1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. EDIRECTORY 8.8 SP1
  6. Installation manual

Novell EDIRECTORY 8.8 SP1 Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Novell
eDirectory
TM
w w w . n o v e l l . c o m
8 . 8 S P 1
I N S T A L L A T I O N G U I D E
M a y 2 5 , 2 0 0 7

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the EDIRECTORY 8.8 SP1 and is the answer not in the manual?

Questions and answers

Related Manuals for Novell EDIRECTORY 8.8 SP1

Summary of Contents for Novell EDIRECTORY 8.8 SP1

  • Page 1 Novell eDirectory 8.8 Installation Guide Novell eDirectory w w w . n o v e l l . c o m 8 . 8 S P 1 I N S T A L L A T I O N G U I D E...
  • Page 2 Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell is a registered trademark of Novell, Inc., in the United States and other countries. Novell Client is a trademark of Novell, Inc. Novell Directory Services and NDS are registered trademarks of Novell, Inc., in the United States and other countries.

  • Page 5: Table Of Contents

    Disk Space Check on Upgrading to eDirectory SP2 or later ......15 Installing or Upgrading Novell eDirectory on NetWare ......15 1.7.1...
  • Page 6 SNMP configuration ........68 4 Installing or Upgrading Novell eDirectory on Solaris System Requirements .
  • Page 7 9.1.3 Using the nmasinst Utility to Configure Novell Modular Authentication Service . . . 122 Configuration Parameters ........... 122 Security Considerations .
  • Page 8 Novell Service Location Providers ........

  • Page 9: About This Book

    Chapter 10, “Migrating to eDirectory 8.8 SP2,” on page 129 Chapter 11, “Uninstalling Novell eDirectory,” on page 133 Appendix A, “Linux, Solaris, AIX, and HP-UX Packages for Novell eDirectory,” on page 137 Appendix B, “Server Health Checks,” on page 141 Appendix C, “Configuring OpenSLP for eDirectory,”...
  • Page 10 ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash.

  • Page 11: Installing Or Upgrading Novell Edirectory On Netware

    Section 1.3, “Hardware Requirements,” on page 1.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the...

  • Page 12: Hardware Requirements

    For example, a base installation of eDirectory with the standard schema requires about 74 MB of disk space for every 50,000 users. However, if you add a new set of attributes or completely fill in Novell eDirectory 8.8 Installation Guide...

  • Page 13: Forcing The Backlink Process To Run

    Two factors increase performance: more cache memory and faster processors. For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.7 took advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.
  • Page 14 4 Enter the Administrator's name (for example, Admin.VMP) and password. NOTE: In eDirectory 8.8 and later, you can have case sensitive passwords for all the utilities. Refer to Novell eDirectory 8.8 What's New Guide (http://www.novell.com/documentation/ edir88/index.html) for more information. 5 Select Post NetWare 5 Schema Update > Yes.

  • Page 15: Disk Space Check On Upgrading To Edirectory Sp2 Or Later

    1.7 Installing or Upgrading Novell eDirectory on NetWare This section contains the following information: “Installing or Upgrading Novell eDirectory 8.8 on NetWare” on page 15 “Server Health Checks” on page 16 “Installing NMAS Server Software” on page 16 “Installing NMAS Client Software” on page 17 “Installing into a Tree with Dotted Name Containers”...

  • Page 16: Server Health Checks

    NOTE: In eDirectory 8.8 and later, you can have case sensitive passwords for all the utilities. Refer to Novell eDirectory 8.8 What's New Guide (http://www.novell.com/documentation/ edir88/index.html) for more information. 6 In the LDAP Configuration screen, specify which LDAP ports to use, then click Next.

  • Page 17: Installing Nmas Client Software

    For example: O=novell\.com You cannot start a name with a dot. For example, you cannot create a container named “.novell” because it starts with a dot (‘.’). IMPORTANT: If your tree has containers with dotted names, you must escape those names when logging into utilities such as iMonitor, iManager, and DHost iConsole.

  • Page 18: Unattended Upgrade To Edirectory 8.8 Sp2 On Netware

    An SPK has components and properties. To see the components, click on the SPK's expand box. The properties include a description, requirements, and variables. The Support Pack SPKs use variables, which is the only place where each site will need to make specific modifications. Novell eDirectory 8.8 Installation Guide...
  • Page 19 WARNING: The installation source folders will be partially removed for security reasons. You need to copy the installation source again in case you restart the installation on failures, e.g, Disk Space unavailability errors. Installing or Upgrading Novell eDirectory on NetWare...
  • Page 20 Adding the source to the SPK Figure 1-5 4 Then select the “eDir88” folder that contains the source files that are delivered along with the SPK as given below: Selecting the upgrade source Figure 1-6 Novell eDirectory 8.8 Installation Guide...

  • Page 21: Remote Installation Or Upgrade

    XServer Console to choose the NMAS methods to be installed. In this case, you could choose "Yes-Remote", which by default installs all NMAS methods without any further indications in the System Console. NOTE: The Installer will restart the server once the installation is complete. Installing or Upgrading Novell eDirectory on NetWare...
  • Page 22 Novell eDirectory 8.8 Installation Guide...

  • Page 23: Installing Or Upgrading Novell Edirectory On Windows

    IMPORTANT: Novell eDirectory 8.8 lets you install eDirectory for Windows without the Novell Client . If you install eDirectory 8.8 on a machine already containing the Novell Client, eDirectory will use the existing Client. For more information, see “Installing or Updating Novell eDirectory 8.8 on Windows 2000 or Server 2003”...
  • Page 24 Novell products in the TID - What Novell products are supported with Novell eDirectory 8.8? (http://support.novell.com/cgi-bin/search/searchtid.cgi?10099872.htm) It is also highly recommended to backup eDirectory prior to any upgrades. Because NTFS provides a safer transaction process than a FAT file system provides, you can install eDirectory only on an NTFS partition.

  • Page 25: Hardware Requirements

    Two factors increase performance: more cache memory and faster processors. For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 26: Updating The Edirectory Schema For Windows

    1 Copy patches\dsrepair\ntnds8\dsrepair.dll from the product CD to the directory where you installed eDirectory (for example, c:\novell\nds). 2 Click Start > Settings > Control Panel > Novell eDirectory Services. 3 Select dsrepair.dlm in the Service list. 4 Enter -ins in the Startup Parameters field, then click Start.

  • Page 27: Installing Novell Edirectory On Windows

    DHCP Options for Service Location Protocol (http://www.openslp.org/doc/rfc/ rfc2610.txt) OpenSLP Documentation (http://www.openslp.org/#Documentation) 3 If you have Autorun turned off, run setup.bat from the Novell eDirectory 8.8 SP2 CD or from the downloaded file. The installation program checks for the following components before it installs eDirectory. If a component is missing or is an incorrect version, the installation program automatically launches an installation for that component.

  • Page 28: Server Health Checks

    HTTP server, then click Next. IMPORTANT: Make sure that the HTTP stack ports you set during the eDirectory installation are different than the HTTP stack ports you have used or will use for Novell iManager. For more information, see the Novell iManager 2.5 Administration Guide (http://www.novell.com/...

  • Page 29: Communicating With Edirectory Through Ldap

    To disallow clear passwords and other data, select the Require TLS for Simple Bind with Password option during installation. As the following figure illustrates, the page gives defaults of 389, 636, and Require TLS for Simple Bind with Password. Installing or Upgrading Novell eDirectory on Windows...
  • Page 30 No one can view passwords, data packets, or bind requests. Port 636, the Industry-Standard Secure Port The connection through port 636 is encrypted. TLS (formerly SSL) manages the encryption. By default, the eDirectory installation selects this port. The following figure illustrates the selected port. Novell eDirectory 8.8 Installation Guide...
  • Page 31 LDAP server does not service requests on any duplicated port. If you are not certain that port 389 or 636 is assigned to the Novell LDAP server, run the ICE utility.

  • Page 32: Installing Nmas Server Software

    See Figure 2-3 for an example. You cannot start a name with a dot. For example, you cannot create a container named “.novell” because it starts with a dot (‘.’). Novell eDirectory 8.8 Installation Guide...
  • Page 33 IMPORTANT: If your tree has containers with dotted names, you must escape those names when logging into utilities such as iMonitor, iManager, and DHost iConsole. For example, if your tree has “novell.com” as the name of the O, enter username.novell\.com in the Username field when logging in to iMonitor (see Figure 2-4).
  • Page 34 Novell eDirectory 8.8 Installation Guide...

  • Page 35: Installing Or Upgrading Novell Edirectory On Linux

    Installing or Upgrading Novell eDirectory on Linux ® Use the following information to install or upgrade Novell eDirectory 8.8 on a Linux* server: Section 3.1, “System Requirements,” on page 35 Section 3.2, “Prerequisites,” on page 36 Section 3.3, “Hardware Requirements,” on page 37 Section 3.4, “Forcing the Backlink Process to Run,”...

  • Page 36: Prerequisites

    3.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the TID - What Novell products are supported with Novell eDirectory 8.8?

  • Page 37: Hardware Requirements

    For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas — for example, logins —...

  • Page 38: Forcing The Backlink Process To Run

    Processes such as encryption and indexing can be processor intensive. 3.4 Forcing the Backlink Process to Run Because the internal eDirectory identifiers change when upgrading to Novell eDirectory, the backlink process must update backlinked objects for them to be consistent.

  • Page 39: Upgrading On Linux Servers Other Than Oes

    For more information on ZENworks Linux Management, refer to ZENworks Linux Management (http://www.novell.com/products/zenworks/linuxmanagement/index.html). For more information on registering and updating Novell Linux products, refer to Linux Registration and Updates (http://support.novell.com/linux/registration/). You can upgrade to eDirectory 8.8 on OES Linux SP2 using either of the following methods:...
  • Page 40 2h Download the 11148 patch. rug pin patch-11148 This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.
  • Page 41 NOTE: Use the same activation code that you use to get the OES updates. 5. Click on the Activate button. 2d Subscribe to the channel. 1. Select Edit > Channel Subscription. 2. In the dialog box that appears, select oes-edir88. 3. Click Close. Installing or Upgrading Novell eDirectory on Linux...
  • Page 42 3. Click on Mark for Installation. 4. Click Run Now. 5. Click Continue to apply the patch. This updates the yast2-novell-common file. This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.
  • Page 43 4d Enter the hostname along with the NCP and secure LDAP port numbers. 4e Enter the admin FDN. For example, cn=admin.o=novell 4f Enter the password. 4g Click Next The eDirectory Configuration - Instance Information screen is displayed. Installing or Upgrading Novell eDirectory on Linux...

  • Page 44: Upgrading The Tarball Deployment Of Edirectory 8.8

    -acgXd <pkg name with full NDS.NOVLsubag.8.8.1.0 path> <pkg name> all NOVLniu0.2.7.0.0 NDS.NDSslp.8.8.1.0 HP-UX swinstall -s <depot name with full NOVLsubag.depot path> <pkg name> NOVLniu0.depot 8 Restore the configuration files. 9 Run the $NDSHOME/eDirectory/opt/novell/eDirectory/bin/ndspath for setting all environment variables. Novell eDirectory 8.8 Installation Guide...

  • Page 45: Upgrading Multiple Instances

    If you run nds-install after doing the package upgrade, it will prompt you asking “The DIB of all the Novell eDirectory Server instances need to be upgraded. This may take long time to complete. If you wish to perform the DIB upgrade parallely, you could do it manually (Refer the readme). Do you wish to continue with the DIB upgrade for all the active instances one by one?”...

  • Page 46: Installing Edirectory

    3.6 Installing eDirectory The following sections provide information about installing Novell eDirectory on Linux: Section 3.6.1, “Using SLP with eDirectory,” on page 46 Section 3.6.2, “Installing NICI,” on page 47 Section 3.6.3, “Using the nds-install Utility to Install eDirectory Components,” on page 49 Section 3.6.4, “Installing Through ZENworks Linux Management on OES Linux SP2,”...

  • Page 47: Installing Nici

    For more information, see Appendix C, “Configuring OpenSLP for eDirectory,” on page 147. 3.6.2 Installing NICI NICI should be installed before you proceed with the eDirectory installation. Both root and nonroot users can install NICI. Installing or Upgrading Novell eDirectory on Linux...
  • Page 48 A nonroot user (john in the example) needs to do the following to install NICI: 1 Log in as john and execute the following command: sudo rpm -ivh nici_rpm_file_name_with_path For example: sudo rpm -ivh /88/Linux/Linux/setup/nici-2.7.0-5.i386.rpm 2 Execute the following script: sudo /var/opt/novell/nici/set_server_mode NICI gets installed in the server mode. Novell eDirectory 8.8 Installation Guide...

  • Page 49: Using The Nds-Install Utility To Install Edirectory Components

    There are two components you can install: the eDirectory server and the eDirectory administration utilities. To install the server, enter -c server. To install the administration utilities, enter -c admutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -h or --help Displays help for nds-install.
  • Page 50 4 After the installation is complete, you need to update the following environment variables and export them. You can either do it manually or use a script. Manually export the environment variables export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/ novell/eDirectory/lib/nds-modules:/opt/novell/ lib:$LD_LIBRARY_PATH export PATH=/opt/novell/eDirectory/bin:/opt/novell/ eDirectory/sbin:$PATH export MANPATH=/opt/novell/man:/opt/novell/eDirectory/ man:$MANPATH Novell eDirectory 8.8 Installation Guide...

  • Page 51: Installing Through Zenworks Linux Management On Oes Linux Sp2

    Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/ eDirectory/bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 52 1g Install the 11148 patch. rug pin patch-11148 This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.
  • Page 53 1. Select Edit > Channel Subscription. 2. In the dialog box that appears, select oes. 3. Click Close. 1g Apply the patch. 1. Click on the Patches tab. 2. Scroll down to patch-11148. Installing or Upgrading Novell eDirectory on Linux...
  • Page 54 3. Click on Mark for Installation. 4. Click Run Now. 5. Click Continue to apply the patch. This updates the yast2-novell-common file. This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.

  • Page 55: Nonroot User Installing Edirectory 8.8

    If you are a nonadministrator user, ensure that you have the appropriate rights as mentioned in Section 3.2, “Prerequisites,” on page 36 section. Installing eDirectory 1 Go to the directory where you want to install eDirectory. 2 Untar the tar file as follows: Installing or Upgrading Novell eDirectory on Linux...
  • Page 56 Use the ndsconfig utility as follows: ndsconfig new -t treename -n server_context -a admin_FDN [-i] [-S server_name] [-d path_for_dib] [-m module] [e] [-L ldap_port] [-l SSL_port] [-o http_port] -O https_port] port_to_bind] [-B interface1@port1, interface2@port2,..] [-D custom_location] [--config-file configuration_file] For example: Novell eDirectory 8.8 Installation Guide...

  • Page 57: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    -t mary-tree -n novell -a admin.novell -S linux1 - d /home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.
  • Page 58 You can enable encrypted replication in the server you want to add using the -E option. For more information on encrypted replication, refer to Novell eDirectory 8.8 Administration Guide (http:// www.novell.com/documentation/edir88/index.html). Removing a Server Object And Directory Services From a Tree...
  • Page 59 For example, to install a new eDirectory tree on a UNIX server using “novell.com” as the name of the O, use the following command: ndsconfig new -a "admin.novell\\.com"...
  • Page 60 After configuring the ds module, you can add the NMAS, LDAP, SAS, SNMP, HTTP services, and Novell SecretStore (ss) using the add command. If the module name is not specified, all the modules are installed.

  • Page 61: Using Ndsconfig To Configure Multiple Instances Of Edirectory 8.8

    Different data and log file location You can use the ndsconfig --config-file, -d, and options to do this. Unique portnumber for the instance to listen to You can use the ndsconfig options to do this. Installing or Upgrading Novell eDirectory on Linux...
  • Page 62 Description ndsmanage Lists all the instances configured by you. ndsmanage -a|--all List instances of all the users who are using a particular installation of eDirectory. ndsmanage username List the instances configured by a specific user Novell eDirectory 8.8 Installation Guide...
  • Page 63 Other than the ones listed above, you can also run ndstrace for a selected instance. Starting a Specific Instance To start an instance configured by you, do the following: 1 Enter the following: ndsmanage 2 Select the instance you want to start. Installing or Upgrading Novell eDirectory on Linux...
  • Page 64 The menu expands to include the options you can perform on a specific instance. For more information, refer to ndsmanage Utility Output Screen with Instance Options (page 64). 3 Enter d to deconfigure the instance. Novell eDirectory 8.8 Installation Guide...
  • Page 65 To configure the instances based on the above mentioned instance identifiers, Mary must enter the following commands. Instance 1: ndsconfig new -t mytree -n o=novell -a cn=admin.o=company -b 1524 - /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf Instance 2: Installing or Upgrading Novell eDirectory on Linux...

  • Page 66: Using Ndsconfig To Install An Hp-Ux Server Into A Tree With Dotted Name Containers

    For example, to install a new eDirectory tree on a Linux server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...

  • Page 67: Using The Nmasinst Utility To Configure Nmas

    The last parameter specifies the config.txt file for the login method that is to be installed. A config.txt file is provided with each login method. Here is an example of the -addmethod command: nmasinst -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt If the login method already exists, nmasinst will update it. Installing or Upgrading Novell eDirectory on Linux...

  • Page 68: Nonroot User Snmp Configuration

    To install NOVLsubag, complete the following procedure: Enter the following command: rpm -ivh --nodeps NOVLsubag_rpm_file_name_with_path For example: rpm -ivh --nodeps novell-NOVLsubag-8.8.1-5.i386.rpm 3 Export the paths as follows: Manually export the environment variables. export LD_LIBRARY_PATH=custom_location/opt/novell/ eDirectory/lib:custom_location/opt/novell/lib:/opt/novell/lib:/ opt/novell/eDirectory/lib:$LD_LIBRARY_PATH export PATH=/opt/novell/eDirectory/bin:$PATH export MANPATH=/opt/novell/:$MANPATH Novell eDirectory 8.8 Installation Guide...

  • Page 69: Installing Or Upgrading Novell Edirectory On Solaris

    74 MB of disk space for every 50,000 users 4.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the TID - What Novell products are supported with Novell eDirectory 8.8?
  • Page 70 Configuring Static IP Address Refer to “Configuring Static IP Address” on page 12 for more information on configuring static IP addresses. Novell eDirectory 8.8 Installation Guide...

  • Page 71: Hardware Requirements

    For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 72: Upgrading Multiple Instances

    After the upgrade to eDirectory 8.8, the default location of the configuration files, data files, and log files are changed to /etc/opt/novell/eDirectory/conf, /var/opt/novell/ eDirectory/data, and /var/opt/novell/eDirectory/log respectively. The new directory /var/opt/novell/eDirectory/data uses a symbolic link to the / var/nds directory. The old configuration file /etc/nds.conf is migrated to /etc/opt/novell/ eDirectory/conf directory.

  • Page 73: Using Slp With Edirectory

    For example, to search for the services whose svcname-ws attribute match with the value SAMPLE_TREE, enter the following command: /usr/bin/slpinfo -s "ndap.novell///(svcname-ws==SAMPLE_TREE)/" If you have a service registered with its svcname-ws attribute as SAMPLE_TREE, then the output will be similar to the following: service:ndap.novell:///SAMPLE_TREE Installing or Upgrading Novell eDirectory on Solaris...

  • Page 74: Installing Nici

    For example, to enable john to run /usr/sbin/pkgadd as root on the hostname sol-2, type the following: john sol-2=(root) NOPASSWD: /usr/sbin/pkgadd A nonroot user (john in the example) needs to do the following to install NICI: 1 Log in as john and execute the following command: Novell eDirectory 8.8 Installation Guide...

  • Page 75: Using The Nds-Install Utility To Install Edirectory Components

    There are two components you can install, the eDirectory server and the eDirectory administration utilities. To install the server, enter -c nds. To install the administration utilities, enter -c adminutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -n /var Displays help for nds-install.
  • Page 76 You can also use the nmasinst utility to configure NMAS server after installation. This must be done after configuring eDirectory with ndsconfig. For more information on the ndsconfig utility, see “The ndsconfig Utility” on page 121. Novell eDirectory 8.8 Installation Guide...

  • Page 77: Nonroot User Installing Edirectory 8.8

    Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/ eDirectory/bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 78 [-B interface1@port1, interface2@port2,..] [-D custom_location] [--config-file configuration_file] For example: ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 - d /home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf Novell eDirectory 8.8 Installation Guide...

  • Page 79: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    There is a limitation on the number of characters in the tree_name, admin FDN and server context variables. The maximum number of characters allowed for these variables is as follows: tree_name: 32 characters admin FDN: 64 characters server context: 64 characters Installing or Upgrading Novell eDirectory on Solaris...
  • Page 80 You can enable encrypted replication in the server you want to add using the -E option. For more information on encrypted replication, refer to Novell eDirectory 8.8 Administration Guide (http:// www.novell.com/documentation/edir88/index.html). Removing a Server Object and Directory Services from a Tree...

  • Page 81: Using Ndsconfig To Configure Multiple Instances Of Edirectory 8.8

    For example, to install a new eDirectory tree on a Solaris server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...

  • Page 82: Nonroot User Snmp Configuration

    The last parameter specifies the config.txt file for the login method that is to be installed. A config.txt file is provided with each login method. Here is an example of the -addmethod command: nmasinst -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt If the login method already exists, nmasinst will update it.

  • Page 83: Installing Or Upgrading Novell Edirectory On Aix

    74 MB of disk space for every 50,000 users 5.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the TID - What Novell products are supported with Novell eDirectory 8.8?

  • Page 84: Hardware Requirements

    Hardware requirements depend on the specific implementation of eDirectory. For example, a base installation of Novell eDirectory with the standard schema requires about 74 MB of disk space for every 50,000 users. However, if you add a new set of attributes or completely fill in every existing attribute, the object size grows.

  • Page 85: Forcing The Backlink Process To Run

    I/O intensive. The following table illustrates typical system requirements for Novell eDirectory for AIX. Objects Processor Memory Hard Disk 100,000 RS/6000 344 MB 144 MB...

  • Page 86: Upgrading Multiple Instances

    “Upgrading the Tarball Deployment of eDirectory 8.8,” on page 44 in the Linux chapter. 5.6 Installing eDirectory The following sections provide information about installing Novell eDirectory on AIX: Section 5.6.1, “Server Health Checks,” on page 86 Section 5.6.2, “Using SLP with eDirectory,” on page 87 Section 5.6.3, “Installing NICI,”...

  • Page 87: Using Slp With Edirectory

    Appendix C, “Configuring OpenSLP for eDirectory,” on page 147. 5.6.3 Installing NICI NICI should be installed before you proceed with the eDirectory installation. Both root and nonroot users can install NICI, though the procedure to do so is different. Installing or Upgrading Novell eDirectory on AIX...
  • Page 88 1 Log in as john and execute the following command: sudo installp -acgXd absolute_path_of_the_NICI_fileset NOVLniu0 For example: sudo installp -acgXd /home/build/AIX/AIX/setup/NOVLniu0.2.7.0.0 NOVLniu0 2 Execute the following script: sudo /var/opt/novell/nici/set_server_mode NICI gets installed in the server mode. Novell eDirectory 8.8 Installation Guide...

  • Page 89: Using The Nds-Install Utility To Install Edirectory Components

    There are two components you can install, the eDirectory server and the eDirectory administration utilities. To install the server, enter -c nds. To install the administration utilities, enter -c adminutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -n /var Displays help for nds-install.
  • Page 90 For more information on the nmasinst utility, see “Using the Nmasinst Utility to Configure NMAS” on page 4 After the installation is complete, you need to update the following environment variables and export them as follows: Manually export the environment variables Novell eDirectory 8.8 Installation Guide...

  • Page 91: Nonroot User Installing Edirectory 8.8

    Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/ eDirectory/bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 92 Use the ndsconfig utility as follows: ndsconfig new -t treename -n server_context -a admin_FDN [-i] [-S server_name] [-d path_for_dib] [-m module] [e] [-L ldap_port] [-l SSL_port] [-o http_port] -O https_port] port_to_bind] [-B interface1@port1, interface2@port2,..] [-D custom_location] [--config-file configuration_file] For example: Novell eDirectory 8.8 Installation Guide...

  • Page 93: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    -t mary-tree -n novell -a admin.novell -S linux1 - d /home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.
  • Page 94 You can enable encrypted replication in the server you want to add using the -E option. For more information on encrypted replication, refer to Novell eDirectory 8.8 Administration Guide (http:// www.novell.com/documentation/edir88/index.html). Removing a Server Object and Directory Services from a Tree...

  • Page 95: Using Ndsconfig To Install An Aix Server Into A Tree With Dotted Name Containers

    For example, to install a new eDirectory tree on an AIX server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...

  • Page 96: Nonroot User Snmp Configuration

    The last parameter specifies the config.txt file for the login method that is to be installed. A config.txt file is provided with each login method. Here is an example of the -addmethod command: nmasinst -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt If the login method already exists, nmasinst will update it.

  • Page 97: Installing Or Upgrading Novell Edirectory On Hp-Ux

    Center (http://hpux.connect.org.uk/hppd/hpux/Development/Libraries). 6.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the TID - What Novell products are supported with...
  • Page 98 In case the secondary being added is of later version, then the schema needs to be extended by the admin of the tree before adding the secondary using container admin. Novell eDirectory 8.8 Installation Guide...

  • Page 99: Hardware Requirements

    For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 100: Upgrading Multiple Instances

    After the upgrade to eDirectory 8.8, the default location of the configuration files, data files, and log files are changed to /etc/opt/novell/eDirectory/conf, /var/opt/novell/ eDirectory/data, and /var/opt/novell/eDirectory/log respectively. The new directory /var/opt/novell/eDirectory/data uses a symbolic link to the / var/nds directory. The old configuration file /etc/nds.conf is migrated to /etc/opt/novell/ eDirectory/conf directory.

  • Page 101: Server Health Checks

    .TREE_NAME. <IP_address_of_the_server_hosting_the_tree> For more information, refer to the hosts.nds man page. Installing and Configuring OpenSLP 1 Download and install OpenSLP for HP-UX from the HP SLP-Service Location Protocol (http:/ /www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/ displayProductInfo.pl?productNumber=HPUXSLP) Web site. Installing or Upgrading Novell eDirectory on HP-UX 101...

  • Page 102: Installing Nici

    NICI, though the procedure to do so is different. Root User Installing NICI To install NICI, complete the following procedure: 1 Enter the following command: swinstall -s absolute_path_of_depot NOVLniu0 For example: swinstall -s /home/build/HPUX/HPUX/setup/eDirectory.depot NOVLniu0 2 Execute the following script: 102 Novell eDirectory 8.8 Installation Guide...

  • Page 103: Installing Edirectory Components

    Use the swinstall utility to install eDirectory components on HP-UX systems. The utility adds the required packages based on what components you choose to install. The eDirectory packages are contained in eDirectory.depot and the administration utilities are contained in eDirectory-admutils.depot. Installing or Upgrading Novell eDirectory on HP-UX 103...
  • Page 104 There are two components you can install, the eDirectory server and the eDirectory administration utilities. To install the server, enter -c nds. To install the administration utilities, enter -c adminutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -n /var Displays help for nds-install.
  • Page 105 After the installation is complete, you need to update the following environment variables and export them as follows: Manually export the environment variables export SHLIB_PATH=/opt/novell/eDirectory/lib:/opt/novell/ eDirectory/lib/nds-modules:/opt/novell/lib:$SHLIB_PATH export PATH=/opt/novell/eDirectory/bin:/opt/novell/eDirectory/ sbin:$PATH export MANPATH=/opt/novell/man:/opt/novell/eDirectory/ man:$MANPATH export TEXTDOMAINDIR=/opt/novell/eDirectory/share/ locale:$TEXTDOMAINDIR Installing or Upgrading Novell eDirectory on HP-UX 105...

  • Page 106: Nonroot User Installing Edirectory 8.8

    Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/ eDirectory/bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...

  • Page 107: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    [-B interface1@port1, interface2@port2,..] [-D custom_location] [--config-file configuration_file] For example: ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 - d /home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.
  • Page 108 A server is added to an existing tree in the specified context. If the context that the user wants to add the Server object to does not exist, ndsconfig creates the context and adds the server. 108 Novell eDirectory 8.8 Installation Guide...

  • Page 109: Using Ndsconfig To Configure Multiple Instances Of Edirectory 8.8

    For example, to install a new eDirectory tree on an HP-UX server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...

  • Page 110: Using The Nmasinst Utility To Configure Nmas

    The Admin name and context and the server context parameters are enclosed in double quotes, and only the dot (‘.’) in novell.com is escaped using the ‘\’ (backslash) character. You can also use this format when installing a server into an existing tree.
  • Page 111 -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt If the login method already exists, nmasinst will update it. For more information, see “Managing Login and Post-Login Methods and Sequences” (http:// www.novell.com/documentation/beta/nmas30/admin/data/a53vj9a.html) in the Novell Modular Authentication Service Administration Guide. Installing or Upgrading Novell eDirectory on HP-UX...
  • Page 112 112 Novell eDirectory 8.8 Installation Guide...

  • Page 113: Relocating The Dib

    2c Enter k to stop the instance. 3 Get the current DIB location using the following command: ndsconfig get n4u.nds.dibdir NOTE: In eDirectory 8.8, by default the DIB is located at /var/opt/novell/ eDirectory/data/dib and on pre-eDirectory 8.8 servers, it is located at /var/nds/ dib.

  • Page 114: Netware And Windows

    7.2 NetWare and Windows DIB relocation is currently not supported. However, on Windows you can locate the DIB in a custom location during the eDirectory installation. 114 Novell eDirectory 8.8 Installation Guide...

  • Page 115: Upgrade Requirements Of Edirectory

    Upgrade Requirements of eDirectory 8.8 One of the unique features of eDirectory is its ability to maintain the tight referential integrity. Any object Classes derived from Top will have a reference attribute in its class definition. This is a hidden attribute added to all the referenced objects those are internally maintained by eDirectory. Background processes keep running to check the links between the referenced object and the referencing objects.

  • Page 116: Reference Changes In 8.8 Sp2

    It could take hours before it actually opens and is ready for use by applications for a large database. 116 Novell eDirectory 8.8 Installation Guide...

  • Page 117: Upgrade Process In 8.8 Sp2

    The appropriate upgrade utility will be called after the packages are upgraded to eDirectory 8.8. Refer to the eDirectory install and upgrade documents in Novell eDirectory 8.8 Installation Guide (http://www.novell.com/documentation/edir88/index.html) A new offline database upgrade utility will be available with eDirectory 8.8.
  • Page 118 Provide a log file name where messages are logged during upgrade. The log file will indicate the time the upgrade started and the end time. Given below is a snapshot of log file. 118 Novell eDirectory 8.8 Installation Guide...

  • Page 119: Performing A Dry Run Before Upgrading Edirectory

    8.3 Performing a Dry Run before Upgrading eDirectory ndsdibupg can be used to perform a dry run before upgrading the packages. This utility alone can be used against a copied database on non-NetWare platforms. The advantage is that eDirectory services will still be available when the dry run is being performed.
  • Page 120 Answer: eDirectory maintains the reference attributes in a separate container in the database. The delay in the initial display is due to the time it takes FLAIM to delete the database container that holds the “Reference” attribute records. 120 Novell eDirectory 8.8 Installation Guide...

  • Page 121: Configuring Novell Edirectory On Linux, Solaris, Aix, Or Hp-Ux Systems

    “Using the ldapconfig Utility to Configure the LDAP Server and LDAP Group Objects” on page 121 “Using the nmasinst Utility to Configure Novell Modular Authentication Service” on page 122 9.1.1 The ndsconfig Utility You can use the ndsconfig utility to configure eDirectory. This utility can also be used to add the eDirectory Replica Server into an existing tree or to create a new tree.

  • Page 122: Using The Nmasinst Utility To Configure Novell Modular Authentication Service

    9.1.3 Using the nmasinst Utility to Configure Novell Modular Authentication Service For eDirectory 8.8, by default, ndsconfig configures NMAS. You can also use nmasinst on Linux, Solaris, AIX, and HP-UX systems to configure NMAS. ndsconfig only configures NMAS and does not install the login methods. To install these login methods, you can use nmasinst.
  • Page 123 Range=2 to 1440 n4u.nds.synchronization-restrictions The Off value allows synchronization with any version of the eDirectory. The On value restricts synchronization to version numbers you specify as parameters (for example, ON,420,421). Default=Off Configuring Novell eDirectory on Linux, Solaris, AIX, or HP-UX Systems 123...
  • Page 124 The eDirectory configuration files are placed here. Default=/etc n4u.server.vardir The eDirectory and utilities log files are placed here. Default=/var/opt/novell/eDirectory/log n4u.server.libdir The eDirectory specific libraries are placed here in the nds-modules directory. Default=/opt/novell/eDirectory/lib 124 Novell eDirectory 8.8 Installation Guide...
  • Page 125 LogFatal, LogWarn, LogErr, LogInfo, or LogDbg. n4u.server.log-file This parameter specifies the log file location where the messages would be logged. By default, the messages are logged into the ndsd.log file. Configuring Novell eDirectory on Linux, Solaris, AIX, or HP-UX Systems 125...

  • Page 126: Security Considerations

    Parameter Description n4u.ldap.lburp.transize Number of records that are sent from the Novell Import/ Export client to the LDAP server in a single LBURP packet. You can increase the transaction size to ensure that multiple add operations can be performed in a single request.
  • Page 127 By default, the cipher is set to Export. Make LDAP more secure by setting the cipher to HIGH. To do this, change the bind restrictions attribute of LDAP Server object to “Use Higher Cipher (greater than 128 bit )”. Configuring Novell eDirectory on Linux, Solaris, AIX, or HP-UX Systems 127...
  • Page 128 128 Novell eDirectory 8.8 Installation Guide...

  • Page 129: Migrating To Edirectory 8.8 Sp2

    Migrating to eDirectory 8.8 SP2 ® This document guides you to migrate your Novell eDirectory 8.7.3.x server to eDirectory 8.8 SP2 when you have to upgrade your operating system also. eDirectory 8.8 SP2 supports the following platforms: Platform Supported Versions ®...
  • Page 130 2. Do not perform any operations on the intermediate state other than upgrading eDirectory, if the eDirectory version is not supported on a particular operating system in the intermediate state. For example, eDirectory 8.7.3.x on Solaris 10. 130 Novell eDirectory 8.8 Installation Guide...

  • Page 131: Migrating To Edirectory 8.8 Sp2 Without Upgrading The Operating System

    3 Install the operating system 4 Remove the nici folder from /var/novell and restore the nici folder to /var/opt/ novell 5 Ensure that /var/novell/nici is pointing to /var/opt/novell/nici 6 Install eDirectory 8.8 SP2 on the server (a new install) 7 Restore the dib and nds.rfl directories...
  • Page 132 132 Novell eDirectory 8.8 Installation Guide...

  • Page 133: Uninstalling Novell Edirectory

    2 From the NetWare console, run NWCONFIG. 3 Select Product Options > Install a Product Not Listed. 4 Specify the location containing the Novell eDirectory 8.8 installation package. “Installing or Upgrading Novell eDirectory 8.8 on NetWare” on page 15 for more information.

  • Page 134: Uninstalling Edirectory, Consoleone, And Slp Da

    For information about roll-forward logs, see “Using Roll-Forward Logs” in the Novell eDirectory 8.8 Administration Guide. “Uninstalling eDirectory, ConsoleOne, and SLP DA” on page 134 “Uninstalling NICI” on page 134 11.2.1 Uninstalling eDirectory, ConsoleOne, and SLP DA...

  • Page 135: Uninstalling Edirectory On Hp-Ux

    If you want to be able to use the logs for restoring eDirectory on this server in the future, before removing eDirectory you must first copy the roll-forward logs to another location. For information about roll-forward logs, see “Using Roll-Forward Logs” in the Novell eDirectory 8.8 Administration Guide.
  • Page 136 136 Novell eDirectory 8.8 Installation Guide...

  • Page 137: A Linux, Solaris, Aix, And Hp-Ux Packages For Novell Edirectory

    Linux, Solaris, AIX, or HP-UX tools installed with the OS. The following table provides information about the Linux, Solaris, AIX, and HP-UX packages that are included with Novell eDirectory. NOTE: On Linux, all the packages are prefixed with novell-. For example, NDSserv is novell- NDSserv. Package...
  • Page 138 The runtime libraries and utilities for SNMP. This package is dependent on the NICI package. NDSdexvnt Contains the library that manages events generated in Novell eDirectory to other databases. NOTE: This package is not available on HP-UX. 138 Novell eDirectory 8.8 Installation Guide...

  • Page 139: Package Name Specifications For Hp-Ux

    NOVLntls on Solaris, AIX, and HP-UX ntls on Linux NOVLldif2dib Contains the Novell Offline Bulkload utility and is dependent on the NDSbase, NDSserv, NOVLntls, NOVLlmgnt and NICI packages. NOVLncp Contains the Novell Encrypted NCP Services for Unix. This package is dependent on the NDScommon package.
  • Page 140 Package Names on other UNIX Package Names in eDirectory 8.7.1 Package Names in eDirectory 8.8 Platforms and 8.7.3 NOVLsnmp NOVLsnmp.NOVLsnmp eDirectory.NOVLsnmp NOVLpkia NOVLpkia.NPKIAPI novell-npkiapi.npkiapi NOVLembox NOVLembox.NOVLembox eDirectory.NOVLembox NOVLlmgnt NOVLlmgnt.NOVLlmgnt eDirectory.NOVLlmgnt NOVLxis NOVLxis.NOVLxis eDirectory.NOVLxis NOVLntls NOVLntls.NTLS novell-ntls.NTLS 140 Novell eDirectory 8.8 Installation Guide...

  • Page 141: B Server Health Checks

    Server Health Checks ® Novell eDirectory 8.8 provides a diagnostic tool to help you determine whether your server health is safe. The primary use of this tool is to check if the health of the server is safe before upgrading.

  • Page 142: Types Of Health Checks

    This is the first stage of the health check, where the health check utility checks for the following: 1. The eDirectory service is up. The DIB is open and able to read some basic tree information such as tree name. 2. The server is listening on the respective port numbers. 142 Novell eDirectory 8.8 Installation Guide...

  • Page 143: Partitions And Replica Health

    For LDAP, it gets the TCP and the SSL port numbers and checks if the server is listening on these ports. Similarly, it gets the HTTP and HTTP secure port numbers and checks if the server is listening on these ports. B.3.2 Partitions and Replica Health After checking the basic server health, it then checks the partitions and replica health as follows: 1.

  • Page 144: Critical

    Unable to read or open the DIB (might be locked or corrupt). Unable to contact all the servers in the replica ring. Locally held partitions are busy. Replica is not in the ON state. 144 Novell eDirectory 8.8 Installation Guide...

  • Page 145: Log Files

    Health Check with a Critical Error Figure B-2 B.5 Log Files Every server health check operation, whether it is run with the upgrade or as a standalone utility, maintains the status of the health in a log file. The content of the log file is similar to the messages displayed on the screen when the checks are happening.
  • Page 146 2. When health check is performed manually using dscheck.nlm, the default log messages would be saved at sys:\system\dscheck.log. Windows The log file will be saved at install_directory\novell nsdcheck.log nds\. NOTE: install_directory is user specified. 146 Novell eDirectory 8.8 Installation Guide...

  • Page 147: C Configuring Openslp For Edirectory

    This appendix provides information for network administrators on the proper configuration of ® OpenSLP for Novell eDirectory installations without the Novell Client Section C.1, “Service Location Protocol,” on page 147 Section C.2, “SLP Fundamentals,” on page 147 Section C.3, “Configuration Parameters,” on page 149 C.1 Service Location Protocol...

  • Page 148: Novell Service Location Providers

    In summary, everything hinges on the directory agent that a user agent finds for a given scope. C.2.1 Novell Service Location Providers The Novell version of SLP takes certain liberties with the SLP standard in order to provide a more robust service advertising environment, but it does so at the expense of some scalability.

  • Page 149: Service Agents

    4. Querying DHCP for network-configured DA addresses that match the specified scope (and adding new addresses to the cache). 5. Multicasting a DA discovery request on a well-known port (and adding new addresses to the cache). The specified scope is “default” if not specified. That is, if no scope is statically defined in the SLP configuration file, and no scope is specified in the query, then the scope used is the word “default”.
  • Page 150 “false.” Any other value is a number of seconds between discovery broadcasts. These options, when used properly, can ensure an appropriate use of network bandwidth for service advertising. In fact, the default settings are designed to optimize scalability on an average network. 150 Novell eDirectory 8.8 Installation Guide...

Table of Contents