1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. EDIRECTORY 8.8 SP2 - GUIDE 10-2007
  6. Manual

Novell EDIRECTORY 8.8 SP2 - GUIDE 10-2007 Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Novell
eDirectory
TM
w w w . n o v e l l . c o m
8 . 8 S P 2
W H A T ' S N E W G U I D E
O c t o b e r 1 2 , 2 0 0 7

Advertisement

Table of Contents
loading

Related Manuals for Novell EDIRECTORY 8.8 SP2 - GUIDE 10-2007

Summary of Contents for Novell EDIRECTORY 8.8 SP2 - GUIDE 10-2007

  • Page 1 Novell eDirectory 8.8 What's New Guide Novell eDirectory w w w . n o v e l l . c o m 8 . 8 S P 2 W H A T ' S N E W G U I D E...
  • Page 2 Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell is a registered trademark of Novell, Inc., in the United States and other countries. Novell Client is a trademark of Novell, Inc. Novell Directory Services and NDS are registered trademarks of Novell, Inc., in the United States and other countries.

  • Page 5: Table Of Contents

    Contents About This Guide 1 Install and Upgrade Enhancements Multiple Package Formats for Installing eDirectory 8.8 ......12 Automatic Deployments .
  • Page 6 Upgrading the Legacy Novell Clients and Utilities ........
  • Page 7 For More Information ............59 10 LDAP-Based Backup 10.1 Need for LDAP Based Backup .
  • Page 8 Novell eDirectory 8.8 What's New Guide...

  • Page 9: About This Guide

    We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.
  • Page 10 ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash.

  • Page 11: Install And Upgrade Enhancements

    Install and Upgrade Enhancements ® This chapter discusses the new features and enhancements with the Novell eDirectory installation and upgrade. The following table lists the new features and specifies the platforms they are supported on. Feature NetWare Linux UNIX Windows Multiple package formats for installing eDirectory 8.8...

  • Page 12: Multiple Package Formats For Installing Edirectory 8.8

    1.2.1 Upgrade Distributions With eDirectory 8.8, you can subscribe to a specific feature that eDirectory offers and whenever there is an update (upgrade or patch) to this feature on the Novell site, you will automatically get this update. Novell eDirectory 8.8 What's New Guide...

  • Page 13: Easy Deployments

    Upgrade Distributions Figure 1-1 To facilitate this, you need to install the ZENworks Linux Management client on the host where eDirectory 8.8 is present and subscribe to the ZENworks Linux Management server that would inform you when there is an update. 1.2.2 Easy Deployments With eDirectory 8.8, you can install eDirectory on a host that has the ZENworks Linux Management server installed and then roll it out to the other servers that have installed ZENworks Linux...

  • Page 14: Installing And Configuring Edirectory Through Yast

    You cannot specify a custom location for the application files on NetWare. Windows You were able to specify a custom location for the application files during the installation Wizard even prior to eDirectory 8.8. Novell eDirectory 8.8 What's New Guide...

  • Page 15: Specifying A Custom Location For Data Files

    1.4.2 Specifying a Custom Location for Data Files While configuring eDirectory, you can save the data files in a location of your choice. The data files include the data, dib, and log directories. Linux and UNIX To configure the data files in a custom location, you can use either the -d or -D option of the ndsconfig utility.

  • Page 16: Nonroot Install

    The following table lists the change in the directory structure: Types of Files Stored in the Directory Directory Name and Path Executable binaries and static shell scripts /opt/novell/eDirectory/bin Executable binaries for root use /opt/novell/eDirectory/sbin Static or dynamic library binaries /opt/novell/eDirectory/lib Novell eDirectory 8.8 What's New Guide...

  • Page 17: Lsb Compliance

    1.6.2 LSB Compliance eDirectory 8.8 is now Linux Standard Base (LSB) compliant. LSB also recommends FHS compliance. All the eDirectory packages in Linux are prefixed with novell. For example, NDSserv is now novell-NDSserv. 1.7 Server Health Checks eDirectory 8.8 introduces server health checks that help you determine whether your server health is...

  • Page 18: What Makes A Server Healthy

    As a Standalone Utility You can run the server health checks as a standalone utility any time you want. The following table explains the health check utilities. Novell eDirectory 8.8 What's New Guide...

  • Page 19: Types Of Health Checks

    Health Check Utilities Table 1-1 Platform Utility Name Linux and UNIX ndscheck Syntax: ndscheck -h hostname:port -a admin_FDN -F logfile_path --config-file configuration_file_name_and_path NOTE: You can specify either -h or --config-file and not both of them. NetWare dscheck Windows ndscheck 1.7.4 Types of Health Checks When you upgrade or run the ndscheck utility, the following types of health checks are done: Basic Server Health Partitions and Replica Health...

  • Page 20: Categorization Of Health

    1. Server not listening on LDAP and HTTP ports, either normal or secure or both. 2. Unable to contact any of the nonmaster servers in the replica ring. 3. Servers in the replica ring are not in sync. For more information, see the following figure. Novell eDirectory 8.8 What's New Guide...
  • Page 21 Health Check with a Warning Figure 1-3 Critical The server health is critical when critical errors were found while checking the health. If the health check is run as part of the upgrade, the upgrade operation is aborted. The critical state normally occurs in the following cases: 1.

  • Page 22: Log Files

    The health check log file contains the following: Status of the health checks (normal, warning, or critical). URLs to the Novell support site. The following table gives you the locations for the log file on the various platforms: Novell eDirectory 8.8 What's New Guide...

  • Page 23: Secretstore Integration With Edirectory

    Novell SecretStore Administration Guide (http://www.novell.com/documentation/secretstore33/index.html). 1.9 Unattended Upgrade to eDirectory 8.8 SP1 on Netware Novell® ZENworks® Server Management provides the Server Software Packages component for managing files and applications on your network. Using software packages, you can automate the Install and Upgrade Enhancements...

  • Page 24: For More Information

    Netware” of eDirectory 8.8 Installation Guide. 1.10 For More Information Refer to the following for more information on any of the features discussed in this chapter: Novell eDirectory 8.8 Installation Guide (http://www.novell.com/documentation/edir88/ edirin88/data/a2iii88.html) Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/ edir88/data/fbadjaeh.html#fbadjaeh) On Linux and UNIX: nds-install, ndsconfig, and ndscheck man pages Novell eDirectory 8.8 What's New Guide...

  • Page 25: Migrating Edirectory 8.8 Sp2 From Netware To Oes

    Hardware and supported platform requirements are aligned with the corresponding Cypress supported platform matrix. For more information, refer to Novell eDirectory Installation Guide (http://www.novell.com/ documentation/edir88/edirin88/data/a2iii88.html). Migrating eDirectory 8.8 SP2 from Netware to OES 2.0...
  • Page 26 Novell eDirectory 8.8 What's New Guide...

  • Page 27: Multiple Instances

    Multiple Instances ® Traditionally, you could configure only one instance of Novell eDirectory on a single host. With the multiple instances feature support in eDirectory 8.8, you can configure the following: Multiple instances of eDirectory on a single host Multiple trees on a single host Multiple replicas of the same tree or partition on a single host eDirectory 8.8 also provides you with a utility (ndsmanage) to easily track the instances.

  • Page 28: Using Multiple Instances

    NOTE: All the instances share the same server key (NICI). Option Description --config-file Specifies the absolute path and filename to store the nds.conf configuration file. For example, to store the configuration file in the /etc/opt/novell/ eDirectory/ directory, use --config-file /etc/opt/novell/eDirectory/nds.conf. Novell eDirectory 8.8 What's New Guide...

  • Page 29: Managing Multiple Instances

    Option Description Specifies the port number where the new instance should listen. NOTE: -b and -B are exclusively used. Specifies the port number along with the IP address or interface. For example: -B eth0@524 -B 100.1.1.2@524 NOTE: -b and -B are exclusively used. Creates the data, dib, and log directories in the path specified for the new instance.
  • Page 30 2 Enter c to create a new instance. You can either create a new tree or add a server to an existing tree. Follow the instructions on the screen to create a new instance. Novell eDirectory 8.8 What's New Guide...
  • Page 31 Performing Operations for a Specific Instance You can perform the following operations for every instance: “Starting a Specific Instance” on page 31 “Stopping a Specific Instance” on page 31 “Deconfiguring an Instance” on page 32 Other than the ones listed above, you can also run ndstrace for a selected instance. Starting a Specific Instance To start an instance configured by you, do the following: 1 Enter the following:...

  • Page 32: Identifying A Specific Instance

    If you want to run a utility for a specific instance, you need to include the instance identifier in the utility command. The instance identifiers are the path of the configuration file, and the hostname and Novell eDirectory 8.8 What's New Guide...

  • Page 33: Sample Scenario For Multiple Instances

    To configure the instances based on the above mentioned instance identifiers, Mary must enter the following commands. Instance 1: ndsconfig new -t mytree -n o=novell -a cn=admin.o=company -b 1524 - /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf Instance 2: ndsconfig new -t corptree -n o=novell -a cn=admin.o=company -b 2524 /home/mary/inst2/var --config-file /home/mary/inst2/nds.conf...

  • Page 34: Invoking A Utility For An Instance

    -a 3.6 For More Information Refer to the following documents for more information about Multiple Instances Support: Novell eDirectory 8.8 Install Guide (http://www.novell.com/documentation/edir88/edirin88/ data/a79kg0w.html#bqs8mmt) For Linux and UNIX: ndsconfig and ndsmanage man pages Novell eDirectory 8.8 What's New Guide...

  • Page 35: Authentication To Edirectory Through Sasl-Gssapi

    For more information, refer to RFC 1510 (http://www.ietf.org/rfc/rfc1510.txt?number=1510). For more information on Novell Kerberos KDC, refer to the Novell Kerberos KDC documentation (http://www.novell.com/documentation/kdc/index.html). 4.1.2 What is SASL? Simple Authentication and Security Layer (SASL) provides an authentication abstraction layer to applications.

  • Page 36: What Is Gssapi

    1 An eDirectory user sends a request through an LDAP client to the Kerberos KDC (Key Distribution Center) server for an initial ticket known as a ticket granting ticket (TGT). A Kerberos KDC can be from Novell Kerberos KDC MIT, Microsoft*, or Heimdal. 2 KDC responds to the LDAP client with a TGT.

  • Page 37: Configuring Gssapi

    2e Associate a Kerberos principal name with the User Object. For information on the above steps, refer to the Configuring GSSAPI with eDirectory in Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/ edir88/index.html?treetitl.html) 4.4 How Does LDAP Use GSSAPI? After you configure GSSAPI, it is added along with the other SASL methods to the supportedSASLMechanisms attribute in rootDSE.

  • Page 38: Commonly Used Terms

    A record containing client information, service information, and a session key which is encrypted with the particular service principal’s shared key Ticket Granting Ticket A type of ticket that the client can obtain additional Kerberos tickets (TGT) with. Novell eDirectory 8.8 What's New Guide...

  • Page 39: Enforcing Case-Sensitive Universal Passwords

    Now, in eDirectory 8.8 and later, you can make your passwords case-sensitive for all the clients that are upgraded to eDirectory 8.8. By enforcing the use of case-sensitive passwords, you can prevent the legacy Novell clients from accessing the eDirectory 8.8 server. Refer to Section 5.4, “Preventing Legacy Novell Clients from...

  • Page 40: How To Make Your Password Case-Sensitive

    1 Log in to eDirectory using the existing password. In the case of fresh install, the existing password is the one that you set while configuring eDirectory 8.8. For example, your password is “novell”. NOTE: This password is not case-sensitive. 2 Enable Universal Password.

  • Page 41: Managing Case-Sensitive Passwords

    Administration utilities with eDirectory 8.8 Novell iManager 2.6 and later The clients and utilities that are earlier than the above mentioned versions are legacy Novell clients. You can have case-sensitive passwords for the legacy Novell clients after upgrading them to their latest versions.

  • Page 42: Preventing Legacy Novell Clients From Accessing Edirectory 8.8 Server

    Login session 3 and subsequent logins. If you log in using the password noVell, it is valid. If you log in using the password Novell (or any other version except noVell), it is invalid. 5.4 Preventing Legacy Novell Clients from Accessing eDirectory 8.8 Server...
  • Page 43 In eDirectory 8.8 and later, you can configure the setting and changing of passwords through LDAP as well as iManager. This section includes information on the following: “NDS Configurations at Different Levels” on page 43 “Managing NDS Configurations Through iManager” on page 44 “Managing NDS Configurations Through LDAP”...
  • Page 44 NDS login configuration. Enabling/Disabling NDS Configuration for a Partition To enable NDS login for pre-eDirectory 8.8 clients: 1 In Novell iManager, click the Roles and Tasks button Description: Roles and Tasks Button 2 Select NMAS > Universal Password Enforcement.
  • Page 45 4 Follow the instructions in the NDS Configuration for an Object wizard to configure the login and password management at an object level. Help is available throughout the wizard. Managing NDS Configurations Through LDAP IMPORTANT: We strongly recommend you to use iManager for managing NDS configurations and not LDAP.

  • Page 46: Partition Operations

    NDAP password management is enabled irrespective of the configuration setting at the partition level. NOTE: For more information on creating and managing priority sync policies, refer to Using LDAP Tools on Linux, Solaris, AIX, or HP-UX (http://www.novell.com/documentation/edir88/) Novell Import Conversion Export Utility (http://www.novell.com/documentation/edir88/).
  • Page 47 Deploying Universal Password (http://www.novell.com/documentation/nmas23/admin/data/ allq21t.html) Enforcing Case-Sensitive Universal Passwords...
  • Page 48 Novell eDirectory 8.8 What's New Guide...

  • Page 49: Priority Sync

    Priority Sync ® Priority Sync is a new feature in Novell eDirectory 8.8 that is complimentary to the current synchronization process in eDirectory. Through Priority Sync, you can synchronize the modified critical data, such as passwords, immediately. You can sync your critical data through Priority Sync when you cannot wait for normal synchronization.

  • Page 50: Using Priority Sync

    3. Apply the Priority Sync policies to the partitions through iManager. 6.3 For More Information Refer to the following for more information on Priority Sync: Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/ edir88/data/brp2di9.html#brp2z9z) iManager and iMonitor online help Novell eDirectory 8.8 What's New Guide...

  • Page 51: Data Encryption

    Data Encryption ® In Novell eDirectory 8.8 and later, you can encrypt specific data when they are stored on the disk and when they are transmitted between two or more eDirectory 8.8 servers. This provides greater security for the confidential data.

  • Page 52: How To Encrypt Attributes

    If you require encrypted replication between specific replicas of a partition that contain sensitive data. If you feel the network in your setup is hostile, you might want to protect sensitive data during replication. Novell eDirectory 8.8 What's New Guide...

  • Page 53: Enabling Encrypted Replication

    If you have made any changes to the certificates, like renaming them, encrypted replication fails. 7.3 For More Information Refer to the following for more information on encrypting data in eDirectory: Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/ index.html) iManager and iMonitor online help Data Encryption...
  • Page 54 Novell eDirectory 8.8 What's New Guide...

  • Page 55: Bulkload Performance

    8.8 provides you with enhancements to increase bulkload performance. For information on increasing the bulkload performance, refer to the following sections of the Novell eDirectory 8.8 Administration Guide: eDirectory Cache Settings LBURP Transaction Size Setting Increasing the Number of Asynchronous Requests in ICE...
  • Page 56 Novell eDirectory 8.8 What's New Guide...

  • Page 57: Imanager Ice Plug-Ins

    ICE Plug-ins ® Prior to Novell eDirectory 8.8, some of the Novell Import Conversion Export (ICE) utility command line options did not have corresponding options in the iManager plug-in. The following table lists the platforms that support this feature: Feature...

  • Page 58: Add Schema From A Server

    File For more information, refer to the Novell eDirectory Management Utilities (http://www.novell.com/ documentation/edir88/edir88/data/a5hf8rg.html#a5hf8rg) chapter in the Novell eDirectory 8.8 Administration Guide. 9.1.2 Add Schema from a Server The source and destination are LDAP servers. If you want to only compare the schema and not add the additional schema to the destination server, select the Do Not Add but Compare option.

  • Page 59: Compare Schema Between A Server And A File

    For more information, refer to the Novell eDirectory Management Utilities (http://www.novell.com/ documentation/edir88/edir88/data/a5hf8rg.html#a5hf8rg) chapter in the Novell eDirectory 8.8 Administration Guide. 9.2.2 Compare Schema between a Server and a File The Compare Schema between a Server and a File option compares the schema between a source server and a destination file and then places the result in an output file.
  • Page 60 Novell eDirectory 8.8 What's New Guide...

  • Page 61: Ldap-Based Backup

    LDAP-Based Backup ® The LDAP-based backup feature is introduced with Novell eDirectory 8.8. This feature is used to backup the attributes and attribute values one object at a time. The following table lists the platforms that support this feature: Feature...
  • Page 62 Novell eDirectory 8.8 What's New Guide...

  • Page 63: Managing Error Logging In Edirectory 8.8

    Managing Error Logging in eDirectory 8.8 ® Many customers have reported that the error logging in Novell eDirectory does not help much in identifying and resolving the common problems. Error logging is automatically started during eDirectory installation. This chapter consists of the following sections: Section 11.1, “Message Severity Levels,”...

  • Page 64: Error

    Section 11.2.3, “NetWare,” on page 66 11.2.1 Linux and UNIX To configure the error logging settings for the server-side messages, you can use the n4u.server.log- levels and n4u.server.log-file parameters in the /etc/opt/novell/eDirectory/conf/ nds.conf configuration file. Novell eDirectory 8.8 What's New Guide...

  • Page 65: Windows

    Setting the Severity Level The severity levels available are LogFatal, LogWarn, LogErr, LogInfo, and LogDbg levels (in decreasing order of severity). For more information on the severity levels, refer to Section 11.1, “Message Severity Levels,” on page By default, the severity level is set "LogFatal". So, only messages with severity level fatal will be logged.

  • Page 66: Netware

    “Message Severity Levels,” on page To set the severity level, do the following: 1 Click Start > Settings > Control Panel > Novell eDirectory Services 2 In the Services tab, select dhlog.dlm. 3 Enter the log level in the Startup Parameters box.
  • Page 67 NOTE: DSLOG.NLM is automatically up when DS is up. However, you can manually unload/load DSLOG.NLM. The severity levels available are LogFatal, LogWarn, LogErr, LogInfo, and LogDbg levels (in decreasing order of severity). For more information on the severity levels, refer to Section 11.1, “Message Severity Levels,”...

  • Page 68: Dstrace Messages

    To disable filtering, enter the following command: ndstrace tag Examples for enabling filtering: To enable filtering for thread ID 35, enter the following: ndstrace thrd 35 To enable filtering for severity level fatal, enter the following: Novell eDirectory 8.8 What's New Guide...

  • Page 69: Windows

    Figure 11-1 11.3.2 Windows Complete the following procedure to filter the trace messages: 1 Select Start > Control Panel > Novell eDirectory Services 2 In the Services tab, select dstrace.dlm. 3 Click Edit > Options in the Trace window. Managing Error Logging in eDirectory 8.8...

  • Page 70: Imonitor Message Filtering

    The Novell eDirectory Trace Options dialog box is displayed. Trace Options Screen on Windows Figure 11-2 4 Click on the Screen tab. 5 Select the filter option from the Filters group and enter the filter value. You can filter the messages based on:...

  • Page 71: Sal Message Filtering

    To filter based on the connection ID and thread ID, ensure that you have enabled them in the Trace Configuration tab. For more information, refer to the iMonitor online help. 11.5 SAL Message Filtering SAL has been enhanced to log extensive information on errors on demand. Function calls can be traced with arguments in the debug builds.

  • Page 72: Setting The Log File Path

    Syslog: In Linux and UNIX, the messages will go to the syslog. On NetWare and Windows, messages are logged into a file with the name syslog. This is the default behavior for logging. All critical errors are always logged to syslog unless it is disabled specifically. Novell eDirectory 8.8 What's New Guide...

  • Page 73: Offline Bulkload Utility: Ldif2Dib

    Offline Bulkload Utility: ldif2dib ldif2dib is a new utility introduced with Novell eDirectory 8.8 for bulkloading data from LDIF files to the eDirectory database.This is an offline utility and achieves faster bulkloads compared to the other online tools. The following table lists the platforms for which ldif2dib is supported.
  • Page 74 Novell eDirectory 8.8 What's New Guide...

  • Page 75: Edirectory Backup With Sms

    Target Service Agent (TSA) The TSA for the eDirectory (tsands) services eDirectory targets and provides an implementation of the Novell Storage Management Services API for the directory trees. Applications can be wriiten on top of SMS API to provide a complete backup solution.
  • Page 76 Novell eDirectory 8.8 What's New Guide...

  • Page 77: Miscellaneous

    Miscellaneous ® This chapter covers miscellaneous new features with Novell eDirectory 8.8. Section 14.1, “Security Object Caching,” on page 77 Section 14.2, “Subtree Search Performance Improvement,” on page 77 Section 14.3, “Localhost Changes,” on page 78 Section 14.4, “256 File Handler on Solaris,” on page 78 Section 14.5, “Memory Manager on Solaris,”...

  • Page 78: Localhost Changes

    This feature is called Nested Groups. Currently, nesting is allowed for static groups. Nesting can have multiple levels upto 200. For more information on Nested Groups, refer to the Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/index.html) Novell eDirectory 8.8 What's New Guide...

This manual is also suitable for:

Edirectory 8.8 sp2

Table of Contents