4.8 eDirectory Tasks

4.8.1 Resolving Multiple Security Containers, Organizational CAs, KAP Containers, and W0 Objects

Novell Certificate Server can be installed on multiple servers in an eDirectory tree. However, for Novell Certificate Server to function properly, only one Security container, Organizational CA, KAP container, and W0 object should exist in the tree.

If you are installing Novell Certificate Server on multiple servers in an eDirectory tree, you must allow eDirectory to replicate between each installation of Novell Certificate Server. If you do not allow eDirectory to replicate, your installation to another server might not recognize that the tree already has a Security container, an Organizational CA, a KAP container, and a W0 object and might re‑create these objects on another server in the same eDirectory tree.

The items below describe possible scenarios and how to resolve them.

  • If you have two or more Security containers in the same eDirectory tree and each contains an Organizational CA, and a KAP container with a W0 object, do not issue any certificates. Contact Technical Support for help in resolving this.

  • If you have one Security container that contains two KAP containers in the same eDirectory tree, do not issue any certificates. Contact Technical Support for help in resolving this.

  • If you have one Security container that contains two Organizational CAs and one KAP container with a W0 object in the same eDirectory tree, delete every server and user certificate issued by both Organizational CAs. Then, delete both CAs and create a new Organizational CA. Issue new server and user certificates as needed.

  • If you have two or more Security containers in the same eDirectory tree and each contains an Organizational CA, but only one contains a KAP container with a W0 object, delete every server and user certificate issued by all Organizational CAs. Delete all the Security containers without the KAP container and W0 object. If the remaining Security container is not named Security, rename it to Security. Issue new server and user certificates as needed.

  • If you have two or more Security containers in the same eDirectory tree and only one contains an Organizational CA and a KAP container with a W0 object, delete all the Security containers without the KAP container and W0 object. If the remaining Security container is not named Security, rename it to Security.

4.8.2 Restoring or Re‑creating a Security Container

If you delete the Security container, you cannot create an Organizational Certificate Authority until you have restored or re‑created the security container.

To restore the security container, you must restore the eDirectory partition containing the Security container.

To re‑create the Security container, use one of two methods:

  • Using iManager, click Directory Administration > Create Object. Click Tree's Security Container, then click OK. The container name must be Security.

  • Reinstall Novell Certificate Server on any server in the eDirectory tree.

4.8.3 Restoring or Re‑creating KAP and W0

Do not delete the KAP or W0 objects. Doing so invalidates all previously created User certificates. If you delete one of these objects, go to the Novell Support Web site and search for TID #3032354, “How to Restore or Recreate KAP and W0 Objects,” for information on how to resolve this problem. You should not attempt further installations of Novell Certificate Server, Single Sign-on, NMAS, or eDirectory until the problems have been corrected.