1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. EDIRECTORY 8.8 SP3
  6. Installation manual

Novell EDIRECTORY 8.8 SP3 Installation Manual

Hide thumbs Also See for EDIRECTORY 8.8 SP3:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual
AUTHORIZED DOCUMENTATION
Installation Guide
Novell
®
eDirectory
TM
8.8 SP3
July 31, 2008
www.novell.com
Novell eDirectory 8.8 Installation Guide

Advertisement

Table of Contents
loading

Related Manuals for Novell EDIRECTORY 8.8 SP3

Summary of Contents for Novell EDIRECTORY 8.8 SP3

  • Page 1 AUTHORIZED DOCUMENTATION Installation Guide Novell ® eDirectory 8.8 SP3 July 31, 2008 www.novell.com Novell eDirectory 8.8 Installation Guide...
  • Page 2 Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell is a registered trademark of Novell, Inc., in the United States and other countries. Novell Client is a trademark of Novell, Inc. Novell Directory Services and NDS are registered trademarks of Novell, Inc., in the United States and other countries.

  • Page 5: Table Of Contents

    Disk Space Check on Upgrading to eDirectory SP3 or later ......14 Installing or Upgrading Novell eDirectory on NetWare....... 14 1.7.1...
  • Page 6 Nonroot user SNMP configuration ........81 4 Installing or Upgrading Novell eDirectory on Solaris System Requirements .
  • Page 7 8.1.3 Using the nmasinst Utility to Configure Novell Modular Authentication Service . . . 124 Configuration Parameters ........... 124 Security Considerations .
  • Page 8 Novell Service Location Providers ........

  • Page 9: About This Book

    Chapter 6, “Relocating the DIB,” on page 115 Chapter 7, “Upgrade Requirements of eDirectory 8.8,” on page 117 Chapter 8, “Configuring Novell eDirectory on Linux, Solaris, or AIX Systems,” on page 123 Chapter 10, “Uninstalling Novell eDirectory,” on page 135 Appendix A, “Linux, Solaris, and AIX Packages for Novell eDirectory,”...
  • Page 10 When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux* and UNIX*, should use forward slashes as required by your software. Novell eDirectory 8.8 Installation Guide...

  • Page 11: Installing Or Upgrading Novell Edirectory On Netware

    Administrative rights to the eDirectory tree to enable you to modify the schema. 1.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find...

  • Page 12: Hardware Requirements

    Two factors increase performance: more cache memory and faster processors. For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.7 took advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 13: Forcing The Backlink Process To Run

    1.4 Forcing the Backlink Process to Run Because the internal eDirectory identifiers change when upgrading to Novell eDirectory, the backlink process must update backlinked objects for them to be consistent.

  • Page 14: Disk Space Check On Upgrading To Edirectory Sp3 Or Later

    Chapter 7, “Upgrade Requirements of eDirectory 8.8,” on page 117. 1.7 Installing or Upgrading Novell eDirectory on NetWare This section contains the following information: “Installing or Upgrading Novell eDirectory 8.8 on NetWare” on page 15 Novell eDirectory 8.8 Installation Guide...

  • Page 15: Installing Or Upgrading Novell Edirectory 8.8 On Netware

    “Remote Installation or Upgrade” on page 21 NOTE: Unattended Upgrade feature is supported only for SP3 release. 1.7.1 Installing or Upgrading Novell eDirectory 8.8 on NetWare 1 At the server console, enter nwconfig.nlm. 2 Select Product Options > Install a Product Not Listed.

  • Page 16: Server Health Checks

    The NMAS client software must be installed on each client workstation where you want to use the NMAS login methods. 1 At a Windows client workstation, insert the Novell eDirectory 8.8 CD. 2 From the NMAS directory, run nmasinstall.exe. 3 Select the NMAS Client Components checkbox.

  • Page 17: Installing Into A Tree With Dotted Name Containers

    For example: O=novell\.com You cannot start a name with a dot. For example, you cannot create a container named “.novell” because it starts with a dot (‘.’). IMPORTANT: If your tree has containers with dotted names, you must escape those names when logging into utilities such as iMonitor, iManager, and DHost iConsole.
  • Page 18 All of the SPK's components may use the SPK's variables. To see the variables, right click on the SPK and select Properties (see Figure 1-3). Editing the package properties Figure 1-3 3 Click on the Variables tab to make the site-specific changes needed by the installation process (see Figure 1-4). Novell eDirectory 8.8 Installation Guide...
  • Page 19 3 Remove the file set (if given as a sample) by right clicking on the file group and choosing Remove. Choose “Add File” by right clicking on the File Group as given below: Installing or Upgrading Novell eDirectory on NetWare...
  • Page 20 Selecting the upgrade source Figure 1-6 Fully Automated Standalone Upgrade Once the above changes are performed, compile the SPK to make a CPK using the right-click menu option in the main component to compile (see Figure 1-7). Novell eDirectory 8.8 Installation Guide...

  • Page 21: Remote Installation Or Upgrade

    XServer Console to choose the NMAS methods to be installed. In this case, you could choose "Yes-Remote", which by default installs all NMAS methods without any further indications in the System Console. NOTE: The Installer will restart the server once the installation is complete. Installing or Upgrading Novell eDirectory on NetWare...
  • Page 22 Novell eDirectory 8.8 Installation Guide...

  • Page 23: Installing Or Upgrading Novell Edirectory On Windows

    IMPORTANT: Novell eDirectory 8.8 lets you install eDirectory for Windows without the Novell Client . If you install eDirectory 8.8 on a machine already containing the Novell Client, eDirectory will use the existing Client. For more information, see “Installing or Updating Novell eDirectory 8.8 on Windows 2000 or Server 2003”...

  • Page 24: Prerequisites

    2.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the TID - What Novell products are supported with Novell eDirectory 8.8? (http://support.novell.com/cgi-bin/search/searchtid.cgi?10099872.htm)

  • Page 25: Hardware Requirements

    Two factors increase performance: more cache memory and faster processors. For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 26: Updating The Edirectory Schema For Windows

    After migrating to eDirectory, we recommend that you force the backlink to run by completing the following procedure. Running the backlink process is especially important on servers that do not contain a replica. 1 Click Start > Settings > Control Panel > Novell eDirectory Services 2 In the Services tab, select ds.dlm. 3 Click Configure.

  • Page 27: Disk Space Check On Upgrading To Edirectory Sp3 Or Later

    DHCP Options for Service Location Protocol (http://www.openslp.org/doc/rfc/ rfc2610.txt) OpenSLP Documentation (http://www.openslp.org/#Documentation) 3 If you have Autorun turned off, run setup.bat from the Novell eDirectory 8.8 SP3 CD or from the downloaded file. The installation program checks for the following components before it installs eDirectory. If a component is missing or is an incorrect version, the installation program automatically launches an installation for that component.
  • Page 28 HTTP server, then click Next. IMPORTANT: Make sure that the HTTP stack ports you set during the eDirectory installation are different than the HTTP stack ports you have used or will use for Novell iManager. For more information, see the Novell iManager 2.6 Administration Guide (http://www.novell.com/...

  • Page 29: Server Health Checks

    An LDAP Simple Bind requires only a DN and a password. The password is in clear text. If you use port 389, the entire packet is in clear text. By default, this option is disabled during the eDirectory installation. Installing or Upgrading Novell eDirectory on Windows...
  • Page 30 No one can view passwords, data packets, or bind requests. Port 636, the Industry-Standard Secure Port The connection through port 636 is encrypted. TLS (formerly SSL) manages the encryption. By default, the eDirectory installation selects this port. Novell eDirectory 8.8 Installation Guide...
  • Page 31 LDAP server does not service requests on any duplicated port. If you are not certain that port 389 or 636 is assigned to the Novell LDAP server, run the ICE utility.

  • Page 32: Installing Nmas Server Software

    Novell iMonitor can also report that port 389 or 636 is already open. If the LDAP server isn't working, use Novell iMonitor to identify details. See Verifying That The LDAP Server Is Running (http://www.novell.com/documentation/edir88/edir88/data/ai8wt35.html) in the Novell eDirectory 8.8 Administration Guide for more information.
  • Page 33 IMPORTANT: If your tree has containers with dotted names, you must escape those names when logging into utilities such as iMonitor, iManager, and DHost iConsole. For example, if your tree has “novell.com” as the name of the O, enter username.novell\.com in the Username field when logging in to iMonitor (see Figure 2-4).

  • Page 34: Unattended Install And Upgrade To Edirectory 8.8 Sp3 On Windows

    When editing the response.ni file, ensure there are no blank spaces between the key and the values along with the equals sign ("=") in each key-value pair. Novell eDirectory 8.8 Installation Guide...
  • Page 35 For example, if the server being installed is 'EDIR-TEST-SERVER', the value for this parameter will be "EDIR-TEST-SERVER.Novell" if the Server container is ‘Novell’. Tree Name: For a primary server installation, this is the name of the tree that needs to installed;...
  • Page 36 This location is used by the Installer while copying files to the install location, and the other location is used by the components to refer to the base eDirectory installation while they are configured. The default value is C:\Novell\NDS, if not specified in the response file. For example: [Novell:DST:1.0.0_Location]...
  • Page 37 NOTE: The method names should exactly match those listed in the above table, as options to the Methods key. The Installer matches the exact string (with case) for choosing the NMAS methods to install. Installing or Upgrading Novell eDirectory on Windows...
  • Page 38 Require TLS: Whether eDirectory should mandate TLS when receiving LDAP requests in clear text. Novell eDirectory 8.8 Installation Guide...
  • Page 39 The eDirectory Installer language settings configure the locale and set the display language. There are currently three locale options that can be set during installation: English, French and Japanese. Each has a specific key in the [Novell:Languages:1.0.0] tag that can be set to True/False prior to the start of installation.
  • Page 40 [NWI:SLP] tag to uninstall and remove the existing SLP services. The following is sample text in the response file for uninstalling and removing SLP services: [EDIR:SLP] Need to uninstall service=true Novell eDirectory 8.8 Installation Guide...
  • Page 41 New Tree: Use this key in the [NWI:NDS] tag and and set it to Yes for a new tree installation, or No for a secondary server installation. ExistingTreeYes: This key is in the [Novell:ExistingTree:1.0.0] tag. Set it to True/false. Set this to False for a new tree or primary server installation and set it to True for a secondary server in an existing tree.
  • Page 42 If you don’t want the Installer to prompt for deciding whether is it a new tree installation, or for adding a secondary server to an existing tree, set this parameter False in the [Selected Nodes] tag. [Initialization] InstallationMode=silent Novell eDirectory 8.8 Installation Guide...
  • Page 43 Some applications that intend to embed eDirectory might not want eDirectory displaying these images. All image and status display details are configured in the [Novell:NOVELL_ROOT:1.0.0] tag, including configuration information for the welcome page, close page, summary page, license agreement page, language page, custom choices page, wizard page, welcome page.
  • Page 44 Novell eDirectory 8.8 Installation Guide...

  • Page 45: Installing Or Upgrading Novell Edirectory On Linux 3.1 System Requirements

    Installing or Upgrading Novell eDirectory on Linux ® Use the following information to install or upgrade Novell eDirectory 8.8 on a Linux* server: Section 3.1, “System Requirements,” on page 45 Section 3.2, “Prerequisites,” on page 46 Section 3.3, “Hardware Requirements,” on page 48 Section 3.4, “Forcing the Backlink Process to Run,”...

  • Page 46: Prerequisites

    Yast online update. 3.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find...
  • Page 47 In case the secondary being added is of later version, then the schema needs to be extended by the admin of the tree before adding the secondary using container admin. Installing or Upgrading Novell eDirectory on Linux...

  • Page 48: Hardware Requirements

    For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas — for example, logins —...

  • Page 49: Server Health Checks

    After the upgrade to eDirectory 8.8, the default location of the configuration files, data files, and log files are changed to /etc/opt/novell/eDirectory/conf, /var/opt/novell/ eDirectory/data, and /var/opt/novell/eDirectory/log respectively. The new directory /var/opt/novell/eDirectory/data uses a symbolic link to the / var/nds directory. The old configuration file /etc/nds.conf is migrated to /etc/opt/novell/ eDirectory/conf directory.

  • Page 50: Upgrading Through Zenworks Linux Management On Oes Linux Sp3

    For more information on ZENworks Linux Management, refer to ZENworks Linux Management (http://www.novell.com/products/zenworks/linuxmanagement/index.html). For more information on registering and updating Novell Linux products, refer to Linux Registration and Updates (http://support.novell.com/linux/registration/). You can upgrade to eDirectory 8.8 on OES Linux SP3 using either of the following methods:...
  • Page 51 2h Download the 11148 patch. rug pin patch-11148 This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.
  • Page 52 1. Select Edit > Channel Subscription. 2. In the dialog box that appears, select oes. 3. Click Close. 2g Apply the patch. 1. Click on the Patches tab. 2. Scroll down to patch-11148. 3. Click on Mark for Installation. Novell eDirectory 8.8 Installation Guide...
  • Page 53 4. Click Run Now. 5. Click Continue to apply the patch. This updates the yast2-novell-common file. This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.

  • Page 54: Upgrading Edirectory During Oes 1.0 To Oes 2.0 Upgrade

    3.5.4 Upgrading eDirectory During OES 1.0 to OES 2.0 Upgrade eDirectory should be upgraded when OES upgrades from OES 1.0 to OES 2.0. For more information on OES upgrade, refer to OES Linux Installation Guide (http://www.novell.com/ documentation/oes/install_linux/data/bujr8yu.html). Perform the following checks before upgrading the OES or eDirectory server:...

  • Page 55: Upgrading The Tarball Deployment Of Edirectory 8.8

    Remove the older version using NOVLsubag.pkg "pkgrm <pkg name> NOVLniu0.pkg Install new version using "pkgadd - NDSslp.pkg d <pkg name>" installp -acgXd <pkg name with full NDS.NOVLsubag.8.8.1.0 path> <pkg name> all NOVLniu0.2.7.0.0 NDS.NDSslp.8.8.1.0 Installing or Upgrading Novell eDirectory on Linux...

  • Page 56: Upgrading Multiple Instances

    If you run nds-install after doing the package upgrade, it will prompt you asking “The DIB of all the Novell eDirectory Server instances need to be upgraded. This may take long time to complete. If you wish to perform the DIB upgrade parallely, you could do it manually (Refer the readme). Do you wish to continue with the DIB upgrade for all the active instances one by one?”...

  • Page 57: Installing Edirectory

    3.6 Installing eDirectory The following sections provide information about installing Novell eDirectory on Linux: Section 3.6.1, “Using SLP with eDirectory,” on page 57 Section 3.6.2, “Installing NICI,” on page 59 Section 3.6.3, “Using the nds-install Utility to Install eDirectory Components,” on page 60 Section 3.6.4, “Installing Through ZENworks Linux Management on OES Linux SP3,”...
  • Page 58 If you decide to use SLP to resolve the tree name to determine if the eDirectory tree is advertised, after eDirectory and SLP are installed, enter the following: /usr/bin/slpinfo -s "ndap.novell///(svcname-ws==[treename or *])" For example, to search for the services whose svcname-ws attribute match with the value SAMPLE_TREE, enter the following command: /usr/bin/slpinfo -s "ndap.novell///(svcname-ws==SAMPLE_TREE)/"...

  • Page 59: Installing Nici

    A root user needs to complete the following procedure to enable a nonroot user (for example, john) to install NICI: 1 Log in as root. 2 Edit the /etc/sudoers configuration file using the visudo command. NOTE: There is no space between vi and sudo in the command. Installing or Upgrading Novell eDirectory on Linux...

  • Page 60: Using The Nds-Install Utility To Install Edirectory Components

    [-c <component1> [-c <component2>]...] [-h] [--help] [-i] [-j] [- If you do not provide the required parameters in the command line, the nds-install utility will prompt you for the parameters. The following table provides a description of the nds-install utility parameters: Novell eDirectory 8.8 Installation Guide...
  • Page 61 There are two components you can install: the eDirectory server and the eDirectory administration utilities. To install the server, enter -c server. To install the administration utilities, enter -c admutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -h or --help Displays help for nds-install.
  • Page 62 4 After the installation is complete, you need to update the following environment variables and export them. You can either do it manually or use a script. Manually export the environment variables For 32-bit export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/ novell/eDirectory/lib/nds-modules:/opt/novell/ lib:$LD_LIBRARY_PATH For 64-bit export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib64:/opt/novell/ eDirectory/lib64/nds-modules:/opt/novell/lib64:$LD_LIBRARY_PATH Novell eDirectory 8.8 Installation Guide...

  • Page 63: Installing Through Zenworks Linux Management On Oes Linux Sp3

    TEXTDOMAINDIR=/opt/novell/eDirectory/share/locale:$TEXTDOMAINDIR Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/ eDirectory/bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 64 1g Install the 11148 patch. rug pin patch-11148 This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.
  • Page 65 All the eDirectory packages are displayed. 2. Select all the packages. 3. Click on Mark for Installation. 4. Click on the Updates tab and select the nici, yast2-edirectory, and novell-edirectory-install packages. 5. Click on Mark for Installation. Installing or Upgrading Novell eDirectory on Linux...
  • Page 66 3. Click on Mark for Installation. 4. Click Run Now. 5. Click Continue to apply the patch. This updates the yast2-novell-common file. This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.

  • Page 67: Nonroot User Installing Edirectory 8.8

    6 Enter the instance details, such as, server context, server name, instance, dib, and configuration locations. 7 Specify the NTP and SLP settings. 3.6.5 Nonroot User Installing eDirectory 8.8 A nonroot user can install eDirectory 8.8 using the tarball. Installing or Upgrading Novell eDirectory on Linux...
  • Page 68 3 Export the paths as follows: Manually export the environment variables For 32-bit export LD_LIBRARY_PATH=custom_location/eDirectory/opt/novell/ eDirectory/lib:custom_location/eDirectory/opt/novell/eDirectory/lib/ nds-modules:custom_location/eDirectory/opt/novell/ lib:$LD_LIBRARY_PATH export PATH=custom_location/eDirectory/opt/novell/eDirectory/ bin:custom_location/eDirectory/opt/novell/eDirectory/sbin:/opt/ novell/eDirectory/bin:$PATH export MANPATH=custom_location/eDirectory/opt/novell/ man:custom_location/eDirectory/opt/novell/eDirectory/man:$MANPATH export TEXTDOMAINDIR=custom_location/eDirectory/opt/novell/ eDirectory/share/locale:$TEXTDOMAINDIR For 64-bit export LD_LIBRARY_PATH=custom_location/eDirectory/opt/novell/ eDirectory/lib64:custom_location/eDirectory/opt/novell/eDirectory/ lib64/nds-modules:custom_location/eDirectory/opt/novell/ lib64:$LD_LIBRARY_PATH export PATH=custom_location/eDirectory/opt/novell/eDirectory/ bin:custom_location/eDirectory/opt/novell/eDirectory/sbin:/opt/ novell/eDirectory/bin:$PATH Novell eDirectory 8.8 Installation Guide...
  • Page 69 <interface1@port1>, <interface2@port2>,..] [-D <custom_location>] [-- config-file <configuration_file>] For example: ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 -d /home/ mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/ inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.

  • Page 70: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    [-t <treename>] [-n <server context>] [-a <admin FDN>] [-w <admin password>] [-c] [-i] [-S <server name>] [-d <path for dib>] [-m <module>] [-e] [-L <ldap port>] [-l <SSL port>] [-o <http port>] [-O <https port>] [-D <custom_location>] [--config-file <configuration_file>] Novell eDirectory 8.8 Installation Guide...
  • Page 71 NOTE: The HTML files created using iMonitor will not be removed. You must manually remove these files from /var/opt/novell/eDirectory/data/dsreports before removing eDirectory. For example, to remove the eDirectory Server object and directory services from a tree, you could enter the following command: ndsconfig rm -a cn=admin.o=company Installing or Upgrading Novell eDirectory on Linux...
  • Page 72 For example, to install a new eDirectory tree on a UNIX server using “novell.com” as the name of the O, use the following command: ndsconfig new -a "admin.novell\\.com"...
  • Page 73 After configuring the ds module, you can add the NMAS, LDAP, SAS, SNMP, HTTP services, and Novell SecretStore (ss) using the add command. If the module name is not specified, all the modules are installed.

  • Page 74: Using Ndsconfig To Configure Multiple Instances Of Edirectory 8.8

    Description Parameter --config-file Specify the absolute path and file name to store the nds.conf configuration file. For configuration example, to store the configuration file in the /etc/opt/novell/eDirectory/ file directory, enter --config-file /etc/opt/novell/eDirectory/ nds.conf. -P <LDAP Allows the LDAP URLs to configure the LDAP interface on the LDAP Server object.
  • Page 75 The ndsmanage utility enables you to do the following: List the instances configured Create a new instance Do the following for a selected instance: List the replicas on the server Start the instance Stop the instance Installing or Upgrading Novell eDirectory on Linux...
  • Page 76 To create a new instance through ndsmanage: 1 Enter the following command: ndsmanage If you have two instances configured, the following screen is displayed: ndsmanage Utility Output Screen Figure 3-1 2 Enter c to create a new instance. Novell eDirectory 8.8 Installation Guide...
  • Page 77 Alternatively, you can also enter the following at the command prompt: ndsmanage start --config-file configuration_file_of_the_instance_configured_by_you Stopping a Specific Instance To stop an instance configured by you, do the following: 1 Enter the following: Installing or Upgrading Novell eDirectory on Linux...
  • Page 78 To stop all the instances configured by you, enter the following at the command prompt: ndsmanage stopall To stop a specific instance, refer to “Stopping a Specific Instance” on page Example Mary wants to configure 2 trees on a single host machine. Novell eDirectory 8.8 Installation Guide...
  • Page 79 To configure the instances based on the above mentioned instance identifiers, Mary must enter the following commands. Instance 1: ndsconfig new -t mytree -n o=novell -a cn=admin.o=company -b 1524 -D /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf Instance 2: ndsconfig new -t corptree -n o=novell -a cn=admin.o=company -b 2524 -D /home/mary/inst2/var --config-file /home/mary/inst2/nds.conf...

  • Page 80: Using Ndsconfig To Install A Linux Server Into A Tree With Dotted Name Containers

    For example, to install a new eDirectory tree on a Linux server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...

  • Page 81: Nonroot User Snmp Configuration

    “Root User Installing NICI” on page 59 2 Root User Installing NOVLsubag. To install NOVLsubag, complete the following procedure: Enter the following command: rpm -ivh --nodeps NOVLsubag_rpm_file_name_with_path For example: rpm -ivh --nodeps novell-NOVLsubag-8.8.1-5.i386.rpm 3 Export the paths as follows: Installing or Upgrading Novell eDirectory on Linux...
  • Page 82 Manually export the environment variables. For 32-bit export LD_LIBRARY_PATH=custom_location/opt/novell/ eDirectory/lib:custom_location/opt/novell/lib:/opt/novell/lib:/ opt/novell/eDirectory/lib:$LD_LIBRARY_PATH For 64-bit export LD_LIBRARY_PATH=custom_location/opt/novell/eDirectory/lib64:/opt/ novell/eDirectory/lib64/nds-modules:/opt/novell/lib64:$LD_LIBRARY_PATH export PATH=/opt/novell/eDirectory/bin:$PATH export MANPATH=/opt/novell/man:$MANPATH Novell eDirectory 8.8 Installation Guide...

  • Page 83: Installing Or Upgrading Novell Edirectory On Solaris

    Installing or Upgrading Novell eDirectory on Solaris ® Use the following information to install or upgrade Novell eDirectory 8.8 on a Solaris* server: Section 4.1, “System Requirements,” on page 83 Section 4.2, “Prerequisites,” on page 84 Section 4.3, “Hardware Requirements,” on page 85 Section 4.4, “Forcing the Backlink Process to Run,”...

  • Page 84: Prerequisites

    4.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the TID - What Novell products are supported with Novell eDirectory 8.8?

  • Page 85: Hardware Requirements

    For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 86: Upgrading Edirectory

    After the upgrade to eDirectory 8.8, the default location of the configuration files, data files, and log files are changed to /etc/opt/novell/eDirectory/conf, /var/opt/novell/ eDirectory/data, and /var/opt/novell/eDirectory/log respectively. The new directory /var/opt/novell/eDirectory/data uses a symbolic link to the / var/nds directory. The old configuration file /etc/nds.conf is migrated to /etc/opt/novell/ eDirectory/conf directory.

  • Page 87: Server Health Checks

    -d filename_and_absolute_path_of_NDSslp.pkg The SLP package is present in the setup directory in the build. For example, if you have the build in the /home/build directory, enter the following command: pkgadd -d /home/build/Solaris/Solaris/setup/NDSslp.pkg Installing or Upgrading Novell eDirectory on Solaris...

  • Page 88: Installing Nici

    If you decide to use SLP to resolve the tree name to determine if the eDirectory tree is advertised, after eDirectory and SLP are installed, enter the following: /usr/bin/slpinfo -s "ndap.novell///(svcname-ws==[treename or *])" For example, to search for the services whose svcname-ws attribute match with the value SAMPLE_TREE, enter the following command: /usr/bin/slpinfo -s "ndap.novell///(svcname-ws==SAMPLE_TREE)/"...

  • Page 89: Using The Nds-Install Utility To Install Edirectory Components

    User Installing eDirectory 8.8,” on page 1 Enter the following command from the setup directory: ./nds-install To install eDirectory components, use the following syntax: nds-install [-c component1 [-c component2]...] [-h] [-i] [-j] [-u] Installing or Upgrading Novell eDirectory on Solaris...
  • Page 90 There are two components you can install, the eDirectory server and the eDirectory administration utilities. To install the server, enter -c nds. To install the administration utilities, enter -c adminutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -n /var Displays help for nds-install.
  • Page 91 “Using the Nmasinst Utility to Configure NMAS” on page 4 After the installation is complete, you need to update the following environment variables and export them as follows: Manually export the environment variables Installing or Upgrading Novell eDirectory on Solaris...

  • Page 92: Nonroot User Installing Edirectory 8.8

    Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/ eDirectory/bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 93 [-D custom_location] [--config-file configuration_file] For example: ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 -d /home/ mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/ inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.

  • Page 94: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    FDN: 64 characters server context: 64 characters If the parameters are not specified in the command line, ndsconfig prompts you to enter values for each of the missing parameters. Or, you can also use the following syntax: Novell eDirectory 8.8 Installation Guide...
  • Page 95 For example, to remove the eDirectory Server object and directory services from a tree, you could enter the following command: ndsconfig rm -a cn=admin.o=company ndsconfig Utility Parameters Refer to “ndsconfig Utility Parameters” on page 72 for more information. Installing or Upgrading Novell eDirectory on Solaris...

  • Page 96: Using Ndsconfig To Configure Multiple Instances Of Edirectory 8.8

    For example, to install a new eDirectory tree on a Solaris server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...

  • Page 97: Nonroot User Snmp Configuration

    1 Root User Installing NICI. Refer to Section 4.6.3, “Installing NICI,” on page 2 Install NOVLsubag as root. 3 Export the paths as follows: Manually export the environment variables. export LD_LIBRARY_PATH=custom_location/opt/novell/ eDirectory/lib:custom_location/opt/novell/lib:/opt/novell/lib:/ opt/novell/eDirectory/lib:$LD_LIBRARY_PATH export PATH=/opt/novell/eDirectory/bin:$PATH export MANPATH=/opt/novell/man:$MANPATH Installing or Upgrading Novell eDirectory on Solaris...
  • Page 98 Novell eDirectory 8.8 Installation Guide...

  • Page 99: Installing Or Upgrading Novell Edirectory On Aix

    74 MB of disk space for every 50,000 users 5.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the TID - What Novell products are supported with Novell eDirectory 8.8?

  • Page 100: Hardware Requirements

    Hardware requirements depend on the specific implementation of eDirectory. For example, a base installation of Novell eDirectory with the standard schema requires about 74 MB of disk space for every 50,000 users. However, if you add a new set of attributes or completely fill in every existing attribute, the object size grows.

  • Page 101: Forcing The Backlink Process To Run

    Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors. eDirectory itself is not processor intensive, but it is I/O intensive. The following table illustrates typical system requirements for Novell eDirectory for AIX. Objects Processor...

  • Page 102: Upgrading Multiple Instances

    “Upgrading the Tarball Deployment of eDirectory 8.8,” on page 55 in the Linux chapter. 5.6 Installing eDirectory The following sections provide information about installing Novell eDirectory on AIX: Section 5.6.1, “Server Health Checks,” on page 102 Section 5.6.2, “Using SLP with eDirectory,” on page 103 Section 5.6.3, “Installing NICI,”...

  • Page 103: Using Slp With Edirectory

    If you do not have a service registered with its svcname-ws attribute as SAMPLE_TREE, there will be no output. For more information, see Appendix C, “Configuring OpenSLP for eDirectory,” on page 151. Installing or Upgrading Novell eDirectory on AIX 103...

  • Page 104: Installing Nici

    NOPASSWD: /usr/sbin/installp A nonroot user (john in the example) needs to do the following to install NICI: 1 Log in as john and execute the following command: sudo installp -acgXd absolute_path_of_the_NICI_fileset NOVLniu0 For example: 104 Novell eDirectory 8.8 Installation Guide...

  • Page 105: Using The Nds-Install Utility To Install Edirectory Components

    There are two components you can install, the eDirectory server and the eDirectory administration utilities. To install the server, enter -c nds. To install the administration utilities, enter -c adminutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -n /var Displays help for nds-install.
  • Page 106 By default ndsconfig configures NMAS. You can also use the nmasinst utility to configure NMAS server after installation. This must be done after configuring eDirectory with ndsconfig. For more information on the ndsconfig utility, see “The ndsconfig Utility” on page 123. 106 Novell eDirectory 8.8 Installation Guide...

  • Page 107: Nonroot User Installing Edirectory 8.8

    Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/ eDirectory/bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 108 4 Configure eDirectory in the usual manner. You can configure eDirectory in any of the following ways: Use the ndsconfig utility as follows: 108 Novell eDirectory 8.8 Installation Guide...

  • Page 109: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    [-D custom_location] [--config-file configuration_file] For example: ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 -d /home/ mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/ inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.
  • Page 110 You can enable encrypted replication in the server you want to add using the -E option. For more information on encrypted replication, refer to Novell eDirectory 8.8 Administration Guide (http:// www.novell.com/documentation/edir88/index.html). Removing a Server Object and Directory Services from a Tree...

  • Page 111: Using Ndsconfig To Configure Multiple Instances Of Edirectory 8.8

    For example, to install a new eDirectory tree on an AIX server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...

  • Page 112: Nonroot User Snmp Configuration

    The last parameter specifies the config.txt file for the login method that is to be installed. A config.txt file is provided with each login method. Here is an example of the -addmethod command: nmasinst -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/ config.txt If the login method already exists, nmasinst will update it.
  • Page 113 2 Install NOVLsubag as root. 3 Export the paths as follows: Manually export the environment variables. export LD_LIBRARY_PATH=custom_location/opt/novell/ eDirectory/lib:custom_location/opt/novell/lib:/opt/novell/lib:/ opt/novell/eDirectory/lib:$LD_LIBRARY_PATH export PATH=/opt/novell/eDirectory/bin:$PATH export MANPATH=/opt/novell/:$MANPATH Installing or Upgrading Novell eDirectory on AIX 113...
  • Page 114 114 Novell eDirectory 8.8 Installation Guide...

  • Page 115: Relocating The Dib

    2c Enter k to stop the instance. 3 Get the current DIB location using the following command: ndsconfig get n4u.nds.dibdir NOTE: In eDirectory 8.8, by default the DIB is located at /var/opt/novell/ eDirectory/data/dib and on pre-eDirectory 8.8 servers, it is located at /var/nds/ dib.

  • Page 116: Netware And Windows

    6.2 NetWare and Windows DIB relocation is currently not supported. However, on Windows you can locate the DIB in a custom location during the eDirectory installation. 116 Novell eDirectory 8.8 Installation Guide...

  • Page 117: Upgrade Requirements Of Edirectory

    Upgrade Requirements of eDirectory 8.8 One of the unique features of eDirectory is its ability to maintain the tight referential integrity. Any object Classes derived from Top will have a reference attribute in its class definition. This is a hidden attribute added to all the referenced objects that are internally maintained by eDirectory. Background processes keep running to check the links between the referenced object and the referencing objects.

  • Page 118: Reference Changes In 8.8 Sp3

    NOTE: Incase the administrator wants to run the utility and find out the status of the upgrade, this database upgrade tool can be used with a copy of the database or with -d option Unix/Linux NetWare Windows ndsdibupg dsdibupg.nlm ndsdibupg.exe 118 Novell eDirectory 8.8 Installation Guide...
  • Page 119 ndsdibupg Help Screen Figure 7-2 The following table discusses the ndsdibupg options. ndsdibupg Options Table 7-1 Option Description Quiet mode. There will not be any messages in quiet mode. Messages will be logged to log file ( if provided ) even in -q mode. It is recommended that you always provide a log file name for troubleshooting purpose.

  • Page 120: Performing A Dry Run Before Upgrading Edirectory

    Upgrade will require twice the size of the database since a copy needs to be taken. 120 Novell eDirectory 8.8 Installation Guide...

  • Page 121: Common Problems Encountered During The Upgrade Process

    Upgrade Process Figure 7-3 7.3.1 Common Problems Encountered during the Upgrade Process The following FAQ section discusses the common problems faced while upgrading from the previous versions of eDirectory to eDirectory 8.8. Question: I am upgrading from eDirectory 8.7.x to eDirectory 8.8. The upgrade process failed with an error.
  • Page 122 Answer: eDirectory maintains the reference attributes in a separate container in the database. The delay in the initial display is due to the time it takes FLAIM to delete the database container that holds the “Reference” attribute records. 122 Novell eDirectory 8.8 Installation Guide...

  • Page 123: Configuring Novell Edirectory On Linux, Solaris, Or Aix Systems

    “Using the ldapconfig Utility to Configure the LDAP Server and LDAP Group Objects” on page 123 “Using the nmasinst Utility to Configure Novell Modular Authentication Service” on page 124 8.1.1 The ndsconfig Utility You can use the ndsconfig utility to configure eDirectory. This utility can also be used to add the eDirectory Replica Server into an existing tree or to create a new tree.

  • Page 124: Using The Nmasinst Utility To Configure Novell Modular Authentication Service

    8.1.3 Using the nmasinst Utility to Configure Novell Modular Authentication Service For eDirectory 8.8, by default, ndsconfig configures NMAS. You can also use nmasinst on Linux, Solaris, and AIX systems to configure NMAS. ndsconfig only configures NMAS and does not install the login methods. To install these login methods, you can use nmasinst.
  • Page 125 Range=2 to 1440 n4u.nds.synchronization-restrictions The Off value allows synchronization with any version of the eDirectory. The On value restricts synchronization to version numbers you specify as parameters (for example, ON,420,421). Default=Off Configuring Novell eDirectory on Linux, Solaris, or AIX Systems 125...
  • Page 126 The eDirectory configuration files are placed here. Default=/etc n4u.server.vardir The eDirectory and utilities log files are placed here. Default=/var/opt/novell/eDirectory/log n4u.server.libdir The eDirectory specific libraries are placed here in the nds-modules directory. Default=/opt/novell/eDirectory/lib 126 Novell eDirectory 8.8 Installation Guide...
  • Page 127 LogFatal, LogWarn, LogErr, LogInfo, or LogDbg. n4u.server.log-file This parameter specifies the log file location where the messages would be logged. By default, the messages are logged into the ndsd.log file. Configuring Novell eDirectory on Linux, Solaris, or AIX Systems 127...
  • Page 128 Parameter Description n4u.ldap.lburp.transize Number of records that are sent from the Novell Import/ Export client to the LDAP server in a single LBURP packet. You can increase the transaction size to ensure that multiple add operations can be performed in a single request.

  • Page 129: Security Considerations

    By default, the cipher is set to Export. Make LDAP more secure by setting the cipher to HIGH. To do this, change the bind restrictions attribute of LDAP Server object to “Use Higher Cipher (greater than 128 bit )”. Configuring Novell eDirectory on Linux, Solaris, or AIX Systems 129...
  • Page 130 130 Novell eDirectory 8.8 Installation Guide...

  • Page 131: Migrating To Edirectory 8.8 Sp3

    Migrating to eDirectory 8.8 SP3 ® This document guides you to migrate your Novell eDirectory 8.7.3.x server to eDirectory 8.8 SP3 when you have to upgrade your operating system also. eDirectory 8.8 SP3 supports the following platforms: Platform Supported Versions ®...
  • Page 132 2. Do not perform any operations on the intermediate state other than upgrading eDirectory, if the eDirectory version is not supported on a particular operating system in the intermediate state. For example, eDirectory 8.7.3.x on Solaris 10. 132 Novell eDirectory 8.8 Installation Guide...

  • Page 133: Migrating To Edirectory 8.8 Sp3 Without Upgrading The Operating System

    3 Install the operating system 4 Remove the nici folder from /var/novell and restore the nici folder to /var/opt/ novell 5 Ensure that /var/novell/nici is pointing to /var/opt/novell/nici 6 Install eDirectory 8.8 SP3 on the server (a new install) 7 Restore the dib and nds.rfl directories...
  • Page 134 134 Novell eDirectory 8.8 Installation Guide...

  • Page 135: Uninstalling Novell Edirectory

    2 From the NetWare console, run NWCONFIG. 3 Select Product Options > Install a Product Not Listed. 4 Specify the location containing the Novell eDirectory 8.8 installation package. “Installing or Upgrading Novell eDirectory 8.8 on NetWare” on page 15 for more information.

  • Page 136: Uninstalling Edirectory On Windows

    If you want to be able to use the logs for restoring eDirectory on this server in the future, before removing eDirectory you must first copy the roll-forward logs to another location. For information about roll-forward logs, see “Using Roll-Forward Logs” in the Novell eDirectory 8.8 Administration Guide.
  • Page 137 Server Details The details of the server being uninstalled must be provided to the Uninstaller. Most of this information is configured in three tags, [Novell:NDSforNT:1.0.0], [Initialization], and [Selected Nodes]. Take all the values mentioned in [Initialization] and [Selected Nodes] in remove.rsp as it they are.
  • Page 138 Files\novell\ni\bin>install.exe -remove ..\data\ip.db ..\data\remove.rsp Novell:NDSforNT:1.0.0 0 NDSonNT This performs an unattended uninstallation of eDirectory on the Windows server. Delete the following folders after uninstalling eDirectory: C:\Novell\NDS C:\Program Files\Novell\ni <Windows Installed Drive>:\Program Files\Novell\ni <Windows Installed Drive>:\Windows\system32\NDScpa.cpl 138 Novell eDirectory 8.8 Installation Guide...

  • Page 139: Uninstalling Nici

    If you want to be able to use the logs for restoring eDirectory on this server in the future, before removing eDirectory you must first copy the roll-forward logs to another location. For information about roll-forward logs, see “Using Roll-Forward Logs” in the Novell eDirectory 8.8 Administration Guide.
  • Page 140 NOTE: The DIBs without the eDirectory binaries cannot be used and are insignificant. For example, to uninstall Novell eDirectory Server packages, enter the following command: nds-uninstall -c server nds-uninstall does not uninstall the following packages:...

  • Page 141: A Linux, Solaris, And Aix Packages For Novell Edirectory

    Linux, Solaris, or AIX tools installed with the OS. The following table provides information about the Linux, Solaris, and AIX packages that are included with Novell eDirectory. NOTE: On Linux, all the packages are prefixed with novell-. For example, NDSserv is novell- NDSserv. Package...
  • Page 142 The runtime libraries and utilities for SNMP. This package is dependent on the NICI package. NDSdexvnt Contains the library that manages events generated in Novell eDirectory to other databases. NOVLpkia Provides PKI services. This package is dependent on the NICI, NDSbase, and NLDAPsdk packages.
  • Page 143 NOVLntls on Solaris, and AIX ntls on Linux NOVLldif2dib Contains the Novell Offline Bulkload utility and is dependent on the NDSbase, NDSserv, NOVLntls, NOVLlmgnt and NICI packages. NOVLncp Contains the Novell Encrypted NCP Services for Unix. This package is dependent on the NDScommon package.
  • Page 144 144 Novell eDirectory 8.8 Installation Guide...

  • Page 145: B Edirectory Health Checks

    Health Checks ® Novell eDirectory 8.8 provides a diagnostic tool to help you determine whether your eDirectory health is safe. The primary use of this tool is to check if the health of the server is safe before upgrading.

  • Page 146: Types Of Health Checks

    2. The server is listening on the respective port numbers. For LDAP, it gets the TCP and the SSL port numbers and checks if the server is listening on these ports. 146 Novell eDirectory 8.8 Installation Guide...

  • Page 147: Partitions And Replica Health

    Similarly, it gets the HTTP and HTTP secure port numbers and checks if the server is listening on these ports. B.3.2 Partitions and Replica Health After checking the basic server health, it then checks the partitions and replica health as follows: 1.

  • Page 148: Critical

    Unable to read or open the DIB (might be locked or corrupt). Unable to contact all the servers in the replica ring. Locally held partitions are busy. Replica is not in the ON state. 148 Novell eDirectory 8.8 Installation Guide...

  • Page 149: Log Files

    Figure B-2 on page 149. The health check log file contains the following: Status of the health checks (normal, warning, or critical). URLs where possible solutions can be found. Support forums (http://support.novell.com/forums/2ed.html) Troubleshooting Documentation (http://www.novell.com/documentation/edir88/ edir88tshoot/data/front.html) eDirectory Health Checks 149...
  • Page 150 2. When health check is performed manually using dscheck.nlm, the default log messages would be saved at sys:\system\dscheck.log. Windows The log file will be saved at install_directory\novell nsdcheck.log nds\. NOTE: install_directory is user specified. 150 Novell eDirectory 8.8 Installation Guide...

  • Page 151: C Configuring Openslp For Edirectory

    This appendix provides information for network administrators on the proper configuration of ® OpenSLP for Novell eDirectory installations without the Novell Client Section C.1, “Service Location Protocol,” on page 151 Section C.2, “SLP Fundamentals,” on page 151 Section C.3, “Configuration Parameters,” on page 153 C.1 Service Location Protocol...

  • Page 152: Novell Service Location Providers

    In summary, everything hinges on the directory agent that a user agent finds for a given scope. C.2.1 Novell Service Location Providers The Novell version of SLP takes certain liberties with the SLP standard in order to provide a more robust service advertising environment, but it does so at the expense of some scalability.

  • Page 153: Service Agents

    4. Querying DHCP for network-configured DA addresses that match the specified scope (and adding new addresses to the cache). 5. Multicasting a DA discovery request on a well-known port (and adding new addresses to the cache). The specified scope is “default” if not specified. That is, if no scope is statically defined in the SLP configuration file, and no scope is specified in the query, then the scope used is the word “default”.
  • Page 154 “false.” Any other value is a number of seconds between discovery broadcasts. These options, when used properly, can ensure an appropriate use of network bandwidth for service advertising. In fact, the default settings are designed to optimize scalability on an average network. 154 Novell eDirectory 8.8 Installation Guide...

Table of Contents