Novell Home

My Favorites

Close

Please to see your favorites.

Error: "Status: 500 Internal Server Error, Description: Datastore Error" when trying to access formfill page using external secret store

This document (7006437) is provided subject to the disclaimer at the end of this document.

Environment

Novell Access Manager 4.0
Novell Access Manager 3.2
Novell Access Manager 3.1
eDirectory user store running on SLES 11 x86-64 OS
eDirectory user store running on SLES 10 x86-64 OS
eDirectory version running is 8.8 SP5 32/64 bit or greater


Situation

Formfill policy defined that reads and writes secrets to a remote eDirectory LDAP user store.
The LDAP replica has the option 'Install NMAS SAML method' enabled
The remote eDir has the SAML methods installed

When a user tries to fill the HTML form using the FormFill policy enabled on the protected resource, the following error is reported on the browser:

Status: 500 Internal Server Error, Description: Datastore Error

Even with auto submit disabled, we get this error - the attributes that we try and fill with secret store cannot be read or written. Looking at the DSTRACE output on the LDAP user store (with +NMAS, LDAP and TIME flags enabled), the following error is reported

DSTRACE Says -

4128168848 NMAS:  6: Create NMAS Session
4128168848 NMAS:  6: SASL SAML started
4128168848 NMAS: SASL Mechanism [SAML] not available:
4128168848 NMAS: Available SASL Mechanisms:
4128168848 NMAS: [NMAS_LOGIN]
4128168848 NMAS:  6: ERROR: -1693 SASL_DoMechanism: NMAS_InvokeMechanism
4128168848 NMAS:  6: Client Session Destroy Request
4128168848 NMAS:  6: Destroy NMAS Session
4128168848 NMAS:  6: Aborted Session Destroyed (with MAF)
4128168848 LDAP: Failed to authenticate full context on connection 0x15160280,
err = -1693 (0xfffff963)

Resolution

Install  the 'compat-2009.1.19-2.2.i586.rpm' on the SLES 11.0 server running eDir 885-32/64 bit or greater. The SAML NMAS method has a dependency on the module  libstdc++-libc6.2-2.so.3 and if it's not present, it won't load and will cause all the problem. This is required for the SAML NMAS method used by eDir and it's supporting libraries to initialise correctly. Once done, the IDP Cluster can use eDir for Secret Store without problems.

For SLES 11 x86-32 and x86-64 builds, this compat module is still required. The compat rpms are located in the SLES11-Extras repository, which is not enabled by default.

YaST2 | Software | Software Repositories | Configuration | Repositories | "Enable" the "SLES11-Extras" repository | OK

Once the SLES11-Extras is enabled, search for and install the appropriate compat rpm per architecture below.

SLES 11 32bit - compat (compat-2009.1.19-2.1)
SLES 11 64bit - compat-32bit  (compat-32bit-2009.1.19-2.1)

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7006437
  • Creation Date:13-JUL-10
  • Modified Date:17-SEP-14
    • NetIQAccess Manager (NAM)

Did this document solve your problem? Provide Feedback