Novell EDIRECTORY 8.8 - GUIDE User manual
Novell
www.novell.com
Novell Confidential Manual (ENU) 21 December 2004
eDirectory
8.8
September 30, 2005
WHAT’S NEW GUIDE
Novell Confidential Manual (ENU) 21 December 2004
Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express
or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties
of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software,
at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries.
You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables.
You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the
U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to
www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any
necessary export approvals.
Copyright © 2005 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or
transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and
one or more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Novell eDirectory 8.8 What’s New Guide
September 30, 2005
Online Documentation: To access the online documentation for this and other Novell products, and to get updates, see
www.novell.com/documentation.
Novell Confidential Manual (ENU) 21 December 2004
Novell Trademarks
Client32 is a trademark of Novell, Inc.
eDirectory is a trademark of Novell, Inc.
NetWare is a registered trademark of Novell, Inc. in the United States and other countries.
NetWare Core Protocol and NCP are trademarks of Novell, Inc.
NMAS is a trademark of Novell, Inc.
Novell is a registered trademark of Novell, Inc. in the United States and other countries.
Novell Client is a trademark of Novell, Inc.
Novell Directory Services and NDS are registered trademarks of Novell, Inc. in the United States and other countries.
Ximiam is a registerd trademark of Novell, Inc. in the United States and other countries.
ZENworks is a registered trademark of Novell, Inc. in the United States and other countries.
Third-Party Materials
All third-party trademarks are the property of their respective owners.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org).
Novell Confidential Manual (ENU) 21 December 2004
Contents 5
Novell Confidential Manual (ENU) 21 December 2004
Contents
About This Guide 9
1Install and Upgrade Enhancements 11
Multiple Package Formats for Installing eDirectory 8.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Automatic Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Upgrade Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Easy Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Installing and Configuring eDirectory Through YaST. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Installing eDirectory 8.8 in a Custom Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Specifying a Custom Location for Application Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Specifying a Custom Location for Data Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Specifying a Custom Location for Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Nonroot Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Nonroot User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Nonadminstrator User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
FHS Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
LSB Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Server Health Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Need for Health Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
What Makes a Server Healthy? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Performing Health Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Types of Health Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Categorization of Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
SecretStore Integration with eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2Multiple Instances 25
Need for Multiple Instances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Sample Scenarios for Deploying Multiple Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Using Multiple Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Planning the Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Configuring Multiple Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Managing Multiple Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
The ndsmanage Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Identifying a Specific Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Invoking a Utility for a Specific Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Sample Scenario for Multiple Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Planning the Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Configuring the Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Invoking a Utility for an Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Listing the Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3Authentication to eDirectory through SASL-GSSAPI 33
6Novell eDirectory 8.8 What's New Guide
Novell Confidential Manual (ENU) 21 December 2004
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
What is Kerberos? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
What is SASL?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
What is GSSAPI? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
How Does GSSAPI Work with eDirectory? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Configuring GSSAPI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
How Does LDAP Use GSSAPI?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Commonly Used Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4Enforcing Case-Sensitive Universal Passwords 37
Need for Case-Sensitive Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
How to Make Your Password Case-Sensitive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Making Your Password Case-Sensitive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Managing Case-Sensitive Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Upgrading the Legacy Novell Clients and Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Migrating to Case-Sensitive Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Preventing Legacy Novell Clients from Accessing eDirectory 8.8 Server . . . . . . . . . . . . . . . . . . . . . . . . . 40
Need for Preventing Legacy Novell Clients from Accessing eDirectory 8.8 Server . . . . . . . . . . . . . . . . . . 40
Managing NDS Login Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Partition Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Enforcing Case-Sensitive Passwords in a Mixed Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
5Priority Sync 45
Need for Priority Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Using Priority Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
6Data Encryption 47
Encrypting Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Need for Encrytped Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
How to Encrypt Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Accessing the Encrypted Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Encrypting Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Need for Encrypted Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Enabling Encrypted Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
7Bulkload Performance 51
8iManager ICE Plug-ins 53
Adding Missing Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Add Schema from a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Add Schema from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Comparing the Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Compare Schema Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Compare Schema between a Server and a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Generating an Order File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
9LDAP-Based Backup 57
Need for LDAP Based Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
10 Managing Error Logging in eDirectory 8.8 59
Message Severity Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Fatal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Contents 7
Novell Confidential Manual (ENU) 21 December 2004
Warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Error. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Debug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Configuring Error Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Linux and UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
NetWare. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
DSTrace Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
NetWare, Linux, and UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
iMonitor Message Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
SAL Message Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Configuring the Severity Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Setting the Log File Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
11 Miscellaneous 69
Security Object Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Subtree Search Performance Improvement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Localhost Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
256 File Handler on Solaris. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Memory Manager on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
8Novell eDirectory 8.8 What's New Guide
Novell Confidential Manual (ENU) 21 December 2004
About This Guide 9
Novell Confidential Manual (ENU) 21 December 2004
About This Guide
Welcome to Novell®eDirectoryTM 8.8. This guide introduces you to the new features in this
product.
eDirectory 8.8 provides a host of new features and enhancements to further strengthen
eDirectory’s leadership in the directory market.
This guide introduces the following:
Chapter 1, “Install and Upgrade Enhancements,” on page 11
Chapter 2, “Multiple Instances,” on page 25
Chapter 3, “Authentication to eDirectory through SASL-GSSAPI,” on page 33
Chapter 4, “Enforcing Case-Sensitive Universal Passwords,” on page 37
Chapter 5, “Priority Sync,” on page 45
Chapter 6, “Data Encryption,” on page 47
Chapter 7, “Bulkload Performance,” on page 51
Chapter 8, “iManager ICE Plug-ins,” on page 53
Chapter 9, “LDAP-Based Backup,” on page 57
Chapter 10, “Managing Error Logging in eDirectory 8.8,” on page 59
Additional Documentation
For more information about eDirectory 8.8, refer to the following:
Novell eDirectory 8.8 Installation Guide
Novell eDirectory 8.8 Administration Guide
Novell eDirectory 8.8 Troubleshooting Guide
These guides are available at Novell eDirectory 8.8 documentation Web site (http://
www.novell.com/documentation/edir88/index.html).
For information about the eDirectory management utility, refer to Novell iManager 2.5
Administration Guide (http://www.novell.com/documentation/imanager25/index.html).
Documentation Updates
For the most recent version of this guide, see Novell eDirectory 8.8 What’s New Guide (http://
www.novell.com/documentation/beta/edir88/edir88new/data/front.html).
10 Novell eDirectory 8.8 What's New Guide
Novell Confidential Manual (ENU) 21 December 2004
Documentation Conventions
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items
within a cross-reference path.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
trademark.
When a single pathname can be written with a backslash for some platforms or a forward slash for
other platforms, the pathname is presented with a backslash. Users of platforms that require a
forward slash, such as Linux* and UNIX*, should use forward slashes as required by your
software.
Install and Upgrade Enhancements 11
Novell Confidential Manual (ENU) 21 December 2004
1Install and Upgrade Enhancements
This chapter discusses the new features and enhancements with the Novell®eDirectoryTM 8.8
installation and upgrade.
The following table lists the new features and specifies the platforms they are supported on.
The following features are discussed in this chapter:
Multiple Package Formats for Installing eDirectory 8.8 (page 12)
Automatic Deployments (page 12)
Installing and Configuring eDirectory Through YaST (page 14)
Installing eDirectory 8.8 in a Custom Location (page 14)
Nonroot Install (page 15)
Standards Compliance (page 16)
Feature NetWare Linux UNIX Windows
Multiple package formats for installing eDirectory 8.8
Automatic deployment through Ximian®ZENworks®Linux
Management 2.2
Install and configure eDirectory through YaST
Custom location install for application files
Custom location install for data files
Custom location install for configuration files
Nonroot install
FHS compliance
LSB compliance
Server health checks
SecretStore integration
12 Novell eDirectory 8.8 What's New Guide
Novell Confidential Manual (ENU) 21 December 2004
Server Health Checks (page 17)
SecretStore Integration with eDirectory (page 22)
Multiple Package Formats for Installing eDirectory 8.8
On Linux* and UNIX, you have an option to choose from various file formats while installing
eDirectory 8.8 on your host. The file formats are listed in the table below.
For more information on installing using tarballs, refer to the Novell eDirectory 8.8 Installation
Guide (http://www.novell.com/documentation/edir88/edirin88/data/a79kg0w.html#bs6a3gs).
Automatic Deployments
eDirectory 8.8 on Linux leverages ZENworks®Linux Management to provide easy upgrade
distribution and deployment. For more information, refer to ZENworks Linux Management (http:/
/www.novell.com/products/zenworks/linuxmanagement/index.html).
Upgrade Distributions
With eDirectory 8.8, you can subscribe to a specific feature that eDirectory offers and whenever
there is an update (upgrade or patch) to this feature on the Novell site, you will automatically get
this update.
Type of User and
Installation Location
Linux Solaris AIX HP-UX
Root user:
Default location RPM Package File-set Depot
Custom location Tarball Package and
tarball
Tarball Depot and tarball
Nonroot user:
Custom location Tarball Tarball Tarball Tarball
Install and Upgrade Enhancements 13
Novell Confidential Manual (ENU) 21 December 2004
Figure 1 Upgrade Distributions
To facilitate this, you need to install the ZENworks Linux Management client on the host where
eDirectory 8.8 is present and subscribe to the ZENworks Linux Management server that would
inform you when there is an update.
Easy Deployments
With eDirectory 8.8, you can install eDirectory on a host that has the ZENworks Linux
Management server installed and then roll it out to the other servers that have installed ZENworks
Linux Management clients.
Figure 2 eDirectory Distribution through RedCarpet
14 Novell eDirectory 8.8 What's New Guide
Novell Confidential Manual (ENU) 21 December 2004
Installing and Configuring eDirectory Through YaST
On SLES 9.1 or otherwise known as Open Enterprise Server (OES), you can install and configure
eDirectory 8.8 through YaST.
For more information on installing and configuring eDirectory through YaST, refer to the Novell
eDirectory 8.8 Installation Guide (http://www.novell.com/documentation/edir88/edirin88/data/
a79kg0w.html#bv1lxl8).
Installing eDirectory 8.8 in a Custom Location
eDirectory 8.8 gives you the flexibility to install the application, data, and configuration files in a
location of your choice.
One of the scenarios for installing eDirectory 8.8 in a custom location is where you already have
an earlier version of eDirectory installed on your host and you want to test eDirectory 8.8 before
upgrading to it. This way, you can have your existing eDirectory setup undisturbed and also test
this new version. You can then decide whether you want to retain your existing version or want to
upgrade to eDirectory 8.8.
NOTE: SLP and the SNMP subagent are installed in the default locations.
This section explains how to install the various files in a custom location:
“Specifying a Custom Location for Application Files” on page 14
“Specifying a Custom Location for Data Files” on page 14
“Specifying a Custom Location for Configuration Files” on page 15
Specifying a Custom Location for Application Files
While installing eDirectory, you can install your application files in a location of your choice.
Linux and UNIX
To install eDirectory 8.8 in a custom location, you can use the tarball installation file and untar
eDirectory 8.8 in a location of your choice.
NetWare
You cannot specify a custom location for the application files on NetWare.
Windows
You were able to specify a custom location for the application files during the installation Wizard
even prior to eDirectory 8.8.
Specifying a Custom Location for Data Files
While configuring eDirectory, you can save the data files in a location of your choice. The data
files include the data, dib, and log directories.
Install and Upgrade Enhancements 15
Novell Confidential Manual (ENU) 21 December 2004
Linux and UNIX
To configure the data files in a custom location, you can use either the -d or -D option of the
ndsconfig utility.
NetWare
You cannot select a custom DIB path while upgrading eDirectory. On NetWare, eDirectory
installation is always an upgrade. Therefore, you cannot choose a custom DIB path on NetWare.
Windows
On Windows you would be prompted to enter the DIB path during the installation. Enter a path of
your choice.
Specifying a Custom Location for Configuration Files
While configuring eDirectory, you can select the path where you want to save your configuration
files.
Linux and UNIX
To configure the nds.conf configuration file to a different location, use the --config-file option of
the ndsconfig utility.
To install the other configuration files (such as modules.conf, ndsimon.conf, and ice.conf) to a
different location, do the following:
1Copy all the configuration files to the new location.
2Set the new location by entering the following:
ndsconfig set n4u.nds.configdir custom_location
NetWare and Windows
You cannot specify a custom location for the configuration files on NetWare and Windows.
Nonroot Install
This feature enables a user who does not have the root privileges to install eDirectory 8.8 on Linux
and UNIX. If a root user installs eDirectory, a non-root user can use it.
This feature is not supported on NetWare and Windows.
IMPORTANT: A nonroot user cannot install SLP or the SNMP subagent.
Generally, there are two kinds of non-root users:
Option Description
-d custom_location Creates the DIB (the eDirectory database) directory in the path mentioned.
NOTE: This option was present prior to eDirectory 8.8 also.
-D custom_location Creates the data (contains data such as the pids and socket IDs), dib, and log
directories in the path mentioned.
16 Novell eDirectory 8.8 What's New Guide
Novell Confidential Manual (ENU) 21 December 2004
A user who is the not the root on the UNIX machine. For more information, see “Nonroot
User” on page 16.
A user who is not the administrator for eDirectory. For more information, see
“Nonadminstrator User” on page 16.
Nonroot User
Nonroot User Who Installs eDirectory
This user is not a root on the host machine. The right for a nonroot user to install eDirectory is
bound by the right the user has on the host machine.
Nonroot User Who Configures eDirectory
This user is a not a root on the host machine. The right for a nonroot user to configure eDirectory
is bound by the right the user has on the host machine.
Nonadminstrator User
This user is not the administrator of eDirectory. The right for a nonadministrator user to configure
eDirectory depends on the rights assigned to the user’s object in eDirectory.
Standards Compliance
eDirectory 8.8 is compliant with the following standards:
“FHS Compliance” on page 16
“LSB Compliance” on page 17
FHS Compliance
To avoid file conflicts with other product application files, eDirectory 8.8 follows the Filesystem
Hierarchy Standard (FHS). This feature is available only on Linux and UNIX.
eDirectory follows this directory structure only if you have chosen to install it in the default
location. If you have chosen a custom location, the directory structure would be custom_location/
default_path.
For example, if you choose to install in the eDir88 directory, the same directory structure would
be followed in the eDir88 directory, like the man pages would be installed in the /eDir88/opt/
novell/man directory.
The following table lists the change in the directory structure:
Types of Files Stored in the Directory Directory Name and Path
Executable binaries and static shell scripts /opt/novell/eDirectory/bin
Executable binaries for root use /opt/novell/eDirectory/sbin
Static or dynamic library binaries /opt/novell/eDirectory/lib
Configuration files /etc/opt/novell/eDirectory/conf
Install and Upgrade Enhancements 17
Novell Confidential Manual (ENU) 21 December 2004
Export Environmental Variables
With the FHS implementation in eDirectory 8.8, you need to update the path environmental
variables and export them. This creates the following problems:
You need to remember all the paths exported, so that whenever you open a shell, you need to
export these paths and start using the utilities.
When you want to use more than one set of binary, you have to open more than one shell or
have to unset and set the paths to the different set of binaries frequently.
To resolve the above issue, you can use the /opt/novell/eDirectory/bin/ndspath script as follows:
Prefix the ndspath script to the utility and run the utility you want as follows:
custom_location/opt/novell/eDirectory/bin/ndspath
utility_name_with_parameters
Export the paths in the current shell as follows:
. custom_location/opt/novell/eDirectory/bin/ndspath
After entering the above command, run the utilities as you would normally do. Call the script
in your profile, bashrc, or similar scripts. Therefore, whenever you log in or open a new shell,
you can start using the utilities directly.
LSB Compliance
eDirectory 8.8 is now Linux Standard Base (LSB) compliant. LSB also recommends FHS
compliance. All the eDirectory packages in Linux are prefixed with novell. For example, NDSserv
is now novell-NDSserv.
Server Health Checks
eDirectory 8.8 introduces server health checks that help you determine whether your server health
is safe before upgrading.
The server health checks run by default with every upgrade and occur before the actual package
upgrade. However, you can also run the diagnostic tool ndscheck (or dscheck on NetWare) to do
the health checks.
Need for Health Checks
In earlier releases of eDirectory, the upgrade did not check the health of the server before
proceeding with the upgrade. If the heath was unstable, the upgrade operation would fail and
eDirectory would be in an inconsistent state. In some cases, you probably could not roll back to
the pre-upgrade settings.
This new health check tool resolves this, letting you to ensure that your server is ready to upgrade.
Read/Write, run-time dynamic data like the DIB /var/opt/novell/eDirectory/data
Log files /var/opt/novell/eDirectory/log
Linux and UNIX man pages /opt/novell/man
Types of Files Stored in the Directory Directory Name and Path
18 Novell eDirectory 8.8 What's New Guide
Novell Confidential Manual (ENU) 21 December 2004
What Makes a Server Healthy?
The server health check utility performs certain health checks to ensure that the tree is healthy. The
tree is declared healthy when all these health checks are completed successfully.
Performing Health Checks
You can perform server health checks in two ways:
“With the Upgrade” on page 18
“As a Standalone Utility” on page 18
NOTE: You need administrative rights to run the health check utility.
With the Upgrade
The health checks are run by default every time you upgrade eDirectory.
Linux and UNIX
Every time you upgrade, the health checks are run by default before the actual upgrade operation
starts.
To skip the default health checks, you can use the -j option with the nds-install utility.
NetWare and Windows
The server health checks happen as part of the installation wizard. You can enable or disable the
health checks when prompted to do so.
As a Standalone Utility
You can run the server health checks as a standalone utility any time you want. The following table
explains the health check utilities.
Table 1 Health Check Utilities
Types of Health Checks
When you upgrade or run the ndscheck utility, the following types of health checks are done:
Basic Server Health
Platform Utility Name
Linux and UNIX ndscheck
Syntax:
ndscheck -h hostname:port -a admin_FDN -F
logfile_path --config-file
configuration_file_name_and_path
NOTE: You can specify either -h or --config-file and not both of them.
NetWare dscheck
Windows ndscheck
Install and Upgrade Enhancements 19
Novell Confidential Manual (ENU) 21 December 2004
Partitions and Replica Health
If you run the ndscheck utility, the results from the health checks are displayed on the screen and
logged in to ndscheck.log (or dscheck.log on NetWare). For more information on log files, refer
to “Log Files” on page 21.
If the health checks are done as part of the upgrade, then after the health checks, based on the
criticality of the error, either you are prompted to continue the upgrade process or the process is
aborted. The details of the errors are described in “Categorization of Health” on page 19.
Basic Server Health
This is the first stage of the health check.The health check utility checks for the following:
1. The eDirectory service is up. The DIB is open and able to read some basic tree information
such as the tree name.
2. The server is listening on the respective port numbers.
For LDAP, it gets the TCP and the SSL port numbers and checks if the server is listening on
these ports.
Similarly, it gets the HTTP and HTTP secure port numbers and checks if the server is listening
on these ports.
Partitions and Replica Health
After checking the basic server health, the next step is to check the partitions and replica health as
follows:
1. Checks the health of the replicas of the locally held partitions.
2. Reads the replica ring of each and every partition held by the server and checks whether all
servers in the replica ring are up and all the replicas are in the ON state.
3. Checks the time synchronization of all the servers in the replica ring. This shows the time
difference between the servers.
Categorization of Health
Based on the errors found while checking the health of a server, there can be the three categories
of health. The status of the health checks is logged in to a logfile. For more information, refer to
“Log Files” on page 21.
The three categories of health Normal, Warning, and Critical.
Normal
The server health is normal when all the health checks were successful.
The upgrade proceeds without interruption.
Warning
The server health is in the warning category when minor errors are found while checking the
health.
If the health check is run as part of the upgrade, you are prompted to either abort or continue.
20 Novell eDirectory 8.8 What's New Guide
Novell Confidential Manual (ENU) 21 December 2004
Warnings normally occur in the following scenarios:
1. Server not listening on LDAP and HTTP ports, either normal or secure or both.
2. Unable to contact any of the nonmaster servers in the replica ring.
3. Servers in the replica ring are not in sync.
For more information, see the following figure.
Figure 3 Health Check with a Warning
Critical
The server health is critical when critical errors were found while checking the health.
If the health check is run as part of the upgrade, the upgrade operation is aborted.
The critical state normally occurs in the following cases:
1. Unable to read or open the DIB. The DIB might be locked or corrupt.
Other manuals for EDIRECTORY 8.8 - GUIDE
3
Table of contents
Other Novell Software manuals
Novell
Novell ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - PREBOOT SERVICES AND IMAGING REFERENCE 10.3... Quick reference guide
Novell
Novell ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE... User manual
Novell
Novell ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - NETWORK DISCOVERY DATABASE... User manual
Novell
Novell GROUPWISE 8 - POST OFFICE AGENT User manual
Novell
Novell IDENTITY MANAGER 3.6.1 - JOBS GUIDE User manual
Novell
Novell OPEN ENTERPRISE SERVER 2.0 SP2 - DOMAIN SERVICE FOR... Instruction Manual
Novell
Novell EDIRECTORY 8.8 SP2 User manual
Novell
Novell LINUX ENTERPRISE DESKTOP 10 SP2 User manual
Novell
Novell IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE... Service manual
Novell
Novell GROUPWISE 7 - SECURITY POLICIES User manual
Novell
Novell OPEN ENTERPRISE SERVER 2 SP2 -... User manual
Novell
Novell APPARMOR - AND Datasheet
Novell
Novell LINUX ENTERPRISE SERVER 10 - ARCHITECTURE-SPECIFIC INFORMATION... Manual
Novell
Novell ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE... Instruction Manual
Novell
Novell GROUPWISE 7 - MULTI-SYSTEM ADMINISTRATION User manual
Novell
Novell LINUX ENTERPRISE DESKTOP 10 SP2 - KDE... User manual
Novell
Novell GROUPWISE 8 - INTEROPERABILITY User manual
Novell
Novell IDENTITY MANAGER 3.6.1 Installation guide
Novell
Novell SENTINEL 6.1 SP2 - 02-2010 User manual
Novell
Novell IMANAGER - INSTALLATION V2.7 User manual
Popular Software manuals by other brands
FieldServer
FieldServer FS-8700-72 Driver manual
Blackbe;rry
Blackbe;rry CLIENT FOR USE WITH MICROSOFT OFFICE LIVE COMMUNICATIONS SERVER... release note
Oki
Oki LP441s manual
Q-See
Q-See Remote Client Software V 4.0.1 user manual
Tripp Lite
Tripp Lite WEXT5-BP48V48 specification
V-tech
V-tech InnoTab Software - Cars 2 user manual
Blackbe;rry
Blackbe;rry Windows Live Messenger for BlackBerry Smartphones... release note
Blackbe;rry
Blackbe;rry CLIENT FOR USE WITH MICROSOFT OFFICE LIVE COMMUNICATIONS SERVER 2005 2.5.40 -... release note
Blackbe;rry
Blackbe;rry MEDIA SYNC - - RELEASE NOTES release note
Leviton
Leviton MC24/48 Reference manual
Lenovo
Lenovo Ideatool user manual
Garmin
Garmin GPS 10 Deluxe Application guide
