1.6 Installing eDirectory

The following sections provide information about installing Novell eDirectory on Linux:

1.6.1 Using SLP with eDirectory

In earlier releases of eDirectory, SLP was installed during the eDirectory install. But with eDirectory 8.8, you need to separately install SLP before proceeding with the eDirectory install.

If you plan to use SLP to resolve tree names, it should have been properly installed and configured and the SLP DAs should be stable.

  1. Install OpenSLP (if it is not installed already)

  2. Follow the onscreen instructions to complete the SLP installation.

  3. Start SLP manually as follows:

    /etc/init.d/slpd start

For more information, refer to Section C.0, Configuring OpenSLP for eDirectory.

Similarly, when you uninstall the SLP package, you need to stop SLP manually, as follows:

/etc/init.d/slpd stop

If you don't want to (or cannot) use SLP, you can use the flat file hosts.nds to resolve tree names to server referrals. The hosts.nds file can be used to avoid SLP multicast delays when SLP DA is not present in the network.

hosts.nds is a static lookup table used by eDirectory applications to search eDirectory partition and servers. In the hosts.nds file, for each tree or server, a single line contains the following information:

  • Tree/Server Name: Tree names end with a trailing dot (.).

  • Internet Address: This can be a DNS name or IP address.

  • Server Port: Optional, appended with a colon (:) to the Internet address.

Local server need not have an entry in this file unless it is listening on non-default ncp port.

The syntax followed in the hosts.nds file is as follows: 

<[partition name.]tree name>.  <host-name/ip-addr>[:<port>]
<server name>  <dns-addr/ip-addr>[:<port]

For example: 

# This is an example of a hosts.nds file:
# Tree name             Internet address/DNS Resolvable Name
  CORPORATE.            myserver.mycompany.com
  novell.CORPORATE.     1.2.3.4:524

# Server name           Internet address
  CORPSERVER            myserver.mycompany.com

See the hosts.nds man page for more details.

If you decide to use SLP to resolve the tree name to determine if the eDirectory tree is advertised, after eDirectory and SLP are installed, enter the following:

/usr/bin/slptool findattrs services:ndap.novell///(svcname-ws==[treename or *])"

For example, to search for the services whose svcname-ws attribute match with the value SAMPLE_TREE, enter the following command:

/usr/bin/slptool findattrs services:ndap.novell///(svcname-ws==SAMPLE_TREE)/"

If you have a service registered with its svcname-ws attribute as SAMPLE_TREE, then the output will be similar to the following:

service:ndap.novell:///SAMPLE_TREE

If you do not have a service registered with its svcname-ws attribute as SAMPLE_TREE, there will be no output.

For more information, see Section C.0, Configuring OpenSLP for eDirectory.

1.6.2 Using the nds-install Utility to Install eDirectory Components

Use the nds-install utility to install eDirectory components on Linux systems. This utility is located in the Setup directory of the downloaded file for the Linux platform. The utility adds the required packages based on what components you choose to install.

IMPORTANT:If the ZENworks Linux Management client is installed and the daemon (rcd) is running, then before running nds-install, stop the daemon using /etc/init.d/rcd stop.

  1. Enter the following command at the setup directory:

    ./nds-install

    If you do not provide the required parameters in the command line, the nds-install utility will prompt you for the parameters.

    The following table provides a description of the nds-install utility parameters:

    nds-install Parameter

    Description

    -h or --help

    Displays help for nds-install.

    -i

    Prevents the nds-install script from invoking the ndsconfig upgrade if a DIB is detected at the time of the upgrade.

    -j

    Jumps or overrides the health check option before installing eDirectory. For more information about health checks, refer to Section B.0, eDirectory Health Checks.

    -m

    Specifies the module name to configure. While configuring a new tree, you can configure only the ds module. After configuring the ds module, you can add the NMAS, LDAP, SAS, SNMP, HTTP services, and Novell SecretStore (ss) using the add command. If the module name is not specified, all the modules are installed.

    -u

    Specifies the option to use in an unattended install mode.

    For unattended install to proceed, you need to enter at least the -c option at the command line, or else the install will abort.

    The installation program installs the following RPMs:

    eDirectory Component

    Packages Installed

    Description

    eDirectory Server

    novell-NDSbase novell-NDScommon novell-NDSmasv novell-NDSserv novell-NDSimon novell-NDSrepair novell-NDSdexvnt novell-NOVLsubag novell-NOVLsnmp novell-NOVLpkit novell-NOVLpkis novell-NOVLpkia novell-NOVLembox novell-NOVLlmgnt novell-NOVLxis novell-NLDAPsdk novell-NLDAPbase novell-NOVLsas novell-NOVLntls novell-NOVLnmas novell-NOVLldif2dib novell-NOVLncp

    The eDirectory replica server is installed on the specified server.

    Administration Utilities

    novell-NOVLice novell-NDSbase novell-NLDAPbase novell-NLDAPsdk novell-NOVLpkia novell-NOVLxis novell-NOVLlmgnt

    The Novell Import Conversion Export and LDAP Tools administration utilities are installed on the specified workstation.

  2. If you are prompted, enter the complete path to the license file.

    You will be prompted to enter the complete path to the license file only if the installation program cannot locate the file in the default location (/var, the mounted license diskette, or the current directory).

    If the path you entered is not valid, you will be prompted to enter the correct path.

  3. After the installation is complete, you need to update the following environment variables and export them. You can either do it manually or use a script.

    • Manually export the environment variables

      • For 32-bit

        export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib:$LD_LIBRARY_PATH

      • For 64-bit

        export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib64:/opt/novell/eDirectory/lib64/nds-modules:/opt/novell/lib64:$LD_LIBRARY_PATH


        

      export MANPATH=/opt/novell/man:/opt/novell/eDirectory/man:$MANPATH


      export TEXTDOMAINDIR=/opt/novell/eDirectory/share/locale:$TEXTDOMAINDIR

    • Use the ndspath script to export the environment variables

      If you do not want to export the paths manually, you can use the /opt/novell/eDirectory/bin/ndspath script as follows:

      • Prefix the ndspath script to the utility and run the utility you want as follows:

        /opt/novell/eDirectory/bin/ndspath utility_name_with_parameters

        NOTE:When you prefix ndspath script to the commands with arguments, specify the arguments in double quotes.

        For example:

        /opt/novell/eDirectory/bin/ndspath ldapconfig "-s ldapTLSRequired=yes"

      • Export the paths in the current shell as follows:

        . /opt/novell/eDirectory/bin/ndspath

        After entering the above command, run the utilities as you would normally do.

      • The path exporting instructions should be placed at the end of /etc/profile or ~/bashrc or similar scripts. Therefore, whenever you log in or open a new shell, you can start using the utilities directly.

You can use the ndsconfig utility to configure eDirectory Server after installation.

Novell Modular Authentication Service (NMAS) is installed as part of the server component. By default, ndsconfig configures NMAS. You can also use the nmasinst utility to configure NMAS server after installation. This must be done after configuring eDirectory with ndsconfig.

For more information on the ndsconfig utility, see The ndsconfig Utility.

For more information on the nmasinst utility, see Using the nmasinst Utility to Configure NMAS.

1.6.3 Nonroot User Installing eDirectory 8.8

A nonroot user can install eDirectory 8.8 using the tarball.

Prerequisites

  • Ensure that NICI is installed.

    For information on installing NICI, refer to Installing NICI.

  • Ensure that SNMP subagent is installed using the command "rpm --nodeps <path of snmp subagent rpm>".

  • If you want to use SLP and SNMP, ensure that they are installed by the root user.

  • Write rights to the directory where you want to install eDirectory.

    If you are a nonadministrator user, ensure that you have the appropriate rights as mentioned in the Section 1.2, Prerequisites section.

Installing NICI

NICI should be installed before you proceed with the eDirectory installation. Both root and nonroot users can install NICI. With eDirectory 8.8 SP3 or later versions, 32 and 64-bit applications can coexist in a single system. This requires installing both 32 and 64-bit NICI. Use the --force option while installing the NICI packages. The command looks like as follows:

rpm -ivh --force nici_rpm_file_name_with_path

For 32-bit: The command is

rpm -ivh --force nici-2.7.4-0.01.i386_64.rpm

For 64-bit: The command is

rpm -ivh --force nici64-2.7.4-0.01.x86.rpm

Root User Installing NICI

To install NICI, complete the following procedure:

  1. Enter the following command:

    rpm -ivh nici_rpm_file_name_with_path

    For example:

    rpm -ivh nici-2.7.0-5.i386.rpm

  2. To initialize NICI, enter the following:

    ln -sf /var/opt/novell/nici /var/novell/nici

    To ensure that NICI is set to server mode, enter the following:

    /var/opt/novell/nici/set_server_mode

Nonroot User Installing NICI

Nonroot users can make use of the sudo utility to install NICI. Sudo (superuser do) allows a root user to give certain users the ability to run some commands as root. A root user can do this by editing the /etc/sudoers configuration file and adding appropriate entries in it.

For more information, refer to the sudo Website.

WARNING:sudo enables you to give limited root permissions to nonroot users. Therefore, you must understand the security implications before proceeding.

A root user needs to complete the following procedure to enable a nonroot user (for example, john) to install NICI:

  1. Log in as root.

  2. Edit the /etc/sudoers configuration file using the visudo command.

    NOTE:There is no space between vi and sudo in the command.

    Make an entry with the following information:

    Username   hostname=(root) NOPASSWD: /bin/rpm

    For example, to enable john to run /bin/rpm as root on the hostname lnx-2, type the following:

    john     lnx-2=(root) NOPASSWD: /bin/rpm

A nonroot user (john in the example) needs to do the following to install NICI:

  1. Log in as john and execute the following command:

    sudo rpm -ivh nici_rpm_file_name_with_path

    For example:

    sudo rpm -ivh /88/Linux/Linux/setup/nici-2.7.0-5.i386.rpm

  2. To initialize NICI, enter the following:

    ln -sf /var/opt/novell/nici /var/novell/nici

    To ensure that NICI is set to server mode, enter the following:

    /var/opt/novell/nici/set_server_mode

NICI gets installed in the server mode.

Installing eDirectory

  1. Go to the directory where you want to install eDirectory.

  2. Untar the tar file as follows:

    tar xvf /tar_file_name

    The etc, opt, and var directories are created.

  3. Export the paths as follows:

    • Manually export the environment variables

      • For 32-bit

        export LD_LIBRARY_PATH=custom_location/eDirectory/opt/novell/eDirectory/lib:custom_location/eDirectory/opt/novell/eDirectory/lib/nds-modules:custom_location/eDirectory/opt/novell/lib:$LD_LIBRARY_PATH


        export PATH=custom_location/eDirectory/opt/novell/eDirectory/bin:custom_location/eDirectory/opt/novell/eDirectory/sbin:/opt/novell/eDirectory/bin:$PATH


        export MANPATH=custom_location/eDirectory/opt/novell/man:custom_location/eDirectory/opt/novell/eDirectory/man:$MANPATH


        export TEXTDOMAINDIR=custom_location/eDirectory/opt/novell/eDirectory/share/locale:$TEXTDOMAINDIR

      • For 64-bit

        export LD_LIBRARY_PATH=custom_location/eDirectory/opt/novell/eDirectory/lib64:custom_location/eDirectory/opt/novell/eDirectory/lib64/nds-modules:custom_location/eDirectory/opt/novell/lib64:$LD_LIBRARY_PATH


        export PATH=custom_location/eDirectory/opt/novell/eDirectory/bin:custom_location/eDirectory/opt/novell/eDirectory/sbin:/opt/novell/eDirectory/bin:$PATH


        export MANPATH=custom_location/eDirectory/opt/novell/man:custom_location/eDirectory/opt/novell/eDirectory/man:$MANPATH


        export TEXTDOMAINDIR=custom_location/eDirectory/opt/novell/eDirectory/share/locale:$TEXTDOMAINDIR

    • Use the ndspath script to export the environment variables

      If you do not want to export the paths manually, prefix the ndspath script to the utility.

      • Run the utility you want as follows:

        custom_location/eDirectory/opt/novell/eDirectory/bin/ndspath utility_name_with_parameters

      • Export the paths in the current shell as follows :

        . custom_location/eDirectory/opt/novell/eDirectory/bin/ndspath

        NOTE:Ensure that you enter the above commands from the custom_location/eDirectory/opt directory.

        After entering the above commands, run the utilities as you would normally do.

      • Call the script in your profile, bashrc, or similar scripts. Therefore, whenever you log in or open a new shell, you can start using the utilities directly.

  4. Configure eDirectory in the usual manner.

    You can configure eDirectory in any of the following ways:

    • Use the ndsconfig utility as follows:

      ndsconfig new [-t <treename>] [-n <server_context>] [-a <admin_FDN>] [-w <admin password>] [-i] [-S <server_name>] [-d <path_for_dib>] [-m <module>] [e] [-L <ldap_port>] [-l <SSL_port>] [-o <http_port>] -O <https_port>] [-p <IP address:[port]>] [-c] [-b <port_to_bind>] [-B <interface1@port1>, <interface2@port2>,..] [-D <custom_location>] [--config-file <configuration_file>]

      For example:

      ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 -d /home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf

      The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications. Therefore, you cannot assume the default port 524 for any eDirectory applications.

      This might cause the following applications to break:

      • The applications that don't have an option to specify the target server port.

      • The older applications that use NCP, and run as root for 524.

    • Use the ndsmanage utility to configure a new instance. For more information, refer to the Creating an Instance through ndsmanage.

    Follow the onscreen instructions to complete the configuration.

    For more information, see Section 1.6.4, Using the ndsconfig Utility to Add or Remove the eDirectory Replica Server.

IMPORTANT:Security Services cannot be updated separately with the tarball installation of eDirectory unlike the package installs. For tarball installation, the security updates can be obtained only through eDirectory support packs.

1.6.4 Using the ndsconfig Utility to Add or Remove the eDirectory Replica Server

You must have Administrator rights to use the ndsconfig utility. When this utility is used with arguments, it validates all arguments and prompts for the password of the user having Administrator rights. If the utility is used without arguments, ndsconfig displays a description of the utility and available options. This utility can also be used to remove the eDirectory Replica Server and change the current configuration of eDirectory Server. For more information, see The ndsconfig Utility.

Prerequisite for Configuring eDirectory in a Specific Locale

If you want to configure eDirectory in a specific locale, you need to export LC_ALL and LANG to that particular locale before eDirectory configuration. For example, to configure eDirectory in the Japanese locale, enter the following:

export LC_ALL=ja

export LANG=ja

Creating A New Tree

Use the following syntax:

ndsconfig new [-t <treename>] [-n <server context>] [-a <admin FDN>] [-i] [-S <server name>] [-d <path for dib>] [-m <module>] [e] [-L <ldap port>] [-l <SSL port>] [-o <http port>] [-O <https port>] [-p <IP address:[port]>] [-R] [-c] [-w <admin password>] [-b <port to bind>] [-B <interface1@port1>, <interface2@port2>,..] [-D <custom_location>] [--config-file <configuration_file>]

A new tree is installed with the specified tree name and context.

There is a limitation on the number of characters in the tree_name, admin FDN and server FDN variables. The maximum number of characters allowed for these variables is as follows:

  • tree_name: 32 characters

  • admin FDN: 256 characters

  • server FDN: 256 characters

If the parameters are not specified in the command line, ndsconfig prompts you to enter values for each of the missing parameters.

Or, you can also use the following syntax:

ndsconfig def [-t <treename>] [-n <server context>] [-a <admin FDN>] [-w <admin password>] [-c] [-i] [-S <server name>] [-d <path for dib>] [-m <module>] [-e] [-L <ldap port>] [-l <SSL port>] [-o <http port>] [-O <https port>] [-D <custom_location>] [--config-file <configuration_file>]

A new tree is installed with the specified tree name and context. If the parameters are not specified in the command line, ndsconfig takes the default value for each of the missing parameters.

For example, to create a new tree, you could enter the following command:

ndsconfig new -t corp-tree -n o=company -a cn=admin.o=company

Adding a Server into an Existing Tree

Use the following syntax:

ndsconfig add [-t <treename>] [-n <server context>] [-a <admin FDN>] [-w <admin password>] [-e] [-P <LDAP URL(s)>][-L <ldap port>] [-l <SSL port>] [-o <http port>] [-O <https port>] [-S <server name>] [-d <path for dib>] [-m <module>] [-p <IP address:[port]>] [-R] [-c] [-b <port to bind>] [-B <interface1@port1>, <interface2@port2>,..] [-D <custom_location>] [--config-file <configuration_file>] [-E]

A server is added to an existing tree in the specified context. If the context that the user wants to add the Server object to does not exist, ndsconfig creates the context and adds the server.

LDAP and security services can also be added after eDirectory has been installed into the existing tree.

For example, to add a server into an existing tree, you could enter the following command:

ndsconfig add -t corp-tree -n o=company -a cn=admin.o=company -S srv1

You can enable encrypted replication in the server you want to add using the -E option. For more information on encrypted replication, refer to Novell eDirectory 8.8 Administration Guide.

Removing a Server Object And Directory Services From a Tree

Use the following syntax:

ndsconfig rm [-a <admin FDN>] [-w <admin password>] [-p <IP address:[port]>] [-c]

eDirectory and its database are removed from the server.

NOTE:The HTML files created using iMonitor will not be removed. You must manually remove these files from /var/opt/novell/eDirectory/data/dsreports before removing eDirectory.

For example, to remove the eDirectory Server object and directory services from a tree, you could enter the following command:

ndsconfig rm -a cn=admin.o=company

ndsconfig Utility Parameters

ndsconfig Parameter

Description

new

Creates a new eDirectory tree. If the parameters are not specified in the command line, ndsconfig prompts you to enter values for each of the missing parameters.

def

Creates a new eDirectory tree. If the parameters are not specified in the command line, ndsconfig takes the default value for each of the missing parameters.

add

Adds a server into an existing tree. Also adds LDAP and SAS services, after eDirectory has been configured in the existing tree.

rm

Removes the Server object and directory services from a tree.

NOTE:This option does not remove the key material objects. These objects must be removed manually.

upgrade

Upgrades eDirectory to a later version.

-i

While configuring a new tree, ignores checking whether a tree of the same name exists. Multiple trees of the same name can exist.

-S server name

Specifies the server name. The server name can also contain dots (for example, novell.com). Because ndsconfig is a command line utility, using containers with dotted names requires that those dots be escaped out, and the parameters containing these contexts must be enclosed in double quotes.

For example, to install a new eDirectory tree on a UNIX server using “novell.com” as the name of the O, use the following command:

ndsconfig new -a "admin.novell\\.com" -t novell_tree -n "OU=servers.O=novell\\.com"

The Admin name and context and the server context parameters are enclosed in double quotes, and only the '.' in novell.com is escaped using the '\\' (backslash) character. You can also use this format when installing a server into an existing tree.

NOTE:You cannot start a name with a dot. For example, you cannot install a server that has the name “.novell”, because it starts with a dot ('.').

-t treename

The tree name to which the server has to be added. It can have a maximum of 32 characters. If not specified, ndsconfig takes the tree name from the n4u.nds.tree-name parameter that is specified in the /etc/opt/novell/eDirectory/conf/nds.conf file. The default treename is $LOGNAME-$HOSTNAME-NDStree.

-n server context

Specifies the context of the server in which the server object is added. It can have a maximum of 64 characters. If the context is not specified, ndsconfig takes the context from the configuration parameter n4u.nds.server-context specified in the /etc/opt/novell/eDirectory/conf/nds.conf file. The server context should be specified in the typed form. The default context is org.

-d path for dib

The directory path where the database files will be stored.

-r

This option forcefully adds the replica of the server regardless of the number of servers already added to the server.

-L ldap_port

Specifies the TCP port number on the LDAP server. If the default port 389 is already in use, it prompts for a new port.

-l ssl_port

Specifies the SSL port number on the LDAP server. If the default port 636 is already in use, it prompts for a new port.

-a admin FDN

Specifies the fully distinguished name of the User object with Supervisor rights to the context in which the server object and Directory services are to be created. The admin name should be specified in the typed form. It can have a maximum of 64 characters. The default admin name is admin.org.

-e

Enables clear text passwords for LDAP objects.

-m modulename

Specifies the module name to configure. While configuring a new tree, you can configure only the ds module. After configuring the ds module, you can add the NMAS, LDAP, SAS, SNMP, HTTP services, and Novell SecretStore (ss) using the add command. If the module name is not specified, all the modules are installed.

NOTE:If you do not want to configure Novell SecretStore during eDirectory upgrade through nds-install, pass the ‘no_ss’ value to this option; that is nds-install '-m no_ss'.

-o

Specifies the HTTP clear port number.

-O

Specifies the HTTP secure port number.

-p <IP address:[port]>

This option is used for secondary server addition ('add' command) to a tree. It specifies the IP address of the remote host that holds a replica of the partition to which this server is being added. The default port number is 524. This helps in faster lookup of the tree since it avoids SLP lookup.

-R

By default a replica of the partition to which the server is added would be replicated to the local server. This option disallows adding replicas to the local server.

-c

This option avoids prompts during ndsconfig operation, such as yes/no to continue the operation, or prompt to re-enter port numbers when there is a conflict, etc. The user receives prompts only for entering mandatory parameters if they are not passed on command line.

-w <admin password>

This option allows passing the admin user password in clear text.

NOTE:Since password is passed in clear text, this is not recomended as a safe option owing to password insecurity.

-E

Enables encrypted replication for the server you are trying to add.

-j

Jumps or overrides the health check option before installing eDirectory.

-b port to bind

Sets the default port number on which a particular instance should listen on. This sets the default port number on n4u.server.tcp-port and n4u.server.udp-port. If an NCP port is passed using the -b option, then it is assumed to be the default port and the TCP and UDP params are updated accordingly.

NOTE:-b and -B are exclusively used.

-B interface1@port1, interface2@port2,...

Specifies the port number along with the IP address or interface. For example:

-B eth0@524

or

-B 100.1.1.2@524

NOTE:-b and -B are mutually exclusive.

--config-file configuration file

Specify the absolute path and file name to store the nds.conf configuration file. For example, to store the configuration file in the /etc/opt/novell/eDirectory/ directory, enter --config-file /etc/opt/novell/eDirectory/nds.conf.

-P <LDAP URL(s)>

Allows the LDAP URLs to configure the LDAP interface on the LDAP Server object.

For example: -P ldap://1.2.3.4:1389,ldaps://1.2.3.4:1636

-D path_for_data

Creates the data, dib, and log directories in the path mentioned.

set valuelist

Sets the value for the specified eDirectory configurable parameters. It is used to set the bootstrapping parameters before configuring a tree. When configuration parameters are changed, ndsd needs to be restarted for the new value to take effect. However, for some configuration paramters, ndsd need not be restarted.

These paramters are listed below:

  • n4u.nds.inactivity-synchronization-interval

  • n4u.nds.synchronization-restrictions

  • n4u.nds.janitor-interval

  • n4u.nds.backlink-interval

  • n4u.nds.drl-interval

  • n4u.nds.flatcleaning-interval

  • n4u.nds.server-state-up-threshold

  • n4u.nds.heartbeat-schema

  • n4u.nds.heartbeat-data

get help paramlist

Use to view the help strings for the specified eDirectory configurable parameters. If the parameter list is not specified, ndsconfig lists the help strings for all the eDirectory configurable parameters.

set valuelist

Sets the value for the specified eDirectory configurable parameters. It is used to set the bootstrapping parameters before configuring a tree.

When configuration parameters are changed, ndsd needs to be restarted for the new value to take effect.

get paramlist

Use to view the current value of the specified eDirectory configurable parameters. If the parameter list is not specified, ndsconfig lists all the eDirectory configurable parameters.

1.6.5 Using ndsconfig to Configure Multiple Instances of eDirectory 8.8

You can configure multiple instances of eDirectory 8.8 on a single host. For conceptual information on multiple instances, see Multiple Instance Support in the Novell eDirectory 8.8 What's New Guide.

The method to configure multiple instance is similar to configuring a single instance multiple times. Each instance should have unique instance identifiers, such as the following:

  • Different data and log file location

    You can use the ndsconfig --config-file, -d, and -D options to do this.

  • Unique portnumber for the instance to listen to

    You can use the ndsconfig -b and -B options to do this.

  • Unique server name for the instance

    You can use the ndsconfig -S server name option to do this.

    IMPORTANT:During eDirectory configuration, the default NCP server name is set as the host server name. When configuring multiple instances, you must change NCP server name. Use the ndsconfig command line option, -S <server_name> to specify a different server name.

    When configuring multiple instances, either on the same tree or on different trees, the NCP server name should be unique.

NOTE:All the instances share the same server key (NICI).

You can also create a new instance using the ndsmanage utility. For more information, see Creating an Instance through ndsmanage.

To list all the instances on a specific host and do other operations on them, you can use the ndsmanage utility.

IMPORTANT:The install_location/etc/opt/novell/eDirectory/conf directory contains some of the critical configuration information used for tracking and managing the eDirectory instances running on your server. Do not remove any contents from this directory.

This sections explains the following:

The ndsmanage Utility

The ndsmanage utility enables you to do the following:

Listing the Instances

The following table describes how to list the eDirectory instances.

Table 1-1 ndsmanage Usage for Listing the Instances

Syntax

Description

ndsmanage

Lists all the instances configured by you.

ndsmanage -a|--all

List instances of all the users who are using a particular installation of eDirectory.

ndsmanage username

List the instances configured by a specific user

The following fields are displayed for every instance:

  • Configuration file path

  • Server FDN and port

  • Status (whether the instance is active or inactive)

NOTE:This utility lists all the instances configured for a single binary.

Refer to Figure 1-1 for more information.

Creating an Instance through ndsmanage

To create a new instance through ndsmanage:

  1. Enter the following command:

    ndsmanage

    If you have two instances configured, the following screen is displayed:

    Figure 1-1 ndsmanage Utility Output Screen

  2. Enter c to create a new instance.

    You can either create a new tree or add a server to an existing tree. Follow the instructions on the screen to create a new instance.

Performing Operations for a Specific Instance

You can perform the following operations for every instance:

Other than the ones listed above, you can also run ndstrace for a selected instance.

Starting a Specific Instance

To start an instance configured by you, do the following:

  1. Enter the following:

    ndsmanage

  2. Select the instance you want to start.

    The menu expands to include the options you can perform on a specific instance.

    Figure 1-2 ndsmanage Utility Output Screen with Instance Options

  3. Enter s to start the instance.

Alternatively, you can also enter the following at the command prompt:

ndsmanage start --config-file configuration_file_of_the_instance_configured_by_you

Stopping a Specific Instance

To stop an instance configured by you, do the following:

  1. Enter the following:

    ndsmanage

  2. Select the instance you want to stop.

    The menu expands to include the options you can perform on a specific instance. For more information, refer to ndsmanage Utility Output Screen with Instance Options.

  3. Enter k to stop the instance.

Alternatively, you can also enter the following at the command prompt:

ndsmanage stop --config-file configuration_file_of_the_instance_configured_by_you

Deconfiguring an Instance

To deconfigure an instance, do the following:

  1. Enter the following:

    ndsmanage

  2. Select the instance you want to deconfigure.

    The menu expands to include the options you can perform on a specific instance. For more information, refer to ndsmanage Utility Output Screen with Instance Options.

  3. Enter d to deconfigure the instance.

Starting and Stopping All Instances

You can start and stop all the instances configured by you.

Starting all the Instances

To start all the instances configured by you, enter the following at the command prompt:

ndsmanage startall

To start a specific instance, refer to Starting a Specific Instance.

Stopping All Instances

To stop all the instances configured by you, enter the following at the command prompt:

ndsmanage stopall

To stop a specific instance, refer to Stopping a Specific Instance.

Example

Mary wants to configure 2 trees on a single host machine.

Planning the Setup

Mary specifies the following instance identifiers.

  • Instance 1:

    Port number the instance should listen on

    1524

    Configuration file path

    /home/maryinst1/nds.conf

    VAR directory

    /home/mary/inst1/var

  • Instance 2:

    Port number the instance should listen on

    2524

    Configuration file path

    /home/mary/inst2/nds.conf

    VAR directory

    /home/mary/inst2/var

Configuring the Instances

To configure the instances based on the above mentioned instance identifiers, Mary must enter the following commands.

  • Instance 1: 

    ndsconfig new -t mytree -n o=novell -a cn=admin.o=company -b 1524 -D 
/home/mary/inst1/var --config-file /home/mary/inst1/nds.conf

  • Instance 2: 

    ndsconfig new -t corptree -n o=novell -a cn=admin.o=company -b 2524 -D 
/home/mary/inst2/var --config-file /home/mary/inst2/nds.conf

    NOTE:On UNIX/Linux, OS restricts sockets creation on the mounted file system. The same restriction is applicable to NSS volumes. With eDirectory, it is recommended to have the var directory on the local file system (-D option with ndsconfig) and the DIB directory can be of any file system (-d option with ndsconfig).

Invoking a Utility for an Instance

If Mary wants to run the ndstrace utility for instance 1 that is listening on port 1524, with its configuration file in /home/mary/inst1/nds.conf location and its DIB file located in /home/mary/inst1/var, then she can run the utility as follows:

ndstrace --config-file /home/mary/inst1/nds.conf

or

ndstrace -h 164.99.146.109:1524

If Mary does not specify the instance identifiers, the utility displays all the instances owned by Mary and prompts her to select an instance.

Listing the Instances

If Mary wants to know details about the instances in the host, she can run the ndsmanage utility.

  • To display all instances owned by Mary:

    ndsmanage

  • To display all instances owned by John (username is john):

    ndsmanage john

  • To display all instances of all users that are using a particular installation of eDirectory:

    ndsmanage -a

1.6.6 Using ndsconfig to Install a Linux Server into a Tree with Dotted Name Containers

You can use ndsconfig to install a Linux server into an eDirectory tree that has containers using dotted names (for example, novell.com).

Because ndsconfig is a command line utility, using containers with dotted names requires that those dots be escaped out, and the parameters containing these contexts must be enclosed in double quotes. For example, to install a new eDirectory tree on a Linux server using “O=novell.com” as the name of the O, use the following command:

ndsconfig new -a 'admin.novell.com' -t novell_tree -n 'OU=servers.O=novell.com'

The Admin name and context and the server context parameters are enclosed in double quotes, and only the dot (’.’) in novell.com is escaped using the ’\’ (backslash) character.

You can also use this format when installing a server into an existing tree.

NOTE:You should use this format when entering dotted admin name and context while using utilities such as ndsrepair, ndsbackup, ndsmerge, ndslogin, and ldapconfig.

1.6.7 Using the nmasinst Utility to Configure NMAS

From eDirectory 8.7.3 onwards, by default, ndsconfig configures NMAS. You can also use nmasinst on Linux, Solaris, and AIX systems to configure NMAS.

ndsconfig only configures NMAS and does not install the login methods. To install these login methods, you can use nmasinst.

IMPORTANT:You must configure eDirectory with ndsconfig before you install the NMAS login methods. You must also have administrative rights to the tree.

Configuring NMAS

By default, ndsconfig configures NMAS. You can also use nmasinst for the same.

To configure NMAS and create NMAS objects in eDirectory, enter the following at the server console command line:

nmasinst -i admin.context tree_name

nmasinst will prompt you for a password.

This command creates the objects in the Security container that NMAS needs, and installs the LDAP extensions for NMAS on the LDAP Server object in eDirectory.

The first time NMAS is installed in a tree, it must be installed by a user with enough rights to create objects in the Security container. However, subsequent installs can be done by container administrators with read-only rights to the Security container. nmasinst will verify that the NMAS objects exist in the Security container before it tries to create them.

nmasinst does not extend the schema. The NMAS schema is installed as part of the base eDirectory schema.

Installing Login Methods

To install login methods using nmasinst, enter the following at the server console command line:

nmasinst -addmethod admin.context tree_name config.txt_path

The last parameter specifies the config.txt file for the login method that is to be installed. A config.txt file is provided with each login method.

Here is an example of the -addmethod command:

nmasinst -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt

If the login method already exists, nmasinst will update it.

For more information, see “Managing Login and Post-Login Methods and Sequences” in the Novell Modular Authentication Service Administration Guide.

1.6.8 Nonroot user SNMP configuration

NICI and NOVLsubag should be installed as root user.

  1. Root User Installing NICI. Refer to Root User Installing NICI

  2. Root User Installing NOVLsubag.

    To install NOVLsubag, complete the following procedure:

    Enter the following command:

    rpm -ivh --nodeps NOVLsubag_rpm_file_name_with_path

    For example:

    rpm -ivh --nodeps novell-NOVLsubag-8.8.1-5.i386.rpm

  3. Export the paths as follows:

    Manually export the environment variables.

    • For 32-bit

      export LD_LIBRARY_PATH=custom_location/opt/novell/
eDirectory/lib:custom_location/opt/novell/lib:/opt/novell/lib:/
opt/novell/eDirectory/lib:$LD_LIBRARY_PATH

    • For 64-bit

      export LD_LIBRARY_PATH=custom_location/opt/novell/eDirectory/lib64:/opt/novell/eDirectory/lib64/nds-modules:/opt/novell/lib64:$LD_LIBRARY_PATH

    export   PATH=/opt/novell/eDirectory/bin:$PATH

    export MANPATH=/opt/novell/man:$MANPATH