4.6 eDirectory Tasks
This section describes eDirectory tasks.
4.6.1 Resolving Multiple Security Containers,
Organizational CAs, KAP Containers, and W0 Objects
Novell Certificate Server can be installed on multiple servers
in an eDirectory tree. However, for Novell Certificate Server to
function properly, only one Security container, Organizational CA, KAP
container, and W0 object should exist in the tree.
If you are installing Novell Certificate Server on multiple
servers in an eDirectory tree, you must allow eDirectory to replicate
between each installation of Novell Certificate Server. If you do
not allow eDirectory to replicate, your installation to another
server might not recognize that the tree already has a Security
container, an Organizational CA, a KAP container, and a W0 object
and might re[nbhyph]create these objects on another server in
the same eDirectory tree.
The items below describe possible scenarios and how to resolve
them.
- If you have two or more Security containers
in the same eDirectory tree and each contains an Organizational
CA, and a KAP container with a W0 object, do not issue any certificates. Contact
Novell Support for help in resolving this.
- If you have one Security container that contains
two KAP containers in the same eDirectory tree, do not issue any
certificates. Contact Novell Support for help in resolving this.
- If you have one Security container that contains
two Organizational CAs and one KAP container with a W0 object in
the same eDirectory tree, delete every server and user certificate issued
by both Organizational CAs. Then, delete both CAs and create a new
Organizational CA. Issue new server and user certificates as needed.
- If you have two or more Security containers in the
same eDirectory tree and each contains an Organizational CA, but
only one contains a KAP container with a W0 object, delete every server
and user certificate issued by all Organizational CAs. Delete all
the Security containers without the KAP container and W0 object.
If the remaining Security container is not named Security,
rename it to Security. Issue new server and
user certificates as needed.
- If you have two or more Security containers in the
same eDirectory tree and only one contains an Organizational CA
and a KAP container with a W0 object, delete all the Security containers without
the KAP container and W0 object. If the remaining Security container
is not named Security, rename it to Security.
4.6.2 Restoring or Re[nbhyph]creating a
Security Container
If you delete the Security container, you cannot create an
Organizational Certificate Authority until you have restored or
re[nbhyph]created the security container.
To restore the security container, you must restore the eDirectory
partition containing the Security container.
To re[nbhyph]create the Security container, use one of two
methods:
- Using iManager, click eDirectory Administration
> Create Object. Click Tree's Security Container, then click OK.
The container name must be Security.
- Reinstall Novell Certificate Server on any server
in the eDirectory tree.
4.6.3 Restoring or Re[nbhyph]creating KAP
and W0
Do not delete the KAP or W0 objects. Doing so invalidates
all previously created User certificates. If you delete one of these
objects, see TID #10053572,
How to Restore or Recreate KAP and W0 Objects, for information on
how to resolve this problem. You should not attempt further installations
of Novell Certificate Server, Single Sign-on, NMAS, NetWare or eDirectory
until the problems have been corrected.