During the primary admin console upgrade an error is shown.

ldap_bind: Invalid credentials (49)
additional info: NDS error: failed authentication (-669)
sed: can't read /tmp/ldif_bkp/SCC9erdwq_oauth2cfg.ldif: No such file or directory
sed: can't read /tmp/ldif_bkp/SCC9erdwq_oauth2cfg.ldif: No such file or directory

There is no option to "retry" and all these temp files are deleted in the process.
Parts of the configuration are backed up during the upgrade, using ICE and restored after the upgrade.

Digging a little deeper in the /tmp/novell_access_manager/backup/upgrade_edir log files :

--------------------------------------
Schema changes for nidsOAuth2CFGXML attribute
NetIQ Import Convert Export utility for NetIQ eDirectory
version: 40102.30
Copyright (c) 2013 NetIQ Corporation and its affiliates. All Rights Reserved. U.S. Patent No. 6,915,287.
Source Handler: ICE LDAP handler for NetIQ eDirectory (version: 40102.30 )
Destination Handler: ICE LDIF handler for NetIQ eDirectory (version: 40102.30 )
the command line argument: b needs a value
You may type 'ice' to see the command line help.

Options Used:
-v -C -n -S LDAP -v -L /var/opt/novell/eDirectory/data/SSCert.der -s 192.168.1.30 -p 636 -d cn=admin,o=novell -b -a nidsOAuth2CFGXML -c base -D LDIF -v -f /tmp/ldif_bkp/SCC9erdwq_oauth2cfg.ldif
modifying entry "cn=OATjm2y7a,cn=OACrnngve,cn=SCC9erdwq,cn=cluster ,cn=nids,ou=accessManagerContainer,o=novell "
---------------------------------------

Looking at the ac_upgrade script and it turns out there's an error in there ..
Turns out that this was already described here (https://forums.novell.com/showthread...script-failure)


However .. A liitle bit after this point :

---------------------------------------
INFO: New ldap connection created
AG Policy TypeSpec upgraded!!
Updating the Oauth tenant XML in 4.5
Modifying nidsOAuthTenantXML:OpenIdMetadata:response_types and response_modes
Found the oauth container
Found the tenant container
Modifying the tenant xml to update openIDmetadata
Updating OAuth2Config XML in 4.5
Modifying oauth2cfgXML:Scope:name=urn:netiq.com:nam:scopeauth:registration:read
Found the oauth container
Found the tenant container
Inside updateOAuth2CFGXML
java.lang.NullPointerException
at com.volera.vcdn.application.sc.core.InstallManager .modifyOauthScopeDesc(InstallManager.java:4898)
at DatastoreManager.upgrade(DatastoreManager.java:166 5)
at DatastoreManager.main(DatastoreManager.java:1804)
---------------------------------------


The result :
All the OAuth Resource Servers definitions are gone, including the default ones.
And all the Client applications are gone.

So my initial guess was, lets recreate them.
Recreating the Resource Servers went fine, no issues there
However, recreating the client applications result in an "Unexpected error".
Looking at the logs :

---------------------------------------
May 03, 2019 5:14:27 PM com.novell.nam.nidp.oauth.config.rest.RegisterClie nt register
INFO: registering client as admin
May 03, 2019 5:14:27 PM com.novell.nam.nidp.oauth.config.OAuth2ConfigManag er configure
INFO: loading tenant :nam
May 03, 2019 5:14:28 PM com.novell.nam.nidp.oauth.config.OAuth2ConfigManag er loadAssertionIssuersConfig
WARNING: Assertion Issuers configuration not available or could not load Assertion Issuers configuration.
May 03, 2019 5:14:28 PM com.novell.nam.nidp.oauth.config.rest.RegisterClie nt register
SEVERE: The client registration failed
May 03, 2019 5:14:28 PM org.glassfish.jersey.filter.LoggingFilter log
INFO: 12 * Server responded with a response on thread https-jsse-nio-192.168.1.30-8443-exec-7
12 < 401
12 < Content-Type: application/json
---------------------------------------

So i tried to add a Assertion Issuers, i specified all the parameters, however the "Ok" button doesn't do anything, and there's no entry in any of the log files ...

The strangest thing is, when i use iManager or a LDAP client i cal still find all the registered client although they don't show up

Container cn=OAC3g1wrf,cn=OACCditn0y,cn=OATjm2y7a,cn=OACrnng ve,cn=SCC9erdwq,cn=cluster,cn=nids,ou=accessManage rContainer,o=novell
contain my six oauth clients (looked at attribute nidsOAuthClientXML)

So now i'm not sure whether is an update/eDirectory issue or an iManager issue, whether this was caused by the upgrade error or if anything else is wrong.

Of course none of the oauth clients works anymore ....


Does anybody have any idea ............