1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. EDIRECTORY 8.8 - GUIDE
  6. Manual

Novell EDIRECTORY 8.8 - GUIDE Manual

What’s new guide
Hide thumbs Also See for EDIRECTORY 8.8 - GUIDE:
Table of Contents

Advertisement

Quick Links

Download this manual
Novell
eDirectory
w w w . n o v e l l . c o m
8 . 8
W H A T ' S N E W G U I D E
S e p t e m b e r 3 0 , 2 0 0 5

Advertisement

Table of Contents
loading

Related Manuals for Novell EDIRECTORY 8.8 - GUIDE

Summary of Contents for Novell EDIRECTORY 8.8 - GUIDE

  • Page 1 Novell eDirectory w w w . n o v e l l . c o m 8 . 8 W H A T ’ S N E W G U I D E S e p t e m b e r 3 0 , 2 0 0 5...
  • Page 2 Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Client is a trademark of Novell, Inc. Novell Directory Services and NDS are registered trademarks of Novell, Inc. in the United States and other countries. Ximiam is a registerd trademark of Novell, Inc. in the United States and other countries.

  • Page 5: Table Of Contents

    Contents About This Guide Install and Upgrade Enhancements Multiple Package Formats for Installing eDirectory 8.8 ........12 Automatic Deployments .
  • Page 6 Upgrading the Legacy Novell Clients and Utilities........
  • Page 7 Warning ............59 Error .
  • Page 8 Novell eDirectory 8.8 What's New Guide...

  • Page 9: About This Guide

    Novell eDirectory 8.8 Installation Guide Novell eDirectory 8.8 Administration Guide Novell eDirectory 8.8 Troubleshooting Guide These guides are available at Novell eDirectory 8.8 documentation Web site (http:// www.novell.com/documentation/edir88/index.html). For information about the eDirectory management utility, refer to Novell iManager 2.5 Administration Guide (http://www.novell.com/documentation/imanager25/index.html).
  • Page 10 ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash.

  • Page 11: Install And Upgrade Enhancements

    Install and Upgrade Enhancements ® This chapter discusses the new features and enhancements with the Novell eDirectory installation and upgrade. The following table lists the new features and specifies the platforms they are supported on. Feature NetWare Linux UNIX Windows Multiple package formats for installing eDirectory 8.8...

  • Page 12: Multiple Package Formats For Installing Edirectory 8.8

    Upgrade Distributions With eDirectory 8.8, you can subscribe to a specific feature that eDirectory offers and whenever there is an update (upgrade or patch) to this feature on the Novell site, you will automatically get this update. Novell eDirectory 8.8 What's New Guide...

  • Page 13: Easy Deployments

    Figure 1 Upgrade Distributions To facilitate this, you need to install the ZENworks Linux Management client on the host where eDirectory 8.8 is present and subscribe to the ZENworks Linux Management server that would inform you when there is an update. Easy Deployments With eDirectory 8.8, you can install eDirectory on a host that has the ZENworks Linux Management server installed and then roll it out to the other servers that have installed ZENworks...

  • Page 14: Installing And Configuring Edirectory Through Yast

    8.8. Specifying a Custom Location for Data Files While configuring eDirectory, you can save the data files in a location of your choice. The data files include the data, dib, and log directories. Novell eDirectory 8.8 What's New Guide...

  • Page 15: Specifying A Custom Location For Configuration Files

    Linux and UNIX To configure the data files in a custom location, you can use either the -d or -D option of the ndsconfig utility. Option Description -d custom_location Creates the DIB (the eDirectory database) directory in the path mentioned. NOTE: This option was present prior to eDirectory 8.8 also.

  • Page 16: Nonroot User

    The following table lists the change in the directory structure: Types of Files Stored in the Directory Directory Name and Path Executable binaries and static shell scripts /opt/novell/eDirectory/bin Executable binaries for root use /opt/novell/eDirectory/sbin Static or dynamic library binaries /opt/novell/eDirectory/lib Configuration files /etc/opt/novell/eDirectory/conf Novell eDirectory 8.8 What's New Guide...

  • Page 17: Lsb Compliance

    LSB Compliance eDirectory 8.8 is now Linux Standard Base (LSB) compliant. LSB also recommends FHS compliance. All the eDirectory packages in Linux are prefixed with novell. For example, NDSserv is now novell-NDSserv. Server Health Checks eDirectory 8.8 introduces server health checks that help you determine whether your server health...

  • Page 18: What Makes A Server Healthy

    You can specify either -h or --config-file and not both of them. NetWare dscheck Windows ndscheck Types of Health Checks When you upgrade or run the ndscheck utility, the following types of health checks are done: Basic Server Health Novell eDirectory 8.8 What's New Guide...

  • Page 19: Categorization Of Health

    Partitions and Replica Health If you run the ndscheck utility, the results from the health checks are displayed on the screen and logged in to ndscheck.log (or dscheck.log on NetWare). For more information on log files, refer “Log Files” on page If the health checks are done as part of the upgrade, then after the health checks, based on the criticality of the error, either you are prompted to continue the upgrade process or the process is aborted.
  • Page 20 If the health check is run as part of the upgrade, the upgrade operation is aborted. The critical state normally occurs in the following cases: 1. Unable to read or open the DIB. The DIB might be locked or corrupt. Novell eDirectory 8.8 What's New Guide...

  • Page 21: Log Files

    2. Unable to contact all the servers in the replica ring. 3. Locally held partitions are busy. 4. Replica is not in the ON state. For more information, see the following figure. Figure 4 Health Check with a Critical Error Log Files Every server health check operation, whether it is run with the upgrade or as a standalone utility, maintains the status of the health in a log file.

  • Page 22: Secretstore Integration With Edirectory

    SecretStore Integration with eDirectory ® eDirectory 8.8 gives you an option to configure Novell SecretStore 3.4 during eDirectory configuration. Prior to eDirectory 8.8, you had to manually install SecretStore. SecretStore is a simple and secure password management solution. It enables you to use a single authentication to eDirectory to access most UNIX, Windows, Web, and mainframe applications.
  • Page 23 Novell eDirectory 8.8 Installation Guide (http://www.novell.com/documentation/edir88/ edirin88/data/a2iii88.html) Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/ edir88/data/fbadjaeh.html#fbadjaeh) On Linux and UNIX: nds-install, ndsconfig, and ndscheck man pages Install and Upgrade Enhancements...
  • Page 24 Novell eDirectory 8.8 What's New Guide...

  • Page 25: Multiple Instances

    Multiple Instances ® Traditionally, you could configure only one instance of Novell eDirectory on a single host. With the multiple instances feature support in eDirectory 8.8, you can configure the following: Multiple instances of eDirectory on a single host NOTE: With this Beta, you can configure multiple instances of eDirectory 8.8 only and not any other...

  • Page 26: Using Multiple Instances

    As mentioned earlier, decide upon the various instance identifiers like the location of the configuration files, DIB, and the port number before proceeding with the configuration. NOTE: All the instances share the same server key (NICI). Novell eDirectory 8.8 What's New Guide...

  • Page 27: Managing Multiple Instances

    Description --config-file Specifies the absolute path and filename to store the nds.conf configuration file. For example, to store the configuration file in the /etc/opt/novell/eDirectory/ directory, use --config-file /etc/opt/novell/eDirectory/nds.conf. Specifies the port number where the new instance should listen. NOTE: -b and -B are exclusively used.
  • Page 28 You can either create a new tree or add a server to an existing tree. Follow the instructions on the screen to create a new instance. Performing Operations for a Specific Instance You can perform the following operations for every instance: Novell eDirectory 8.8 What's New Guide...
  • Page 29 “Starting a Specific Instance” on page 29 “Stopping a Specific Instance” on page 29 “Deconfiguring an Instance” on page 30 Other than the ones listed above, you can also run ndstrace for a selected instance. Starting a Specific Instance To start an instance configured by you, do the following: Enter the following: ndsmanage Select the instance you want to start.

  • Page 30: Identifying A Specific Instance

    If you do not include the instance identifiers in the command, the utility displays the various instances you own and prompts you to select the instance you want to run the utility for. Novell eDirectory 8.8 What's New Guide...

  • Page 31: Sample Scenario For Multiple Instances

    To configure the instances based on the above mentioned instance identifiers, Mary must enter the following commands. Instance 1: ndsconfig new –t mytree -n o=novell -a cn=admin.o=company –b 1524 –D /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf Instance 2: ndsconfig new –t corptree -n o=novell -a cn=admin.o=company –b 2524 –D /home/mary/inst2/var –-config-file /home/mary/inst2/nds.conf...

  • Page 32: Listing The Instances

    To display all instances of all users that are using a particular installation of eDirectory: ndsmanage -a For More Information Refer to the following documents for more information about Multiple Instances Support: Novell eDirectory 8.8 Install Guide (http://www.novell.com/documentation/edir88/edirin88/ data/a79kg0w.html#bqs8mmt) For Linux and UNIX: ndsconfig and ndsmanage man pages Novell eDirectory 8.8 What's New Guide...

  • Page 33: Authentication To Edirectory Through Sasl-Gssapi

    It involves shared secrets and uses symmetric key cryptography. For more information, refer to RFC 1510 (http://www.ietf.org/rfc/rfc1510.txt?number=1510). For more information on Novell Kerberos KDC, refer to the Novell Kerberos KDC documentation (http://www.novell.com/documentation/kdc/index.html). Authentication to eDirectory through SASL-GSSAPI...

  • Page 34: What Is Sasl

    An eDirectory user sends a request through an LDAP client to the Kerberos KDC (Key Distribution Center) server for an initial ticket known as a ticket granting ticket (TGT). A Kerberos KDC can be from MIT, Microsoft*, or Heimdal. KDC responds to the LDAP client with a TGT. Novell eDirectory 8.8 What's New Guide...

  • Page 35: Configuring Gssapi

    Specific Entry) is an entry that is located at the root of the Directory Information Tree (DIT). For more information, refer to the Novell eDirectory 8.8 Administration Guide (http:// www.novell.com/documentation/edir88/edir88/data/h0000007.html#a680dyc). The LDAP server queries SASL for the installed mechanisms when it gets its configuration and automatically supports whatever is installed.

  • Page 36: Commonly Used Terms

    A record containing client information, service information, and a session key which is encrypted with the particular service principal's shared key Ticket Granting Ticket A type of ticket that the client can obtain additional Kerberos tickets (TGT) with. Novell eDirectory 8.8 What's New Guide...

  • Page 37: Enforcing Case-Sensitive Universal Passwords

    Now, in eDirectory 8.8 and later, you can make your passwords case-sensitive for all the clients that are upgraded to eDirectory 8.8. By enforcing the use of case-sensitive passwords, you can prevent the legacy Novell clients from accessing the eDirectory 8.8 server. Refer to “Preventing Legacy Novell Clients from Accessing...

  • Page 38: How To Make Your Password Case-Sensitive

    Log in to eDirectory using the existing password with the case you want. The password you give now will be case-sensitive. For example, you enter “NoVELL”. Your password is now “NoVELL”. Therefore, “novell” or any alternate capitalization combination other than “NoVELL” would be invalid. Novell eDirectory 8.8 What's New Guide...

  • Page 39: Managing Case-Sensitive Passwords

    Novell Client 4.9 Administration utilities with eDirectory 8.8 Novell iManager 2.5 The clients and utilities that are earlier than the above mentioned versions are legacy Novell clients. You can have case-sensitive passwords for the legacy Novell clients after upgrading them to their latest versions.

  • Page 40: Preventing Legacy Novell Clients From Accessing Edirectory 8.8 Server

    Login session 3 and subsequent logins. If you log in using the password noVell, it is valid. If you log in using the password Novell (or any other version except noVell), it is invalid. Preventing Legacy Novell Clients from Accessing eDirectory 8.8 Server In eDirectory 8.7.1 and 8.7.3, you were able to prevent the legacy Novell clients from...
  • Page 41 “NDS Configurations at Different Levels” on page 41 “Managing NDS Configurations Through iManager” on page 42 “Managing NDS Configurations Through LDAP” on page 43 “Enforcing Case-Sensitive Passwords in a Mixed Tree” on page 44 NDS Configurations at Different Levels You can configure NDS login at one or all the following levels: Partition level Object level If you do not specify the configuration at any of the levels, NDS login configuration is enabled at...
  • Page 42 Enabling/Disabling NDS Configuration for a Partition To enable NDS login for pre-eDirectory 8.8 clients: In Novell iManager, click the Roles and Tasks button Select NMAS > Universal Password Enforcement. In the Universal Password Enforcement plug-in, select NDS Configuration for a Partition.
  • Page 43 Managing NDS Configurations Through LDAP IMPORTANT: We strongly recommend you to use iManager for managing NDS configurations and not LDAP. You can manage NDS configurations through LDAP using an eDirectory attribute on a partition root container or object. The attributes are a part of the schema in eDirectory 8.7.1 or later, and are not supported on eDirectory 8.7 or earlier.

  • Page 44: Partition Operations

    However, the 8.7 server will not enforce the setting, so you can access the directory through the 8.7 server. For More Information Refer to the following for more information on case-sensitive passwords: iManager online help Deploying Universal Password (http://www.novell.com/documentation/nmas23/admin/data/ allq21t.html) Novell eDirectory 8.8 What's New Guide...

  • Page 45: Priority Sync

    Priority Sync ® Priority Sync is a new feature in Novell eDirectory 8.8 that is complimentary to the current synchronization process in eDirectory. Through Priority Sync, you can synchronize the modified critical data, such as passwords, immediately. You can sync your critical data through Priority Sync when you cannot wait for normal synchronization.

  • Page 46: Using Priority Sync

    1. Enable Priority Sync, configure the number of threads, and Priority Sync the queue size through Novell iMonitor. 2. Define Priority Sync policies by identifying the attributes that are critical through Novell iManager. 3. Apply the Priority Sync policies to the partitions through iManager.

  • Page 47: Data Encryption

    Data Encryption ® In Novell eDirectory 8.8 and later, you can encrypt specific data when they are stored on the disk and when they are transmitted between two or more eDirectory 8.8 servers. This provides greater security for the confidential data.

  • Page 48: How To Encrypt Attributes

    If you require encrypted replication between specific replicas of a partition that contain sensitive data. If you feel the network in your setup is hostile, you might want to protect sensitive data during replication. Novell eDirectory 8.8 What's New Guide...

  • Page 49: Enabling Encrypted Replication

    If you have made any changes to the certificates, like renaming them, encrypted replication fails. For More Information Refer to the following for more information on encrypting data in eDirectory: Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/ index.html) iManager and iMonitor online help Data Encryption...
  • Page 50 Novell eDirectory 8.8 What's New Guide...

  • Page 51: Bulkload Performance

    8.8 provides you with enhancements to increase bulkload performance. For information on increasing the bulkload performance, refer to the following sections of the Novell eDirectory 8.8 Administration Guide: eDirectory Cache Settings LBURP Transaction Size Setting Increasing the Number of Asynchronous Requests in ICE...
  • Page 52 Novell eDirectory 8.8 What's New Guide...

  • Page 53: Imanager Ice Plug-Ins

    ICE Plug-ins ® Prior to Novell eDirectory 8.8, some of the Novell Import Conversion Export (ICE) utility command line options did not have corresponding options in the iManager plug-in. The following table lists the platforms that support this feature: Feature...

  • Page 54: Add Schema From A Server

    8.8 Administration Guide. Comparing the Schema Using iManager, you can compare the schema between a source and a destination.The source can be either a file or a server; the destination should be an LDIF file. Novell eDirectory 8.8 What's New Guide...

  • Page 55: Compare Schema Files

    To add the missing schema to the destination file, apply the records of the output file to the destination file. For more information, refer to the Novell eDirectory Management Utilities (http:// www.novell.com/documentation/edir88/edir88/data/a5hf8rg.html#a5hf8rg) chapter in the Novell eDirectory 8.8 Administration Guide.
  • Page 56 Novell eDirectory 8.8 What's New Guide...

  • Page 57: Ldap-Based Backup

    LDAP-Based Backup ® The LDAP-based backup feature is introduced with Novell eDirectory 8.8. This feature is used to backup the attributes and attribute values one object at a time. The following table lists the platforms that support this feature: Feature...
  • Page 58 Novell eDirectory 8.8 What's New Guide...

  • Page 59: Managing Error Logging In Edirectory 8.8

    Managing Error Logging in eDirectory 8.8 ® Many customers have reported that the error logging in Novell eDirectory does not help much in identifying and resolving the common problems. Error logging is automatically started during eDirectory installation. This chapter consists of the following sections: “Message Severity Levels”...

  • Page 60: Error

    Configuring Error Logging Linux and UNIX To configure the error logging settings for the server-side messages, you can use the n4u.server.log-levels and n4u.server.log-file parameters in the /etc/opt/novell/eDirectory/conf/ nds.conf configuration file. Novell eDirectory 8.8 What's New Guide...

  • Page 61: Windows

    Setting the Severity Level The severity levels available are LogFatal, LogWarn, LogErr, LogInfo, and LogDbg levels (in decreasing order of severity). For more information on the severity levels, refer to “Message Severity Levels” on page By default, the severity level is set "LogFatal". So, only messages with severity level fatal will be logged.

  • Page 62: Netware

    “Message Severity Levels” on page To set the severity level, do the following: Click Start > Settings > Control Panel > Novell eDirectory Services In the Services tab, select dhlog.dlm. Enter the log level in the Startup Parameters box. For example, to set the log level to LogErr and above, enter the following:...
  • Page 63 NOTE: DSLOG.NLM is automatically up when DS is up. However, you can manually unload/load DSLOG.NLM. The severity levels available are LogFatal, LogWarn, LogErr, LogInfo, and LogDbg levels (in decreasing order of severity). For more information on the severity levels, refer to “Message Severity Levels”...

  • Page 64: Dstrace Messages

    To disable filtering, enter the following command: ndstrace tag Examples for enabling filtering: To enable filtering for thread ID 35, enter the following: ndstrace thrd 35 To enable filtering for severity level fatal, enter the following: Novell eDirectory 8.8 What's New Guide...

  • Page 65: Windows

    Figure 11 Sample Trace Message Screen With Filters Windows Complete the following procedure to filter the trace messages: Select Start > Control Panel > Novell eDirectory Services > In the Services tab, select dstrace.dlm. Managing Error Logging in eDirectory 8.8...
  • Page 66 Click Edit > Options in the Trace window. The Novell eDirectory Trace Options dialog box is displayed. Figure 12 Trace Options Screen on Windows Click on the Screen tab. Select the filter option from the Filters group and enter the filter value.

  • Page 67: Imonitor Message Filtering

    iMonitor Message Filtering You can filter the iMonitor trace messages based on the connection ID, thread ID, or error number. To filter based on the connection ID and thread ID, ensure that you have enabled them in the Trace Configuration tab. For more information, refer to the iMonitor online help.

  • Page 68: Setting The Log File Path

    Syslog: In Linux and UNIX, the messages will go to the syslog. On NetWare and Windows, messages are logged into a file with the name syslog. This is the default behavior for logging. All critical errors are always logged to syslog unless it is disabled specifically. Novell eDirectory 8.8 What's New Guide...

  • Page 69: Miscellaneous

    Miscellaneous ® This chapter covers miscellaneous new features with Novell eDirectory 8.8. “Security Object Caching” on page 69 “Subtree Search Performance Improvement” on page 69 “Localhost Changes” on page 70 “256 File Handler on Solaris” on page 70 “Memory Manager on Solaris” on page 70...

  • Page 70: Localhost Changes

    With this release, eDirectory 8.8 does not include any third-party memory allocators, but makes use of the native memory manager. This has no impact on the performance of eDirectory. In most cases, the performance either has improved or remained the same as third-party allocators. Novell eDirectory 8.8 What's New Guide...

Table of Contents