Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

Setting Universal Password through iManager is throwing "NMAS LDAP Transport Error "

This document (7014457) is provided subject to the disclaimer at the end of this document.


iManager 2.7 SP7
eDirectory 8.8 SP8


Upgraded from to eDirectory 8.8.8.  When setting a user's Universal Password (UP) through iManager the error "NMAS LDAP Transport Error " is returned.  The issue is seen in StandAlone iManager and Workstation versions of iManager.
Running "ldapconfig get" shows there are no IP addresses for ldapInterfaces:
ldapInterfaces: ldap://:389,ldaps://:636
Note: this affects other operations besides setting a user's Universal Password.  Other tasks affected:
- Groups plugin (865164/893994)
- Radius plugin extending schema (914006)


Run ldapconfig get ldapInterfaces -a admin.novell  (change the user and context to your environment) to verify that the addresses are not shown for ldapInterfaces.
Change the ldapInterface to reflect the IP address on the server for each ldap port.
For example, on an eDirectory server with the address configured for both LDAP standard ports the following command can be used to correctly populate the configuration:
ldapconfig set "ldapInterfaces=ldap://, ldaps://" -a admin.novell


eDirectory 8.8.8 adds ldapInterfaces of:
Previously no interface was listed.  The Password Plugin is unable to locate the server when the interface is specified with no IP address

Additional Information

Note: there are three other conditions in which this error can be observed:

  1. If non-standard LDAP ports are being used on the server.
  2. The option 'Use Secure LDAP for auto-connection' under Configure iManager > Authentication has been unchecked. 
    By default this is checked.  The screen also warns some plugins may not work if this is unchecked.
  3. Use of a certificate signed by an external CA that is not trusted by the iManager/tomcat.
    Therefore, when iManager/tomcat goes to make a secure connection, it cannot.  To remedy, the CA needs to be imported into cacerts with the keytool utility.  For further information, look for tomcat documentation on "keytool -import -trustcacerts ...."


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7014457
  • Creation Date:27-JAN-14
  • Modified Date:16-MAY-16
    • NovellOpen Enterprise Server
    • SUSESUSE Linux Enterprise Server
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback