Hello,

My scenario is the following

Novell IDM 3.5 (server 'toulouse') on RHEL box having as target system
Active Directory 2003, passwords are trasmitted to AD via SSL between
IDM and Remote Loader

I have recently installed IDM 4.0.1 (server 'nimes-test') and added it
to replication ring of Novell IDM 3.5 box ( This is an intermediate step
to upgdare to IDM 4.0.1 )

From Novell designer I included IDM 4.0.1 server into the project, and
copied the driver configuration from IDM 3.5 driver to 4.0.1
identically

I did patch Active Directory RL to upgdare to 3.5.14, it works well
with the driver on IDM 3.5

When disabling AD driver on 3.5 and enabling it on 4.0.1 I get the
following error at the starting of driver



Code:
--------------------
[05/10/12 17:46:01.688]:Active Directory DORIS PT: Evaluating selection criteria for rule 'Veto operations'.
[05/10/12 17:46:01.688]:Active Directory DORIS PT: (if-operation equal "add") = FALSE.
[05/10/12 17:46:01.688]:Active Directory DORIS PT: (if-operation equal "modify") = FALSE.
[05/10/12 17:46:01.688]:Active Directory DORIS PT: (if-operation equal "rename") = FALSE.
[05/10/12 17:46:01.688]:Active Directory DORIS PT: (if-operation equal "move") = FALSE.
[05/10/12 17:46:01.688]:Active Directory DORIS PT: (if-operation equal "delete") = FALSE.
[05/10/12 17:46:01.689]:Active Directory DORIS PT: Rule rejected.
[05/10/12 17:46:01.689]:Active Directory DORIS PT:Policy returned:
[05/10/12 17:46:01.689]:Active Directory DORIS PT:
<nds dtdversion="4.0" ndsversion="8.x">
<input>
<status level="error" type="remoteloader">java.io.IOException: Unable to read certificate, error:1412D194:SSL routines:SSL_CTX_use_KMO:read cache failed, error:1412D198:SSL routines:SSL_CTX_use_KMO:Get server KMO failed
at com.novell.nds.ntls.NTLSSocket.SSL_CTX_new(Native Method)
at com.novell.nds.ntls.NTLSSocket.SSL_CTX_new(NTLSSoc ket.java:581)
at com.novell.nds.ntls.NTLSSocket.connect(NTLSSocket. java:227)
at java.net.Socket.connect(Unknown Source)
at com.novell.nds.ntls.NTLSSocket.&lt;init>(NTLSSocke t.java:196)
at com.novell.nds.ntls.NTLSSocket.&lt;init>(NTLSSocke t.java:104)
at com.novell.nds.dirxml.driver.ssl.ntls.NTLSKmoFacto ry.createSocket(NTLSKmoFactory.java:149)
at com.novell.nds.dirxml.remote.SocketStream.connect( SocketStream.java:511)
at com.novell.nds.dirxml.remote.Connection.connectStr eam(Connection.java:694)
at com.novell.nds.dirxml.remote.Connection.connect(Co nnection.java:379)
at com.novell.nds.dirxml.remote.driver.PublicationShi mImpl.start(PublicationShimImpl.java:113)
at com.novell.nds.dirxml.engine.Publisher.run(Publish er.java:519)
at java.lang.Thread.run(Unknown Source)
</status>
</input>
</nds>
[05/10/12 17:46:01.690]:Active Directory DORIS PT:Applying publisher filter.
[05/10/12 17:46:01.690]:Active Directory DORIS PT:Publisher processing status for .
[05/10/12 17:46:01.690]:Active Directory DORIS PT:No command transformation policies.
[05/10/12 17:46:01.690]:Active Directory DORIS PT:Filtering out notification-only attributes.
[05/10/12 17:46:01.691]:Active Directory DORIS PT:Pumping XDS to eDirectory.
[05/10/12 17:46:01.691]:Active Directory DORIS PT:Performing operation status for .
[05/10/12 17:46:01.691]:Active Directory DORIS PT:
DirXML Log Event -------------------
Driver: \INT-ELECLERC-TREE\eleclerc\Ressources\DriverSet\Active Directory DORIS
Channel: Publisher
Status: Error
Message: java.io.IOException: Unable to read certificate, error:1412D194:SSL routines:SSL_CTX_use_KMO:read cache failed, error:1412D198:SSL routines:SSL_CTX_use_KMO:Get server KMO failed
at com.novell.nds.ntls.NTLSSocket.SSL_CTX_new(Native Method)
at com.novell.nds.ntls.NTLSSocket.SSL_CTX_new(NTLSSoc ket.java:581)
at com.novell.nds.ntls.NTLSSocket.connect(NTLSSocket. java:227)
at java.net.Socket.connect(Unknown Source)
at com.novell.nds.ntls.NTLSSocket.<init>(NTLSSocket.j ava:196)
at com.novell.nds.ntls.NTLSSocket.<init>(NTLSSocket.j ava:104)
at com.novell.nds.dirxml.driver.ssl.ntls.NTLSKmoFacto ry.createSocket(NTLSKmoFactory.java:149)
at com.novell.nds.dirxml.remote.SocketStream.connect( SocketStream.java:511)
at com.novell.nds.dirxml.remote.Connection.connectStr eam(Connection.java:694)
at com.novell.nds.dirxml.remote.Connection.connect(Co nnection.java:379)
at com.novell.nds.dirxml.remote.driver.PublicationShi mImpl.start(PublicationShimImpl.java:113)
at com.novell.nds.dirxml.engine.Publisher.run(Publish er.java:519)
at java.lang.Thread.run(Unknown Source)

[05/10/12 17:46:01.697]:Active Directory DORIS PT:Fixing up association references.
[05/10/12 17:46:01.697]:Active Directory DORIS PT:Applying schema mapping policies to output.
[05/10/12 17:46:01.697]:Active Directory DORIS PT:Applying policy: %+C%14CSchemaMapping%-C.
[05/10/12 17:46:01.697]:Active Directory DORIS PT:Applying output transformation policies.
[05/10/12 17:46:01.697]:Active Directory DORIS PT:Applying XSLT policy: %+C%14COutput+Transform+SS+-+Cr%C3%A9ation+des+OU+cibles%-C.
[05/10/12 17:46:01.698]:Active Directory DORIS PT:Policy returned:
[05/10/12 17:46:01.698]:Active Directory DORIS PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
--------------------


it is obvious that the driver cannot find the kmo object on IDM 4.0.1
'nimes-test' because no server certificate has been generated yet as IDM
4.0.1 is almost fresh , is that true ?


Do you think if I create a server certificate withe the same nickname
(KMO) on IDM 4.0.1 'nimes-test' will resolve the issue ?

Or do I need to create a certificate with different nickname (KMO) and
put it in the remote loader ?


I did panick when I had this issue, and created many server
certificates with many nicknames, but I cannot see them to get them
removed , how to remove the server certificates ? or the server
certificate is rewrited each time I create a new certificate ?

is the nickname when creating the server certificate the same as the
KMO parameter on the driver ?

Thanks in advance !


--
iammi
------------------------------------------------------------------------
iammi's Profile: http://forums.novell.com/member.php?userid=71308
View this thread: http://forums.novell.com/showthread.php?t=455772