1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. EDIRECTORY 8.8 - GUIDE
  6. Installation manual

Novell EDIRECTORY 8.8 Installation Manual

Hide thumbs Also See for EDIRECTORY 8.8:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Manual
Novell Confidential
Manual (ENU) 21 December 2004
Novell
eDirectory
TM
w w w . n o v e l l . c o m
8 . 8
I N S T A L L A T I O N G U I D E
S e p t e m b e r 3 0 , 2 0 0 5

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the EDIRECTORY 8.8 and is the answer not in the manual?

Questions and answers

Related Manuals for Novell EDIRECTORY 8.8

Summary of Contents for Novell EDIRECTORY 8.8

  • Page 1 Novell Confidential Manual (ENU) 21 December 2004 Novell eDirectory w w w . n o v e l l . c o m 8 . 8 I N S T A L L A T I O N G U I D E...

  • Page 2: Legal Notices

    Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Client is a trademark of Novell, Inc. Novell Directory Services and NDS are registered trademarks of Novell, Inc. in the United States and other countries. Ximiam is a registerd trademark of Novell, Inc. in the United States and other countries.
  • Page 4 Novell Confidential Manual (ENU) 21 December 2004 Novell eDirectory 8.8 Installation Guide...

  • Page 5: About This Book

    Chapter 9, “Installing iManager Plug-ins,” on page 99 Chapter 10, “Uninstalling Novell eDirectory,” on page 101 Appendix A, “Linux, Solaris, AIX, and HP-UX Packages for Novell eDirectory,” on page 105 Appendix B, “Server Health Checks,” on page 109 Appendix C, “Configuring OpenSLP for eDirectory,” on page 115...
  • Page 6 Novell Confidential Manual (ENU) 21 December 2004 forward slash, such as Linux* and UNIX*, should use forward slashes as required by your software. Novell eDirectory 8.8 Installation Guide...

  • Page 7: Installing Or Upgrading Novell Edirectory On Netware

    “Forcing the Backlink Process to Run” on page 9 “Updating the eDirectory Schema for NetWare” on page 9 “Installing or Upgrading Novell eDirectory on NetWare” on page 10 System Requirements You can upgrade to eDirectory 8.8 on the following version of NetWare: NetWare 6.5 with...

  • Page 8: Hardware Requirements

    Two factors increase performance: more cache memory and faster processors. For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.7 took advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 9: Forcing The Backlink Process To Run

    Manual (ENU) 21 December 2004 Forcing the Backlink Process to Run Because the internal eDirectory identifiers change when upgrading to Novell eDirectory, the backlink process must update backlinked objects for them to be consistent. Backlinks keep track of external references to objects on other servers. For each external reference on a server, the backlink process ensures that the real object exists in the correct location and verifies all backlink attributes on the master of the replica.

  • Page 10: Installing Or Upgrading Novell Edirectory 8.8 On Netware

    If dsrepair.nlm is loaded, the server might not restart. Installing or Upgrading Novell eDirectory on NetWare This section contains the following information: “Installing or Upgrading Novell eDirectory 8.8 on NetWare” on page 10 “Server Health Checks” on page 11 “Installing NMAS Server Software” on page 11 “Installing NMAS Client Software”...

  • Page 11: Installing Nmas Server Software

    In eDirectory 8.8 and later, you can have case sensitive passwords for all the utilities. Refer to N O T E : Novell eDirectory 8.8 What’s New Guide (http://www.novell.com/documentation/edir88/index.html) more information. In the LDAP Configuration screen, specify which LDAP ports to use, then click Next.

  • Page 12: Installing Nmas Client Software

    I M P O R T A N T : into utilities such as iMonitor, iManager, and DHost iConsole. For example, if your tree has “novell.com” as the name of the O, enter username.novell\.com in the Username field when logging in to iMonitor (see...

  • Page 13: Installing Or Upgrading Novell Edirectory On Windows

    . If you I M P O R T A N T : install eDirectory 8.8 on a machine already containing the Novell Client, eDirectory will use the existing Client. For more information, see “Installing or Updating Novell eDirectory 8.8 on Windows 2000 or Server 2003” on...
  • Page 14 50,000 users. However, if you add a new set of attributes or completely fill in every existing attribute, the object size grows. These additions affect the disk space, processor, and memory needed. Two factors increase performance: more cache memory and faster processors. Novell eDirectory 8.8 Installation Guide...

  • Page 15: Updating The Edirectory Schema For Windows

    Manual (ENU) 21 December 2004 For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 16: Installing Novell Edirectory On Windows

    DHCP Options for Service Location Protocol (http://www.openslp.org/doc/rfc/ rfc2610.txt) OpenSLP Documentation (http://www.openslp.org/#Documentation) If you have Autorun turned off, run setup.bat from the Novell eDirectory 8.8 CD or from the downloaded file. The installation program checks for the following components before it installs eDirectory. If a component is missing or is an incorrect version, the installation program automatically launches an installation for that component.
  • Page 17 Make sure that the HTTP stack ports you set during the eDirectory installation are different I M P O R T A N T : than the HTTP stack ports you have used or will use for Novell iManager. For more information, see the Novell iManager 2.5 Administration Guide (http://www.novell.com/documentation/imanager25/ index.html).

  • Page 18: Communicating With Edirectory Through Ldap

    Because port 389 allows clear text, the LDAP server services Read and Write requests to the Directory through this port. This openness is adequate for environments of trust, where spoofing doesn’t occur and no one inappropriately captures packets. Novell eDirectory 8.8 Installation Guide...
  • Page 19 Port 636, the Industry-Standard Secure Port The connection through port 636 is encrypted. TLS (formerly SSL) manages the encryption. By default, the eDirectory installation selects this port. The following figure illustrates the selected port. Installing or Upgrading Novell eDirectory on Windows...
  • Page 20 LDAP server does not service requests on any duplicated port. If you are not certain that port 389 or 636 is assigned to the Novell LDAP server, run the ICE utility. If the Vendor Version field does not specify Novell, you must reconfigure LDAP Server for eDirectory and select a different port.See...
  • Page 21 See Figure 4 for an example. You cannot start a name with a dot. For example, you cannot create a container named “.novell” because it starts with a dot (‘.’). Installing or Upgrading Novell eDirectory on Windows...
  • Page 22 I M P O R T A N T : into utilities such as iMonitor, iManager, and DHost iConsole. For example, if your tree has “novell.com” as the name of the O, enter username.novell\.com in the Username field when logging in to iMonitor (see...

  • Page 23: Installing Or Upgrading Novell Edirectory On Linux

    “Upgrading eDirectory” on page 25 “Installing eDirectory” on page 26 The instructions in this guide do not apply when installing eDirectory with Novell Nterprise I M P O R T A N T : Linux Services. Please follow the prerequisites and installation instructions provided in the...
  • Page 24 Supervisor rights to the partition where you want to add the server. This is required for adding the replica when the replica count is less than 3. N O T E : All Attributes rights: read, compare, and write rights over the W0.KAP.Security object. Novell eDirectory 8.8 Installation Guide...

  • Page 25: Upgrading Edirectory

    For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 26: Installing Edirectory

    /etc/opt/novell/eDirectory/conf, /var/opt/novell/eDirectory/data, and /var/ opt/novell/eDirectory/log respectively. The new directory /var/opt/novell/eDirectory/data uses a symbolic link to the /var/nds directory. The old configuration file /etc/nds.conf is migrated to /etc/opt/novell/eDirectory/conf directory. The old configuration file /etc/nds.conf and the old log files under /var/nds are retained for reference.

  • Page 27: Using Slp With Edirectory

    The SLP RPM is present in the setup directory in the build. For example, if you have the build in the /home/build directory, enter the following command: rpm -ivh /home/build/Linux/Linux/setup/novell-NDSslp-8.8- 20i386.rpm Follow the onscreen instructions to complete the SLP installation. Start SLP manually as follows: Installing or Upgrading Novell eDirectory on Linux...
  • Page 28 If you decide to use SLP to resolve the tree name to determine if the eDirectory tree is advertised, after eDirectory and SLP are installed, enter the following: /usr/bin/slpinfo -s "ndap.novell///(svcname-ws==[treename or *])" For example, to search for the services whose svcname-ws attribute match with the value SAMPLE_TREE, enter the following command: /usr/bin/slpinfo -s "ndap.novell///(svcname-ws==SAMPLE_TREE)/"...

  • Page 29: Installing Nici

    A nonroot user (john in the example) needs to do the following to install NICI: Log in as john and execute the following command: sudo rpm -ivh nici_rpm_file_name_with_path For example: sudo rpm -ivh /88/Linux/Linux/setup/nici-2.7.0-5.i386.rpm Execute the following script: sudo /var/opt/novell/nici/set_server_mode NICI gets installed in the server mode. Installing or Upgrading Novell eDirectory on Linux...

  • Page 30: Using The Nds-Install Utility To Install Edirectory Components

    There are two components you can install: the eDirectory server and the eDirectory administration utilities. To install the server, enter -c server. To install the administration utilities, enter -c admutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -h or --help Displays help for nds-install.
  • Page 31 You can either do it manually or use a script. Manually export the environment variables export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/ novell/eDirectory/lib/nds-modules:/opt/novell/ lib:$LD_LIBRARY_PATH export PATH=/opt/novell/eDirectory/bin:/opt/novell/ eDirectory/sbin:$PATH export MANPATH=/opt/novell/man:/opt/novell/eDirectory/ man:$MANPATH export TEXTDOMAINDIR=/opt/novell/eDirectory/share/ locale:$TEXTDOMAINDIR Use the ndspath script to export the environment variables Installing or Upgrading Novell eDirectory on Linux...
  • Page 32 Novell Confidential Manual (ENU) 21 December 2004 If you do not want to export the paths manually, you can use the /opt/novell/eDirectory/ bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 33 [-D custom_location] [-- config-file configuration_file] For example: ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 -d / home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/ mary/inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.

  • Page 34: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    For example, to create a new tree, you could enter the following command: ndsconfig new -t corp-tree -n o=company -a cn=admin.o=company Novell eDirectory 8.8 Installation Guide...
  • Page 35 Removes the Server object and directory services from a tree. Ignores a tree of the same name, while installing a new tree. This option is generally not recommended for use. Specifies the server name. The default server name is host name. Installing or Upgrading Novell eDirectory on Linux...
  • Page 36 Parameter Description The tree name to which the server has to be added. If not specified, ndsconfig uses the tree name from the n4u.base.tree-name parameter specified in the /etc/opt/novell/ eDirectory/conf/nds.conf file. The context of the server into which the Server object is added. If not specified, ndsconfig uses the context from the n4u.nds.server-context parameter specified in...
  • Page 37 Create a new instance Do the following for a selected instance: List the replicas on the server Start the instance Stop the instance Run ndstrace for the instance Deconfigure the instance Start and Stop all instances Installing or Upgrading Novell eDirectory on Linux...

  • Page 38: Listing The Instances

    You can either create a new tree or add a server to an existing tree. Follow the instructions on the screen to create a new instance. Performing Operations for a Specific Instance You can perform the following operations for every instance: Novell eDirectory 8.8 Installation Guide...
  • Page 39 The menu expands to include the options you can perform on a specific instance. For more information, refer to ndsmanage Utility Output Screen with Instance Options (page 39). Enter k to stop the instance. Alternatively, you can also enter the following at the command prompt: Installing or Upgrading Novell eDirectory on Linux...
  • Page 40 Mary specifies the following instance identifiers. Instance 1: Port number the instance should listen on 1524 Configuration file path /home/maryinst1/nds.conf DIB directory /home/mary/inst1/var Instance 2: Port number the instance should listen on 2524 Configuration file path /home/mary/inst2/nds.conf Novell eDirectory 8.8 Installation Guide...

  • Page 41: Configuring The Instances

    For example, to install a new eDirectory tree on a Linux server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...
  • Page 42 The Admin name and context and the server context parameters are enclosed in double quotes, and only the dot ('.') in novell.com is escaped using the '\' (backslash) character. You can also use this format when installing a server into an existing tree.
  • Page 43 The Selection list in the Filters pane gets populated with the available program packages. The packages already installed on the system are preselected. Select Novell eDirectory and click on Accept. The packages get installed in the default location. You can refer to the online help for more information.

  • Page 44: Using The Nmasinst Utility To Configure Nmas

    -i admin.context tree_name nmasinst will prompt you for a password. This command creates the objects in the Security container that NMAS needs, and installs the LDAP extensions for NMAS on the LDAP Server object in eDirectory. Novell eDirectory 8.8 Installation Guide...
  • Page 45 -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt If the login method already exists, nmasinst will update it. For more information, see “Managing Login and Post-Login Methods and Sequences” (http:// www.novell.com/documentation/beta/nmas30/admin/data/a53vj9a.html) in the Novell Modular Authentication Service Administration Guide. Installing or Upgrading Novell eDirectory on Linux...
  • Page 46 Novell Confidential Manual (ENU) 21 December 2004 Novell eDirectory 8.8 Installation Guide...

  • Page 47: Installing Or Upgrading Novell Edirectory On Solaris

    Novell Confidential Manual (ENU) 21 December 2004 Installing or Upgrading Novell eDirectory on Solaris ® Use the following information to install or upgrade Novell eDirectory 8.8 on a Solaris* server: “System Requirements” on page 47 “Prerequisites” on page 47 “Hardware Requirements” on page 48 “Forcing the Backlink Process to Run”...

  • Page 48: Hardware Requirements

    For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example,...

  • Page 49: Forcing The Backlink Process To Run

    Manual (ENU) 21 December 2004 logins and having multiple threads active on multiple processors. eDirectory itself is not processor intensive, but it is I/O intensive. The following table illustrates typical system requirements for Novell eDirectory for Solaris. Objects Processor Memory...

  • Page 50: Installing Edirectory

    Novell Confidential Manual (ENU) 21 December 2004 Installing eDirectory The following sections provide information about installing Novell eDirectory on Solaris: “Server Health Checks” on page 50 “Using SLP with eDirectory” on page 50 “Installing NICI” on page 51 “Using the Nds-install Utility to Install eDirectory Components” on page 52 “Nonroot User Installing eDirectory 8.8”...

  • Page 51: Installing Nici

    NICI, though the procedure to do so is different. Root User Installing NICI To install NICI, complete the following procedure: Enter the following command: pkgadd -d NICI_package_absolute_path_and_filename NOVLniu0 For example: pkgadd -d /home/build/Solaris/Solaris/setup/NOVLniu0.pkg NOVLniu0 Execute the following script: /var/opt/novell/nici/set_server_mode Installing or Upgrading Novell eDirectory on Solaris...
  • Page 52 To install eDirectory components, use the following syntax: nds-install [-c component1 [-c component2]...] [-h] [-i] [-j] [-u] If you do not provide the required parameters in the command line, the nds-install utility will prompt you for the parameters. Novell eDirectory 8.8 Installation Guide...
  • Page 53 There are two components you can install, the eDirectory server and the eDirectory administration utilities. To install the server, enter -c nds. To install the administration utilities, enter -c adminutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -n /var Displays help for nds-install.
  • Page 54 For more information on the nmasinst utility, see “Using the Nmasinst Utility to Configure NMAS” on page After the installation is complete, you need to update the following environment variables and export them as follows: Manually export the environment variables Novell eDirectory 8.8 Installation Guide...
  • Page 55 Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/eDirectory/ bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 56 [-D custom_location] [-- config-file configuration_file] For example: ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 -d / home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/ mary/inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.

  • Page 57: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    For example, to create a new tree, you could enter the following command: ndsconfig new -t corp-tree -n o=company -a cn=admin.o=company Installing or Upgrading Novell eDirectory on Solaris...
  • Page 58 You can enable encrypted replication in the server you want to add using the -E option. For more information on encrypted replication, refer to Novell eDirectory 8.8 Administration Guide (http:// www.novell.com/documentation/edir88/index.html). Removing a Server Object and Directory Services from a Tree...
  • Page 59 Sets the port number on which a particular instance should listen on. Specify the port number along with the IP address or interface. For example, -B eth0@524 -B 100.1.1.2@524 -b and -B are mutually exclusive. N O T E : Installing or Upgrading Novell eDirectory on Solaris...

  • Page 60: Using The Nmasinst Utility To Configure Nmas

    For example, to install a new eDirectory tree on a Solaris server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...
  • Page 61 -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt If the login method already exists, nmasinst will update it. For more information, see “Managing Login and Post-Login Methods and Sequences” (http:// www.novell.com/documentation/beta/nmas30/admin/data/a53vj9a.html) in the Novell Modular Authentication Service Administration Guide. Installing or Upgrading Novell eDirectory on Solaris...
  • Page 62 Novell Confidential Manual (ENU) 21 December 2004 Novell eDirectory 8.8 Installation Guide...
  • Page 63 Novell Confidential Manual (ENU) 21 December 2004 Installing or Updating Novell eDirectory on AIX ® Use the following information to install or upgrade Novell eDirectory 8.8 on an AIX* server: “System Requirements” on page 63 “Prerequisites” on page 63 “Hardware Requirements” on page 64 “Forcing the Backlink Process to Run”...
  • Page 64 Hardware requirements depend on the specific implementation of eDirectory. For example, a base installation of Novell eDirectory with the standard schema requires about 74 MB of disk space for every 50,000 users. However, if you add a new set of attributes or completely fill in every existing attribute, the object size grows.
  • Page 65 Processes such as encryption and indexing can be processor intensive. Forcing the Backlink Process to Run Because the internal eDirectory identifiers change when upgrading to Novell eDirectory, the backlink process must update backlinked objects for them to be consistent.
  • Page 66 If you decide to use SLP to resolve the tree name to determine if the eDirectory tree is advertised, after eDirectory and SLP are installed, enter the following: /usr/bin/slpinfo -s "ndap.novell///(svcname-ws==[treename or *])" Novell eDirectory 8.8 Installation Guide...
  • Page 67 N O T E : Make an entry with the following information: Username hostname=(root) NOPASSWD: /usr/sbin/installp For example, to enable john to run /bin/rpm as root on the hostname aix-2, type the following: Installing or Updating Novell eDirectory on AIX...
  • Page 68 There are two components you can install, the eDirectory server and the eDirectory administration utilities. To install the server, enter -c nds. To install the administration utilities, enter -c adminutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -n /var Displays help for nds-install.
  • Page 69 License file has been copied to the /var directory. Novell Modular Authentication Service (NMAS ) is installed as part of the server component. By default ndsconfig configures NMAS. You can also use the nmasinst utility to Installing or Updating Novell eDirectory on AIX...
  • Page 70 Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/eDirectory/ bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 71 Prefix the ndspath script to the utility and run the utility you want as follows: custom_location/opt/novell/eDirectory/bin/ndspath utility_name_with_parameters Go to the custom_location/opt/novell/eDirectory/bin/ directory and export the paths in the current shell as follows: . custom_location/opt/novell/eDirectory/bin/ndspath Ensure that you enter the above command from the custom_location/opt directory.
  • Page 72 Novell Confidential Manual (ENU) 21 December 2004 For example: ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 -d / home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/ mary/inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.
  • Page 73 The HTML files created using iMonitor will not be removed. You must manually remove these files N O T E : before removing eDirectory. For example, to remove the eDirectory Server object and directory services from a tree, you could enter the following command: ndsconfig rm -a cn=admin.o=company Installing or Updating Novell eDirectory on AIX...
  • Page 74 The context of the server into which the Server object is added. If not specified, ndsconfig uses the context from the n4u.nds.server-context parameter specified in the /etc/opt/novell/eDirectory/conf/nds.conf file. The directory path where the database files will be stored. The TCP port number on the LDAP server.

  • Page 75: Using Ndsconfig To Install An Aix Server Into A Tree With Dotted Name Containers

    For example, to install a new eDirectory tree on an AIX server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...
  • Page 76 The last parameter specifies the config.txt file for the login method that is to be installed. A config.txt file is provided with each login method. Here is an example of the -addmethod command: nmasinst -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt If the login method already exists, nmasinst will update it.
  • Page 77 Novell Confidential Manual (ENU) 21 December 2004 Installing or Upgrading Novell eDirectory on HP- ® Use the following information to install or upgrade Novell eDirectory 8.8 on an HP-UX* server: “System Requirements” on page 77 “Prerequisites” on page 77 “Hardware Requirements” on page 78 “Forcing the Backlink Process to Run”...
  • Page 78 For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.
  • Page 79 Processes such as encryption and indexing can be processor intensive. Forcing the Backlink Process to Run Because the internal eDirectory identifiers change when upgrading to Novell eDirectory, the backlink process must update backlinked objects for them to be consistent.

  • Page 80: Using Openslp For Hp-Ux

    The old configuration file /etc/nds.conf and the old log files under /var/nds are retained for reference. Installing eDirectory The following sections provide information about installing Novell eDirectory on HP-UX: “Server Health Checks” on page 80 “Using OpenSLP for HP-UX” on page 80 “Installing NICI”...
  • Page 81 Enter the following command to start the SLP daemon: /usr/bin/slpdc start Installing NICI NICI should be installed before you proceed with the eDirectory installation. Both root and nonroot users can install NICI, though the procedure to do so is different. Installing or Upgrading Novell eDirectory on HP-UX...

  • Page 82: Installing Edirectory Components

    NICI gets installed in the server mode. Installing eDirectory Components Use the swinstall utility to install eDirectory components on HP-UX systems. The utility adds the required packages based on what components you choose to install. Novell eDirectory 8.8 Installation Guide...
  • Page 83 This must be done after configuring eDirectory with ndsconfig. For more information on the ndsconfig utility, see “The Ndsconfig Utility” on page For more information on the nmasinst utility, see “Using the Nmasinst Utility to Configure NMAS” on page Installing or Upgrading Novell eDirectory on HP-UX...
  • Page 84 Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/eDirectory/bin/ ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 85 [-D custom_location] [-- config-file configuration_file] For example: ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 -d / home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/ mary/inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.
  • Page 86 For example, to create a new tree, you could enter the following command: ndsconfig new -t corp-tree -n o=company -a cn=admin.o=company Novell eDirectory 8.8 Installation Guide...
  • Page 87 Removes the Server object and directory services from a tree. Ignores a tree of the same name, while installing a new tree. This option is generally not recommended for use. Specifies the server name. The default server name is host name. Installing or Upgrading Novell eDirectory on HP-UX...
  • Page 88 The context of the server into which the Server object is added. If not specified, ndsconfig uses the context from the n4u.nds.server- context parameter specified in the /etc/opt/novell/eDirectory/conf/ nds.conf file. The directory path where the database files will be stored.

  • Page 89: Using Ndsconfig To Install An Hp-Ux Server Into A Tree With Dotted Name Containers

    For example, to install a new eDirectory tree on an HP-UX server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...
  • Page 90 The last parameter specifies the config.txt file for the login method that is to be installed. A config.txt file is provided with each login method. Here is an example of the -addmethod command: nmasinst -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt If the login method already exists, nmasinst will update it.

  • Page 91: Relocating The Dib

    Enter k to stop the instance. Get the current DIB location using the following command: ndsconfig get n4u.nds.dibdir In eDirectory 8.8, by default the DIB is located at /var/opt/novell/eDirectory/data/dib and on pre- N O T E : eDirectory 8.8 servers, it is located at /var/nds/dib.

  • Page 92: Netware And Windows

    Enter s to start the instance. Check the server status as follows: ndscheck NetWare and Windows DIB relocation is currently not supported. However, on Windows you can locate the DIB in a custom location during the eDirectory installation. Novell eDirectory 8.8 Installation Guide...

  • Page 93: Configuring Novell Edirectory On Linux, Solaris, Aix, Or Hp-Ux Systems

    “Using the Ldapconfig Utility to Configure the LDAP Server and LDAP Group Objects” on page 93 “Using the Nmasinst Utility to Configure Novell Modular Authentication Service” on page 94 The Ndsconfig Utility You can use the ndsconfig utility to configure eDirectory. This utility can also be used to add the eDirectory Replica Server into an existing tree or to create a new tree.

  • Page 94: Using The Nmasinst Utility To Configure Novell Modular Authentication Service

    Novell Confidential Manual (ENU) 21 December 2004 Using the Nmasinst Utility to Configure Novell Modular Authentication Service For eDirectory 8.8, by default, ndsconfig configures NMAS. You can also use nmasinst on Linux, Solaris, AIX, and HP-UX systems to configure NMAS.
  • Page 95 The On value restricts synchronization to version numbers you specify as parameters (for example, ON,420,421). Default=Off n4u.nds.janitor-interval The interval (in minutes) after which the eDirectory Janitor process is executed. Default=2 Range=1 to 10080 Configuring Novell eDirectory on Linux, Solaris, AIX, or HP-UX Systems...
  • Page 96 Default=maximum allowed by the administrator n4u.ldap.lburp.transize Number of records that are sent from the Novell Import/ Export client to the LDAP server in a single LBURP packet. You can increase the transaction size to ensure that multiple add operations can be performed in a single request.
  • Page 97 Number of seconds to wait for the next request from the same client on the same connection. http.server.threads-per-processor HTTP thread pool size per processor. http.server.session-exp-seconds Session expiration time in seconds. Configuring Novell eDirectory on Linux, Solaris, AIX, or HP-UX Systems...
  • Page 98 HTTPS server cached certificate DN. https.server.cached-server-dn HTTPS server cached DN. http.server.trace-level Diagnostic trace level of HTTP server. http.server.auth-req-tls HTTP server authentication requires TLS. http.server.clear-port Server port for the HTTP protocol. http.server.tls-port Server port for the HTTPS protocol. Novell eDirectory 8.8 Installation Guide...
  • Page 99 Novell iManager gives you the ability to assign specific tasks or responsibilities to users and to present the user with only the tools (with the accompanying rights) necessary to perform those sets of tasks.
  • Page 100 Novell Confidential Manual (ENU) 21 December 2004 Novell eDirectory 8.8 Installation Guide 1 0 0...

  • Page 101: Uninstalling Novell Edirectory

    From the NetWare console, run NWCONFIG. Select Product Options > Install a Product Not Listed. Specify the location containing the Novell eDirectory 8.8 installation package. “Installing or Upgrading Novell eDirectory 8.8 on NetWare” on page 10 for more information. Uninstalling eDirectory on Windows Use the Windows Control Panel to remove eDirectory, ConsoleOne, SLP DA, and NICI from Windows servers.

  • Page 102: Uninstalling Edirectory, Consoleone, And Slp Da

    The Installation Wizard removes NICI from the server. After uninstalling NICI, if you want to completely remove NICI from your system, delete the C:\winnt\system32\novell\nici subdirectory. You might need to take ownership of some of the files and directories to delete them.

  • Page 103: Uninstalling Edirectory On Hp-Ux

    Make sure you deconfigure the server on the machine where eDirectory is installed before attempting N O T E : to run nds-uninstall. For example, to uninstall Novell eDirectory Server packages, enter the following command: nds-uninstall -c server nds-uninstall does not uninstall the following packages:...
  • Page 104 Novell Confidential Manual (ENU) 21 December 2004 Novell eDirectory 8.8 Installation Guide 1 0 4...
  • Page 105 Linux, Solaris, AIX, or HP-UX tools installed with the OS. The following table provides information about the Linux, Solaris, AIX, and HP-UX packages that are included with Novell eDirectory. On Linux, all the packages are prefixed with novell-. For example, NDSserv is novell-NDSserv. N O T E : Package...
  • Page 106 Contains all the NMAS libraries and the nmasinst binaries needed for NMAS server. This package is dependent on the NICI and NDSmasv packages. NLDAPsdk Contains Novell extensions to LDAP runtime and Security libraries (Client NICI). NOVLsubag Contains the runtime libraries and utilities for the eDirectory SNMP subagent.

  • Page 107: Package Name Specifications For Hp-Ux

    The runtime libraries and utilities for SNMP. This package is dependent on the NICI package. NDSdexvnt Contains the library that manages events generated in Novell eDirectory to other databases. This package is not available on HP-UX N O T E : NOVLpkia Provides PKI services.
  • Page 108 Package Names in eDirectory 8.8 Platforms and 8.7.3 NOVLpkit NOVLpkis.NPKIT novell-npki.npkit NOVLpkis NOVLpkis.PKIS novell-pkiserver.pkiserver NOVLsnmp NOVLsnmp.NOVLsnmp eDirectory.NOVLsnmp NOVLpkia NOVLpkia.NPKIAPI novell-npkiapi.npkiapi NOVLembox NOVLembox.NOVLembox eDirectory.NOVLembox NOVLlmgnt NOVLlmgnt.NOVLlmgnt eDirectory.NOVLlmgnt NOVLstlog NOVLstlog.NOVLstlog eDirectory.NOVLstlog NOVLxis NOVLxis.NOVLxis eDirectory.NOVLxis NOVLntls NOVLntls.NTLS novell-ntls.NTLS Novell eDirectory 8.8 Installation Guide 1 0 8...

  • Page 109: Server Health Checks

    Novell Confidential Manual (ENU) 21 December 2004 Server Health Checks ® Novell eDirectory 8.8 provides a diagnostic tool to help you determine whether your server health is safe. The primary use of this tool is to check if the health of the server is safe before upgrading.

  • Page 110: Types Of Health Checks

    2. Reads the replica ring of every partition held by the server and checks whether all servers in the replica ring are up and all the replicas are in the ON state. Novell eDirectory 8.8 Installation Guide 1 1 0...

  • Page 111: Categorization Of Health

    Novell Confidential Manual (ENU) 21 December 2004 3. Checks the time synchronization of all the servers in the replica ring, showing any time difference between the servers. Categorization of Health There are three possible categories of health, based on the errors found while checking the health...
  • Page 112 Unable to read or open the DIB (might be locked or corrupt). Unable to contact all the servers in the replica ring. Locally held partitions are busy. Replica is not in the ON state. Novell eDirectory 8.8 Installation Guide 1 1 2...

  • Page 113: Log Files

    Novell Confidential Manual (ENU) 21 December 2004 Figure 9 Health Check with a Critical Error Log Files Every server health check operation, whether it is run with the upgrade or as a standalone utility, maintains the status of the health in a log file.
  • Page 114 2. If you use the --config-file option, the ndscheck.log file is saved in the server instance's log directory. You can also select an instance from the multiple instances list. NetWare dscheck.log sys:\system Windows nsdcheck.log install_directory\novell nds Novell eDirectory 8.8 Installation Guide 1 1 4...

  • Page 115: Service Location Protocol

    This appendix provides information for network administrators on the proper configuration of ® OpenSLP for Novell eDirectory installations without the Novell Client “Service Location Protocol” on page 115 “SLP Fundamentals” on page 115 “Configuration Parameters” on page 117 Service Location Protocol OpenSLP is an open-source implementation of the IETF Service Location Protocol Version 2.0...

  • Page 116: Novell Service Location Providers

    In summary, everything hinges on the directory agent that a user agent finds for a given scope. Novell Service Location Providers The Novell version of SLP takes certain liberties with the SLP standard in order to provide a more robust service advertising environment, but it does so at the expense of some scalability.

  • Page 117: Service Agents

    Novell Confidential Manual (ENU) 21 December 2004 3. Checking with the local SA for a DA with the specified scope (and adding new addresses to the cache). 4. Querying DHCP for network-configured DA addresses that match the specified scope (and adding new addresses to the cache).
  • Page 118 “false.” Any other value is a number of seconds between discovery broadcasts. These options, when used properly, can ensure an appropriate use of network bandwidth for service advertising. In fact, the default settings are designed to optimize scalability on an average network. Novell eDirectory 8.8 Installation Guide 1 1 8...

Table of Contents