Installing eDirectory

The following sections provide information about installing Novell eDirectory on Solaris:


Using SLP with eDirectory

If you plan to use SLP to resolve tree names, it should have been properly configured and SLP DAs should be stable. If you don't want to (or cannot) use SLP, you can use the flat file hosts.nds to resolve tree names to server referrals. The hosts.nds file can be used to avoid SLP multicast delays when a SLP DA is not present in the network.hosts.nds is a static lookup table used by eDirectory applications to search eDirectory partition and servers. See the hosts.nds man page for more details.

NOTE:  If you decide to use SLP to resolve the tree name to determine if the eDirectory tree is advertised, after eDirectory and SLP are installed, enter the following:

/usr/bin/slpinfo -s "ndap.novell///(svcname-ws==[treename or *])"

For more information, see Configuring OpenSLP for eDirectory.


Using the nds-install Utility to Install eDirectory Components

Use the nds-install utility to install eDirectory components on Solaris systems. This utility is located in the Setup directory on the CD for the Solaris platform. The utility adds the required packages based on what components you choose to install.

  1. Log in as root on the host.

  2. Enter the following command from the setup directory:

    ./nds-install

    To install eDirectory components, use the following syntax:

    nds-install [-c component1 [-c component2]...] [-h]  
    [-n License file path] [-i]

    If you do not provide the required parameters in the command line, the nds-install utility will prompt you for the parameters.

    The following table provides a description of the nds-install utility parameters:

    nds-install Parameter Description

    -c

    Specifies the component to be installed based on the packages available. You can install more than one component by using the -c option multiple times.

    -h

    Displays help for nds-install.

    -n

    Specifies the path to the license file.

    -i

    Prevents the nds-install script from invoking ndsconfig upgrade if a DIB is detected at the time of the upgrade.

    For example, to install Novell eDirectory Server packages, you would enter the following command:

    ./nds-install -c server -n /var

  3. When prompted, accept the license agreement.

    The installation program displays a list of eDirectory components that you can install.

  4. Specify the option for the component you want to install.

    Based on the component you choose to install, the installation program proceeds to add the appropriate RPMs or packages into the Solaris system. The following table lists the packages installed for each eDirectory component.

    eDirectory Component Packages Installed Description

    eDirectory Server

    NDSbase
    NDScommon
    NDSmasv
    NDSserv
    NDSimon
    NDSrepair
    NDSslp
    NDSdexvnt
    NOVLsubag
    NOVLsnmp
    NOVLpkit
    NOVLpkis
    NOVLpkia
    NOVLembox
    NOVLlmgnt
    NOVLstlog
    NOVLxis
    NLDAPsdk
    NLDAPbase
    NOVLsas
    NOVLntls
    NOVLnmas

    The eDirectory replica server is installed on the specified server.

    Administration Utilities

    NOVLice
    NDSbase
    NLDAPbase
    NLDAPsdk
    NOVLpkia
    NOVLxis
    NOVLlmgnt

    The Novell Import Conversion Export and LDAP Tools administration utilities are installed on the specified workstation.

    Management Console for eDirectory

    NDSbase
    NDSslp
    NOVLC1
    C1JRE
    NDS set of packages

    The management console for eDirectory is installed on the specified workstation.

  5. If you are prompted, enter the complete path to the license file.

    You will be prompted to enter the complete path to the license file only if the installation program cannot locate the file in the default location
    (/var, a mounted license diskette, or the current directory).

    If the path you entered is not valid, you will be prompted to enter the correct path.

    You can use the ndsconfig utility to configure eDirectory Server after installation. However, to do so, you need to ensure that the License file has been copied to the /var directory.

    Novell Modular Authentication ServiceTM (NMASTM) is installed as part of the server component. By default, ndsconfig configures NMAS. You can also use the nmasinst utility to configure NMAS server after installation. This must be done after configuring eDirectory with ndsconfig.

    For more information on the ndsconfig utility, see The ndsconfig Utility.

    For more information on the nmasinst utility, see Using the nmasinst Utility to Configure NMAS .


Using the ndsconfig Utility to Add or Remove the eDirectory Replica Server

You must have Administrator rights to use the ndsconfig utility. When this utility is used with arguments, it validates all arguments and prompts for the password of the user having Administrator rights. If the utility is used without arguments, ndsconfig displays a description of the utility and available options. This utility can also be used to remove the eDirectory Replica Server and change the current configuration of eDirectory Server. For more information, see The ndsconfig Utility.


Creating a New Tree

Use the following syntax:

ndsconfig new -t treename -n server context -a admin FDN [-i] [-S server name] [-d path for dib] [-m module] [e] [-L ldap port] [-l SSL port] [-o http port] -O https port]

A new tree is installed with the specified tree name and context.

There is a limitation on the number of characters in the tree_name, admin FDN and server context variables. The maximum number of characters allowed for these variables is as follows:

  • tree_name: 32 characters
  • any FDN: 256 characters

If the parameters are not specified in the command line, ndsconfig prompts you to enter values for each of the missing parameters.

Or, you can also use the following syntax:

ndsconfig def -t treename -n server context -a admin FDN [-i] [-S server name] [-d path for dib] [-m module] [-e] [-L ldap port] [-l SSL port] [-o http port] -O https port]

A new tree is installed with the specified tree name and context. If the parameters are not specified in the command line, ndsconfig takes the default value for each of the missing parameters.

For example, to create a new tree, you could enter the following command:

ndsconfig new -t corp-tree -n o=company -a cn=admin.o=company


Adding a Server into an Existing Tree

Use the following syntax:

ndsconfig add -t treename -n server context -a admin FDN [-e] [-L ldap port] [-l SSL port] [-o http port] -O https port] [-S server name] [-d path for dib] [-p IP address] [-m module]

A server is added to an existing tree in the specified context. If the context that the user wants to add the Server object to does not exist, ndsconfig creates the context and adds the server.

LDAP and security services can also be added after eDirectory has been installed into the existing tree.

For example, to add a server into an existing tree, you could enter the following command:

ndsconfig add -t corp-tree -n o=company -a cn=admin.o=company


Removing a Server Object and Directory Services from a Tree

Use the following syntax:

ndsconfig rm -a admin FDN

eDirectory and its database are removed from the server.

NOTE:  The HTML files created using iMonitor will not be removed. You must manually remove these files before removing eDirectory.

For example, to remove the eDirectory Server object and directory services from a tree, you could enter the following command:

ndsconfig rm -a cn=admin.o=company


ndsconfig Utility Parameters

ndsconfig Parameter Description

new

Creates a new eDirectory tree. If the parameters are not specified in the command line, ndsconfig prompts you to enter values for each of the missing parameters.

def

Creates a new eDirectory tree. If the parameters are not specified in the command line, ndsconfig takes the default value for each of the missing parameters.

add

Adds a server into an existing tree.

rm

Removes the Server object and directory services from a tree.

-i

Ignores a tree of the same name, while installing a new tree. This option is generally not recommended for use.

-S

Specifies the server name. The default server name is host name.

-t

The tree name to which the server has to be added. If not specified, ndsconfig uses the tree name from the n4u.base.tree-name parameter specified in the etc/nds.conf file.

-n

The context of the server into which the Server object is added. If not specified, ndsconfig uses the context from the n4u.nds.server-context parameter specified in the /etc/nds.conf file.

-d

The directory path where the database files will be stored.

-L

The TCP port number on the LDAP server.

-l

The SSL port number on the LDAP server.

-a

Distinguished name of the User object that has Supervisor rights to the context in which the Server object and directory services will be created.

-e

Enables clear text passwords for LDAP objects.

-p

Installs eDirectory Server into an existing tree by specifying the IP address of a server hosting the tree. If this option is used, SLP is not used for tree lookup.

-m

Specifies the module name to install. While installing a new tree, you can install only the ds module. After installing the ds module, you can add the NMAS, LDAP, SAS, HTTP and SNMP services using the add command. If the module name is not specified, by default, all the five modules are installed.

-o

Specifies the HTTP clear port number.

-O

Specifies the HTTP secure port number.

set

Sets the value for the specified eDirectory configurable parameters. If the parameter list is not specified, ndsconfig lists all the eDirectory configurable parameters.

get

Lets you view the current value of the eDirectory configurable parameters.

get help

Lets you view the help strings for the eDirectory configurable parameters.


Using ndsconfig to Install a Solaris Server into a Tree with Dotted Name Containers

You can use ndsconfig to install a Solaris server into an eDirectory tree that has containers using dotted names (for example, novell.com).

Because ndsconfig is a command line utility, using containers with dotted names requires that those dots be escaped out, and the parameters containing these contexts must be enclosed in double quotes. For example, to install a new eDirectory tree on a Solaris server using "O=novell.com" as the name of the O, use the following command:

ndsconfig new -a "admin.novell\.com" -t novell_tree -n "OU=servers.O=novell\.com"

The Admin name and context and the server context parameters are enclosed in double quotes, and only the dot ('.') in novell.com is escaped using the '\' (backslash) character.

You can also use this format when installing a server into an existing tree.

NOTE:  You should use this format when entering dotted admin name and context while using utilities such as ndsrepair, ndsbackup, ndsmerge, ndslogin, and ldapconfig.


Using the nmasinst Utility to Configure NMAS

For eDirectory 8.7.3, by default, ndsconfig configures NMAS. You can also use nmasinst on Linux, Solaris, and AIX systems to configure NMAS.

ndsconfig only configures NMAS and does not install the login methods. To install these login methods, you can use nmasinst.

IMPORTANT:  You must configure eDirectory with ndsconfig before you install the NMAS login methods. You must also have administrative rights to the tree.


Configuring NMAS

By default, ndsconfig configures NMAS. You can also use nmasinst for the same.

To configure NMAS and create NMAS objects in eDirectory, enter the following at the server console command line:

nmasinst -i admin.context tree_name

nmasinst will prompt you for a password.

This command creates the objects in the Security container that NMAS needs, and installs the LDAP extensions for NMAS on the LDAP Server object in eDirectory.

The first time NMAS is installed in a tree, it must be installed by a user with enough rights to create objects in the Security container. However, subsequent installs can be done by container administrators with read-only rights to the Security container. nmasinst will verify that the NMAS objects exist in the Security container before it tries to create them.

nmasinst does not extend the schema. The NMAS schema is installed as part of the base eDirectory schema.


Installing Login Methods

To install login methods using nmasinst, enter the following at the server console command line:

nmasinst -addmethod admin.context tree_name config.txt_path

The last parameter specifies the config.txt file for the login method that is to be installed. A config.txt file is provided with each login method.

Here is an example of the -addmethod command:

nmasinst -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt

If the login method already exists, nmasinst will update it.

For more information, see "Managing Login and Post-Login Methods and Sequences" in the Novell Modular Authentication Service Administration Guide.