eDirectory Command-line Utilities for Linux
Novell Cool Solutions: Feature
Digg This -
Posted: 18 May 2005
Note: This article is adapted from the BrainShare 2005 presentation TUT280.
Here are some of the command-line utilities you can use with eDirectory on Linux:
- Log files
You can use the NDSConfig utility to get or set eDirectory parameters. For example, NDSConfig can configure the location of DIBs, using the nds.conf file. Here are the directives to use:
- n4u.nds.dibdir - defines the location of DIBs. The default is /var/nds/dib.
- n4u.server.configdir - defines the location of nds.conf. The default is /etc.
- n4u.server.vardir - defines the location of logs. The default is /var/nds.
- n4u.server.libdir - defines the location of the eDirectory library. The default is /usr/lib
Note: It is better to use ndsconfig than to manually edit nds.conf.
NDSConfig can also recover eDirectory Services (see man ndsconfig for details):
ndsconfig add -m [module]
This enables creating the following objects:
- LDAP objects
- SNMP Group objec t
- SAS Server Certificates (KMOs)
- HTTP object for iMonitor
- NMAS objects
NDSRepair can check and repair eDirectory. Here are some usage examples of NDSRepair:
- Check synchronization - bash# ndsrepair -E
- Single object repair - bash# ndsrepair -J [entry_id]
- Check eDirectory time sync - bash# ndsrepair -T
- Check obituaries - bash# ndsrepair -C -Ad -A
The output of checking obituaries will be in this format:
Found: 0 total obituaries in this DIB, 0 Unprocessed obits, 0 Purgeable obits, 0 OK_To_Purge obits, 0 Notified obits Total errors: 0
If you experience problems running NDSRepair, start will all options set to "off." For example:
bash# ndsrepair -R -l yes -u no -m no -f no -d no -t no -i no -o no -r no -v no -c no
NDSTrace can be run in command-line mode or via iMonitor. To run it in command-line mode, use: bash# ndstrace -l [ >> output.log].
To find the modules that are loaded, use:
bash# ndstrace -c modules
bash# ndstrace -c ?load ndsclone?
To display current connections, use: bash# ndstrace -c connections
To display current threads, use: bash# ndstrace -c threads
The LDAPConfig utility can administer an LDAP server. To view all LDAP server attributes, use:
bash# ldapconfig get ?a admin.novell ?w password
To refresh an LDAP server, use:
bash# ldapconfig ?R ?a admin.novell ?w password
You can also change LDAP server attributes to change LDAP behavior. For example, to alter the logging level on the DSTrace screen, use:
bash# ldapconfig set ?LDAP Screen Level?=?all? ?a admin.novell ?w password
The NDSIndex utility can create, list, delete, suspend, and resume indexes. By default, it is installed into /usr/ldaptools/bin. The syntax for NDSIndex is:
bash# ./ndsindex [command] [options] [index]
NDSIndex uses LDAP to manipulate indexDefinition on the NCP server object. This means that LDAP must be working correctly. Once modified, indexDefinition kicks off the Limber process.
To list the CN index, use:
./ndsindex list ?D cn=admin,o=novell ?w password ?s cn=SVR01,o=novell CN
The results will look similar to this:
Index Version: 0 Index Name: CN Index State: Online Index Rule: Value Index Type: Added on attribute creation Index State Value: Added from server NDS Attribute: CN
To add a VALUE index to the uid attribute, use:
bash# /usr/ldaptools/bin/ndsindex add -D cn=admin,o=novell -w novell -s cn=SVR01,o=novell "uid;uid;VALUE?
The results: Result Index(es) addition successful.
To suspend the uid attribute index, use:
bash# /usr/ldaptools/bin/ndsindex suspend -D cn=admin,o=novell -w novell -s
The results: Index(es) suspension successful.
To list the uid index, use:
bash# /usr/ldaptools/bin/ndsindex list -D cn=admin,o=novell -w novell -s
The results will look similar to this:
Index Version: 0 Index Name: uid Index State: Suspended Index Rule: Value Index Type: User defined Index State Value: Added from server NDS Attribute: uid
The log file is the first place to check when something goes wrong. You should check it after installs or when you encounter errors. It stores initialization data, security information, and error messages. The log file for the ndsd process is typically found in the ?/var/nds? directory. You can change it with the n4u.server.vardir directive.
Below are brief descriptions of the log file types.
Log of schema changes to eDirectory by various utilities. Using the command "ndsconfig upgrade" will extend the schema and write the changes to this log.
Log of ndsrepair activity run from the CLI. You can specify an alternate log file by using: # ndsrepair -F
Note: To use the following commands, first enter "ndstrace" at a terminal.
To set the log file size, use: set ndstrace=*M<size_in_bytes>
To reset the log file, use: set ndstrace=*R
To log the CLI output to a file, use:
svr1:/var/nds # ndstrace; ndstrace file on
svr1:/var/nds # ndstrace -l > /pub/dstrace_example.log &
syslog (/var/log/messages)Using the syslog, you can check for kernel errors such as:
- Bad memory
- Out of disk space
- Bad NIC
- Port conflicts
Log support tips
Here are some tips for using logs more effectively:
- Search for errors in the logs first, and then search support.novell.com.
- Search for errors in iMonitor.
- Search for signals, which are software interrupts. For example: SIGPIPE (13) - There was a broken pipe in IPC; SIGTERM (15), SIGINT (2) - Shuts down the service; SIGABRT (6) - Causes a core dump of the process.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com