Possible Cause: After you have logged in using the Login to a Different Tree button, you might receive the message like Creation of Secure SSL LDAP context failed when administering a Kerberos Management role.
Action: The Kerberos Management role requires secure LDAP access to function properly. To set up secure access, see Configuring iManager for SSL/TLS Connection to eDirectory section in iManager Administration Guide.
Possible Cause: The Kerberos Login Method for NMAS requires a secure LDAP access to function properly.
Action: Configure iManager for SSL/TLS Connection to eDirectory. For more information, refer to the iManager Administration Guide.
Action: An "Unexpected end of part" error may be encountered during module package install when running iManager on a Windows IIS Web server with Tomcat. This is due to a known issue with uploading files through the Tomcat redirector for IIS. To successfully run a module package install, connect to iManager directly through Tomcat (for example, through port 8080).
For more information, refer to the iManager Administration Guide.
Possible Cause: The specified Fully Distinguished Name (FDN) might be invalid.
Action: Specify the correct FDN of the object.
Possible Cause: The Kerberos LDAP Extensions client (iManager) does not support the Kerberos LDAP Extensions installed on the eDirectory server.
Action: Upgrade both the Kerberos LDAP Extensions client and the server to the latest version.
Possible Cause: The connection between the Kerberos LDAP Extensions client (iManager) and the Kerberos LDAP Extensions installed on the eDirectory server is not secure.
Action: Configure iManager for SSL/TLS Connection to eDirectory. For more information, refer to the iManager Administration Guide.
Possible Cause: The resources required for processing the request might not be available. This may be due to many reasons such as insufficient memory, etc.
Possible Cause: The Server is running low in memory to process the request.
Possible Cause: The version of the Kerberos LDAP Extensions that you have does not support the request.
Action: Upgrade to the latest available version.
Possible Cause: The protocol version of the Kerberos LDAP Extensions client (iManager) does not match with that of the Kerberos LDAP Extensions installed on the eDirectory server.
Action: Upgrade both the Kerberos LDAP Extensions client and the server to the latest version.
Possible Cause: The Kerberos LDAP Extensions client (iManager) is unable to resolve to a Writable replica.
Action: If the writable/master replica is down, wait for sometime and try again.
Possible Cause: The requested encryption type is not supported by the Kerberos LDAP Extensions.
Action: Refer Creating a New Realm Object.
Possible Cause: The principal key information is corrupted and cannot be understood by the Kerberos LDAP Extensions.
Action: Manually delete the principal key and recreate it using the Setting a Password for the Kerberos Service Principal.
Possible Cause: Unable to read the master key from eDirectory for the specified realm.
Action: You might not have enough permissions to read the master key from eDirectory. If this is not the case, recreate the realm object with the master password.
Possible Cause: The master key information is corrupted and cannot be understood by the Kerberos LDAP Extensions.
Action: Recreate the realm object with the master password. Ensure that the master password is the same as the one specified previously while creating the realm. If the master password does not match with the previous one, all the principal keys encrypted with the old master password become unusable.
Possible Cause: No password options were specified while creating a principal object or the principal key attribute might have been deleted.
Action: Set the principal key using the Setting a Password for the Kerberos Service Principal.
Possible Cause: No master password was specified while creating the realm object or the master key attribute might have been deleted.
Action: Recreate the realm object with the master password. Ensure that the master password is same as the one specified previously while creating the realm. If the master password does not match with the previous one, all the principal keys encrypted with the old master password become unusable.
Possible Cause: The Kerberos LDAP Extensions Server is malfunctioning or the version of the Kerberos LDAP Extensions client (iManager) and Kerberos LDAP Extensions server do not match.
Action: Upgrade both the Kerberos LDAP Extensions client and the server to the latest version.
Possible Cause: The specified tree key type is not supported by the Kerberos LDAP Extensions
Action: Report this error to Novell Technical Support.
Possible Cause 1: The encrypted principal key has changed, but the syntax has been maintained
Possible Cause 2: The principal key has not been changed after changing the master key.
Possible Cause 3: The realm object has been recreated with a different master password.
Action: Delete the principal key and create the key again so that the principal key is encrypted with the latest master key.