Products: Open Enterprise Server (OES), Identity Manager (IDM), eDirectory (NetIQ eDirectory)
Environment
Open Enterprise Server (OES) OES 23.4/24.1/24.2/24.3 OES 24.4 eDirectory 9.2.8 eDirectory 9.2.9 Identity Manager (IDM) 4.9
Situation
When creating a new NSS pool with nssmu at a freshly installed OES server, the following error is returned:
Error -669: Error adding pool <NSS_POOL_NAME> to NDS
The NSS pool is created successfully, but the corresponding nssfsPool object in eDirectory is missing.
Cause
A DirXML IDM Driver set the password of the NSS admin user object.
When creating a new NSS pool or volume, or when using the "UpdateNDS" option in nssmu to create the corresponding nssfsPool or Volume objects in eDirectory for an already existing NSS pool or volume, the NSS admin account is used for eDirectory authentication.
Error -669 is returned when authentication of the NSS admin account fails.
The NSS admin account is created during initial configuration of NSS in YaST. By default the eDirectory context in which the NSS admin User object is created is the server context and the Common Name (CN) of this User object is by default the OES server name followed by the string "admin".