Workaround for TLS Port Not Listening in Linux OES SP2

Novell Cool Solutions: Tip
By Hema Joshi

Troubleshooting SSL port not listening issue when eDirectory is configured through ndsconfig after completing the installation of Linux OES-SP2

Intended Audience:

Test engineers of eDirectory and help desk engineers who will be installing only the OS in all the systems as part of lab setup and configuring eDirectory at the later stages.

Problem:

Install Linux OES-SP2 completely by choosing the configure later option and then configure eDirectory. The message "TLS port is not listening" is displayed, hence could not perform TLS/SSL operations.

The following is the description of the issue:

1. Start Installing Linux OES-SP2
2. Select Configure Later option and complete the installation.
3. Configure eDirectory with ndsconfig
   

   st-fc-lnx-26:~ # ndsconfig new -t test-tree -n o=novell -a cn=admin.o=novell
   	Enter the password for cn=admin.o=novell:
   	Re-enter the password for cn=admin.o=novell:
   	HTTP Port 8008 already in use...
   	Please enter another HTTP port ( > 1023 ): 8028
   	Starting the service 'ndsd'... Done.
   	Configuring Novell eDirectory server with following parameters
           		Admin name      = cn=admin.o=novell
           		Tree name       = test-tree
           		Server Context  = o=novell
           		dibdir path     = /var/nds/dib
   
   	Searching for Duplicate Tree Name in the network.  Please wait...
    	Configuring Novell eDirectory Server ...
   
   	Novell eDirectory Server successfully configured on this system.
   	Extending schema...
   	For more details view schema extension logfile: /var/nds/schema.log
   	Schema extended successfully.
   	Configuring SAS service ...
   	Successfully configured SAS service
   	Configuring NMAS service ...
   	Successfully configured NMAS service
   	Configuring LDAP Server with default SSL CertificateDNS certificate
   	Done
   	Checking the status of LDAP services...
   	Novell eDirectory LDAP Server TCP port is listening.
   	Novell eDirectory LDAP Server TLS port is not listening.
   	st-fc-lnx-26:~ #

4. No SSL/TLS operations can be perfomed.

The root cause of this problem being NICI getting installed in client mode. Where as NICI to be installed in server mode in order to carry out SSL/TLS operations.

Solution:

1. Mount eDirectory 873 or 88 builds folder and run nici_test_mode to confirm NICI is installed in client mode:

   st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup # ./nici_mode_test

   WARNING!! NICI is installed in CLIENT mode.

   eDirectory will not be completely functional with NICI installed in CLIENT mode.

   You may want to provide proper license file to get NICI installed in SERVER mode.

   st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup #

2. Look to see if the nicifk file under /var/novell/nici is missing:

   st-fc-lnx-26:/ # ls /var/novell/nici
   	.  ..  0  nicimud  primenici  xmgrcfg.nif  xmgrcfg.wks
   	st-fc-lnx-26:/ #

3. Copy the nicifk file from any other eDirectory server:

   st-fc-lnx-26:/var/novell/nici # ftp 164.99.156.7
   	Connected to 164.99.156.7.
   	220 st-fc-sol-7.blr.novell.com FTP server ready.
   	Name (164.99.156.7:root): root
   	331 Password required for root.
   	Password:
   	230 User root logged in.
   	Remote system type is UNIX.
   	Using binary mode to transfer files.
   	ftp> bin
   	257 "/var/novell/nici" is current directory.
   	ftp> ls
   	229 Entering Extended Passive Mode (|||43117|)
   	150 Opening ASCII mode data connection for /bin/ls.
   	total 522Look out whether  nicifk  file under  /var/novell/nici is missing.
   	drwx------   2 root     other        512 Oct 18 17:20 0
   	-rw-r--r--   1 root     other      13440 Oct 19 09:56 nicifk
   	-r--r--r--   1 root     bin        13440 Sep 25 23:35 nicifk.new
   	-rwsr-xr-x   1 root     bin        11004 Sep 25 23:34 nicimud
   	-rwx------   1 root     bin       194340 Sep 25 23:35 primenici
   	-r-x------   1 root     bin         2661 Oct 31 12:14 set_server_mode
   	-rw-r--r--   1 root     other       1222 Oct 19 09:56 xarchive.000
   	-rw-r--r--   1 root     other      12016 Oct 19 09:56 xmgrcfg.nif
   	-r--r--r--   1 root     bin         3853 Sep 25 23:35 xmgrcfg.wks
   	226 Transfer complete.
   	ftp> 
   
   	ftp> mget ./nicifk .
   	mget ./nicifk [anpqy?]? y
   	229 Entering Extended Passive Mode (|||49320|)
   	150 Opening BINARY mode data connection for ./nicifk (13440 bytes).
   	100% |*********************************| 13440       1.28 MB/s    00:00 ETA
   	226 Transfer complete.
   	13440 bytes received in 00:00 (325.37 KB/s)
   	mget 0 [anpqy?]? q
   	mget aborted.
   	ftp>

4. Confirm the nicifk is copied to /var/novell/nici:

   st-fc-lnx-26:/var/novell/nici # ls
   	.  ..  0  nicifk  nicimud  primenici  xmgrcfg.nif  xmgrcfg.wks

5. Run primenici to change nici to server mode:

   st-fc-lnx-26:/var/novell/nici # ./primenici
   	Initializing NICI ... done.
   	st-fc-lnx-26:/var/novell/nici #

6. Now check the mode of nici:

   st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup # ./nici_mode_test
   	Count = 1
   	NICI is installed in SERVER mode.
   	st-fc-lnx-26:/mnt/Released-Builds/eDirectory_873/Linux/setup #

7. Deconfigure the old tree:

   st-fc-lnx-26:/ # ndsconfig rm -a cn=admin.o=novell
   	Enter the password for cn=admin.o=novell:
           		dibdir path = /var/nds/dib
   	Deconfiguring Novell eDirectory might cause problems in the operation of 
   	modules dependent on eDirectory.  Do you wish to continue? (y/n) : y
   	Logging into the tree as "cn=admin.o=novell". Please Wait ...
   	Novell eDirectory Server was successfully deconfigured.
   	Stopping the service 'ndsd'... Done.	
   	st-fc-lnx-26:/ #

8. Now configure the new tree:

   st-fc-lnx-26:/ # ndsconfig new -t test-tree1 -n o=novell -a cn=admin.o=novell
   	Enter the password for cn=admin.o=novell:
   	Re-enter the password for cn=admin.o=novell:
   	HTTP Port 8008 already in use...
   	Please enter another HTTP port ( > 1023 ): 8028
   	Starting the service 'ndsd'... Done.
   	Configuring Novell eDirectory server with following parameters
           		Admin name      = cn=admin.o=novell
           		Tree name       = test-tree1
           		Server Context  = o=novell
   		dibdir path     = /var/nds/dib
   
   	Searching for Duplicate Tree Name in the network.  Please wait...
   	Configuring Novell eDirectory Server ...
   
   	Novell eDirectory Server successfully configured on this system.
   	Extending schema...
   	For more details view schema extension logfile: /var/nds/schema.log
   	Schema extended successfully.
   	Configuring SAS service ...
   	Successfully configured SAS service
   	Configuring NMAS service ...
   	Successfully configured NMAS service
   	Configuring LDAP Server with default SSL CertificateDNS certificate
   	Done
   	Checking the status of LDAP services...
   	Novell eDirectory LDAP Server TCP port is listening.
   	Novell eDirectory LDAP Server TLS port is listening.
   	st-fc-lnx-26:/ #

Conclusion:

This work around will avoid reinstalling of OES just because of not configuring eDirectory during OS installation which made SSL/TLS operations impossible.



Like what you see?
Sign up for our weekly newsletter. 

Want to contribute?
It could earn you a nano! Learn more. 

Like Wikis?
Join the Cool Solutions Wiki. 

Interested? Request a sales call



Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

• Feedback
• Print
  •  
  • Full
  • Simple
•  
• Request a Call
• Follow Novell
  •  
  • Facebook
  • YouTube
  • Twitter
  • LinkedIn
  • Novell Newsletter Subscription
  • RSS