1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. EDIRECTORY 8.8 SP2
  6. Installation manual

Novell EDIRECTORY 8.8 SP2 Installation Manual

Hide thumbs Also See for EDIRECTORY 8.8 SP2:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Manual
Novell
eDirectory
TM
w w w . n o v e l l . c o m
8 . 8 S P 2
I N S T A L L A T I O N G U I D E
O c t o b e r 1 2 , 2 0 0 7

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the EDIRECTORY 8.8 SP2 and is the answer not in the manual?

Questions and answers

Related Manuals for Novell EDIRECTORY 8.8 SP2

Summary of Contents for Novell EDIRECTORY 8.8 SP2

  • Page 1 Novell eDirectory 8.8 Installation Guide Novell eDirectory w w w . n o v e l l . c o m 8 . 8 S P 2 I N S T A L L A T I O N G U I D E...
  • Page 2 Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell is a registered trademark of Novell, Inc., in the United States and other countries. Novell Client is a trademark of Novell, Inc. Novell Directory Services and NDS are registered trademarks of Novell, Inc., in the United States and other countries.

  • Page 5: Table Of Contents

    Disk Space Check on Upgrading to eDirectory SP2 or later ......15 Installing or Upgrading Novell eDirectory on NetWare ......15 1.7.1...
  • Page 6 SNMP configuration ........78 4 Installing or Upgrading Novell eDirectory on Solaris System Requirements .
  • Page 7 8.1.3 Using the nmasinst Utility to Configure Novell Modular Authentication Service . . . 118 Configuration Parameters ........... 118 Security Considerations .
  • Page 8 Novell Service Location Providers ........

  • Page 9: About This Book

    Chapter 6, “Relocating the DIB,” on page 109 Chapter 7, “Upgrade Requirements of eDirectory 8.8,” on page 111 Chapter 8, “Configuring Novell eDirectory on Linux, Solaris, or AIX Systems,” on page 117 Chapter 9, “Migrating to eDirectory 8.8 SP2,” on page 125 Chapter 11, “Uninstalling Novell eDirectory,”...
  • Page 10 ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux* and UNIX*, should use forward slashes as required by your software.

  • Page 11: Installing Or Upgrading Novell Edirectory On Netware

    Section 1.3, “Hardware Requirements,” on page 1.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the...

  • Page 12: Hardware Requirements

    For example, a base installation of eDirectory with the standard schema requires about 74 MB of disk space for every 50,000 users. However, if you add a new set of attributes or completely fill in Novell eDirectory 8.8 Installation Guide...

  • Page 13: Forcing The Backlink Process To Run

    Two factors increase performance: more cache memory and faster processors. For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.7 took advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.
  • Page 14 4 Enter the Administrator's name (for example, Admin.VMP) and password. NOTE: In eDirectory 8.8 and later, you can have case sensitive passwords for all the utilities. Refer to Novell eDirectory 8.8 What's New Guide (http://www.novell.com/documentation/ edir88/index.html) for more information. 5 Select Post NetWare 5 Schema Update > Yes.

  • Page 15: Disk Space Check On Upgrading To Edirectory Sp2 Or Later

    1.7 Installing or Upgrading Novell eDirectory on NetWare This section contains the following information: “Installing or Upgrading Novell eDirectory 8.8 on NetWare” on page 15 “Server Health Checks” on page 16 “Installing NMAS Server Software” on page 16 “Installing NMAS Client Software” on page 17 “Installing into a Tree with Dotted Name Containers”...

  • Page 16: Server Health Checks

    NOTE: In eDirectory 8.8 and later, you can have case sensitive passwords for all the utilities. Refer to Novell eDirectory 8.8 What's New Guide (http://www.novell.com/documentation/ edir88/index.html) for more information. 6 In the LDAP Configuration screen, specify which LDAP ports to use, then click Next.

  • Page 17: Installing Nmas Client Software

    For example: O=novell\.com You cannot start a name with a dot. For example, you cannot create a container named “.novell” because it starts with a dot (‘.’). IMPORTANT: If your tree has containers with dotted names, you must escape those names when logging into utilities such as iMonitor, iManager, and DHost iConsole.

  • Page 18: Unattended Upgrade To Edirectory 8.8 Sp2 On Netware

    An SPK has components and properties. To see the components, click on the SPK's expand box. The properties include a description, requirements, and variables. The Support Pack SPKs use variables, which is the only place where each site will need to make specific modifications. Novell eDirectory 8.8 Installation Guide...
  • Page 19 WARNING: The installation source folders will be partially removed for security reasons. You need to copy the installation source again in case you restart the installation on failures, e.g, Disk Space unavailability errors. Installing or Upgrading Novell eDirectory on NetWare...
  • Page 20 Adding the source to the SPK Figure 1-5 4 Then select the “eDir88” folder that contains the source files that are delivered along with the SPK as given below: Selecting the upgrade source Figure 1-6 Novell eDirectory 8.8 Installation Guide...

  • Page 21: Remote Installation Or Upgrade

    XServer Console to choose the NMAS methods to be installed. In this case, you could choose "Yes-Remote", which by default installs all NMAS methods without any further indications in the System Console. NOTE: The Installer will restart the server once the installation is complete. Installing or Upgrading Novell eDirectory on NetWare...
  • Page 22 Novell eDirectory 8.8 Installation Guide...

  • Page 23: Installing Or Upgrading Novell Edirectory On Windows

    IMPORTANT: Novell eDirectory 8.8 lets you install eDirectory for Windows without the Novell Client . If you install eDirectory 8.8 on a machine already containing the Novell Client, eDirectory will use the existing Client. For more information, see “Installing or Updating Novell eDirectory 8.8 on Windows 2000 or Server 2003”...
  • Page 24 Novell products in the TID - What Novell products are supported with Novell eDirectory 8.8? (http://support.novell.com/cgi-bin/search/searchtid.cgi?10099872.htm) It is also highly recommended to backup eDirectory prior to any upgrades. Because NTFS provides a safer transaction process than a FAT file system provides, you can install eDirectory only on an NTFS partition.

  • Page 25: Hardware Requirements

    Two factors increase performance: more cache memory and faster processors. For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 26: Updating The Edirectory Schema For Windows

    1 Copy patches\dsrepair\ntnds8\dsrepair.dll from the product CD to the directory where you installed eDirectory (for example, c:\novell\nds). 2 Click Start > Settings > Control Panel > Novell eDirectory Services. 3 Select dsrepair.dlm in the Service list. 4 Enter -ins in the Startup Parameters field, then click Start.

  • Page 27: Installing Novell Edirectory On Windows

    DHCP Options for Service Location Protocol (http://www.openslp.org/doc/rfc/ rfc2610.txt) OpenSLP Documentation (http://www.openslp.org/#Documentation) 3 If you have Autorun turned off, run setup.bat from the Novell eDirectory 8.8 SP2 CD or from the downloaded file. The installation program checks for the following components before it installs eDirectory. If a component is missing or is an incorrect version, the installation program automatically launches an installation for that component.

  • Page 28: Server Health Checks

    HTTP server, then click Next. IMPORTANT: Make sure that the HTTP stack ports you set during the eDirectory installation are different than the HTTP stack ports you have used or will use for Novell iManager. For more information, see the Novell iManager 2.6 Administration Guide (http://www.novell.com/...

  • Page 29: Communicating With Edirectory Through Ldap

    To disallow clear passwords and other data, select the Require TLS for Simple Bind with Password option during installation. As the following figure illustrates, the page gives defaults of 389, 636, and Require TLS for Simple Bind with Password. Installing or Upgrading Novell eDirectory on Windows...
  • Page 30 No one can view passwords, data packets, or bind requests. Port 636, the Industry-Standard Secure Port The connection through port 636 is encrypted. TLS (formerly SSL) manages the encryption. By default, the eDirectory installation selects this port. The following figure illustrates the selected port. Novell eDirectory 8.8 Installation Guide...
  • Page 31 LDAP server does not service requests on any duplicated port. If you are not certain that port 389 or 636 is assigned to the Novell LDAP server, run the ICE utility.

  • Page 32: Installing Nmas Server Software

    See Figure 2-3 for an example. You cannot start a name with a dot. For example, you cannot create a container named “.novell” because it starts with a dot (‘.’). Novell eDirectory 8.8 Installation Guide...

  • Page 33: Unattended Install And Upgrade To Edirectory 8.8 Sp2 On Windows

    IMPORTANT: If your tree has containers with dotted names, you must escape those names when logging into utilities such as iMonitor, iManager, and DHost iConsole. For example, if your tree has “novell.com” as the name of the O, enter username.novell\.com in the Username field when logging in to iMonitor (see Figure 2-4).
  • Page 34 To input values during an upgrade IMPORTANT: You provide the administrator user credentials in the response.ni file for an unattended installation. Therefore, you should permanently delete the file after the installation to prevent the administrator credentials from being compromised. Novell eDirectory 8.8 Installation Guide...
  • Page 35 NDS Location: The eDirectory install location in the local system where the libraries and binaries are copied. By default, eDirectory is installed into C:\Novell\NDS unless it is changed in the response file. DataDir: Until eDirectory version 8.8, the DIB was installed inside the NDS location as a subfolder.
  • Page 36 This location is used by the Installer while copying files to the install location, and the other location is used by the components to refer to the base eDirectory installation while they are configured. The default value is C:\Novell\NDS, if not specified in the response file. For example: [Novell:DST:1.0.0_Location]...
  • Page 37 NMAS Login Method Creation Figure 2-6 The following is sample text in the response file for choosing the NMAS methods: [NWI:NMAS] Choices=12 Methods=X509 Advanced Certificate,CertMutual,Challenge Response,DIGEST-MD5,Enhanced Password,Entrust,GSSAPI,NDS,NDS Change Password,Simple Password,Universal Smart Card,X509 Certificate Installing or Upgrading Novell eDirectory on Windows...
  • Page 38 The eDirectory Installer language settings configure the locale and set the display language. There are currently three locale options that can be set during installation: English, French and Japanese. Each has a specific key in the [Novell:Languages:1.0.0] tag that can be set to True/False prior to the start of installation.
  • Page 39 Stop service: Set the value to Yes to stop the SNMP services without prompting. The status of is displayed on-screen as shown below: SNMP Service Shutdown Figure 2-8 The following is sample text in the response file for stopping SNMP services: [NWI:SNMP] Stop service=yes Installing or Upgrading Novell eDirectory on Windows...
  • Page 40 New Tree: Use this key in the [NWI:NDS] tag and and set it to Yes for a new tree installation, or No for a secondary server installation. ExistingTreeYes: This key is in the [Novell:ExistingTree:1.0.0] tag. Set it to True/false. Set this to False for a new tree or primary server installation and set it to True for a secondary server in an existing tree.
  • Page 41 During installation, there are various images and status information displayed. Most images contain information on what version of eDirectory is installed, what components are installed, a welcome screen, license files, customization options, a status message indicating the component currently Installing or Upgrading Novell eDirectory on Windows...
  • Page 42 Some applications that intend to embed eDirectory might not want eDirectory displaying these images. All image and status display details are configured in the [Novell:NOVELL_ROOT:1.0.0] tag, including configuration information for the welcome page, close page, summary page, license agreement page, language page, custom choices page, wizard page, welcome page.

  • Page 43: Installing Or Upgrading Novell Edirectory On Linux

    Installing or Upgrading Novell eDirectory on Linux ® Use the following information to install or upgrade Novell eDirectory 8.8 on a Linux* server: Section 3.1, “System Requirements,” on page 43 Section 3.2, “Prerequisites,” on page 44 Section 3.3, “Hardware Requirements,” on page 45 Section 3.4, “Forcing the Backlink Process to Run,”...

  • Page 44: Prerequisites

    Yast online update. 3.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find...

  • Page 45: Hardware Requirements

    For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas — for example, logins —...

  • Page 46: Forcing The Backlink Process To Run

    Processes such as encryption and indexing can be processor intensive. 3.4 Forcing the Backlink Process to Run Because the internal eDirectory identifiers change when upgrading to Novell eDirectory, the backlink process must update backlinked objects for them to be consistent.

  • Page 47: Upgrading On Linux Servers Other Than Oes

    For more information on ZENworks Linux Management, refer to ZENworks Linux Management (http://www.novell.com/products/zenworks/linuxmanagement/index.html). For more information on registering and updating Novell Linux products, refer to Linux Registration and Updates (http://support.novell.com/linux/registration/). You can upgrade to eDirectory 8.8 on OES Linux SP2 using either of the following methods:...
  • Page 48 2h Download the 11148 patch. rug pin patch-11148 This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.
  • Page 49 4. Type the activation code. For example, oes. NOTE: Use the same activation code that you use to get the OES updates. 5. Click on the Activate button. 2d Subscribe to the channel. 1. Select Edit > Channel Subscription. Installing or Upgrading Novell eDirectory on Linux...
  • Page 50 3. Click on Mark for Installation. 4. Click Run Now. 5. Click Continue to apply the patch. This updates the yast2-novell-common file. This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.
  • Page 51 For example, cn=admin.o=novell 4f Enter the password. 4g Click Next The eDirectory Configuration - Instance Information screen is displayed. 5 Enter the instance details, such as, server context, server name, instance, dib, and configuration locations. Installing or Upgrading Novell eDirectory on Linux...

  • Page 52: Upgrading Edirectory During Oes 1.0 To Oes 2.0 Upgrade

    3.5.4 Upgrading eDirectory During OES 1.0 to OES 2.0 Upgrade eDirectory should be upgraded when OES upgrades from OES 1.0 to OES 2.0. For more information on OES upgrade, refer to OES Linux Installation Guide (http://www.novell.com/ documentation/oes/install_linux/data/bujr8yu.html). Perform the following checks before upgrading the OES or eDirectory server:...

  • Page 53: Upgrading Multiple Instances

    If you run nds-install after doing the package upgrade, it will prompt you asking “The DIB of all the Novell eDirectory Server instances need to be upgraded. This may take long time to complete. If you wish to perform the DIB upgrade parallely, you could do it manually (Refer the readme). Do you wish to continue with the DIB upgrade for all the active instances one by one?”...

  • Page 54: Disk Space Check On Upgrading To Edirectory Sp2 Or Later

    Chapter 7, “Upgrade Requirements of eDirectory 8.8,” on page 111. 3.6 Installing eDirectory The following sections provide information about installing Novell eDirectory on Linux: Section 3.6.1, “Using SLP with eDirectory,” on page 54 Section 3.6.2, “Installing NICI,” on page 56 Section 3.6.3, “Using the nds-install Utility to Install eDirectory Components,”...
  • Page 55 If you decide to use SLP to resolve the tree name to determine if the eDirectory tree is advertised, after eDirectory and SLP are installed, enter the following: /usr/bin/slpinfo -s "ndap.novell///(svcname-ws==[treename or *])" Installing or Upgrading Novell eDirectory on Linux...

  • Page 56: Installing Nici

    A root user needs to complete the following procedure to enable a nonroot user (for example, john) to install NICI: 1 Log in as root. 2 Edit the /etc/sudoers configuration file using the visudo command. Novell eDirectory 8.8 Installation Guide...

  • Page 57: Using The Nds-Install Utility To Install Edirectory Components

    [-j] [-u] If you do not provide the required parameters in the command line, the nds-install utility will prompt you for the parameters. The following table provides a description of the nds-install utility parameters: Installing or Upgrading Novell eDirectory on Linux...
  • Page 58 There are two components you can install: the eDirectory server and the eDirectory administration utilities. To install the server, enter -c server. To install the administration utilities, enter -c admutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -h or --help Displays help for nds-install.
  • Page 59 You can either do it manually or use a script. Manually export the environment variables export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/ novell/eDirectory/lib/nds-modules:/opt/novell/ lib:$LD_LIBRARY_PATH export PATH=/opt/novell/eDirectory/bin:/opt/novell/ eDirectory/sbin:$PATH export MANPATH=/opt/novell/man:/opt/novell/eDirectory/ man:$MANPATH export TEXTDOMAINDIR=/opt/novell/eDirectory/share/ locale:$TEXTDOMAINDIR Use the ndspath script to export the environment variables Installing or Upgrading Novell eDirectory on Linux...

  • Page 60: Installing Through Zenworks Linux Management On Oes Linux Sp2

    If you do not want to export the paths manually, you can use the /opt/novell/ eDirectory/bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows: /opt/novell/eDirectory/bin/ndspath utility_name_with_parameters Export the paths in the current shell as follows: .
  • Page 61 1g Install the 11148 patch. rug pin patch-11148 This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.
  • Page 62 2. In the dialog box that appears, select oes. 3. Click Close. 1g Apply the patch. 1. Click on the Patches tab. 2. Scroll down to patch-11148. 3. Click on Mark for Installation. 4. Click Run Now. Novell eDirectory 8.8 Installation Guide...
  • Page 63 5. Click Continue to apply the patch. This updates the yast2-novell-common file. This command installs the updated yast2-novell-common file that detects eDirectory 8.7.3 and eDirectory 8.8 versions appropriately. If you install any other eDirectory dependent services from YaST, it demotes to lower eDirectory versions.

  • Page 64: Nonroot User Installing Edirectory 8.8

    Section 3.2, “Prerequisites,” on page 44 section. Installing eDirectory 1 Go to the directory where you want to install eDirectory. 2 Untar the tar file as follows: tar xvf /tar_file_name The etc, opt, and var directories are created. Novell eDirectory 8.8 Installation Guide...
  • Page 65 <admin_FDN>] [-w <admin password>] [-i] [-S <server_name>] [-d <path_for_dib>] [-m <module>] [e] [-L <ldap_port>] [-l <SSL_port>] [-o <http_port>] -O <https_port>] [-p <IP address:[port]>] [-c] [-b <port_to_bind>] [-B <interface1@port1>, <interface2@port2>,..] [-D <custom_location>] [--config-file <configuration_file>] For example: Installing or Upgrading Novell eDirectory on Linux...

  • Page 66: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    -t mary-tree -n novell -a admin.novell -S linux1 - d /home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.
  • Page 67 You can enable encrypted replication in the server you want to add using the -E option. For more information on encrypted replication, refer to Novell eDirectory 8.8 Administration Guide (http:// www.novell.com/documentation/edir88/index.html). Removing a Server Object And Directory Services From a Tree Use the following syntax: Installing or Upgrading Novell eDirectory on Linux...
  • Page 68 For example, to install a new eDirectory tree on a UNIX server using “novell.com” as the name of the O, use the following command: ndsconfig new -a "admin.novell\\.com"...
  • Page 69 After configuring the ds module, you can add the NMAS, LDAP, SAS, SNMP, HTTP services, and Novell SecretStore (ss) using the add command. If the module name is not specified, all the modules are installed.
  • Page 70 NOTE: -b and -B are mutually exclusive. --config-file Specify the absolute path and file name to store the nds.conf configuration file. For configuration example, to store the configuration file in the /etc/opt/novell/eDirectory/ file directory, enter --config-file /etc/opt/novell/eDirectory/ nds.conf. -P <LDAP Allows the LDAP URLs to configure the LDAP interface on the LDAP Server object.

  • Page 71: Using Ndsconfig To Configure Multiple Instances Of Edirectory 8.8

    Do not remove any contents from this directory. This sections explains the following: “The ndsmanage Utility” on page 72 Installing or Upgrading Novell eDirectory on Linux...
  • Page 72 NOTE: This utility lists all the instances configured for a single binary. Refer to Figure 3-1 on page 73 for more information. Creating an Instance through ndsmanage To create a new instance through ndsmanage: 1 Enter the following command: ndsmanage Novell eDirectory 8.8 Installation Guide...
  • Page 73 Other than the ones listed above, you can also run ndstrace for a selected instance. Starting a Specific Instance To start an instance configured by you, do the following: 1 Enter the following: ndsmanage 2 Select the instance you want to start. Installing or Upgrading Novell eDirectory on Linux...
  • Page 74 The menu expands to include the options you can perform on a specific instance. For more information, refer to ndsmanage Utility Output Screen with Instance Options (page 74). 3 Enter d to deconfigure the instance. Novell eDirectory 8.8 Installation Guide...
  • Page 75 To configure the instances based on the above mentioned instance identifiers, Mary must enter the following commands. Instance 1: ndsconfig new -t mytree -n o=novell -a cn=admin.o=company -b 1524 - /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf Instance 2: Installing or Upgrading Novell eDirectory on Linux...

  • Page 76: Using Ndsconfig To Install A Linux Server Into A Tree With Dotted Name Containers

    For example, to install a new eDirectory tree on a Linux server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...

  • Page 77: Using The Nmasinst Utility To Configure Nmas

    The last parameter specifies the config.txt file for the login method that is to be installed. A config.txt file is provided with each login method. Here is an example of the -addmethod command: nmasinst -addmethod admin.novell MY_TREE ./nmas-methods/novell/Simple Password/config.txt If the login method already exists, nmasinst will update it. Installing or Upgrading Novell eDirectory on Linux...

  • Page 78: Nonroot User Snmp Configuration

    To install NOVLsubag, complete the following procedure: Enter the following command: rpm -ivh --nodeps NOVLsubag_rpm_file_name_with_path For example: rpm -ivh --nodeps novell-NOVLsubag-8.8.1-5.i386.rpm 3 Export the paths as follows: Manually export the environment variables. export LD_LIBRARY_PATH=custom_location/opt/novell/ eDirectory/lib:custom_location/opt/novell/lib:/opt/novell/lib:/ opt/novell/eDirectory/lib:$LD_LIBRARY_PATH export PATH=/opt/novell/eDirectory/bin:$PATH export MANPATH=/opt/novell/:$MANPATH Novell eDirectory 8.8 Installation Guide...

  • Page 79: Installing Or Upgrading Novell Edirectory On Solaris

    74 MB of disk space for every 50,000 users 4.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the TID - What Novell products are supported with Novell eDirectory 8.8?
  • Page 80 In case the secondary being added is Novell eDirectory 8.8 Installation Guide...

  • Page 81: Hardware Requirements

    For best results, cache as much of the DIB Set as the hardware allows. eDirectory scales well on a single processor. However, Novell eDirectory 8.8 takes advantage of multiple processors. Adding processors improves performance in some areas—for example, logins and having multiple threads active on multiple processors.

  • Page 82: Upgrading Edirectory

    After the upgrade to eDirectory 8.8, the default location of the configuration files, data files, and log files are changed to /etc/opt/novell/eDirectory/conf, /var/opt/novell/ eDirectory/data, and /var/opt/novell/eDirectory/log respectively. The new directory /var/opt/novell/eDirectory/data uses a symbolic link to the / var/nds directory. The old configuration file /etc/nds.conf is migrated to /etc/opt/novell/ eDirectory/conf directory.

  • Page 83: Server Health Checks

    If you decide to use SLP to resolve the tree name to determine if the eDirectory tree is advertised, after eDirectory and SLP are installed, enter the following: /usr/bin/slpinfo -s "ndap.novell///(svcname-ws==[treename or *])" Installing or Upgrading Novell eDirectory on Solaris...

  • Page 84: Installing Nici

    A root user needs to complete the following procedure to enable a nonroot user (for example, john) to install NICI: 1 Log in as root. 2 Edit the /etc/sudoers configuration file using the visudo command. NOTE: There is no space between vi and sudo in the command. Novell eDirectory 8.8 Installation Guide...

  • Page 85: Using The Nds-Install Utility To Install Edirectory Components

    [-c component1 [-c component2]...] [-h] [-i] [-j] [-u] If you do not provide the required parameters in the command line, the nds-install utility will prompt you for the parameters. The following table provides a description of the nds-install utility parameters: Installing or Upgrading Novell eDirectory on Solaris...
  • Page 86 There are two components you can install, the eDirectory server and the eDirectory administration utilities. To install the server, enter -c nds. To install the administration utilities, enter -c adminutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -n /var Displays help for nds-install.
  • Page 87 “Using the Nmasinst Utility to Configure NMAS” on page 4 After the installation is complete, you need to update the following environment variables and export them as follows: Manually export the environment variables Installing or Upgrading Novell eDirectory on Solaris...

  • Page 88: Nonroot User Installing Edirectory 8.8

    Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/ eDirectory/bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 89 [-B interface1@port1, interface2@port2,..] [-D custom_location] [--config-file configuration_file] For example: ndsconfig new -t mary-tree -n novell -a admin.novell -S linux1 - d /home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.

  • Page 90: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    -t treename -n server context -a admin FDN [-i] [-S server name] [-d path for dib] [-m module] [-e] [-L ldap port] [-l SSL port] [-o http port] -O https port] [-D custom_location] [--config- file configuration_file] Novell eDirectory 8.8 Installation Guide...
  • Page 91 For example, to remove the eDirectory Server object and directory services from a tree, you could enter the following command: ndsconfig rm -a cn=admin.o=company ndsconfig Utility Parameters Refer to “ndsconfig Utility Parameters” on page 68 for more information. Installing or Upgrading Novell eDirectory on Solaris...

  • Page 92: Using Ndsconfig To Configure Multiple Instances Of Edirectory 8.8

    For example, to install a new eDirectory tree on a Solaris server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...

  • Page 93: Nonroot User Snmp Configuration

    1 Root User Installing NICI. Refer to Section 4.6.3, “Installing NICI,” on page 2 Install NOVLsubag as root. 3 Export the paths as follows: Manually export the environment variables. export LD_LIBRARY_PATH=custom_location/opt/novell/ eDirectory/lib:custom_location/opt/novell/lib:/opt/novell/lib:/ opt/novell/eDirectory/lib:$LD_LIBRARY_PATH export PATH=/opt/novell/eDirectory/bin:$PATH export MANPATH=/opt/novell/:$MANPATH Installing or Upgrading Novell eDirectory on Solaris...
  • Page 94 Novell eDirectory 8.8 Installation Guide...

  • Page 95: Installing Or Upgrading Novell Edirectory On Aix

    74 MB of disk space for every 50,000 users 5.2 Prerequisites IMPORTANT: Check the currently installed Novell and Third Party applications to determine if eDirectory 8.8 is supported before upgrading your existing eDirectory environment. You can find out the current status for Novell products in the TID - What Novell products are supported with Novell eDirectory 8.8?

  • Page 96: Hardware Requirements

    Hardware requirements depend on the specific implementation of eDirectory. For example, a base installation of Novell eDirectory with the standard schema requires about 74 MB of disk space for every 50,000 users. However, if you add a new set of attributes or completely fill in every existing attribute, the object size grows.

  • Page 97: Forcing The Backlink Process To Run

    I/O intensive. The following table illustrates typical system requirements for Novell eDirectory for AIX. Objects Processor Memory Hard Disk 100,000 RS/6000 344 MB 144 MB...

  • Page 98: Upgrading Multiple Instances

    “Upgrading the Tarball Deployment of eDirectory 8.8,” on page 52 in the Linux chapter. 5.6 Installing eDirectory The following sections provide information about installing Novell eDirectory on AIX: Section 5.6.1, “Server Health Checks,” on page 98 Section 5.6.2, “Using SLP with eDirectory,” on page 99 Section 5.6.3, “Installing NICI,”...

  • Page 99: Using Slp With Edirectory

    Appendix C, “Configuring OpenSLP for eDirectory,” on page 147. 5.6.3 Installing NICI NICI should be installed before you proceed with the eDirectory installation. Both root and nonroot users can install NICI, though the procedure to do so is different. Installing or Upgrading Novell eDirectory on AIX...
  • Page 100 1 Log in as john and execute the following command: sudo installp -acgXd absolute_path_of_the_NICI_fileset NOVLniu0 For example: sudo installp -acgXd /home/build/AIX/AIX/setup/NOVLniu0.2.7.0.0 NOVLniu0 2 Execute the following script: sudo /var/opt/novell/nici/set_server_mode NICI gets installed in the server mode. 100 Novell eDirectory 8.8 Installation Guide...

  • Page 101: Using The Nds-Install Utility To Install Edirectory Components

    There are two components you can install, the eDirectory server and the eDirectory administration utilities. To install the server, enter -c nds. To install the administration utilities, enter -c adminutils. For example, to install Novell eDirectory Server packages, you would enter the following command: ./nds-install -c server -n /var Displays help for nds-install.
  • Page 102 “Using the Nmasinst Utility to Configure NMAS” on page 107. 4 After the installation is complete, you need to update the following environment variables and export them as follows: Manually export the environment variables 102 Novell eDirectory 8.8 Installation Guide...

  • Page 103: Nonroot User Installing Edirectory 8.8

    Use the ndspath script to export the environment variables If you do not want to export the paths manually, you can use the /opt/novell/ eDirectory/bin/ndspath script as follows: Prefix the ndspath script to the utility and run the utility you want as follows:...
  • Page 104 -t treename -n server_context -a admin_FDN [-i] [-S server_name] [-d path_for_dib] [-m module] [e] [-L ldap_port] [-l SSL_port] [-o http_port] -O https_port] port_to_bind] [-B interface1@port1, interface2@port2,..] [-D custom_location] [--config-file configuration_file] For example: 104 Novell eDirectory 8.8 Installation Guide...

  • Page 105: Using The Ndsconfig Utility To Add Or Remove The Edirectory Replica Server

    -t mary-tree -n novell -a admin.novell -S linux1 - d /home/mary/inst1/data -b 1025 -L 1026 -l 1027 -o 1028 -O 1029 -D /home/mary/inst1/var --config-file /home/mary/inst1/nds.conf The port numbers you enter need to be in the range 1024 to 65535. Port numbers lesser than 1024 are normally reserved for the super-user and standard applications.
  • Page 106 You can enable encrypted replication in the server you want to add using the -E option. For more information on encrypted replication, refer to Novell eDirectory 8.8 Administration Guide (http:// www.novell.com/documentation/edir88/index.html). Removing a Server Object and Directory Services from a Tree...

  • Page 107: Using Ndsconfig To Configure Multiple Instances Of Edirectory 8.8

    For example, to install a new eDirectory tree on an AIX server using “O=novell.com” as the name of the O, use the following command: ndsconfig new -a “admin.novell\.com”...

  • Page 108: Nonroot User Snmp Configuration

    1 Root User Installing NICI. Refer to Section 5.6.3, “Installing NICI,” on page 2 Install NOVLsubag as root. 3 Export the paths as follows: Manually export the environment variables. export LD_LIBRARY_PATH=custom_location/opt/novell/ eDirectory/lib:custom_location/opt/novell/lib:/opt/novell/lib:/ opt/novell/eDirectory/lib:$LD_LIBRARY_PATH export PATH=/opt/novell/eDirectory/bin:$PATH export MANPATH=/opt/novell/:$MANPATH 108 Novell eDirectory 8.8 Installation Guide...

  • Page 109: Relocating The Dib

    2c Enter k to stop the instance. 3 Get the current DIB location using the following command: ndsconfig get n4u.nds.dibdir NOTE: In eDirectory 8.8, by default the DIB is located at /var/opt/novell/ eDirectory/data/dib and on pre-eDirectory 8.8 servers, it is located at /var/nds/ dib.

  • Page 110: Netware And Windows

    6.2 NetWare and Windows DIB relocation is currently not supported. However, on Windows you can locate the DIB in a custom location during the eDirectory installation. 110 Novell eDirectory 8.8 Installation Guide...

  • Page 111: Upgrade Requirements Of Edirectory

    Upgrade Requirements of eDirectory 8.8 One of the unique features of eDirectory is its ability to maintain the tight referential integrity. Any object Classes derived from Top will have a reference attribute in its class definition. This is a hidden attribute added to all the referenced objects that are internally maintained by eDirectory. Background processes keep running to check the links between the referenced object and the referencing objects.

  • Page 112: Reference Changes In 8.8 Sp2

    NOTE: Incase the administrator wants to run the utility and find out the status of the upgrade, this database upgrade tool can be used with a copy of the database or with -d option Unix/Linux NetWare Windows ndsdibupg dsdibupg.nlm ndsdibupg.exe 112 Novell eDirectory 8.8 Installation Guide...
  • Page 113 ndsdibupg Help Screen Figure 7-2 The following table discusses the ndsdibupg options. ndsdibupg Options Table 7-1 Option Description Quiet mode. There will not be any messages in quiet mode. Messages will be logged to log file ( if provided ) even in -q mode. It is recommended that you always provide a log file name for troubleshooting purpose.

  • Page 114: Performing A Dry Run Before Upgrading Edirectory

    Upgrade will require twice the size of the database since a copy needs to be taken. 114 Novell eDirectory 8.8 Installation Guide...

  • Page 115: Common Problems Encountered During The Upgrade Process

    Upgrade Process Figure 7-3 7.3.1 Common Problems Encountered during the Upgrade Process The following FAQ section discusses the common problems faced while upgrading from the previous versions of eDirectory to eDirectory 8.8. Question: I am upgrading from eDirectory 8.7.x to eDirectory 8.8. The upgrade process failed with an error.
  • Page 116 Answer: eDirectory maintains the reference attributes in a separate container in the database. The delay in the initial display is due to the time it takes FLAIM to delete the database container that holds the “Reference” attribute records. 116 Novell eDirectory 8.8 Installation Guide...

  • Page 117: Configuring Novell Edirectory On Linux, Solaris, Or Aix Systems

    “Using the ldapconfig Utility to Configure the LDAP Server and LDAP Group Objects” on page 117 “Using the nmasinst Utility to Configure Novell Modular Authentication Service” on page 118 8.1.1 The ndsconfig Utility You can use the ndsconfig utility to configure eDirectory. This utility can also be used to add the eDirectory Replica Server into an existing tree or to create a new tree.

  • Page 118: Using The Nmasinst Utility To Configure Novell Modular Authentication Service

    8.1.3 Using the nmasinst Utility to Configure Novell Modular Authentication Service For eDirectory 8.8, by default, ndsconfig configures NMAS. You can also use nmasinst on Linux, Solaris, and AIX systems to configure NMAS. ndsconfig only configures NMAS and does not install the login methods. To install these login methods, you can use nmasinst.
  • Page 119 Range=2 to 1440 n4u.nds.synchronization-restrictions The Off value allows synchronization with any version of the eDirectory. The On value restricts synchronization to version numbers you specify as parameters (for example, ON,420,421). Default=Off Configuring Novell eDirectory on Linux, Solaris, or AIX Systems 119...
  • Page 120 The eDirectory configuration files are placed here. Default=/etc n4u.server.vardir The eDirectory and utilities log files are placed here. Default=/var/opt/novell/eDirectory/log n4u.server.libdir The eDirectory specific libraries are placed here in the nds-modules directory. Default=/opt/novell/eDirectory/lib 120 Novell eDirectory 8.8 Installation Guide...
  • Page 121 LogFatal, LogWarn, LogErr, LogInfo, or LogDbg. n4u.server.log-file This parameter specifies the log file location where the messages would be logged. By default, the messages are logged into the ndsd.log file. Configuring Novell eDirectory on Linux, Solaris, or AIX Systems 121...

  • Page 122: Security Considerations

    Parameter Description n4u.ldap.lburp.transize Number of records that are sent from the Novell Import/ Export client to the LDAP server in a single LBURP packet. You can increase the transaction size to ensure that multiple add operations can be performed in a single request.
  • Page 123 By default, the cipher is set to Export. Make LDAP more secure by setting the cipher to HIGH. To do this, change the bind restrictions attribute of LDAP Server object to “Use Higher Cipher (greater than 128 bit )”. Configuring Novell eDirectory on Linux, Solaris, or AIX Systems 123...
  • Page 124 124 Novell eDirectory 8.8 Installation Guide...

  • Page 125: Migrating To Edirectory 8.8 Sp2

    Migrating to eDirectory 8.8 SP2 ® This document guides you to migrate your Novell eDirectory 8.7.3.x server to eDirectory 8.8 SP2 when you have to upgrade your operating system also. eDirectory 8.8 SP2 supports the following platforms: Platform Supported Versions ®...
  • Page 126 2. Do not perform any operations on the intermediate state other than upgrading eDirectory, if the eDirectory version is not supported on a particular operating system in the intermediate state. For example, eDirectory 8.7.3.x on Solaris 10. 126 Novell eDirectory 8.8 Installation Guide...

  • Page 127: Migrating To Edirectory 8.8 Sp2 Without Upgrading The Operating System

    3 Install the operating system 4 Remove the nici folder from /var/novell and restore the nici folder to /var/opt/ novell 5 Ensure that /var/novell/nici is pointing to /var/opt/novell/nici 6 Install eDirectory 8.8 SP2 on the server (a new install) 7 Restore the dib and nds.rfl directories...
  • Page 128 128 Novell eDirectory 8.8 Installation Guide...

  • Page 129: Migrating Edirectory From Netware To Oes 2 Linux

    The following sections give you more details on the migration procedure for eDirectory. For more information, see the OES Migration Guide (http://www.novell.com/products/openenterpriseserver/ migrate.html). Section 10.1, “Planning Your Migration,” on page 129 Section 10.2, “Migration Tools,” on page 130 Section 10.3, “Migration Procedure,”...

  • Page 130: Supported Platforms

    The utility takes the following command line options: Option Description -s IP address Specifies the IP address of the source server containing the eDirectory instance to be migrated. IMPORTANT: -s is a mandatory parameter. 130 Novell eDirectory 8.8 Installation Guide...
  • Page 131 Option Description -A directory name Enables auditing. directory name specifies the directory in which log files should be created. Tests the validity of the input parameters. NOTE: This option verifies the IP address; however, it does not perform the actual migration. Enables the verbose mode.

  • Page 132: After The Migration

    2 Restore and unlock the database in the source server. Refer to Backup and Restore Command Line Options (http://www.novell.com/documentation/ edir88/edir88/data/agatd4y.html) for more information on how to unlock and restore the database.

  • Page 133: Uninstalling Novell Edirectory

    2 From the NetWare console, run NWCONFIG. 3 Select Product Options > Install a Product Not Listed. 4 Specify the location containing the Novell eDirectory 8.8 installation package. “Installing or Upgrading Novell eDirectory 8.8 on NetWare” on page 15 for more information.

  • Page 134: Uninstalling Edirectory On Windows

    If you want to be able to use the logs for restoring eDirectory on this server in the future, before removing eDirectory you must first copy the roll-forward logs to another location. For information about roll-forward logs, see “Using Roll-Forward Logs” in the Novell eDirectory 8.8 Administration Guide.
  • Page 135 If you want to be able to use the logs for restoring eDirectory on this server in the future, before removing eDirectory you must first copy the roll-forward logs to another location. For information about roll-forward logs, see “Using Roll-Forward Logs” in the Novell eDirectory 8.8 Administration Guide.
  • Page 136 136 Novell eDirectory 8.8 Installation Guide...

  • Page 137: A Linux, Solaris, And Aix Packages For Novell Edirectory

    Linux, Solaris, or AIX tools installed with the OS. The following table provides information about the Linux, Solaris, and AIX packages that are included with Novell eDirectory. NOTE: On Linux, all the packages are prefixed with novell-. For example, NDSserv is novell- NDSserv. Package...
  • Page 138 The runtime libraries and utilities for SNMP. This package is dependent on the NICI package. NDSdexvnt Contains the library that manages events generated in Novell eDirectory to other databases. NOVLpkia Provides PKI services. This package is dependent on the NICI, NDSbase, and NLDAPsdk packages.
  • Page 139 NOVLntls on Solaris, and AIX ntls on Linux NOVLldif2dib Contains the Novell Offline Bulkload utility and is dependent on the NDSbase, NDSserv, NOVLntls, NOVLlmgnt and NICI packages. NOVLncp Contains the Novell Encrypted NCP Services for Unix. This package is dependent on the NDScommon package.
  • Page 140 140 Novell eDirectory 8.8 Installation Guide...

  • Page 141: B Edirectory Health Checks

    Health Checks ® Novell eDirectory 8.8 provides a diagnostic tool to help you determine whether your eDirectory health is safe. The primary use of this tool is to check if the health of the server is safe before upgrading.

  • Page 142: Types Of Health Checks

    This is the first stage of the health check, where the health check utility checks for the following: 1. The eDirectory service is up. The DIB is open and able to read some basic tree information such as tree name. 2. The server is listening on the respective port numbers. 142 Novell eDirectory 8.8 Installation Guide...

  • Page 143: Partitions And Replica Health

    For LDAP, it gets the TCP and the SSL port numbers and checks if the server is listening on these ports. Similarly, it gets the HTTP and HTTP secure port numbers and checks if the server is listening on these ports. B.3.2 Partitions and Replica Health After checking the basic server health, it then checks the partitions and replica health as follows: 1.

  • Page 144: Critical

    Unable to read or open the DIB (might be locked or corrupt). Unable to contact all the servers in the replica ring. Locally held partitions are busy. Replica is not in the ON state. 144 Novell eDirectory 8.8 Installation Guide...

  • Page 145: Log Files

    Figure B-2 on page 145. The health check log file contains the following: Status of the health checks (normal, warning, or critical). URLs where possible solutions can be found. Support forums (http://support.novell.com/forums/2ed.html) Troubleshooting Documentation (http://www.novell.com/documentation/edir88/ edir88tshoot/data/front.html) eDirectory Health Checks 145...
  • Page 146 2. When health check is performed manually using dscheck.nlm, the default log messages would be saved at sys:\system\dscheck.log. Windows The log file will be saved at install_directory\novell nsdcheck.log nds\. NOTE: install_directory is user specified. 146 Novell eDirectory 8.8 Installation Guide...

  • Page 147: C Configuring Openslp For Edirectory

    This appendix provides information for network administrators on the proper configuration of ® OpenSLP for Novell eDirectory installations without the Novell Client Section C.1, “Service Location Protocol,” on page 147 Section C.2, “SLP Fundamentals,” on page 147 Section C.3, “Configuration Parameters,” on page 149 C.1 Service Location Protocol...

  • Page 148: Novell Service Location Providers

    In summary, everything hinges on the directory agent that a user agent finds for a given scope. C.2.1 Novell Service Location Providers The Novell version of SLP takes certain liberties with the SLP standard in order to provide a more robust service advertising environment, but it does so at the expense of some scalability.

  • Page 149: Service Agents

    4. Querying DHCP for network-configured DA addresses that match the specified scope (and adding new addresses to the cache). 5. Multicasting a DA discovery request on a well-known port (and adding new addresses to the cache). The specified scope is “default” if not specified. That is, if no scope is statically defined in the SLP configuration file, and no scope is specified in the query, then the scope used is the word “default”.
  • Page 150 “false.” Any other value is a number of seconds between discovery broadcasts. These options, when used properly, can ensure an appropriate use of network bandwidth for service advertising. In fact, the default settings are designed to optimize scalability on an average network. 150 Novell eDirectory 8.8 Installation Guide...

Table of Contents