-783 Unable to load VRDIM at driver startup. -299 error in NDS Trace.

  • 7002609
  • 10-Feb-2009
  • 10-Sep-2018

Environment

Novell Identity Manager 3.6
Novell Identity Manager 3.5.1
Novell Identity Manager 3.5
NetIQ Identity Manager 4.7 - Non-Root install
Novell Identity Manager Engine Functionality
Novell SUSE Linux Enterprise Server
OES2 SP1

Situation

Error -783 Unable to load VRDIM module when attempting to start any Identity Manager driver.
The error may show up in iManager, DXCMD or in IDM Driver trace during driver startup.  The VRDIM module is not loaded when looking at the output from:

ndstrace -c modules

Further troubleshooting using ndstrace with DVRS, DXML, MISC, TIME, TAGS may show the following errors:

dlopen() error: /opt/novell/eDirectory/lib/nds-modules/jre/lib/i386/libjava.so: symbol JVM_GetClassSignature, version SUNWprivate_1.1 not defined in file libjvm.so with link time reference

No JVM module found

DirXML JVM interface initialization failed <failed, -299 (0xfffffed5)>, unloading DIRXML

Errors show up after a reboot of the server or after eDirectory is reloaded.

Resolution

I.  After looking at the environment variables and specifically the LD_LIBRARY_PATH variable there was a JAVA based application that was installed between reboots.
The installed Java based application caused IDM to lose a reference to where its own JRE is loaded.  
To temporarily fix the issue for a default root-based installation you can place the following command in the eDirectory startup script.  This puts the IDM related paths in the LD_LIBRARY_PATH without any other paths:

export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib

Running this command will only overwrite the variable until the server is rebooted.  To permanently fix the issue, either remove the other Java-based application or find where the application is setting the LD_LIBRARY_PATH (probably in /etc/profile.d directory) and remove or adjust the settings.  Some applications do not need to have a path in the LD_LIBRARY_PATH and the normal PATH variable is sufficient.

Another possible resolution would be to remove IDM and reinstall.  It seems that when the JAVA application was installed prior to IDM there were no issues; however, that may not be the case with all applications, just the one that was used in this particular issue.

If this issue happens on a system with eDirectory 8.7.3.x here are the steps to resolve.
  1. Edit the ndsd startup script (/etc/init./ndsd)
  2. Look for the line LD_LIBRARY_PATH.  It should look something like the following:  LD_LIBRARY_PATH=/usr/lib/nds-modules/jre/lib/i386:$LD_LIBRARY_PATH
  3. Change the like so that it looks like this:  LD_LIBRARY_PATH=/usr/lib/nds-modules/jre/lib/i386
  4. Restart eDirectory and the IDM engine should load.


II.  This issue has also been seen on a non-root install of IDM 4.7.   This is due to missing Java Runtime Edition not being installed correct.    Workaround:   sudo su as root  and install the following package from the IDM 4.7 installation media.   Then restart eDirectory and the driver should load.

rpm -ihv /common/packages/java/netiq-jrex-1.8.0-162.noarch.rpm




Additional Information

In this particular case, Computer Associates (CA) was the culprit.   CA Security and Audit software was installed on the server between server reboots and the issue was not noticed until eDirectory was restarted almost three weeks later.  The following command revealed the install date of the application:

rpm -qi <package name>

Here is an example of the non-functioning LD_LIBRARY_PATH:

LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib:/opt/CA/SharedComponents/JRE/1.4.2_09/lib/i386/client:/opt/CA/SharedComponents/JRE/1.4.2_09/lib/i386:/opt/CA/SharedComponents/ccs/dia/dna/lib:/opt/CA/SharedComponents/ccs/dia/lib:/usr/lib:/opt/CA/CAlib:/opt/CA/SharedComponents/lib:/opt/CA/SharedComponents/Csam/SockAdapter/lib

The above LD_LIBRARY_PATH was on a server where CA was installed AFTER IDM.  Notice that IDM related path statements are preceding the CA paths but it still has an impact on the IDM JAVA.

Here is an example of a working LD_LIBRARY_PATH on a server where CA was installed BEFORE IDM.

LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib