Problem running diagpwd

Hi!

We need to troubleshoot some universal password errors but having problems running diagpwd utility.

eDirectory runs on OES 24.1 (eDirectory 9.2.8) and when running we get following error:

# diagpwd <serverIP> 636 /etc/opt/novell/certs/SSCert.pem <LDAP DN of user to check> base <LDAP DN of admin account>

ERROR -1 ldap_simple_bind_s
Segmentation fault (core dumped)

Please note that:

- LDAP authentication on that server works without any problems

- LDAP SSL certificate has not expired

- LDAP SSL certificate has both DNS and IP as SAN

- We get same error if we use serverDNS name instead of serverIP whe running diagpwd

diagpwd -v returns "diagpwd version 5"

We tested that on multiple servers in same tree with same result, so either we are using utility wrong way or there is something wrong with that version of diagpwd.

Any help appreciated Blush

Kind regards,

Sebastijan

PS: Just for info, on OES servers diagpwd is automatically installed by edirectory-oes-nmas-ldap-extensions-client-9.2.8-150400.1.46.x86_64 package

Kind regards,

Sebastijan

If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

Parents
  • 0

    . /opt/novell/eDirectory/bin/ndspath

    modify LD_LIBRARY_PATH variable :

    LD_LIBRARY_PATH=/opt/novell/eDirectory/eDir-exclusive/lib64:/opt/novell/eDirectory/lib64:/opt/novell/eDirectory/lib64/nds-modules:/opt/novell/lib64:$LD_LIBRARY_PATH

    cd /opt/novell/eDirectory/bin
    ./diagpwd ...

    Everyone is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid. [A. Einstein]

  • 0   in reply to 

    If I have understood the ndspath script correctly, it is determined at the beginning whether it is a 32 bit or 64 bit operating system. Depending on the version, a libdir path is defined (example linux.mak)

    With the help of awk an export for the ndspath is provided from the result of the check. If I understand this correctly, an export for the corresponding path is then created below for each operating system. With the specification from above to change the path is rewritten by hand. Do I understand something wrong? Have any effects been observed?

    from the script: if [ $OS = “Linux” ] ; then

            export LD_LIBRARY_PATH=$base_dir/opt/novell/eDirectory/lib64:$base_dir/opt/novell/eDirectory/lib64/nds-modules:$base_dir/opt/novell/

    lib64:$LD_LIBRARY_PATH.

    Now I'm not sure if this is dynamically rewritten after each patch or if the export is a static thing after the first installation of eDir.


    the exact export path results from uname, ndsconifg and ndspath and .mak

    My recommendation here is to open a call in conjunction with the experiences you have made in your post. This is the only way to ensure that no side effects occur. It was clear from the beginning after the strace where the rabbit runs.


    George

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei

Reply
  • 0   in reply to 

    If I have understood the ndspath script correctly, it is determined at the beginning whether it is a 32 bit or 64 bit operating system. Depending on the version, a libdir path is defined (example linux.mak)

    With the help of awk an export for the ndspath is provided from the result of the check. If I understand this correctly, an export for the corresponding path is then created below for each operating system. With the specification from above to change the path is rewritten by hand. Do I understand something wrong? Have any effects been observed?

    from the script: if [ $OS = “Linux” ] ; then

            export LD_LIBRARY_PATH=$base_dir/opt/novell/eDirectory/lib64:$base_dir/opt/novell/eDirectory/lib64/nds-modules:$base_dir/opt/novell/

    lib64:$LD_LIBRARY_PATH.

    Now I'm not sure if this is dynamically rewritten after each patch or if the export is a static thing after the first installation of eDir.


    the exact export path results from uname, ndsconifg and ndspath and .mak

    My recommendation here is to open a call in conjunction with the experiences you have made in your post. This is the only way to ensure that no side effects occur. It was clear from the beginning after the strace where the rabbit runs.


    George

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei

Children
No Data