March 2015 OES 11 SP2 Scheduled Maintenance Update 10332
March 2015 OES 11 SP2 Scheduled Maintenance Update 10332
How to apply the patch with zypper. YaST Online Update can also be used.
1) List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
2) List the Updates
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-March-2015-Scheduled-Maintenance | 10332 | security | Needed
3) Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-March-2015-Scheduled-Maintenance
4) Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-March-2015-Scheduled-Maintenance | 10332 | Installed
5) To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates
6) To apply all SLES 11 SP3 updates run the following command
zypper up… Continue reading
January 2015 Scheduled Maintenance Update
January 2015 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
1) List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
2) List the Updates
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-January-2015-Scheduled-Maintenance | 10105 | security | Needed
3) Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-January-2015-Scheduled-Maintenance
4) Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-January-2015-Scheduled-Maintenance | 10105
5) To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates
6) To apply all SLES 11 SP3 updates run the following command
zypper up -t patch -r… Continue reading
December 2014 Scheduled Maintenance Update
December 2014 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-December-2014-Scheduled-Maintenance | 9879 | security | Needed
[clear-line]Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-December-2014-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-December-2014-Scheduled-Maintenance | 9879
To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates
To apply all SLES 11 SP3 updates run the following command
zypper up -t patch -r SLES11-SP3-Updates
Key DSfW specific bugs fixed with this maintenance… Continue reading
DSfW Monitor daemon
I just created a demonized version of the DSfW Monitor script. For more information on the script look the DSfW Monitor script post.
Now you don’t have to create a cronjob to continuously run the tool. Simply download and install the dsfwmon.rpm.
The install will create the /etc/init.d/dsfwmon startup script, the /opt/dsfwdude/conf/dsfwmon.conf file to edit the configuration and the dsfwmon daemon. It also has log rotating enabled.
The install will enable the dsfwmon script so that when the server starts, the script will start monitoring the services.
Edit the /opt/dsfwdude/conf/dsfwmon.conf to send an e-mail if a service has to be restarted. Do not adjust the delay time less than 5 minutes. The script could possibly step on itself, trying to check the services while restarting the services.
Common changes are to enable e-mail setting to be sent when the services restart,… Continue reading
CVE-2014-0224 Fixes in eDirectory
The following Hotfixes for NESCM 3.1 and eDirectory (888, 887 & 885) standalones address the OpenSSL security vulnerability described in CVE-2014-0224 can be found below.
For OES11 SP1/SP2 and OES2 SP3 LTSS the updates are in the respective channels.
– eDirectory 8.8 SP8 Patch 2 HotFix 1 (All Platforms)
Download URL: http://download.novell.com/Download?buildid=4A2ah857Bgs~
– eDirectory 8.8 SP7 Patch 6 HotFix 1 (All Platforms)
Download URL: http://download.novell.com/Download?buildid=wldDBGgzzng~
– eDirectory 8.8 SP5 Patch6 Hotfix2 for NetWare
Download URL: http://download.novell.com/Download?buildid=MzoS_HY0LYw~
– Identity Assurance Solution Client 3.1 Hotfix 1
Download URL: http://download.novell.com/Download?buildid=OXteBss0i-k~
Below is the list of patches that have been released addressing openssl security fixes:
1. OpenSSL on 24th June.
2. GnuTLS on 30th June.
3. iPrint Client on 10th July.
4. eDirectory on 10th July.
All these were duplicated across OES2 SP3, OES11 SP1 and OES11 SP2.
May 2014 OES11SP1 Scheduled Maintenance for eDirectory 8.8 SP7
May 2014 OES11SP1 Scheduled Maintenance for eDirectory 8.8 SP7
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-edirectory-887-patch2 | 6989| security| Needed
Install the maintenance patch
zypper up -t patch oes11sp1-edirectory-887-patch2
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-edirectory-887-patch2 | 6989| security| Installed
To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP1-Updates
Patch: oes11sp1-edirectory-887-patch6-9149
Bugs: 612236, 799046, 812295, 812707, 825235,… Continue reading
May 2014 Scheduled Maintenance Patch
May 2014 Scheduled Maintenance Patch
May 2014 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes
List patches in the Updates repository
OES11SP1
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-May-2014-Scheduled-Maintenance | 9151| recommended | Needed
OES11SP2
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-May-2014-Scheduled-Maintenance | 9157| recommended | Needed
Install the maintenance patch
OES11SP1
zypper up -t patch oes11sp1-May-2014-Scheduled-Maintenance
OES11SP2
zypper up -t patch oes11sp2-May-2014-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
OES11SP1
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-May-2014-Scheduled-Maintenance | 9151
OES11SP2
zypper… Continue reading
Copy file permissions with chmod –reference
If you file you need to set permissions on and there is another file that already has the desired permissions, use the –reference switch with chmod.
chmod –reference <reference file> <target file>
Example: Say eDirectory is not starting or even cores on startup. Taking a strace points to a library. You see symbolic link for libldapsdk.so is missing. libldapsdk.so.0 is there.
You can quickly create the symbolic link with the ln -s command
ln -s libldapsdk.so.0.0.0 libldapsdk.so
The permissions now need to be set. For this library it is simple, chmod 777, but some say you are not good with chmod or the permissions are a little different. The easy way to do set the files is copy from another library link.
chmod –reference libldapsdk.so.0 libldapskd.so
March 2014 Scheduled Maintenance Patch
March 2014 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-March-2014-Scheduled-Maintenance | 8935| recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-March-2014-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-March-2014-Scheduled-Maintenance | 8935
To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP1-Updates
To apply all SLES 11 SP2 updates run the following command
zypper up -t patch -r SLES11-SP2-Updates
Key DSfW specific bugs fixed with this… Continue reading
New Patch for eDir 8.8.7.5
Patch 8.8.7.5 was released and immediately pulled after seeing ndsd cores due to ldap search filters of (guid=). A new patch is now available. To view if the new patch has been applied run the command:
zypper list-patches –bugzilla=864542
To apply the patch run the command:
zypper up -t patch oes11sp1-edirectory-887-patch5-8910
The following packages will be upgraded:
novell-NDSbase novell-NDSbase-32bit novell-NDScommon novell-NDSimon
novell-NDSrepair novell-NDSserv novell-NOVLembox novell-NOVLice
novell-NOVLsnmp novell-NOVLsubag novell-dclient novell-dclient-32bit
novell-edirectory-jclnt novell-edirectory-tsands
novell-edirectory-tsands-32bit novell-nmas novell-nmas-libnmasext
novell-nmas-libspmclnt novell-nmas-libspmclnt-32bit novell-nmasclient
novell-nmasclient-32bit novell-npkiapi novell-npkiapi-32bit novell-npkiserver
novell-npkit novell-npkit-32bit novell-sss
To downlowd the stand alone eDirectory patch and to learn more about the patch see eDirectory 8.8 SP7 Patch 5 HotFix 1 (All Platforms)
January 2014 Scheduled Maintenance Ptach
January 2014 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-January-2014-Scheduled-Maintenance | 8685| recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-January-2014-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-January-2014-Scheduled-Maintenance | 8685
To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP1-Updates
To apply all SLES 11 SP2 updates run the following command
zypper up -t patch -r SLES11-SP2-Updates
Key DSfW specific bugs fixed with this… Continue reading
November 2013 Scheduled Maintenance
November 2013 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-November-2013-Scheduled-Maintenance | 8483| recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-November-2013-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-November-2013-Scheduled-Maintenance | 8483
To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP1-Updates
To apply all SLES 11 SP2 updates run the following command
zypper up -t patch -r SLES11-SP2-Updates
Key DSfW specific bugs fixed with this… Continue reading
September 2013 Scheduled Maintenance
July2013 Scheduled Maintenance has been released
How to apply the patch with zypper. YaST Online Update can also be used.
List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-September-2013-Scheduled-Maintenance | 8284| recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-September-2013-Scheduled-Maintenance
Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-September-2013-Scheduled-Maintenance | 8284| recommended | Installed
September 2013 Scheduled Maintenance for OES11SP1 (8284)
Key DSfW specific bugs fixed with this maintenance patch for OES11SP1
- 816488 – DSfW: Migration does not retain sysvol facls
- 828484 – OES11 SP2: eDirectory cored… Continue reading
July 2013 Scheduled Maintenance
July2013 Scheduled Maintenance has been released
How to apply the patch with zypperList repositories
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-July-2013-Scheduled-Maintenance | 7889 | recommended | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-July-2013-Scheduled-Maintenance
Then list the patches again to make sure it is installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-July-2013-Scheduled-Maintenance | 7889 | recommended | Installed
July 2013 Scheduled Maintenance for OES11SP1
Key DSfW specific bugs fixed with this maintenance patch for OES11SP1
- 806538 – MS cluster support in DSfW
- 816741 – DSFW: ldapsearch fails when the entryDN specified in search filter contains spaces before or after comma.
- 818366 – xadsd crashes in rpc__naf_addr_free ()
- 819547 – DSFW: No results for ldapsearch with… Continue reading
May 2013 Scheduled Maintenance
May 2013 Scheduled Maintenance has been released
How to apply the patch with zypperList repositories
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-May-2013-Scheduled-Maintenance | 7715 | security | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-May-2013-Scheduled-Maintenance
Then list the patches again to make sure it is installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-May-2013-Scheduled-Maintenance | 7715 | security | Installed
May 2013 Scheduled Maintenance for OES11SP1 7715
Key DSfW specific bugs fixed with this maintenance patch for OES11SP1
- – 769530: OES11SP1LH: DSfW provisioning task “Assign Rights” – rerun fails with error -614 (entry already exists)
- – 783005: DSFW: AD Ping doesn’t… Continue reading
April 2013 Scheduled Maintenance
April2013 Scheduled Maintenance has been released
How to apply the patch with zypperList repositories
zypper lr
Should see the following:
nu_novell_com:OES11-SP1-Updates | OES11-SP1-Updates | Yes | Yes
List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-April-2013-Scheduled-Maintenance | 7421 | security | Needed
Install the maintenance patch
zypper up -t patch oes11sp1-April-2013-Scheduled-Maintenance
Then list the patches again to make sure it is installed
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP1-Updates | oes11sp1-April-2013-Scheduled-Maintenance | 7421 | security | Installed
April 2013 Scheduled Maintenance for OES11SP1 (7421)
Key DSfW specific bugs fixed with this maintenance patch for OES11SP1
- – 770208: OES11SP1LH: DSfW provisioning of DNS generates duplicate forward and reverse lookup zones if they already exists
- – 785697: Provsioning pre healthCheck fails in ADC.
- – 791640: DSFW FTU1:During ADC Provosioning PreCheck, the… Continue reading
NDSD Health Check Script
I’ve received a great deal of feed back on the DSfW Health Check Script and applied some changes. One of the suggestions was to do only a ndsd (eDirectory) script. The DSfW Health Check Script works for both DSfW and eDirectory servers, but if all you want to do is check eDirectory health on a DSfW server or want a script only for ndsd that is smaller and simple this is an option.
I am always looking for suggestions. I’ve created a video for the ndsd_heaclthchk script. Watch to to learn about configuring it for your specific needs.
For for NDSD Health Check in the download section.
The configuration options are as follows
# Set emailsetting to 1 to send e-mail log when finished. Set to 0 or remove the 1 to disable
emailsetting=0
# Set emailonerror to 1 to send e-mail log if an error is returned. Set to… Continue reading
Latest DSfW Health Check Script
I’ve received a great deal of feed back on the DSfW Health Check Script and applied some changes.
I am always looking for suggestions. I’ve created an updated video with the latest script. Watch to to learn about configuring it for your specific needs.
OES 11 SP1 eDirectory Install
Looking to install eDirectory on OES 11 SP1? Here is a video going through the install and giving some tips on doing a successful install.
eDirectory 8.8 SP7 Patch 2 for Linux & Unix
Stand alone eDirectory 838 SP7 Patch 2 has been released. It can be found at Novell.com/downloads
Do not apply this patch on an OES server!
Issues resolved in eDirectory 8.8 SP7 Patch 2 (20703.00)
December 2012
NDSD
– FLAIM: when performing a LDAP search on a non-existent user using a complex filter err = no such entry (-601) is returned (Bug 608436)
– NCP: NDSD cores allocating a connection slot (OES Bug 710806) (Non-OES Bug 692389)
– NDSD cores on PDC in DSFW environment iterating nested groups (Bug 719736/711799/750982)
– CIFS core during sub-tree search (Bug 751962)
– Security Vulnerability: eDirectory DoS dhost request with certains characters (Bug 772895) (CVE-2012-0429)
– Security Vulnerability: eDirectory Authorization Mechanism Bypass (Bug 772898) (CVE-2012-0430)
– Security Vulnerability: eDirectory Cross Site Scripting exploit (Bug 772899) (CVE-2012-0428)
– Nauditds.dlm fails to initialize completely during initial eDirectory startup … Continue reading