Novell eDirectory 8.7.1 for NetWare Readme August 25, 2003 Table of Contents 1.0 Installation Issues 1.1 Prerequisites 1.2 Distributing Proper Versions of DSRepair to All Servers in the Tree 1.3 Upgrading from a Previous Version 1.4 Uninstalling eDirectory 1.5 Installing a NetWare 5.1 Server into an eDirectory 8.7.1 Tree 1.6 Video Cards and Driver Settings 1.7 Upgrading to NetWare 6 from NetWare 5.1 after eDirectory 8.7.1 Has Been Installed 1.8 Manually Extending the Schema Before Installation 2.0 Known Issues 2.1 iMonitor Issues 2.2 Avoiding or Recovering from LDAP KMO Errors 2.3 ConsoleOne Issues 2.4 SNMP Issues 2.5 eDirectory Service Manager Issues 2.6 Backup Issues 2.7 Certificate Server Issues 2.8 NMAS Issues 2.9 Replica Operations in Mixed Replica Rings 2.10 Netscape Schema Attributes 2.11 Increasing the Speed of Bulkloads 2.12 emboxmgr.nlm Issue 2.13 Creating LDAP Server and Group Objects in iManager 3.0 Documentation Issues 3.1 Viewing Documentation on the Product CD 3.2 Additional Readme Information 4.0 Legal Notices 1.0 Installation Issues 1.1 Prerequisites - NetWare 5.1 SP6 or later with JVM 1.3.1, or NetWare 6 SP3 Note: Installing eDirectory 8.7.1 on NetWare 5.0 is not supported. - If you are using RCONSOLE, you will need a ConsoleOne administrator workstation with the following: - A 200 MHz or faster processor - A minimum of 64 MB RAM (128MB recommended) - Novell Client for Windows NT/2000/XP version 4.9 or later or Novell Client for Windows 95/98 version 3.4 or later - In order for eDirectory 8.6.x or 8.7.x running on Microsoft Windows NT or 2000 to successfully communicate with NDS 6.x running on NetWare 4.11 or NetWare 4.2, NDS 6.17 or later must be running on the NetWare 4.x server. In addition, the following line must be added to the end of the autoexec.ncf file on the NetWare 4.x server: set dstrace = !ne Note: If DS.NLM is unloaded and reloaded without rebooting the server, the above set command must be executed after DS.NLM is loaded. For more information about this setting, see TID #2963473 in the Knowledgebase at http://support.novell.com. 1.2 Distributing Proper Versions of DSRepair to All Servers in the Tree For information on preparing an existing tree for an eDirectory 8.7.1 installation, see Updating the eDirectory Schema for NetWare in the Novell eDirectory 8.7.1 Administration Guide (http://www.novell.com/documentation/lg/edir871/i ndex.html). 1.3 Upgrading from a Previous Version 1.3.1 Prerequisites Before you upgrade to eDirectory 8.7.1, make sure you have the latest NDS and eDirectory patches installed on all non-eDirectory 8.7 servers in the tree. You can get NDS and eDirectory patches from the Novell Support Web site (http://support.novell.com). 1.3.2 Upgrading to Novell eDirectory 8.7.1 on a Double-byte System In previous releases of eDirectory, some index keys were built incorrectly in double-byte language (Japanese, Korean, or Chinese) systems. Because of the incorrect keys, some searches did not work correctly. This issue was resolved in Novell eDirectory 8.7. However, because existing eDirectory databases on these systems still have these incorrect keys, there might be times even after your upgrade to eDirectory 8.7.1 when eDirectory will report corruption errors that are due to incorrect keys. To resolve this issue, run dsrepair.nlm after the upgrade is complete and perform a physical rebuild of the database. This is only necessary if the database is a double-byte language database (Japanese, Korean, or Chinese). It is not necessary to run DSRepair after upgrading if you are not using one of these languages. 1.3.3 Certificate Server 2.0.1 Your CA server must be running Certificate Server 2.0.1 or later before installing a new server into the tree. You can determine which server is the CA by viewing the Certificate Authority object located in the Security container at the root of the tree. To verify the version of the Certificate Server software, check the module version number on pki.nlm (NetWare) or pki.dlm (Windows). If the Certificate Server software version on the CA server is out of date, install eDirectory 8.7.1 on the CA server first, then proceed to install eDirectory 8.7.1 on any additional servers. 1.3.4 X.509 and CertMutual Login Methods The X.509 and CertMutual login methods that shipped with eDirectory 8.6.x are not compatible with eDirectory 8.7.1. When you upgrade from 8.6.x to 8.7.1, you must upgrade the X.509 and CertMutual login methods as well. The Certificate-based NMAS methods in NMAS EE 2.0 are also incompatible with eDirectory 8.7.1. 1.3.5 Upgrading from eDirectory 8.6.2 or 8.7 to eDirectory 8.7.1 Upgrading from eDirectory 8.6.2 or 8.7 to eDirectory 8.7.1 rebuilds the LDAP Mapping table and re-adds the inetOrgPerson --> User mapping, causing any new objects created via LDAP to be of the User base class instead of the inetOrgPerson base class. This will only be an issue if you deleted the mapping for inetOrgPerson --> User and defined a real inetOrgperson Class in your previous version of eDirectory. The workaround for this problem is to use ConsoleOne to remove the mapping from the Class Mappings page of the LDAP Group Object. 1.4 Uninstalling eDirectory If you use NWCONFIG to uninstall eDirectory, follow these steps to reinstall eDirectory: 1. Use the following command to remove the eDirectory entry from the PRODUCTS.DAT file so you can reinstall eDirectory on the same server: uinstall edir 2. Edit the SYS:SYSTEM\SCHEMA\SCHEMA.CFG file and remove the comment markers from the NDPS*.SCH files. 3. From the NetWare console, run NWCONFIG. 4. Select Product Options. 5. Select Install a product not listed. 6. Specify the location containing the Novell eDirectory 8.7.1 installation package. 1.5 Installing a NetWare 5.1 Server into an eDirectory 8.7.1 Tree You must use the NetWare 5.1 SP6 Overlay install when installing a new NetWare 5.1 server into an existing eDirectory 8.7.1 tree. You can get the NetWare 5.1 SP6 Overlay from http://support.novell.com. 1.6 Video Cards and Driver Settings The eDirectory, ConsoleOne, Novell iManager, and eGuide installs use Java 1.3. This means that a minimum color depth of 8 bits (256 colors) is required by your video card and driver setting to run the installations properly. On NetWare, the video card must also be VESA-compliant. 1.7 Upgrading to NetWare 6 from NetWare 5.1 after eDirectory 8.7.1 Has Been Installed Follow these steps to upgrade a NetWare 5.1 server with eDirectory 8.7.1 to NetWare 6: 1. Use the NW6SP3 (or later) overlay, available from http://support.novell.com, to upgrade your server. 2. Prior to the upgrade, copy DSLOADER.NLM from C:\NWSERVER to C:\NWUPDATE. You might need to create C:\NWUPDATE. 3. Do not downgrade any files during the install. If you don't copy DSLOADER.NLM to C:\NWUPDATE, the following error message will occur: "The NetWare Loadable Module SYS:\SYSTEM\DIBMIG.NLM could not be loaded. (nwconfig-6-127). Press Enter to Continue." At this point, abort the install, copy C:\NWSERVER\DSLOADER.NLM to C:\NWUPDATE, and start the upgrade again. 1.8 Manually Extending the Schema Before Installation 1.8.1 Synchronizing Schema Extensions In some cases, schema extensions do not synchronize fast enough to the lower levels of a tree where the first new eDirectory 8.7.1 server is being installed for some features to be completely installed properly. One instance of this is the httpServer object schema definition, which might not synchronize to the server where the object instance needs to be created before the install code attempts to create it. In this particular instance, the failure to create the httpServer object schema definition is not fatal, as it only contains optional configuration information. This type of problem can be avoided by manually extending the schema in your tree before you install eDirectory 8.7.1, using the eDirectory 8.7.1 schema files located in the \nw\sys\system\schema directory on the eDirectory 8.7.1 CD. 1.8.2 Using NWConfig to Extend the Schema With the introduction of eDirectory 8.7, enhancements were made to the DSI that added more flexibility in extending the schema. Many of the schema files on the eDirectory 8.7.1 CD (located in the \nw\sys\system\schema directory) take advantage of this new functionality. If an older version of DSI.NLM or DSISCH.NLM (anything older than version 10411.14, dated September 26, 2002) is used by NWCONFIG.NLM to extend the new schema, the following error will occur: Error: Parsing the NDS500.sch file while extending schema. To avoid this error, do the following: 1. Copy NW\SYS\SYSTEM\DSI.NLM and NW\SYS\SYSTEM\DSISCH.NLM from the eDirectory 8.7.1 CD to the server that will do the schema extension. NOTE: This should be a server that holds a copy of the Root partition. 2. Copy the desired schema files from the eDirectory 8.7.1 CD to a temporary directory on the NetWare server. 3. Run NWCONFIG.NLM and use the Directory Services option to extend the schema. NOTE: There are some dependencies between the schema files in the NW\SYS\SYSTEM\SCHEMA directory. Due to these dependencies, we recommend that the schema files be extended in the order that is listed in the NW\SYS\SYSTEM\SCHEMA\SCHEMA.CFG file on the eDirectory 8.7.1 CD. When using NWConfig on a NetWare 5.1 server running NDS7, NDS8, eDirectory 8.5, or eDirectory 8.6.2, or on a NetWare 6 server running eDirectory 8.6.2, to extend the NDS500.sch file (or any other schema file in the NW\SYS\SYSTEM\SCHEMA directory on the eDirectory 8.7.1 CD), "Error: Parsing the NDS500.sch file while extending schema" is displayed. 2.0 Known Issues 2.1 iMonitor Issues 2.1.1 Browser Compatibility The iMonitor included with this release of eDirectory requires Internet Explorer 5.5 or later or Netscape 7.02 or later. 2.1.2 Browsing for Objects in iMonitor Containing Double-byte Characters When using iMonitor to browse an eDirectory tree for objects, an object with double-byte characters in the name might not hyperlink to the object properties correctly. This issue will be resolved in a future release of iMonitor. 2.1.3 Agent Health Check on a Single Server Tree The Agent Health check feature in iMonitor shows a Warning icon in the Results column when run on a single server tree because of the Perishable Data status. This does not mean that the tree is not healthy or that the Agent Health check is not working as designed. Perishable Data indicates the amount of data that has not yet been synchronized to at least one replica. A single server tree, by its nature, means that the data is always at risk for catastrophic failure because there is no other place that the data is replicated. If you lose the hard disk, you lose the data. If you don't want to view health check warnings about Perishable Data or Readable Replica Counts on your single server tree, you can turn off these health checks by editing the ndsimonhealth.ini file to change the following entries: perishable_data-active: OFF and ring_readable-Min_Marginal: 1 or ring_readable-active: OFF This will turn off the warnings for Readable Replica Count and Perishable Data. 2.1.4 iMonitor Report Does Not Save the Records of Each Hour The custom reports feature in iMonitor is designed to place the URL specified by the user into the saved report (the saved HTML file) when the custom report is created. That means that when you open a saved custom report that has been run, you will see the live (current) data instead of the data captured by the URL at the time the custom report is run. This issue will be resolved in a future release of iMonitor. 2.1.5 Clone DIB Set Error You will receive error -626 (All Referrals Failed) when generating a clone DIB set from a server that holds a replica that is anything other than a master replica. You should only clone from a server holding the master replica. 2.2 Avoiding or Recovering from LDAP KMO Errors If you are upgrading from NetWare 5.1 SP5, you should download and upgrade to the latest NICI version (2.4.2 or later) after applying SP5. Failure to do so might result in LDAP errors. SP5 should have installed NICI 2.0.1 but some problems have been reported in systems running 56-bit cryptography products at the time SP5 was installed. Upgrading to NICI 2.4.2 should correct any previous problem, and is a recommended upgrade for anyone still running NICI 2.0.1 or earlier. The latest version of NICI is available from http://download.novell.com as product NOVELL International Cryptographic Infrastructure. If you have not upgraded NICI, LDAP might report errors such as "SSL_CTX_use_KMO failed KMO support routines: SSL_CTX_use_KMO:NICI wrap/unwrap key failed (err = -1418)." If you experience such errors, you will need to recreate the KMO. 2.3 ConsoleOne Issues 2.3.1 Using ConsoleOne to Manage NetWare 4.x Servers In order to use ConsoleOne to manage a tree containing NetWare 4.x servers (DS v 6.17), IPX must be installed on the management client. Even if ConsoleOne is run from a NetWare box via a mapped drive on the client, the client machine on which ConsoleOne is running must be able to connect natively via IPX. 2.3.2 "Operation Failed" Error The error "Operation Failed. The required dependencies were not found. Please refer to Novell documentation for the required prerequisites." indicates that the DSAPI libraries installed by the Novell Client or the NetWare Installation are not available, but ConsoleOne is the latest version with the NJCL libraries that are trying to use the new APIs. To get the most recent libraries, reinstall the Novell Client (Novell Client for Windows NT/2000/XP version 4.9 or Novell Client for Windows 95/98 version 3.4 on a Windows server or workstation) or reinstall the latest eDirectory libraries, available on the eDirectory 8.7.1 CD. 2.3.3 Passwords Created with Extended Characters in ConsoleOne Cannot Log In to iManager If a User object is created in ConsoleOne with a password that contains extended characters, the user will get error -669 (Failed Authentication) when logging in to iManager with that password. Likewise, if a User object is created in iManager and the password contains extended characters, the user cannot log in to ConsoleOne. The workaround is to cut and paste the extended characters into the password text fields. 2.3.4 Using the Alt Key to Enter International Characters Using the Alt+number keys to enter international characters when naming objects in ConsoleOne causes the characters to display incorrectly. The workaround for this is to use an international keyboard or to copy the extended characters from Notepad or another Windows application into the ConsoleOne text field. Manually upgrading your JRE to version 1.4.1_02 will also fix this problem. 2.3.5 Novell Client Versions Required for ConsoleOne 1.3.6 ConsoleOne errors might be encountered during authentication and password modification operations when running on a Windows workstation with an older version of the Novell Client. ConsoleOne 1.3.6 on Windows requires one of the following: - Novell Client for Windows 95/98 version 3.4 or later - Novell Client for Windows NT/2000/XP version 4.9 or later 2.4 SNMP Issues 2.4.1 SNMP Group Object If the installation of the SNMP Group object fails, you can rectify this problem by executing the following command on the server console: snmpinst -c For example: snmpinst -c admin.novell.test-tree novell nds-server.novell.test-tree 2.4.2 Auto-Loading DSSNMPSA On NetWare, DSSNMPSA is not loaded by default. If you configure it to auto-load, save the credentials by selecting the Remember Password option when it is manually loaded. The INTERACTIVE option must be set to ON in the SYS:\ETC\DSSNMP.CFG file in order for DSSNMPSA to read the remembered credentials. 2.5 eDirectory Service Manager Issues 2.5.1 Service Manager Dependencies Some Service Manager modules, such as httpstk, have dependencies. On NetWare, these dependencies are not displayed in the information frame as they are on Windows. 2.5.2 Using Service Manager to Stop eDirectory If you use the eDirectory Service Manager in Novell iManager to stop eDirectory, restarting it through Service Manager is not possible. At the NetWare server console, enter the following: load DS 2.6 Backup Issues 2.6.1 Changes to Server-Specific Information Backup of server-specific information has been implemented using the Backup eMTool. See "Changes to Server Specific Information Backup (Netware Only)" in the "Backing Up and Restoring Novell eDirectory" chapter in the "Novell eDirectory 8.7.1 Administration Guide" (http://www.novell.com/documentation/beta/ edir871/index.html) for more information. If you are creating server-specific information backups using filesystem TSA, be aware that the bigger backup file size might be too large for your sys: volume. A user-specified file location is implemented to allow the file to be placed in a larger, more convenient location. 2.6.2 Performing a Backup from the eMBox Client on NetWare 5.1 If you perform a backup from the eMBox Client on NetWare 5.1 and do not include the full path to the backup log file, you will get error -2, Unable to Open Log File. To fix this problem, use -l sys:/backup/dsbackup.log instead of -l dsbackup.log. 2.7 Certificate Server Issues 2.7.1 Extractable Keys Support When creating the Organizational CA object or Server Certificate objects (also known as KMOs), extractable keys are supported only if the server you selected for the key pair generation is running eDirectory 8.6 or later on NetWare and NT platforms, or if running eDirectory 8.7 or later for UNIX platforms. If you are attempting to make the keys extractable on an unsupported platform, you will receive a -1222 error. 2.7.2 iManager CRL Creation iManager CRL creation creates the CRL object but doesn't populate the object with the selected Certificate Revocation List. You must modify the CRL object after it has been created and import the Certificate Revocation List. 2.7.3 Using iManager to Create Certificates for Multiple Users To create certificates for multiple users in iManager, use the Create User Certificate task under the Certificate Server role. This will allow the administrator to select a list of users and create a certificate for each selected user. 2.7.4 Removing a Server from eDirectory When removing a server from eDirectory and then reinstalling it into the same context with the same name, a successful reinstallation occurs only if the SAS Service object representing the removed server is also deleted, if it existed. For example, for a server named MYSERVER, a SAS object named SAS Service - MYSERVER could exist in the same container as the server. This SAS object must be manually deleted (using ConsoleOne) after the server is removed from the tree, but before the server is reinstalled into the tree. IMPORTANT: If the server is the Organizational CA or the SD Key server, you must complete some additional steps. These steps are documented in TID 10056795 (entitled Certificate Server Issues: Removing a Server from a Tree). You can search for this TID in the Novell Knowledgebase (http://support.novell.com). The default server certificates created for the server should also be removed so that they will get recreated when the server is reinserted. These certificates are SSL Certificate IP - MYSERVER and SSL Certificate DNS - MYSERVER. You should be careful when deleting these certificates. If data has been encrypted using either of these certificates, the data must be retrieved before the certificates are deleted. 2.7.5 Importing CRL Data onto CRL Object The CRL file is not inserted into eDirectory when creating a CRL object. After creating the CRL object, modify the object and select import. Select the file again and it will be properly imported. 2.7.6 Long DNS Names and Long Server Names Novell Certificate Server automatically creates server certificates for all the IP and DNS addresses configured on the box. You might receive the following error during the installation of Novell Certificate Server if the combination of the server name and the DNS name is 54 characters or greater due to the maximum object name length of 64 characters: "The PKI install was unable to create the default IP and DNS certificates. Error -613. Do you want to retry?"The -613 error is not a fatal error; however, Novell Certificate Server will not be able to create the auto-generated certificates which match the long DNS name. To avoid this problem with future servers, make sure that the combined number of characters of the DNS name and the server name is fewer than 54 characters. To fix this problem on an existing server, use ConsoleOne or iManager to manually create a server certificate using the DNS name or the IP address as the certificate subject name, depending on the needs of your applications. See the Novell Certificate Server Administration Guide (http://www.novell.com/documentation/lg/cr t252/index.html) for instructions on how to create server certificates. After the server certificate is created, the applications (Apache, Tomcat, etc.) on which you want to use the new server certificate will need to be configured to do so. 2.8 NMAS Issues 2.8.1 Installation Issue You must have the NICI Client installed on each client that will run ConsoleOne and NMAS software. 2.8.2 Methods and Sequences Issues - If a login method's snap-ins are already present and you try to install the same login method again, you will receive a failed status displayed in the login methods installation summary dialog. This occurs only when running ConsoleOne from the server. - nmasinst does not have an option to remove NMAS methods. This must be done using ConsoleOne. See the NMAS Administration Guide (http://www.novell.com/documentation/lg /nmas22) for more information. - For products to use NMAS login methods properly, at least one NetWare 6.5 server in the eDirectory partition needs to hold a R/W replica of the User objects that will be using NMAS. - Snap-ins for managing the Enhanced Password login method can be installed into ConsoleOne by executing \nmas\consoleone\snapininstall.exe. - If you do not restart the server after installing NMAS and you try to reset passwords, you will receive an error message. - Two password methods, such as Simple and Enhanced, cannot be used in an AND sequence if the Novell Client is set to display the password field, which it is by default. - If you use a login sequence that has a non-password method (for example, the X509 method) followed by a password method (for example, the simple password method), the user must enter the credential for the password method in the initial Novell Client Login Dialog Password field before providing the non-password credential. After entering the credential for the password method, the user will then be prompted to enter the password to unwrap the certificate, thus providing the credential for the non-password method. 2.8.3 Administration Issues - Updating ConsoleOne from 1.2d to 1.3.6 does not update the products.dat file on the NetWare server. - NMAS does not support AIX 4.3.3. - The simple password is used for various authentication services in NetWare 6.5. This includes the authentication support for CIFS and AFP. A problem might arise if you set or change a user's simple password from the ConsoleOne administrative snap-ins using Force Password Change. If you experience problems setting an initial password, you might need to check the Force Password Change check box. If the user already has a password set, Force Password Change might not work unless you remove the current password and specify a new one. - You must give explicit rights to users with graded authentication. Inherited rights do not work. For example, an administrator's Supervisor right is defined at the [Root] container. Rights for the administrator are not defined in the volume object. So if the administrator changes the volume's security label from Logged In to any other security label, the administrator cannot get the appropriate rights. The administrator must assign explicit rights to the volume, directories or files in the volume. - When you disable a user's NDS password, the NDS password is set to an arbitrary value that is unknown to the user. When Universal Password is enabled, the Universal Password attribute is set with this same arbitrary value, causing the simple password and the enhanced password methods to become disabled. Disabling an NDS password on a fully-enabled Universal Password system will also disable other employed methods, including the simple password and enhanced password methods. - Novell iManager provides a Universal Password task that allows you to enable and disable Universal Password. This page also displays the option for NMAS to automatically synchronize the Universal Password with the Simple password whenever a user performs a password update. If you are concerned about the security properties of Simple Password, you can choose not to synchronize the Universal Password with the simple password by unchecking this option. If you have NetWare 6.0 servers in the Tree that contain AFP/CIFS users, you should check the option to synchronize the Universal Password with the simple password. - If you add an eDirectory 8.7.1 server to an existing Tree or upgrade eDirectory 8.7 that has NMAS and the simple password method installed to eDirectory 8.7.1, users authenticating through LDAP might find that the Universal Password did not synchronize with the simple password. Configuring NMAS and simple password method once again on eDirectory 8.7.1 will resolve the issue. - The NDS password will not be migrated to the Universal Password when doing an LDAP bind. 2.8.4 NMAS Client Issue When a user logs into a tree other than the preferred tree using the client, the client incorrectly queries the preferred tree to find the User object. If a User object with the same name exists in the preferred tree, the client will use that User object, which results in the login failing with a -601 error (No Such Object). This is because the wrong tree was used. This issue will be resolved in the next release of the client. 2.9 Replica Operations in Mixed Replica Rings Because NetWare 4.x servers can't speak to UNIX (IP) servers, replica operations in mixed (NetWare 4.x and UNIX) rings might never proceed to completion. Additionally, when NetWare 4.x is the master of that partition, certain operations will always fail to complete. NetWare 4.x should never hold the master replica of a partition, and including NetWare 4.x servers in a replica ring with UNIX or Windows servers could cause operations to hang or remain in a state of partial completion. We recommend upgrading from NetWare 4.x to an IP-capable version of NetWare. 2.10 Netscape Schema Attributes The Netscape-related attributes have been removed from the default schema installed with LDAP in eDirectory 8.7.1. If you want to use those attributes, they will be present in a tree that was installed prior to eDirectory 8.7.1, or you can add them to any new trees by using the Novell Import Conversion Export utility to run the netscape-mappings.ldif file in the schema directory on the eDirectory 8.7.1 CD. 2.11 Increasing the Speed of Bulkloads To increase the speed of bulkloads when creating new eDirectory trees, disable Universal Password until the load is complete. For more information, see the Universal Password Deployment Guide (http://www.novell.com/documentation/lg/nw65/univ ersal_password/data/front.html). 2.12 emboxmgr.nlm Issue emboxmgr.nlm leaks memory when you use the eMBox Client to perform many simultaneous backups or local repairs. This issue will be fixed in an upcoming release of eDirectory. 2.13 Creating LDAP Server and Group Objects in iManager If you use Novell iManager to create LDAP Server and Group objects, click LDAP > LDAP Overview > select the new LDAP Server object > General > Information > Refresh after the LDAP objects have been created. 3.0 Documentation Issues 3.1 Viewing Documentation on the Product CD This product CD contains documentation for the following products: - Novell eDirectory \documentation\english\edir87\edir871.pdf \documentation\english\edir87\qsedir871.pdf - Novell Client \documentation\english\noclienu\noclienu.pdf - Novell Certificate Server \documentation\english\certserv\certserv_admin. pdf - ConsoleOne 1.3.6 \documentation\english\consol13\c1_enu.pdf - Novell Modular Authentication Services (NMAS) \documentation\english\nmas\doc\nmas_admin.pdf - Novell International Cryptography Infrastructure (NICI) \documentation\english\nici\nici admin guide.pdf 3.2 Additional Readme Information For information on additional eDirectory issues for this release, refer to Solution #10073723, titled "Novell eDirectory 8.7.x Readme Addendum," in the Novell Knowledge Base (http://support.novell.com). 4.0 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. You may not export or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside. Copyright © 2003 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher. U.S. Patent No. 5,608,903; 5,671,414; 5,677,851; 5,758,344; 5,784,560; 5,794,232; 5,818,936; 5,832,275; 5,832,483; 5,832,487; 5,870,739; 5,873,079; 5,878,415; 5,884,304; 5,913,025; 5,919,257; 5,933,826. U.S and Foreign Patents Pending. Novell, NetWare, and ConsoleOne are registered trademarks of Novell, Inc. in the United States and other countries. eDirectory, Novell Client, Novell Certificate Server, and Novell Modular Authentication Service are trademarks of Novell, Inc. All third-party products are the property of their respective owners. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org). Please refer to \documentation\english\license\license.txt on the eDirectory CD for additional information and license terms.