Recreating the iManager publicUser object

(Last modified: 19Sep2005)

This document (10091786) is provided subject to the disclaimer at the end of this document.

goal

Recreating the iManager publicUser object

fact

Novell exteNd Director

Novell iManager 2.0.x

symptom

The iManager publicUser user object was deleted

-669 error in LDAP trace when using contextless login for iManager 2.0.x

Can no longer use contextless login with iManager (but can log in with full LDAP DN)

Attempts to create a new publicUser with appropriate trustee rights and attribute settings still shows a -669 error in LDAP trace when attempting to authenticate to iManager with contextless login.

cause

The publicUser needs to be recreated using the exteNd Director configuration wizard

fix

Follow these steps to recreate your publicUser object:

1. Rename or move the portalservlet.properties file out of the \tomcat\4\webapps\nps\WEB-INF directory.
2. Delete the pco object (located by default in the OU=Extend directory under the O at the same level as the NCP server object).
3. Delete the Extend directory and all tasks in the Extend directory as well. If this is not done, the tasks will be recreated with a number after them and the previous tasks will still be there.  (NOTE:  If there are any other portal servers using the pco object in the problem Extend container, they may need to be reconfigured as well to use the new pco object since the new pco object will also have a new GUID. 
4. Unload Tomcat
   a. On NetWare: TC4STOP at the server console
   b. On Windows: Go to Services and stop the Tomcat service.
5. Reload Tomcat
   a. On NetWare, the command is TOMCAT4   
   b. On Windows, start the Tomcat service.
6. After Tomcat is fully initialized (it may take a couple minutes, if you are getting a 500 error wait a couple more), go to https://ipaddress/nps/servlet/configure (where ipaddress is the IP address of the server running iManager).
  a. Start -> Authenticate (with full LDAP DN) -> Keep platform.xar. If this is not showing, browse to it in the \tomcat\4\webapps directory. -> Next -> Accept the license agreement -> Next.
  b. From here on, it can take some time.
  c. Once you get the choice, you can select typical or custom.  Custom is recommended so that you can choose the location of your new Extend container.
7. After this is done, it will take some time for the configuration to go through all the plugins (anywhere between 3 and 10 minutes).
8. When it completes, you must restart BOTH Apache and Tomcat (in this example Apache 2 and Tomcat 4):
  a. On NetWare 6.5: TC4STOP and AP2WEBDN to stop, TOMCAT4 and AP2WEBUP to start
  b. On NetWare 6.o: TC4STOP and NVXADMDN to stop, TOMCAT4 and NVXADMUP to start
  b. On Windows: Go to Services and reload the Apache and Tomcat services.
9. At this point, you should now have a pco and publicUser object again and should be able to authenticate with contextless login to iManager at https: //ipaddress/nps/iManager.html.

If the publicUser object is valid, but you are still having problems with the contextless login, see TID #10086732 - User can't login to Novell iManager 2 using contextless login

symptom

Failed to authenticate local, err = bad password (-222)

cause

It is also possible for the publicUser password to become out of sync with the password for the PCO object.

fix

1. Login to iManager.
2. Click on the Configure button.
3. Go to iManager Configuration | Portal | Change Password Seed
4. Change the password and follow the instructions on the page for any other server using the same PCO.
5. Save your changes and restart Tomcat and Apache.

Try to log back into iManager contextlessly.

document

Document Title: Recreating the iManager publicUser object
Document ID: 10091786
Solution ID: NOVL95984
Creation Date: 04Mar2004
Modified Date: 19Sep2005
Novell Product Class:NetWare

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.