Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Novell Open Enterprise Server 2018 (OES 2018) Linux Support Pack 1
Novell Open Enterprise Server 2015 (OES 2015) Linux Support Pack 1
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 2
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 1
The Radius plug-in for iManager requires a secure LDAP connection.
When extending free radius schema in iManager the error returned is:
Created LDAP context failed:
java.lan.Exception\n at com.novell.nps.radius.ExtendRadiusSchema.showInitialForm(ExtendRadiusSchema.java:185)\n
When creating a Radius Profile or Radius User the following error is returned:
java.lang.NullPointerException at com.novell.nps.radius.RadiusSchema.isSchemaValid(RadisuSchema.java:2511)
Check that the keystore (cacerts file) is valid and has the correct permissions. (For OES 2018.1 servers, see the OES 2018.1 sub-section below)
First find the JAVA_HOME path
export |grep -i JAVA_HOME
usually returns something like this:
The keytool binary will usually be located in
And the keystore will usually be in the following location with the name of
Next check the permissions on the cacerts
ls -al /usr/lib64/jvm/jre/lib/security/cacerts
-rwxr-xr-x 1 root root cacerts*
If the permissions are incorrect change the permissions with command:
chmod 755 /usr/lib64/jvm/jre/lib/security/cacerts
If the cacerts is missing expired because the CA was expired or recreated use the keytool command to generate a new cacerts file.
To verify that the CA is valid see TID 7013047
Once the CA if validated export a certificate from the tree via iManager. If there is a OES server in the tree use the /etc/opt/novell/certs/SSCert.der
To export a cert with iManager, login to iManager | Novell Certificate Server | Configure Certificate Authority | Select the Certificates tab | Select the Self Signed Certificate tab | Export | Uncheck the "Export private key" option | Verify the Export format is "Der" | Next | Click "Save the exported certificate" link and save to the desired location.
Next, run the keytool command:
keytool -import -alias Alias_Name -file /path_to_exported_cert.der -keystore /path_to_cacerts file
keytool -import -alias Alias_Name -file /etc/opt/novell/certs/SSCert.der /usr/lib64/jvm/jre/lib/security/cacerts
When prompted for password, type "changeit" and to the question "Trust this certificate?"answer "yes"
Certificate path on OES server: /etc/opt/novell/certs/SSCert.der
keytool path: /usr/lib64/jvm/java-1_8_0-ibm-1.8.0/jre/bin/keytool
java keystore path: /var/lib/ca-certificates/java-cacerts
/usr/lib64/jvm/java-1_8_0-ibm-1.8.0/jre/bin/keytool -import -file /etc/opt/novell/certs/SSCert.der -keystore /var/lib/ca-certificates/java-cacerts
See TID 7002490
for creating the keystore for a workstation version of iManager
or copy a valid keystore (the cacerts file) from a server or another workstation.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.