1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. EDIRECTORY 8.8 - GUIDE 09-2006
  6. Manual

Novell EDIRECTORY 8.8 - GUIDE 09-2006 Manual

What's new guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Novell eDirectory 8.8 What's New Guide
Novell
eDirectory
TM
w w w . n o v e l l . c o m
8 . 8
W H A T ' S N E W G U I D E
J u n e 0 9 , 2 0 0 6

Advertisement

Table of Contents
loading

Related Manuals for Novell EDIRECTORY 8.8 - GUIDE 09-2006

Summary of Contents for Novell EDIRECTORY 8.8 - GUIDE 09-2006

  • Page 1 Novell eDirectory 8.8 What's New Guide Novell eDirectory w w w . n o v e l l . c o m 8 . 8 W H A T ' S N E W G U I D E J u n e 0 9 , 2 0 0 6...
  • Page 2 Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell is a registered trademark of Novell, Inc., in the United States and other countries. Novell Client is a trademark of Novell, Inc. Novell Directory Services and NDS are registered trademarks of Novell, Inc., in the United States and other countries.

  • Page 5: Table Of Contents

    We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.
  • Page 6 ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash.

  • Page 7: Chapter 1, "Install And Upgrade Enhancements

    Install and Upgrade Enhancements ® This chapter discusses the new features and enhancements with the Novell eDirectory installation and upgrade. The following table lists the new features and specifies the platforms they are supported on. Feature NetWare Linux UNIX Windows Multiple package formats for installing eDirectory 8.8...
  • Page 8 Novell eDirectory 8.8 Installation Guide (http://www.novell.com/documentation/edir88/edirin88/data/a79kg0w.html#bs6a3gs). 1.2 Automatic Deployments ® eDirectory 8.8 on Linux leverages ZENworks Linux Management to provide easy upgrade distribution and deployment. For more information, refer to ZENworks Linux Management (http:// www.novell.com/products/zenworks/linuxmanagement/index.html). Novell eDirectory 8.8 What's New Guide...
  • Page 9 1.2.1 Upgrade Distributions With eDirectory 8.8, you can subscribe to a specific feature that eDirectory offers and whenever there is an update (upgrade or patch) to this feature on the Novell site, you will automatically get this update. Upgrade Distributions...
  • Page 10 This way, you can have your existing eDirectory setup undisturbed and also test this new version. You can then decide whether you want to retain your existing version or want to upgrade to eDirectory 8.8. Novell eDirectory 8.8 What's New Guide...
  • Page 11 NOTE: SLP and the SNMP subagent are installed in the default locations. This section explains how to install the various files in a custom location: • Section 1.4.1, “Specifying a Custom Location for Application Files,” on page 11 • Section 1.4.2, “Specifying a Custom Location for Data Files,” on page 11 •...
  • Page 12 Nonroot User Who Installs eDirectory This user is not a root on the host machine. The right for a nonroot user to install eDirectory is bound by the right the user has on the host machine. Novell eDirectory 8.8 What's New Guide...
  • Page 13 For example, if you choose to install in the eDir88 directory, the same directory structure would be followed in the eDir88 directory, like the man pages would be installed in the /eDir88/opt/ novell/man directory. The following table lists the change in the directory structure:...
  • Page 14 1.6.2 LSB Compliance eDirectory 8.8 is now Linux Standard Base (LSB) compliant. LSB also recommends FHS compliance. All the eDirectory packages in Linux are prefixed with novell. For example, NDSserv is now novell-NDSserv. 1.7 Server Health Checks eDirectory 8.8 introduces server health checks that help you determine whether your server health is...
  • Page 15 NOTE: You need administrative rights to run the health check utility. With the Upgrade The health checks are run by default every time you upgrade eDirectory. Linux and UNIX Every time you upgrade, the health checks are run by default before the actual upgrade operation starts.
  • Page 16 Warnings normally occur in the following scenarios: 1. Server not listening on LDAP and HTTP ports, either normal or secure or both. 2. Unable to contact any of the nonmaster servers in the replica ring. Novell eDirectory 8.8 What's New Guide...
  • Page 17 3. Servers in the replica ring are not in sync. For more information, see the following figure. Health Check with a Warning Figure 1-3 Critical The server health is critical when critical errors were found while checking the health. If the health check is run as part of the upgrade, the upgrade operation is aborted. The critical state normally occurs in the following cases: 1.
  • Page 18 The health check log file contains the following: • Status of the health checks (normal, warning, or critical). • URLs to the Novell support site. The following table gives you the locations for the log file on the various platforms:...
  • Page 19 Novell SecretStore Administration Guide (http://www.novell.com/documentation/secretstore33/index.html). 1.9 Unattended Upgrade to eDirectory 8.8 SP1 on Netware Novell® ZENworks® Server Management provides the Server Software Packages component for managing files and applications on your network. Using software packages, you can automate the Install and Upgrade Enhancements...
  • Page 20 Netware” of eDirectory 8.8 Installation Guide. 1.10 For More Information Refer to the following for more information on any of the features discussed in this chapter: • Novell eDirectory 8.8 Installation Guide (http://www.novell.com/documentation/edir88/ edirin88/data/a2iii88.html) • Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/ edir88/data/fbadjaeh.html#fbadjaeh)

  • Page 21: Chapter 2, "Multiple Instances

    Multiple Instances ® Traditionally, you could configure only one instance of Novell eDirectory on a single host. With the multiple instances feature support in eDirectory 8.8, you can configure the following: • Multiple instances of eDirectory on a single host •...
  • Page 22 NOTE: All the instances share the same server key (NICI). Option Description --config-file Specifies the absolute path and filename to store the nds.conf configuration file. For example, to store the configuration file in the /etc/opt/novell/ eDirectory/ directory, use --config-file /etc/opt/novell/eDirectory/nds.conf. Novell eDirectory 8.8 What's New Guide...
  • Page 23 Option Description Specifies the port number where the new instance should listen. NOTE: -b and -B are exclusively used. Specifies the port number along with the IP address or interface. For example: -B eth0@524 -B 100.1.1.2@524 NOTE: -b and -B are exclusively used. Creates the data, dib, and log directories in the path specified for the new instance.
  • Page 24 You can either create a new tree or add a server to an existing tree. Follow the instructions on the screen to create a new instance. Performing Operations for a Specific Instance You can perform the following operations for every instance: • “Starting a Specific Instance” on page 25 Novell eDirectory 8.8 What's New Guide...
  • Page 25 • “Stopping a Specific Instance” on page 25 • “Deconfiguring an Instance” on page 26 Other than the ones listed above, you can also run ndstrace for a selected instance. Starting a Specific Instance To start an instance configured by you, do the following: 1 Enter the following: ndsmanage 2 Select the instance you want to start.
  • Page 26 You can use the --config-file configuration_file_location or the -h hostname:port to do If you do not include the instance identifiers in the command, the utility displays the various instances you own and prompts you to select the instance you want to run the utility for. Novell eDirectory 8.8 What's New Guide...
  • Page 27 To configure the instances based on the above mentioned instance identifiers, Mary must enter the following commands. • Instance 1: ndsconfig new -t mytree -n o=novell -a cn=admin.o=company -b 1524 - /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf • Instance 2: ndsconfig new -t corptree -n o=novell -a cn=admin.o=company -b 2524 /home/mary/inst2/var --config-file /home/mary/inst2/nds.conf...
  • Page 28 2.6 For More Information Refer to the following documents for more information about Multiple Instances Support: • Novell eDirectory 8.8 Install Guide (http://www.novell.com/documentation/edir88/edirin88/ data/a79kg0w.html#bqs8mmt) • For Linux and UNIX: ndsconfig and ndsmanage man pages Novell eDirectory 8.8 What's New Guide...
  • Page 29 For more information, refer to RFC 1510 (http://www.ietf.org/rfc/rfc1510.txt?number=1510). For more information on Novell Kerberos KDC, refer to the Novell Kerberos KDC documentation (http://www.novell.com/documentation/kdc/index.html). 3.1.2 What is SASL? Simple Authentication and Security Layer (SASL) provides an authentication abstraction layer to applications.
  • Page 30 3 The LDAP client sends the TGT back to the KDC and requests an LDAP service ticket. 4 KDC responds to the LDAP client with the LDAP service ticket. 5 The LDAP client does an ldap_sasl_bind to the LDAP server and sends the LDAP service ticket. Novell eDirectory 8.8 What's New Guide...

  • Page 31: Chapter 3, "Authentication To Edirectory Through Sasl-Gssapi

    2e Associate a Kerberos principal name with the User Object. For information on the above steps, refer to the Configuring GSSAPI with eDirectory in Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/ edir88/index.html?treetitl.html) 3.4 How Does LDAP Use GSSAPI? After you configure GSSAPI, it is added along with the other SASL methods to the supportedSASLMechanisms attribute in rootDSE.
  • Page 32 A record containing client information, service information, and a session key which is encrypted with the particular service principal’s shared key Ticket Granting Ticket A type of ticket that the client can obtain additional Kerberos tickets (TGT) with. Novell eDirectory 8.8 What's New Guide...

  • Page 33: Chapter 4, "Enforcing Case-Sensitive Universal Passwords

    Now, in eDirectory 8.8 and later, you can make your passwords case-sensitive for all the clients that are upgraded to eDirectory 8.8. By enforcing the use of case-sensitive passwords, you can prevent the legacy Novell clients from accessing the eDirectory 8.8 server. Refer to Section 4.4, “Preventing Legacy Novell Clients from...
  • Page 34 4 Log in to eDirectory using the existing password with the case you want. The password you give now will be case-sensitive. For example, you enter “NoVELL”. Your password is now “NoVELL”. Therefore, “novell” or any alternate capitalization combination other than “NoVELL” would be invalid. Novell eDirectory 8.8 What's New Guide...
  • Page 35 • Administration utilities with eDirectory 8.8 • Novell iManager 2.5 and later The clients and utilities that are earlier than the above mentioned versions are legacy Novell clients. You can have case-sensitive passwords for the legacy Novell clients after upgrading them to their latest versions.
  • Page 36 Login session 3 and subsequent logins. • If you log in using the password noVell, it is valid. • If you log in using the password Novell (or any other version except noVell), it is invalid. 4.4 Preventing Legacy Novell Clients from Accessing eDirectory 8.8 Server...
  • Page 37 This section includes information on the following: • “NDS Configurations at Different Levels” on page 37 • “Managing NDS Configurations Through iManager” on page 38 • “Managing NDS Configurations Through LDAP” on page 39 • Section 4.4.4, “Enforcing Case-Sensitive Passwords in a Mixed Tree,” on page 40 NDS Configurations at Different Levels You can configure NDS login at one or all the following levels: •...
  • Page 38 NDS login configuration. Enabling/Disabling NDS Configuration for a Partition To enable NDS login for pre-eDirectory 8.8 clients: 1 In Novell iManager, click the Roles and Tasks button Description: Roles and Tasks Button 2 Select NMAS > Universal Password Enforcement.
  • Page 39 Help is available throughout the wizard. Managing NDS Configurations Through LDAP IMPORTANT: We strongly recommend you to use iManager for managing NDS configurations and not LDAP. You can manage NDS configurations through LDAP using an eDirectory attribute on a partition root container or object.
  • Page 40 However, the 8.7 server will not enforce the setting, so you can access the directory through the 8.7 server. 4.5 For More Information Refer to the following for more information on case-sensitive passwords: • iManager online help • Deploying Universal Password (http://www.novell.com/documentation/nmas23/admin/data/ allq21t.html) Novell eDirectory 8.8 What's New Guide...

  • Page 41: Chapter 5, "Priority Sync

    Priority Sync ® Priority Sync is a new feature in Novell eDirectory 8.8 that is complimentary to the current synchronization process in eDirectory. Through Priority Sync, you can synchronize the modified critical data, such as passwords, immediately. You can sync your critical data through Priority Sync when you cannot wait for normal synchronization.
  • Page 42 3. Apply the Priority Sync policies to the partitions through iManager. 5.3 For More Information Refer to the following for more information on Priority Sync: • Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/ edir88/data/brp2di9.html#brp2z9z) • iManager and iMonitor online help Novell eDirectory 8.8 What's New Guide...
  • Page 43 Data Encryption ® In Novell eDirectory 8.8 and later, you can encrypt specific data when they are stored on the disk and when they are transmitted between two or more eDirectory 8.8 servers. This provides greater security for the confidential data.
  • Page 44 • If you require encrypted replication between specific replicas of a partition that contain sensitive data. • If you feel the network in your setup is hostile, you might want to protect sensitive data during replication. Novell eDirectory 8.8 What's New Guide...

  • Page 45: Chapter 6, "Data Encryption

    If you have made any changes to the certificates, like renaming them, encrypted replication fails. 6.3 For More Information Refer to the following for more information on encrypting data in eDirectory: • Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/ index.html) • iManager and iMonitor online help Data Encryption...
  • Page 46 Novell eDirectory 8.8 What's New Guide...

  • Page 47: Chapter 7, "Bulkload Performance

    8.8 provides you with enhancements to increase bulkload performance. For information on increasing the bulkload performance, refer to the following sections of the Novell eDirectory 8.8 Administration Guide: • eDirectory Cache Settings • LBURP Transaction Size Setting • Increasing the Number of Asynchronous Requests in ICE •...
  • Page 48 Novell eDirectory 8.8 What's New Guide...

  • Page 49: Chapter 8, "Imanager Ice Plug-Ins

    ICE Plug-ins ® Prior to Novell eDirectory 8.8, some of the Novell Import Conversion Export (ICE) utility command line options did not have corresponding options in the iManager plug-in. The following table lists the platforms that support this feature: Feature...
  • Page 50 File For more information, refer to the Novell eDirectory Management Utilities (http://www.novell.com/ documentation/edir88/edir88/data/a5hf8rg.html#a5hf8rg) chapter in the Novell eDirectory 8.8 Administration Guide. 8.1.2 Add Schema from a Server The source and destination are LDAP servers. If you want to only compare the schema and not add the additional schema to the destination server, select the Do Not Add but Compare option.
  • Page 51 For more information, refer to the Novell eDirectory Management Utilities (http://www.novell.com/ documentation/edir88/edir88/data/a5hf8rg.html#a5hf8rg) chapter in the Novell eDirectory 8.8 Administration Guide. 8.2.2 Compare Schema between a Server and a File The Compare Schema between a Server and a File option compares the schema between a source server and a destination file and then places the result in an output file.
  • Page 52 Novell eDirectory 8.8 What's New Guide...

  • Page 53: Chapter 9, "Ldap-Based Backup

    LDAP-Based Backup ® The LDAP-based backup feature is introduced with Novell eDirectory 8.8. This feature is used to backup the attributes and attribute values one object at a time. The following table lists the platforms that support this feature: Feature...
  • Page 54 Novell eDirectory 8.8 What's New Guide...
  • Page 55 Managing Error Logging in eDirectory 8.8 ® Many customers have reported that the error logging in Novell eDirectory does not help much in identifying and resolving the common problems. Error logging is automatically started during eDirectory installation. This chapter consists of the following sections: •...
  • Page 56 Section 10.2.3, “NetWare,” on page 58 10.2.1 Linux and UNIX To configure the error logging settings for the server-side messages, you can use the n4u.server.log- levels and n4u.server.log-file parameters in the /etc/opt/novell/eDirectory/conf/ nds.conf configuration file. Novell eDirectory 8.8 What's New Guide...

  • Page 57: Chapter 10, "Managing Error Logging In Edirectory

    Setting the Severity Level The severity levels available are LogFatal, LogWarn, LogErr, LogInfo, and LogDbg levels (in decreasing order of severity). For more information on the severity levels, refer to Section 10.1, “Message Severity Levels,” on page By default, the severity level is set "LogFatal". So, only messages with severity level fatal will be logged.
  • Page 58 “Message Severity Levels,” on page To set the severity level, do the following: 1 Click Start > Settings > Control Panel > Novell eDirectory Services 2 In the Services tab, select dhlog.dlm. 3 Enter the log level in the Startup Parameters box.
  • Page 59 NOTE: DSLOG.NLM is automatically up when DS is up. However, you can manually unload/load DSLOG.NLM. The severity levels available are LogFatal, LogWarn, LogErr, LogInfo, and LogDbg levels (in decreasing order of severity). For more information on the severity levels, refer to Section 10.1, “Message Severity Levels,”...
  • Page 60 Complete the following procedure to filter the trace messages: NOTE: In the commands below, change ndstrace to dstrace on NetWare. 1 Enable filtering with the following command: ndstrace tag filter_value To disable filtering, enter the following command: ndstrace tag Novell eDirectory 8.8 What's New Guide...
  • Page 61 Sample Trace Message Screen With Filters Figure 10-1 10.3.2 Windows Complete the following procedure to filter the trace messages: 1 Select Start > Control Panel > Novell eDirectory Services 2 In the Services tab, select dstrace.dlm. Managing Error Logging in eDirectory 8.8...
  • Page 62 3 Click Edit > Options in the Trace window. The Novell eDirectory Trace Options dialog box is displayed. Trace Options Screen on Windows Figure 10-2 4 Click on the Screen tab. 5 Select the filter option from the Filters group and enter the filter value.
  • Page 63 10.4 iMonitor Message Filtering You can filter the iMonitor trace messages based on the connection ID, thread ID, or error number. To filter based on the connection ID and thread ID, ensure that you have enabled them in the Trace Configuration tab.
  • Page 64 • Syslog: In Linux and UNIX, the messages will go to the syslog. On NetWare and Windows, messages are logged into a file with the name syslog. This is the default behavior for logging. All critical errors are always logged to syslog unless it is disabled specifically. Novell eDirectory 8.8 What's New Guide...

  • Page 65: Chapter 11, "Offline Bulkload Utility: Ldif2Dib

    Offline Bulkload Utility: ldif2dib ldif2dib is a new utility introduced with Novell eDirectory 8.8 for bulkloading data from LDIF files to the eDirectory database.This is an offline utility and achieves faster bulkloads compared to the other online tools. The following table lists the platforms for which ldif2dib is supported.
  • Page 66 Novell eDirectory 8.8 What's New Guide...

  • Page 67: Chapter 12, "Miscellaneous

    Miscellaneous ® This chapter covers miscellaneous new features with Novell eDirectory 8.8. • Section 12.1, “Security Object Caching,” on page 67 • Section 12.2, “Subtree Search Performance Improvement,” on page 67 • Section 12.3, “Localhost Changes,” on page 68 •...
  • Page 68 With this release, eDirectory 8.8 does not include any third-party memory allocators, but makes use of the native memory manager. This has no impact on the performance of eDirectory. In most cases, the performance either has improved or remained the same as third-party allocators. Novell eDirectory 8.8 What's New Guide...

This manual is also suitable for:

Edirectory 8.8

Table of Contents