LDAP Ports And IManager

[cjsj1]

Morning all

I am having trouble getting the LDAP ports to a listen state so I can run IManager.
All the info I have gained on the net is that before you can install and run IManager then you need these ports listening.
I have installed a clean 6.5 LDAP server and it is up and running. I can connect to remote manager and the title changes to HTTPS so I presume that SSL is running ok.
But when I check with TCPCON and look for the ports 636,389 to see if they are listening they are not even there and can’t see how to add them.

Can anybody throw some light on this as I can’t get any further with IManager until I solve this ports thing?


Thanks for anybody’s help in advance

 

[gioffre]

Hi,

Seems like you may have more than one issue so it may be too complex to solve in a forum like this, but here is some information to start with:

1) In TCPCON, you generally will not see the ports 389 and 636 as TCPCON translates them to their text equivalent. What you should see are ldap and ldaps connections in the "listening" state.

2) The NLM that provides LDAP services on a NetWare server is NLDAP.NLM. Do you see this module loaded on your server? Is it in memory?

3) If it is there, try unloading it (UNLOAD NLDAP) and then reload it (NLDAP), and look at the logger screen. Are there any error messages relating to the loading of the module?

4) Do you have at least a RW replica of the partitions you need to query on the LDAP server?

5) If everything above is OK, then test LDAP independently with any LDAP browser. There are many freeware LDAP browsers available on the Internet. Try this one:

http://www.novell.com/coolsolutions/tools/13765.html

Download it and try connecting to the LDAP server.

Gioffre Consulting

http://www.gioffre.com

Check out our Novell Training Cruises

 

[LawnBoy]

I have 4 NW 6.5 servers and have yet to get iManager to work on any of them...

 

[marvhuffaker]

A lot of the problems I see with LDAP have to do with the SSL certificate.. and ultimately LDAP doesn't load which breaks almost everything else. BTW, the Remote Manager (Portal) doesn't use the same stuff, so it usually works when everything else fails. Not a good test of SSL.

Remember this..

A) iManager relies on both APACHE2 and TomCAT. Either of these fail, and you won't get iManager.

B) Usually the problem is TOMACT, and TOMCAT fails because LDAP is broken. Apache usually just works, but I have seen cases where it fails to load also.

C) LDAP needs to be setup and running and configured for SSL. LDAP usually fails to load if you have problems with your Key Material Objects (KMO's). Those are the little Key items in ConsoleOne called "SSL CertificateDNS - SERVERNAME".

There are lots of different scenarios that can cause this to fail, so it's difficult to outline the best solution. But a starting point would be to do this..

Make sure your host file is correct.. IE: Server name and IP address are in SYS:ETC\HOSTS and correctly listed (look at the examples to compare). Then run PKIDIAG, login with Admin rights, then select option 4 to change it to fix mode. Then select 0 to run. You should get some stats at the end that tell you how many problems have been fixed. Run it until you have 0 problems and 0 errors.

Once you do that, then you can go back to LDAP and try to get it to load with it's new certificate (assuming they were corrected in PKIDIAG).. You should unload and reload NLDAP.NLM. After you load it, you could look in TCPCON and see if the 636 and 389 are there. If 636 is still not there, there is a problem with the certificate and it's not allowing secure ldap to load. You need to troubleshoot further till you get 636 to show up.

Once you fix LDAP.. Then you launch tomcat.. TOMCAT4.. When you do this, change to the logger screen and just watch it.. You will know pretty soon whether it's liking it or not, and you should be able to look at any errors and have a better idea of what to do. Common problems are "run TCKEYGEN" or "WAITING FOR LDAP".. If you get waiting for ldap more than 1 or 2 times while watching, there is a problem still with LDAP.

Hope this helps, and sorry there isn't a more clear cut answer.



Marvin Huffaker, MCNE

http://www.redjuju.com

 

[cjsj1]

Looks like you are right in your post, I can see the LDAP ports and they are listening so I will go ahead with the install of IManager and see what happens, I connected happily with the LDAP browser that you gave me the link for.

Installed IManager ok but not sure which port it is running on all the docs say that it should be

https://IP:portNo/nps/imanager.html.

Tried this but nothing is coming up, either I am daft or cant se
E the wood for the trees.


Thanks for all the help so far anyway

 

[cjsj1]

Hi marvhuffaker

sorry didnt see your post before i posted mine. all is well with ldap and apache and tomcat as far as i can tell by doing what you said in your post.

just not sure how to start IManager or how to see if it is running or on what port, this is all a bit new ish ti me so bear with me if i cant see something so simple.

 

[gioffre]

Hi,

If imanager is installed and running, you need to point your browser to

https://ipaddress/nps/iManager

No port is necessary since iManager listens on the standard HHTP port 80. Also note that the address may be context sensitive.... iManager.

Gioffre Consulting

http://www.gioffre.com

Check out our Novell Training Cruises

 

[cjsj1]

No nothing happens just the usal cant see it page from MS. how can i tell if it is running as i know it is installed from the installed options screen.


i have tried all the usual command words but nothing as yet.


Thanks

 

[cjsj1]

Just had a look in remote manager/ip adds and it shows imanager running on 0.0.0.0 port 636. so i tried it in the browser

https://ipadd:636/nps/iManager

and .html but all i got was below

0$
x
Š1.3.6.1.4.1.1466.20036

not sure what to think about that.

 

[marvhuffaker]

No, that's not correct. You don't specify the LDAP port.. You just go to port 80 which should redirect to secure port 443.

It's very possible that Apache isn't running. If apache isn't running, (Or if the IP Addresses are configured wrong) you'll get the generic MS errors.

In that IP Address Management, do you see Apache in there? Also, you can do an "M APACHE2" at the console and you should get 2 different instances listed.

If not, do this and see what happens.

AP2WEBUP
ADMSRVUP

Both of these load the 2 instances of apache.

Marvin Huffaker, MCNE

http://www.redjuju.com

 

[cjsj1]

Hi again

when I do the "M APACHE2" I get one instance of apache.

in the IP address screen there

apacheadmin x 2 with the servers ip add and ports 2200 & 2211

when I do
AP2WEBUP = loading module apache2 OK
auto loading module aprlib.nlm
ADMSRVUP = apache2 not multiple

then if I do "M APACHE2" again there is still only one instance come up

still when I go to

https://server/nps/iManager.html

nothing

will get to the bottom of this one day i cant wait to use iManager and all the plug-ins

 

[marvhuffaker]

It looks like your apache is loading and then exiting without warning. Probably some kind of error condition. There is a LOG directory under SYS:APACHE2, check that and see if it gives you any clues.


Marvin Huffaker, MCNE

http://www.redjuju.com

 

[cjsj1]

I did get apache working and showing 2 instances of itself but iManager still didn’t work.

SO

I uninstalled iPrint, iManger 2.x and then reinstalled Apache + Tomcat container.
Then installed iManger 2.5


AND


It is all working now including iPrint.

I would like to thank Gioffre Consulting and Marvin Huffaker, MCNE for all there help and advice


Thanks