- If the NIS+ Publisher takes a long time to process events: The NIS+ Publisher picks events from the NIS+ transaction log. After all the events have been processed by the DirXML Driver for NIS, checkpoint the log to speed up the Publisher channel. Ensure that the transaction log is checkpointed by verifying the drivers' log files only after the DirXML Driver for NIS has processed all the events.
Checkpoint the transaction log using the following command at the prompt:
/usr/lib/nis/nisping -Ca
- When a User is deleted in NIS and NIS+ on the application platform, the name is not removed from the Group's member list of its secondary groups. Ensure that you manually update the groups member list on the application platform.
- While adding or modifying a Group with a user list in Files, ensure that all the users in the user list are present in the /etc/passwd file and none of the users are currently logged in.
- In AIX, renaming the User or Group and the shadow attributes for the user are not supported; moreover, the Create/Remove Home Directory option cannot be configured for Files. The home directory for a User is created by default; however it is not removed for deletion. This setting is governed by the mkuser.default file from /usr/lib/security/ directory and login.cfg file from /etc/security directory.
- Addition of a User or Group to Files fails if the same name exists for User or Group in NIS or NIS+ and the /etc/nsswitch.conf file contains an entry for NIS or NIS+.
- We strongly recommend that the User or Group record size should not exceed 1024 bytes in any of the databases.
- MD5 passwords are not supported, so this option should be disabled in Linux before using the DirXML Driver for NIS for password synchronization.
/usr/sbin/authconfig --disablemd5 --kickstart
Disable the MD5 passwords options using the following command at the prompt:
- The default User or Group attributes should be consistent across all platforms. Ensure that these attributes are acceptable in all the platforms. For example: In Linux, a default value of 99999 for shadowMax will not synchronize to AIX.
- The nistbladm command should be used instead of the nisaddent or nispopulate command to modify indexed attributes such as name and gid for groups, and name and UID for users on NIS(+).
- Avoid running any database administration utility when the driver is running.
- Ensure that the appropriate locale is set before running the DirXML Remote Loader or the Novell eDirectory server while synchronizing non-English accounts.
- If the create-homeDirectory is set for users, ensure that you have enough privileges to create the home directory on the application platform.
- The client machines should have access to the home directories created by the driver for NIS(YP) and NIS(+). The access can be set by using the NFS appropriately.
- Ensure that you set the merge-password option based on you system's current settings. For information on recommended values, refer to Driver Settings.
- Ensure that there is only a single space between the string -class and the class name in the config file.
- If a user login to NIS database fails, check the default password, homeDirectory, and Login shell.
- If a large number of users (more than 10,000) are to be migrated to eDirectory, the DHOST_JVM_OPTIONS environment variable should be set to -Xmx256m before starting the Remote Loader and eDirectory. This increases the memory available for the JVM.
To set the above environment variable, use the following command at the shell prompt:
DHOST_JVM_OPTIONS=Xmx256m
export DHOST_JVM_OPTIONS
- If multiple drivers are running, only a single driver should have a default password enabled for a particular user.
- If multiple drivers are running, only a single driver should be configured for ID generation of the UID or GID for a particular user or group.
- The NIS(YP) driver caches map entries. Because of this, some events are not reflected immediately. Use the makedbm -c command to refresh the ypserv.
- Synchronizing passwords is not supported for groups. The group password will be reset if a group is modified in the eDirectory. If the Remove Directory option is selected, users will not be deleted if their home directory is not removable. This issue exists on Solaris only.The asterisk character (*) cannot be given in the gecos field. If given, it will remove the already existing value.
- Users or Groups added to eDirectory using the ICE Forward Referencing feature will not be synchronized by the NIS driver. You can use the Migrate from NDS option in ConsoleOne or Migrate from eDirectory option in iManager to synchronize such users or groups.
- On Linux, the driver may stop synchronizing on the Publisher or Subscriber channels. This happens if the polling interval is set to a low value such as 30 seconds. To avoid this, use the Blackdown JRE version 1.3.1-FCS available at Java Linux instead of the JRE provided by DirXML 1.1a.