A Forum reader asked the following question:
"When adding servers through the ndsconfig command line, the nicifk does not get copied across, and is it a real problem. How do we overcome this? I have had a few failed installs and prefer not to start the install from scratch again."
And here's the response from Niklas Ekstedt ...
I had no problems whatsoever installing a new OES SP2 box; I selected not to configure OES during the install. After the install, I went into YaST and selected to configure eDirectory beneath Network Services. I pointed it to the CA server and specified in what context I wanted to have it installed. It worked like a charm, no problems at all.
I then retried the operation, this time from the shell using ndsconfig. Again it worked OK, but it wasn't able to start the LDAP TLS. This was because it hadn't created the SSL CertificateIP object, only the SSL CertificateDNS. I compared it to my CA server and found out that the /var/novell/nicifk file was missing. Again I retried the operation, this time using the following sequence of commands as root:
scp firstname.lastname@example.org:/var/novell/nici/nicifk ./ ndsconfig add -t
OES1BASE-TREE -n ou=srv.o=admin -a cn=admin.o=admin
You need to be doing the following as root:
What I do is that I change the active directory on the new server to /var/novell/nici - this is the directory where the NICI stuff is stored, assuming you're using eDirectory 8.7.3.x ...
scp email@example.com:/var/novell/nici/nicifk ./
Next, I use Secure Shell Copy (scp) to login as root and copy the /var/novell/nicifk file from my Certificate Authority server (22.214.171.124) into the active directory (./) This is the /var/novell/nici, as we used with the previous step.
ndsconfig add -t OES1BASE-TREE -n ou=srv.o=admin -a cn=admin.o=admin
Finally, I install the new server into the tree, OES1BASE-TREE, and place it in the srv.admin container. The install is done as user admin.admin.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.