NMAS LDAP Transport Error when setting Universal Password in iManager

  • 7024822
  • 16-Sep-2020
  • 17-Sep-2020

Environment

iManager 3.2.2
eDirectory 9.2.2
Open Enterprise Server 2018 SP2 (OES 2018 SP2) Linux

Situation

Note that this situation applies only to OES servers running iManager.
  • The iManager keystore (/var/opt/novell/iManager/nps/WEB-INF/iMKS) is missing.
  • iManager debug log (/var/opt/novell/iManager/nps/WEB-INF/logs/debug.html) and /var/log/messages show the following "Permission denied" error:
[12:04:12.467] KeyStore_IM.........141 Unable to create the iManager KeyStore.: Permission denied 09/16/20 [12:04:12.467] KeyStore_IM.........141
java.io.IOException: Permission denied
    at java.io.File.createNewFile(File.java:1023)
    at com.novell.emframe.fw.security.KeyStore_IM.getIMKeyStoreFileObject(KeyStore_IM.java:423)
    at com.novell.emframe.fw.security.KeyStore_IM.<init>(KeyStore_IM.java:80)
  • /var/opt/novell/iManager/nps/WEB-INF is owned by root:root. It should be owned by wwwrun:www. You can verify this by running the following command:
# ls -l /var/opt/novell/iManager/nps/

Resolution

  1. Correct the owner with the following command:
# chown wwwrun:www /var/opt/novell/iManager/nps/WEB-INF

  1. Restart tomcat
# systemctl restart novell-tomcat.service

  1. Attempt to set a Universal Password in iManager. The iMks file will be created in /var/opt/novell/iManager/nps/WEB-INF. The password change should be successful.

Additional Information

The LDAP NMAS Transport Error message is misleading. Always check the iManager logs to see exactly what is failing.