Novell Home

eDirectory Command-line Utilities for Linux

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 18 May 2005

Note: This article is adapted from the BrainShare 2005 presentation TUT280.

Here are some of the command-line utilities you can use with eDirectory on Linux:

  • NDSConfig
  • NDSRepair
  • NDSTrace
  • LDAPConfig
  • NDSIndex
  • Log files


You can use the NDSConfig utility to get or set eDirectory parameters. For example, NDSConfig can configure the location of DIBs, using the nds.conf file. Here are the directives to use:

  • n4u.nds.dibdir - defines the location of DIBs. The default is /var/nds/dib.
  • n4u.server.configdir - defines the location of nds.conf. The default is /etc.
  • n4u.server.vardir - defines the location of logs. The default is /var/nds.
  • n4u.server.libdir - defines the location of the eDirectory library. The default is /usr/lib

Note: It is better to use ndsconfig than to manually edit nds.conf.

NDSConfig can also recover eDirectory Services (see man ndsconfig for details):

ndsconfig add -m [module]

This enables creating the following objects:

  • LDAP objects
  • SNMP Group objec
  • t
  • SAS Server Certificates (KMOs)
  • HTTP object for iMonitor
  • NMAS objects


NDSRepair can check and repair eDirectory. Here are some usage examples of NDSRepair:

  • Check synchronization - bash# ndsrepair -E
  • Single object repair - bash# ndsrepair -J [entry_id]
  • Check eDirectory time sync - bash# ndsrepair -T
  • Check obituaries - bash# ndsrepair -C -Ad -A

The output of checking obituaries will be in this format:

		   Found: 0 total obituaries in this DIB,
   	    0 Unprocessed obits, 0 Purgeable obits,
   	    0 OK_To_Purge obits, 0 Notified obits
        Total errors: 0

If you experience problems running NDSRepair, start will all options set to "off." For example:

bash# ndsrepair -R -l yes -u no -m no -f no -d no -t no -i no -o no -r no -v no -c no


NDSTrace can be run in command-line mode or via iMonitor. To run it in command-line mode, use: bash# ndstrace -l [ >> output.log].

To find the modules that are loaded, use:
bash# ndstrace -c modules
bash# ndstrace -c ?load ndsclone?

To display current connections, use: bash# ndstrace -c connections

To display current threads, use: bash# ndstrace -c threads


The LDAPConfig utility can administer an LDAP server. To view all LDAP server attributes, use:
bash# ldapconfig get ?a admin.novell ?w password

To refresh an LDAP server, use:
bash# ldapconfig ?R ?a admin.novell ?w password

You can also change LDAP server attributes to change LDAP behavior. For example, to alter the logging level on the DSTrace screen, use:
bash# ldapconfig set ?LDAP Screen Level?=?all? ?a admin.novell ?w password


The NDSIndex utility can create, list, delete, suspend, and resume indexes. By default, it is installed into /usr/ldaptools/bin. The syntax for NDSIndex is:
bash# ./ndsindex [command] [options] [index]

NDSIndex uses LDAP to manipulate indexDefinition on the NCP server object. This means that LDAP must be working correctly. Once modified, indexDefinition kicks off the Limber process.

To list the CN index, use:
./ndsindex list ?D cn=admin,o=novell ?w password ?s cn=SVR01,o=novell CN

The results will look similar to this:

Index Version: 0
         Index Name: CN
         Index State: Online
         Index Rule: Value
         Index Type: Added on attribute creation
         Index State Value: Added from server
         NDS Attribute: CN

To add a VALUE index to the uid attribute, use:
bash# /usr/ldaptools/bin/ndsindex add -D cn=admin,o=novell -w novell -s cn=SVR01,o=novell "uid;uid;VALUE?

The results: Result Index(es) addition successful.

To suspend the uid attribute index, use:
bash# /usr/ldaptools/bin/ndsindex suspend -D cn=admin,o=novell -w novell -s
cn=SVR01,o=novell uid

The results: Index(es) suspension successful.

To list the uid index, use:
bash# /usr/ldaptools/bin/ndsindex list -D cn=admin,o=novell -w novell -s
cn=SVR01,o=novell uid

The results will look similar to this:

Index Version: 0
        	   Index Name: uid
        	   Index State: Suspended
        	   Index Rule: Value
        	   Index Type: User defined
        	   Index State Value: Added from server
        	   NDS Attribute: uid

Log files


The log file is the first place to check when something goes wrong. You should check it after installs or when you encounter errors. It stores initialization data, security information, and error messages. The log file for the ndsd process is typically found in the ?/var/nds? directory. You can change it with the n4u.server.vardir directive.

Below are brief descriptions of the log file types.


Log of schema changes to eDirectory by various utilities. Using the command "ndsconfig upgrade" will extend the schema and write the changes to this log.


Log of ndsrepair activity run from the CLI. You can specify an alternate log file by using: # ndsrepair -F


Note: To use the following commands, first enter "ndstrace" at a terminal.

To set the log file size, use: set ndstrace=*M<size_in_bytes>

To reset the log file, use: set ndstrace=*R

To log the CLI output to a file, use:
svr1:/var/nds # ndstrace; ndstrace file on
svr1:/var/nds # ndstrace -l > /pub/dstrace_example.log &

syslog (/var/log/messages)

Using the syslog, you can check for kernel errors such as:
  • Bad memory
  • Out of disk space
  • Bad NIC
  • Port conflicts

Log support tips

Here are some tips for using logs more effectively:

  • Search for errors in the logs first, and then search
  • Search for errors in iMonitor.
  • Search for signals, which are software interrupts. For example: SIGPIPE (13) - There was a broken pipe in IPC; SIGTERM (15), SIGINT (2) - Shuts down the service; SIGABRT (6) - Causes a core dump of the process.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© 2014 Novell