Ten Linux Tips - Nov. 17
Novell Cool Solutions: Tip
Digg This -
Posted: 17 Nov 2004
Here are 10 Linux / eDirectory tips, along with the Q&A background. Keep in the Linux loop with these tips and tricks.
Tip 1: Use iManager or ConsoleOne to add replicas from NetWare to Linux.
Q: I'm wondering about how to add a replica from a NetWare-based eDirectory to a Linux machine.
A: It's easy - you just use iManager or ConsoleOne and treat it like any other eDirectory server. I would look into DSTrace on the Linux box so you can watch for errors.
Tip 2: Change file permissions to make eGuide options stick.
Q: I installed eDirectory 8.7.3 under SUSE Linux Enterprise Server and decided to give eGuide a look. After some tests, I verified that some options could not be changed via the "Administration Utility" console (Activate Debug, and Add Administrative Users).
Even after checking an option (setting the Debug under [Reporting][Debug]), clicking over [Save] and getting informed that all modifications were successful, the resulting page still showed the same unmodified options (Debug still unchecked).
A: Try changing the ownership/permissions of the files under: /opt/webapps/eGuide/WEB-INF/properties
On your system, "chmod" the above files to 666, assign them the novlwww:novlwww user/group and restart Tomcat (just to be sure).
Tip 3: Change an SLP.CONF setting to configure OpenSLP as a DA on a SUSE server.
Q: Any tips on how to configure OpenSLP as a DA on a SUSE 8 server? I've checked the OpenSLP doc and it is pretty sparse in that regard.
A: Set net.slp.isDA to True in the /etc/slp.conf file. See http://www.openslp.org/doc/html/UsersGuide/SlpConf.html
Tip 4: Use the IP address instead of the tree name for the ConsoleOne "tree" box.
Q: I've been using ConsoleOne on SUSE 9.0 for the past month or so. I installed SUSE 9.1 Professional this week, and now I can't get ConsoleOne to work. If I install the jre that came with ConsoleOne, it won't even start. If I use the jre bundled with SUSE 9.1, then I can actually get the program to start, but I can't authenticate with any servers. I get the following error:
"(Error -634) The target server does not have a copy of what the source server is requesting. Or, the source server has no objects that match the request and has no referrals on which to search for the object."
I've tried logging into our main production tree and a test tree, and I get that error for both. Any ideas?
A: You should write the IP address of your server holding the Master replica of the [Root] partition to the "Tree" box of ConsoleOne - instead of the name of the tree.
Tip 5: For posixAccount, extend an object with it and use iManager to create a snap-in for it.
Q: When I want to create an object type of "posixAccount" with eDirectory I get an error: "You don't have the snap-in to work with this object."
A: posixAccount is an auxilliary class, not an effective class. The first problem is that you need to extend an existing object with it, rather than trying to create an object of this class type.
The second problem is that there isn't a snap-in to administer posixAccount extended objects. You can still administer the user component of the object, but in ConsoleOne you have to use the "Other" tab to set the values of the attributes. In iManager 2.0.2, creating a snapin for this object extension is pretty trivial using the Plug-in studio.
Tip 6: Don't use ACLs in Samba to authenticate to eDirectory - use XFS instead.
Q: I wanted to know if we would be able to use ACLs in Samba while authenticating to eDirectory. Specifically, Win2k and WinXP will be accessing Samba shares using Samba 3.
A: No, because file-system ACLs are not stored in eDirectory - they're stored in the file system.
Samba ACLs work on any Linux file system that supports extended attributes. Personally, I've used XFS with good results. Take a look at: http://www.bluelightning.org/linux/samba_acl_howto/
Tip 7: When port 636 is enabled but doesn't listen, check its certificate association.
Q: I have installed edir 188.8.131.52 on a Suse 8.1 Server. LDAP is running fine on port 389, but I am not showing the server listening on 636. I have checked the configuration of the LDAP server. It shows:
TCP Port 389 ENABLED
SSL Port 636 ENABLED
Does NOT require TLS for all operations.
I can open eDirectory using a browser on port 389, but not on 636. NMAP on the server shows the server is listening on 389, but not on 636. Do I have to modify a configuration file somewhere, and if so, where can I find it?
A: Check to make sure there's a certificate associated with the server configuration in the LDAP server. If there's no cert, the port won't be opened. This is the most common cause of the problem you're describing.
Tip 8: To connect to iManager after installation, be sure to access the configuration URL.
Q: After eDirectory installation, I tried to connect to iManager, with this result:
There was a problem starting the servlet:
Missing setting: System.GUID
Most problems starting up are related to missing information in the PortalServlet.properties file
A: The trick is to access the server configuration as instructed in the docs to complete the initialization phase.
Tip 9: Authenticate from LDAP servers (like SUSE Linux Standard Server) to eDirectory.
Q: Is it possible to make eDirectory authenticate through another LDAP server, like SUSE Linux Standard Server?
A: No, but you should able to do the authentication the other way around.
Tip 10: Follow these easy steps to replicate a partition (SUSE Linux Enterprise Server).
Q: I'm still testing eDirectory 8.7.3 on SUSE Linux Enterprise Server. I've waded both through the ConsoleOne and eDir Admin Guide but it's still not clear to me the procedure to replicate a partition of the tree.
A: First you create a partition, splitting an existing partition in to two parts. You can do this in ConsoleOne.
- In the left pane, click on the container object that you want to be the partition root.
- Click on View -> Partition and Replica View
- Click on Edit -> Create Partition
- Wait ...
This creates a new partition from an existing partition. If you're starting with a basic tree that has only the [Root] partition, you'll now have two partitions, [Root], and your new one.
Partitions are logical divisions of the database. Each partition will have one or more Replicas, which are physical instances of the partition data being stored on a server. When you created your new partition via the steps above, it was set up with replicas on the servers that hold the replicas of the partition it was split from. Once your partition exists, you can use the Partition and Replica view to add new replicas to new servers, or remove replicas from servers.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com