2.2 Configuration

The section contains problems you may encounter during the eDirectory 8.8 configuration.

2.2.1 Loopback Referrals Are Returned By a Directory Server

When eDirectory is configured to listen on loopback addresses, the loopback addresses are stored and returned to the clients when they perform searches and other operations. The referrals are not applicable to the clients that attempts to connect from the machines other than the server. Therefore, the clients fail to connect by using those loopback referrals. However, the other referrals returned by the server still work for the clients.

Trying to connect to each loopback referrals and then choosing the correct referrals could affect the performance of the clients.

To workaround: select only one interface that eDirectory can communicates on; do not select the loopback interfaces during the install.

2.2.2 Tree Name Lookup Failed: -632 Error While Configuring eDirectory 8.8 on Linux

While configuring eDirectory 8.8 on Linux, you might get the Tree name lookup failed: -632 error. To resolve this, perform the following steps:

  1. After installing the SLP package, ensure that you manually start SLP as follows:

    /etc/init.d/slpuasa start
    
  2. After uninstalling the SLP package, ensure that you manually stop SLP as follows:

    /etc/init.d/slpuasa stop
    

2.2.3 Adding New Servers

You cannot add a new server into a context if its fully qualified DN length is more than 255 characters. The length restriction applies to a fully qualified DN and not to the context length. The fully qualified DN of any object can have a maximum of 255 characters.

2.2.4 Excluding the DIB directory from Backup or Antivirus Processes

After installing eDirectory, you should configure your environment to exclude the DIB directory on your eDirectory server from any antivirus or backup software processes. If you do not exclude the DIB directory from processes of this type, you may encounter corrupted DIB files or -618 FFFFFD96 INCONSISTENT DATABASE errors.

Use the eDirectory Backup Tool to back up your DIB directory. For more information about backing up eDirectory, see Backing Up and Restoring NetIQ eDirectory in the NetIQ eDirectory 8.8 SP8 Administration Guide.

2.2.5 eDirectory ndsconfig Displays an Error on RHEL 32-Bit Platform

eDirectory ndsconfig displays the following error on RHEL 32-bit system.

/opt/novell/eDirectory/lib/libsal.so.1.0.0
error while loading shared libraries: /opt/novell/lib/libccs2.so: cannot
restore segment prot after reloc: Permission denied

To workaround the issue: Run the following commands.

chcon -t textrel_shlib_t '/opt/novell/eDirectory/lib/libsal.so.1.0.0'

chcon -t textrel_shlib_t '/opt/novell/lib/libccs2.so.2.7.6'

2.2.6 IP AG Certificate Does Not Get Created on SLES 11 64-Bit Platform

Consider a scenario where eDirectory 8.8 SP8 has both IPv4 and IPv6 configured and only one of the them (for example, IPv4) has an entry in the /etc/hosts file, and the other interface is accessible from a remote machine. If you configure eDirectory to listen on both the IPs, the IP AG certificate is generated only for the IP that is listed in the /etc/hosts file. In this example, it is generated for IPv4.