByci3+z8i
    hhAWb+hMcikASNmwyYbQ1AGRloT+PYxuywUG91Ae8YMH7bPZcv nlW/fVwTLYK2Ho
    STdXAj2cYCdOtm/YR9zdsaFi6uEk/Srh3iQFK3bwKat7PATJAlAcIhmuCPOFiZ5h
    HGGXPJ7qbVvSDVq2XFDz
    =Mnbt
    -----END PGP SIGNATURE-----

  6. #6
    iammi NNTP User

    Re: Exporting Users and their pwd's from eDirectory issue


    Thank you 'ab


    So do you think I can correct this situation by copying NICI stuff
    without rebuilding from scratch ? or that's not possible and I have to
    rebuild from scratch ?

    Could you please tell me brefly the steps to copy NICI stuff properly
    ?

    In my opinion we must do a backup as stated here :'Important Notice'
    (http://www.novell.com/communities/no...ctory-88-linux)

    And performe a restore after that. how to restore exactly ? juste by
    copying files into the suitable locations ?


    Regards,


    --
    iammi
    ------------------------------------------------------------------------
    iammi's Profile: http://forums.novell.com/member.php?userid=71308
    View this thread: http://forums.novell.com/showthread.php?t=454788


  7. #7
    ab NNTP User

    Re: Exporting Users and their pwd's from eDirectory issue

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I've never used that CoolSolution before, just the 'ndsrc.pl' (still,
    Google for it) script. It is made to be restored by simply extracting
    the .tar from the root of the filesystem.

    Good luck.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.18 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJPkItxAAoJEF+XTK08PnB5/YcQALok13L2k7MDM0LTf3KUtIyX
    XYyxBLkR/LPBsN8yARaDLEhzRwN8fYOsFRdjF+NuqHU2T2r2kW8Ujgr5B4D 01J9n
    VsiUmanKqB+rbQcC3u9XCkqhjx9jiE8R3DBLn0fGOspk/OMVqCgu9ORwXeBiKJxX
    lkdK6N+Y+TaXO/3yoO4cw4XojxV5fp3mZesLRyUqSExx1Y9cIJ9/KtwvX3+lGiWl
    jQXEOmuIStEEkok7oUnYzqvA4U650twM+CD9BOuxJugqZihNVw RuV83i8dkSLNbS
    8P2rA5gFi76bL3heb6Ow9xkphuTy7ZpZUaaqHUM/8NnGFzCiHm+Y9dRAJWRzMtU2
    2hAe9smmGZR1IpgjXWLijUd+pw+Jog6mykFZjnIonfyPL66u5k fLUfrcc34kBSgj
    jFcBWN/y5X7ypQjZ7zQUose4I5rZrfAT1LRfdnXfb48Wl/Lrt7MaBqKo0khtrIy4
    96/wQvIX1uNdfa+qwa8j4v+4cuLUfm8rA+6UpQCUNlqqYF42ysVCW ipY5VEPtTFX
    Nthk2MuBD1aaQ4h8wcGG60SGNSdU2UNv1IC68wImBwn3I2iIge hCLvxGOJLxpHWC
    QPqJe0auaZw4/Zs882HQxoKBIRoK6MOY1R5K5hSlo5ytfEA7qMogo6jweNDKN2m 4
    exsWKhYizyBWY2UmkEV1
    =4698
    -----END PGP SIGNATURE-----

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •