How to change a common proxy user on OES2 SP3

  • 7009156
  • 11-Aug-2011
  • 21-Aug-2012

Environment


Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3

Situation

The same common-proxy account has been used on multiple server. This is not supported and recommended.

The common-proxy account has to be changed to a new common-proxy account.

Resolution

To change the common-proxy account follow the procedure below:
  1. Create new common proxy user using script"create_common_proxyuser.sh". To do so perform the following steps:
    # export OES_DATA=(password from admin)
    # export OES_PROXY_DATA=(password for new proxy account)
    # /opt/novell/proxymgmt/bin/create_common_proxyuser.sh cn=OESCommonProxy_(new),ou=...,o=... cn=(administrator),ou=...,o=... (LDAP Server) 636
  2. Update system wide common-proxy CASA store with new details:
    # /opt/novell/proxymgmt/bin/cp_update_proxy_cred.sh  
    This will ask for the common-proxy account and its password.
  3. Update /etc/opt/novell/proxymgmt/proxy_users.conf. Only the new common proxy FDN should be present. Remove the previous common proxy user FDN entry. This file could also contain service specific proxy users, these should not be removed.
  4. Now we do the move again:
    # /opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d cn=(admin) -w (password admin) -i (ldap server) -p 636 -s all
  5. Restart the server. All services should use the new common proxy.