Protecting the All-Important Home Directory Reference
Novell Cool Solutions: Trench
By David Gersic
Digg This -
Posted: 18 Sep 2002
In a User object, one can set the "Home Directory" for the user. This can be used by the login script processor, and other things, to locate file storage space for the user based on their DS information. This is generally a good thing.
A potential problem
The problem arises because of the way this is stored in the DS database for the user object. The path is stored as a link to the Volume Object representing the file system space. If, for some reason, that Volume Object is removed from the directory, every user object referencing it is modified to remove that reference, potentially leading to a loss of useful information.
Normally a Volume Object wouldn't be deleted by anybody, but it can happen. If, for example, NTS has you remove Directory Services from a server as part of a problem, that leads to Volume objects representing that server's volumes being removed from the Directory. This can turn a simple, one-server problem in to a tree-wide disaster. Even if there are other, perfectly happy servers in the tree with perfectly good replicas of all the user objects, in one quick operation all of those user's links to their home directory are gone.
This is true because there is a mostly hidden link from the server's file system back to the Volume object that represents it in the Directory. Whenever the server has Directory Services removed from it, it "helps" by cleaning up the Directory (if it can) by removing the NCP Server object representing the server itself, and by removing the Volume objects representing the server's file system. If the server can't do this, for one reason or another, the TIDs on dealing with crashed/dead/stolen servers tell you to do it manually, leading to the same problem.
Friends don't let friends
So, this suggestion (from a friend of mine) is a preventative to keep this from happening someday. It's especially valuable to a novice administrator that doesn't know what will happen if the Volume object is removed and who is apt to follow the instructions blindly, and to not understand the implications. This is made worse by NTS forgetting to mention this little problem when working on an issue and telling the novice admin to just remove directory services and reinstall it on the server.
The idea is to create a Volume Object that the server doesn't know about. All you do is use NWAdmin or ConsoleOne to make a volume object. When you make this object, ConsoleOne will prompt you for what server/volume this volume object represents. It will not, however, let the server know about this.
If you set up a Volume object, and use it for your Home Directory links, when something goes wrong later and the Volume objects that the server knows about are removed, the User objects are un-modified. When the server is brought back into the Directory, the users work fine again with no further changes needed. Or, if the server is not to be brought back, the Volume object can be modified to point at a new location without having to modify all of the User objects.
If you have questions for David, he can be e-mailed at: dgersicTAKETHISOUT@niu.edu
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com