How it Works
Novell
Loading...
EDIRECTORY
Installation Guide
82 pgs1.13 Mb0
Troubleshooting Guide
634 pgs6.6 Mb0
What’s New Guide
90 pgs1.16 Mb0
Administration Guide
616 pgs6.58 Mb0
Tuning Guide for UNIX* Platforms
30 pgs480.31 Kb0
WHAT'S NEW GUIDE
68 pgs1.07 Mb0
INSTALLATION GUIDE
118 pgs1.39 Mb0
TROUBLESHOOTING GUIDE
96 pgs925.48 Kb0
ADMINISTRATION GUIDE
621 pgs7.1 Mb0
Administration Guide
154 pgs1.8 Mb0
ADMINISTRATION GUIDE
574 pgs6.01 Mb0
ADMINISTRATION GUIDE
150 pgs1.92 Mb0
WHAT’S NEW GUIDE
70 pgs947.2 Kb0
TROUBLESHOOTING GUIDE
78 pgs1.17 Mb0
Troubleshooting Guide
116 pgs1.09 Mb0
Table of contents
Loading...

Novell EDIRECTORY What’s New Guide

Novell®
www.novell.com
What’s New Guide
novdocx (en) 22 June 2009
AUTHORIZED DOCUMENTATION
eDirectory
December 02, 2009
TM

Novell eDirectory 8.8 What's New Guide

Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
novdocx (en) 22 June 2009
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com
Online Documentation: To access the online documentation for this and other Novell products, and to get
updates, see www.novell.com/documentation.
Novell Trademarks
Client32 is a trademark of Novell, Inc.
eDirectory is a trademark of Novell, Inc.
NetWare is a registered trademark of Novell, Inc., in the United States and other countries.
NetWare Core Protocol and NCP are trademarks of Novell, Inc.
NMAS is a trademark of Novell, Inc.
Novell is a registered trademark of Novell, Inc., in the United States and other countries.
Novell Client is a trademark of Novell, Inc.
Novell Directory Services and NDS are registered trademarks of Novell, Inc., in the United States and other
countries.
Ximian is a registerd trademark of Novell, Inc., in the United States and other countries.
ZENworks is a registered trademark of Novell, Inc., in the United States and other countries.
Third-Party Materials
All third-party trademarks are the property of their respective owners.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://
www.openssl.org).
novdocx (en) 22 June 2009
novdocx (en) 22 June 2009
4 Novell eDirectory 8.8 What's New Guide
Contents
About This Guide 9
1 Supported Platforms for eDirectory Installation 11
1.1 Netware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.2 Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.3 Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.4 AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.5 Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2 Install and Upgrade Enhancements 15
2.1 Multiple Package Formats for Installing eDirectory 8.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2 Automatic Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.2.1 Easy Deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.3 Installing and Configuring eDirectory Through YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.4 Installing eDirectory 8.8 in a Custom Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.4.1 Specifying a Custom Location for Application Files . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.4.2 Specifying a Custom Location for Data Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.4.3 Specifying a Custom Location for Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . 19
2.5 Nonroot Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.6 Standards Compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.6.1 FHS Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.6.2 LSB Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.7 Server Health Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.7.1 Need for Health Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.7.2 What Makes a Server Healthy? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.7.3 Performing Health Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.7.4 Types of Health Checks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.7.5 Categorization of Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.7.6 Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.8 SecretStore Integration with eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.9 Unattended Upgrade to eDirectory 8.8 SP5 on Netware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.10 eDirectory Instrumentation Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.11 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
novdocx (en) 22 June 2009
3 NICI Backup and Restore 29
4 The ndspassstore Utility 31
5 Migrating eDirectory 8.8 SP5 from Netware to OES 2.0 33
6 Multiple Instances 35
6.1 Need for Multiple Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
6.2 Sample Scenarios for Deploying Multiple Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
6.3 Using Multiple Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
6.3.1 Planning the Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Contents 5
6.3.2 Configuring Multiple Instances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
6.4 Managing Multiple Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
6.4.1 The ndsmanage Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
6.4.2 Identifying a Specific Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
6.4.3 Invoking a Utility for a Specific Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6.5 Sample Scenario for Multiple Instances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6.5.1 Planning the Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6.5.2 Configuring the Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6.5.3 Invoking a Utility for an Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
6.5.4 Listing the Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
6.6 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
7 Authentication to eDirectory through SASL-GSSAPI 43
7.1 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
7.1.1 What is Kerberos? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
7.1.2 What is SASL?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
7.1.3 What is GSSAPI? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
7.2 How Does GSSAPI Work with eDirectory? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
7.3 Configuring GSSAPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
7.4 How Does LDAP Use GSSAPI? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
7.5 Commonly Used Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
novdocx (en) 22 June 2009
8 Enforcing Case-Sensitive Universal Passwords 47
8.1 Need for Case-Sensitive Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
8.2 How to Make Your Password Case-Sensitive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
8.2.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
8.2.2 Making Your Password Case-Sensitive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
8.2.3 Managing Case-Sensitive Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
8.3 Upgrading the Legacy Novell Clients and Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
8.3.1 Migrating to Case-Sensitive Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
8.4 Preventing Legacy Novell Clients from Accessing eDirectory 8.8 Server . . . . . . . . . . . . . . . . 50
8.4.1 Need for Preventing Legacy Novell Clients from Accessing eDirectory 8.8 Server. . 50
8.4.2 Managing NDS Login Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
8.4.3 Partition Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
8.4.4 Enforcing Case-Sensitive Passwords in a Mixed Tree . . . . . . . . . . . . . . . . . . . . . . . 55
8.5 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
9 Priority Sync 57
9.1 Need for Priority Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
9.2 Using Priority Sync. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
9.3 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
10 Data Encryption 59
10.1 Encrypting Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
10.1.1 Need for Encrypted Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
10.1.2 How to Encrypt Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
10.1.3 Accessing the Encrypted Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
10.2 Encrypting Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
10.2.1 Need for Encrypted Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
10.2.2 Enabling Encrypted Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
10.3 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
6 Novell eDirectory 8.8 What's New Guide
11 Bulkload Performance 63
12 iManager ICE Plug-ins 65
12.1 Adding Missing Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
12.1.1 Add Schema from a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
12.1.2 Add Schema from a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
12.2 Comparing the Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
12.2.1 Compare Schema Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
12.2.2 Compare Schema between a Server and a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
12.3 Generating an Order File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
12.4 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
13 LDAP-Based Backup 69
13.1 Need for LDAP Based Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
13.2 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
14 LDAP Get Effective Privileges List 71
novdocx (en) 22 June 2009
14.1 Need for LDAP Get Effective Privileges List Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
14.2 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
15 Managing Error Logging in eDirectory 8.8 73
15.1 Message Severity Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
15.1.1 Fatal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
15.1.2 Warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
15.1.3 Error. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
15.1.4 Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
15.1.5 Debug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
15.2 Configuring Error Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
15.2.1 Linux and UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
15.2.2 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
15.2.3 NetWare. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
15.3 DSTrace Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
15.3.1 NetWare, Linux, and UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
15.3.2 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
15.4 iMonitor Message Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
15.5 SAL Message Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
15.5.1 Configuring the Severity Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
15.5.2 Setting the Log File Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
16 Offline Bulkload Utility: ldif2dib 83
16.1 Need for ldif2dib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
16.2 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
17 eDirectory Backup with SMS 85
18 LDAP Auditing 87
18.1 Need for LDAP Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
18.2 Using LDAP Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Contents 7
18.3 For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
19 Miscellaneous 89
19.1 Security Object Caching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
19.2 Subtree Search Performance Improvement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
19.3 Localhost Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
19.4 256 File Handler on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
19.5 Memory Manager on Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
19.6 Nested Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
novdocx (en) 22 June 2009
8 Novell eDirectory 8.8 What's New Guide

About This Guide

Welcome to Novell® eDirectoryTM 8.8. This guide introduces you to the new features in this product.
eDirectory 8.8 provides a host of new features and enhancements to further strengthen eDirectory's leadership in the directory market.
This guide introduces the following:
Chapter 1, “Supported Platforms for eDirectory Installation,” on page 11
Chapter 2, “Install and Upgrade Enhancements,” on page 15
Chapter 3, “NICI Backup and Restore,” on page 29
Chapter 4, “The ndspassstore Utility,” on page 31
Chapter 5, “Migrating eDirectory 8.8 SP5 from Netware to OES 2.0,” on page 33
Chapter 6, “Multiple Instances,” on page 35
Chapter 7, “Authentication to eDirectory through SASL-GSSAPI,” on page 43
novdocx (en) 22 June 2009
Chapter 8, “Enforcing Case-Sensitive Universal Passwords,” on page 47
Chapter 9, “Priority Sync,” on page 57
Chapter 10, “Data Encryption,” on page 59
Chapter 11, “Bulkload Performance,” on page 63
Chapter 12, “iManager ICE Plug-ins,” on page 65
Chapter 13, “LDAP-Based Backup,” on page 69
Chapter 15, “Managing Error Logging in eDirectory 8.8,” on page 73
Chapter 16, “Offline Bulkload Utility: ldif2dib,” on page 83
Chapter 17, “eDirectory Backup with SMS,” on page 85
Chapter 18, “LDAP Auditing,” on page 87
Chapter 19, “Miscellaneous,” on page 89
Audience
The guide is intended for network administrators.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.
Documentation Updates
For the most recent version of this guide, see Novell eDirectory 8.8 What's New Guide (http://
www.novell.com/documentation/beta/edir88/edir88new/data/front.html).
About This Guide 9
Additional Documentation
For more information about eDirectory 8.8, refer to the following:
Novell eDirectory 8.8 Installation Guide
Novell eDirectory 8.8 Administration Guide
Novell eDirectory 8.8 Troubleshooting Guide
These guides are available at Novell eDirectory 8.8 documentation Web site (http://
www.novell.com/documentation/edir88/index.html).
For information about the eDirectory management utility, see the Novell iManager 2.6
Administration Guide (http://www.novell.com/documentation/imanager26/index.html).
Documentation Conventions
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items within a cross-reference path.
®
A trademark symbol (
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
trademark.
novdocx (en) 22 June 2009
When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux* and UNIX*, should use forward slashes as required by your software.
10 Novell eDirectory 8.8 What's New Guide
1
Supported Platforms for
novdocx (en) 22 June 2009
eDirectory Installation
eDirectory 8.8 SP5 is a cross-platform release aimed at improving the stability of eDirectory.

1.1 Netware

The supported platforms for eDirectory 8.8 SP5 installation on Netware are as follows:
OES2 Netware 6.5 SP7
OES2 SP1 NetWare 6.5 SP8

1.2 Linux

The supported platforms for eDirectory 8.8 SP5 installation on Linux are as follows:
32-bit eDirectory supported platforms:
32-bit
SUSE
SLES 10 SP1 and SP2
®
Linux Enterprise Server (SLES) 11
1
SLES 10 SP1 and SP2 XEN
OES2 SP1 Linux
Red Hat Enterprise Linux (RHEL) 5**
RHEL 5** AP
RHEL 5** AP Virtualization
**- Latest service pack
64-bit
SLES 11
SLES 10 SP1 and SP2
SLES 10 SP1 and SP2 XEN
RHEL 5**
RHEL 5** AP
RHEL 5** AP Virtualization
**- Latest service pack
64-bit eDirectory supported platforms:
SLES 11 64-bit
SLES 10 SP1 64-bit
SLES 10 SP2 64-bit

Supported Platforms for eDirectory Installation

11
OES2 SP1 Linux
RHEL 5**
RHEL 5** AP
RHEL 5** AP Virtualization
**- Latest service pack

1.3 Solaris

The supported platforms for eDirectory 8.8 SP5 installation on Solaris are as follows:
32-bit eDirectory supported platforms:
Solaris* 9
Solaris* 10
64-bit eDirectory supported platforms:
Solaris* 10
Solaris* 10 Zones (Small Zone and Big Zone)
novdocx (en) 22 June 2009
Solaris* 10 Zones Support
eDirectory 8.8 SP5 or later versions can be installed on Solaris* 10 Zones. Regardless of the type of a zone, either a 32-bit eDirectory or a 64-bit eDirectory can be installed in each of the zones present in a system. In a zone only one type of eDirectory should be installed.
The nds-install utility is used to install eDirectory components on a Solaris* 10 Zones system. A zone is a virtual instance of Solaris. It is also one of the software partitions of the operating system. A large SunFire server with hardware domains allows the creation of several isolated systems. It is easy to move individual CPUs between the zones as needed, or to configure the sharing of CPUs and memory.
For more information on Solaris* Zones and on installing eDirectory 8.8 SP5 on a Solaris* Zones system refer to the Novell eDirectory 8.8 Installation Guide (http://www.novell.com/
documentation/edir88/edirin88/data/a2iii88.html)

1.4 AIX

The supported platform for eDirectory 8.8 SP5 installation on AIX is AIX* 5L Version 5.3.

1.5 Windows

The supported platforms for eDirectory 8.8 SP5 installation on Windows are as follows:
32-bit eDirectory supported platforms:
Windows* 2003 Enterprise Server SP2
32-bit Windows* 2008 Server
64-bit eDirectory supported platforms:
64-bit Windows* 2008 Server
12 Novell eDirectory 8.8 What's New Guide
novdocx (en) 22 June 2009
NOTE: The service name (display name) for 64-bit eDirectory starts with the service name for 32-bit eDirectory starts with
x86 NDS Server
.
x64 NDS Server
. And,
Supported Platforms for eDirectory Installation 13
novdocx (en) 22 June 2009
14 Novell eDirectory 8.8 What's New Guide
2
Install and Upgrade
novdocx (en) 22 June 2009
Enhancements
This chapter discusses the new features and enhancements with the Novell® eDirectoryTM 8.8 installation and upgrade.
The following table lists the new features and specifies the platforms they are supported on.
Feature NetWare Linux UNIX Windows
Multiple package formats for installing eDirectory 8.8
Automatic deployment through Ximian Management 2.2
Install and configure eDirectory through YaST
Custom location install for application files
Custom location install for data files
Custom location install for configuration files
Nonroot install
FHS compliance
®
ZENworks® Linux
2
LSB compliance
Server health checks
SecretStore integration
eDirectory Instrumentation Installation
The following features are discussed in this chapter:
Multiple Package Formats for Installing eDirectory 8.8 (page 16)
Automatic Deployments (page 16)
Installing and Configuring eDirectory Through YaST (page 17)
Installing eDirectory 8.8 in a Custom Location (page 17)
Nonroot Install (page 19)
Standards Compliance (page 19)
Server Health Checks (page 21)
SecretStore Integration with eDirectory (page 26)
Unattended Upgrade to eDirectory 8.8 SP5 on Netware (page 27)
eDirectory Instrumentation Installation (page 27)

Install and Upgrade Enhancements

15

2.1 Multiple Package Formats for Installing eDirectory 8.8

On Linux* and UNIX, you have an option to choose from various file formats while installing eDirectory 8.8 on your host. The file formats are listed in the table below.
novdocx (en) 22 June 2009
Type of User and Installation Location
Root user:
Default location RPM Package File-set
Custom location Tarball Package and
Nonroot user:
Custom location Tarball Tarball Tarball
For more information on installing using tarballs, refer to the Novell eDirectory 8.8 Installation
Guide (http://www.novell.com/documentation/edir88/edirin88/data/a79kg0w.html#bs6a3gs).
Linux Solaris AIX
Tarball
tarball

2.2 Automatic Deployments

eDirectory 8.8 on Linux leverages ZENworks® Linux Management to provide easy upgrade distribution and deployment. For more information, refer to ZENworks Linux Management (http://
www.novell.com/products/zenworks/linuxmanagement/index.html).

2.2.1 Easy Deployments

With eDirectory 8.8, you can install eDirectory on a host that has the ZENworks Linux Management server installed and then roll it out to the other servers that have installed ZENworks Linux Management clients.
16 Novell eDirectory 8.8 What's New Guide
Figure 2-1 eDirectory Distribution through RedCarpet
novdocx (en) 22 June 2009

2.3 Installing and Configuring eDirectory Through YaST

On SLES 9.1 or otherwise known as Open Enterprise Server (OES), you can install and configure eDirectory 8.8 through YaST.
For more information on installing and configuring eDirectory through YaST, refer to the Novell
eDirectory 8.8 Installation Guide (http://www.novell.com/documentation/edir88/edirin88/data/ a79kg0w.html#bv1lxl8).

2.4 Installing eDirectory 8.8 in a Custom Location

eDirectory 8.8 gives you the flexibility to install the application, data, and configuration files in a location of your choice.
One of the scenarios for installing eDirectory 8.8 in a custom location is when you already have an earlier version of eDirectory installed on your host and you want to test eDirectory 8.8 before upgrading to it. This way, you can have your existing eDirectory setup undisturbed and also test this new version. You can then decide whether you want to retain your existing version or want to upgrade to eDirectory 8.8.
NOTE: SLP and the SNMP subagent are installed in the default locations.
This section explains how to install the various files in a custom location:
Section 2.4.1, “Specifying a Custom Location for Application Files,” on page 18
Install and Upgrade Enhancements 17
Section 2.4.2, “Specifying a Custom Location for Data Files,” on page 18
Section 2.4.3, “Specifying a Custom Location for Configuration Files,” on page 19

2.4.1 Specifying a Custom Location for Application Files

While installing eDirectory, you can install your application files in a location of your choice.
Linux and UNIX
To install eDirectory 8.8 in a custom location, you can use the Tarball installation file and untar eDirectory 8.8 in a location of your choice.
NetWare
You cannot specify a custom location for the application files on NetWare.
Windows
You were able to specify a custom location for the application files during the installation Wizard even prior to eDirectory 8.8.
novdocx (en) 22 June 2009

2.4.2 Specifying a Custom Location for Data Files

While configuring eDirectory, you can save the data files in a location of your choice. The data files include the
data, dib
Linux and UNIX
To configure the data files in a custom location, you can use either the -d or -D option of the ndsconfig utility.
Option Description
-d custom_location Creates the
-D custom_location Creates the
NetWare
You cannot select a custom DIB path while upgrading eDirectory. On NetWare, eDirectory installation is always an upgrade. Therefore, you cannot choose a custom DIB path on NetWare.
, and
log
directories.
DIB
(the eDirectory database) directory in the path mentioned.
NOTE: This option was present prior to eDirectory 8.8 also.
data
(contains data such as the pids and socket IDs),
log
directories in the path mentioned.
dib
, and
Windows
On Windows you would be prompted to enter the DIB path during the installation. Enter a path of your choice.
18 Novell eDirectory 8.8 What's New Guide

2.4.3 Specifying a Custom Location for Configuration Files

While configuring eDirectory, you can select the path where you want to save your configuration files.
Linux and UNIX
To configure the nds.conf configuration file to a different location, use the --config-file option of the ndsconfig utility.
novdocx (en) 22 June 2009
To install the other configuration files (such as different location, do the following:
1 Copy all the configuration files to the new location.
2 Set the new location by entering the following:
ndsconfig set n4u.nds.configdir custom_location
NetWare and Windows
You cannot specify a custom location for the configuration files on NetWare and Windows.
modules.conf, ndsimon.conf
, and
ice.conf
) to a

2.5 Nonroot Install

eDirectory 8.8 and up supports installation and configuration of eDirectory servers by a nonroot user. Earlier versions of eDirectory could be installed and configured only by a root user with only a single instance of eDirectory running on a host.
With eDirectory 8.8 or higher, any nonroot user can use a tarball build to install eDirectory. There can be multiple instances of eDirectory binary installs by the same or different users. However, even for non-root user installs, the system-level services such as NICI, SNMP and SLP can be installed only with the root privileges (NICI is a mandatory component, and SNMP and SLP are optional components for eDirectory functionality). Also, with a package install, only a single instance can be installed by the root user.
After the install, a nonroot user can configure eDirectory server instances using his or her individual tarball installation, or by using a binary installation. This means that there can be multiple instances of eDirectory servers running on a single host because any user, either root or non-root, can configure different eDirectory server instances on a single host by using either a package or tarball install. For more details on the Multiple Instances feature, refer to Multiple Instances and Upgrading
Multiple Instances (http://www.novell.com/documentation/edir88/edirin88/data/af7r5d7.html).
Nonroot installation and configuration is applicable to Linux and UNIX platforms only. For more information on nonroot installation and configuration, refer to Nonroot User Installing eDirectory
8.8 (http://www.novell.com/documentation/edir88/edirin88/data/ai3a2wy.html).

2.6 Standards Compliance

eDirectory 8.8 is compliant with the following standards:
Section 2.6.1, “FHS Compliance,” on page 20
Section 2.6.2, “LSB Compliance,” on page 21
Install and Upgrade Enhancements 19

2.6.1 FHS Compliance

To avoid file conflicts with other product application files, eDirectory 8.8 follows the Filesystem Hierarchy Standard (FHS). This feature is available only on Linux and UNIX.
eDirectory follows this directory structure only if you have chosen to install it in the default location. If you have chosen a custom location, the directory structure would be custom_location/ default_path.
novdocx (en) 22 June 2009
For example, if you choose to install in the followed in the
novell/man
directory.
eDir88
directory, like the man pages would be installed in the
eDir88
directory, the same directory structure would be
/eDir88/opt/
The following table lists the change in the directory structure:
Types of Files Stored in the Directory Directory Name and Path
Executable binaries and static shell scripts
Executable binaries for root use
Static or dynamic library binaries
Configuration files
Read/Write, run-time dynamic data like the DIB
Log files
Linux and UNIX man pages
/opt/novell/eDirectory/bin
/opt/novell/eDirectory/sbin
/opt/novell/eDirectory/lib
/etc/opt/novell/eDirectory/conf
/var/opt/novell/eDirectory/data
/var/opt/novell/eDirectory/log
/opt/novell/man
Export Environmental Variables
With the FHS implementation in eDirectory 8.8, you need to update the path environmental variables and export them. This creates the following problems:
You need to remember all the paths exported, so that whenever you open a shell, you need to
export these paths and start using the utilities.
When you want to use more than one set of binary, you have to open more than one shell or
have to unset and set the paths to the different set of binaries frequently.
To resolve the above issue, you can use the follows:
Prefix the ndspath script to the utility and run the utility you want as follows:
custom_location/opt/novell/eDirectory/bin/ndspath utility_name_with_parameters
Export the paths in the current shell as follows:
. custom_location/opt/novell/eDirectory/bin/ndspath
After entering the above command, run the utilities as you would normally do. Call the script in
your profile, bashrc, or similar scripts. Therefore, whenever you log in or open a new shell, you can start using the utilities directly.
20 Novell eDirectory 8.8 What's New Guide
/opt/novell/eDirectory/bin/ndspath
script as

2.6.2 LSB Compliance

eDirectory 8.8 is now Linux Standard Base (LSB) compliant. LSB also recommends FHS compliance. All the eDirectory packages in Linux are prefixed with novell. For example,
novell-NDSserv
now
.
NDSserv
is

2.7 Server Health Checks

eDirectory 8.8 introduces server health checks that help you determine whether your server health is safe before upgrading.
The server health checks run by default with every upgrade and occur before the actual package upgrade. However, you can also run the diagnostic tool ndscheck (or dscheck on NetWare) to do the health checks.

2.7.1 Need for Health Checks

In earlier releases of eDirectory, the upgrade did not check the health of the server before proceeding with the upgrade. If the heath was unstable, the upgrade operation would fail and eDirectory would be in an inconsistent state. In some cases, you probably could not roll back to the pre-upgrade settings.
novdocx (en) 22 June 2009
This new health check tool resolves this, letting you to ensure that your server is ready to upgrade.

2.7.2 What Makes a Server Healthy?

The server health check utility performs certain health checks to ensure that the tree is healthy. The tree is declared healthy when all these health checks are completed successfully.

2.7.3 Performing Health Checks

You can perform server health checks in two ways:
“With the Upgrade” on page 21
“As a Standalone Utility” on page 22
NOTE: You need administrative rights to run the health check utility. The minimal right that can be set to run the utility is the Public right. However, with the Public right some of the NCP objects and partition information are not available.
With the Upgrade
The health checks are run by default every time you upgrade eDirectory.
Linux and UNIX
Every time you upgrade, the health checks are run by default before the actual upgrade operation starts.
To skip the default health checks, you can use the -j option with the nds-install utility.
Install and Upgrade Enhancements 21
NetWare and Windows
The server health checks happen as part of the installation wizard. You can enable or disable the health checks when prompted to do so.
As a Standalone Utility
You can run the server health checks as a standalone utility any time you want. The following table explains the health check utilities.
Table 2-1 Health Check Utilities
Platform Utility Name
Linux and UNIX ndscheck
Syntax:
ndscheck -h hostname:port -a admin_FDN -F logfile_path --config-file configuration_file_name_and_path
novdocx (en) 22 June 2009
NOTE: You can specify either -h or --config-file and not both of them.
NetWare dscheck
Windows ndscheck

2.7.4 Types of Health Checks

When you upgrade or run the ndscheck utility, the following types of health checks are done:
Basic Server Health
Partitions and Replica Health
If you run the ndscheck utility, the results from the health checks are displayed on the screen and logged in to
ndscheck.log
to Section 2.7.6, “Log Files,” on page 25.
If the health checks are done as part of the upgrade, then after the health checks, based on the criticality of the error, either you are prompted to continue the upgrade process or the process is aborted. The details of the errors are described in Section 2.7.5, “Categorization of Health,” on
page 23.
Basic Server Health
(or
dscheck.log
on NetWare). For more information on log files, refer
This is the first stage of the health check.The health check utility checks for the following:
1. The eDirectory service is up. The DIB is open and able to read some basic tree information such as the tree name.
2. The server is listening on the respective port numbers.
22 Novell eDirectory 8.8 What's New Guide
For LDAP, it gets the TCP and the SSL port numbers and checks if the server is listening on these ports.
Similarly, it gets the HTTP and HTTP secure port numbers and checks if the server is listening on these ports.
Partitions and Replica Health
After checking the basic server health, the next step is to check the partitions and replica health as follows:
1. Checks the health of the replicas of the locally held partitions.
2. Reads the replica ring of each and every partition held by the server and checks whether all servers in the replica ring are up and all the replicas are in the ON state.
3. Checks the time synchronization of all the servers in the replica ring. This shows the time difference between the servers.

2.7.5 Categorization of Health

novdocx (en) 22 June 2009
Based on the errors found while checking the health of a server, there can be the three categories of health. The status of the health checks is logged in to a logfile. For more information, refer to
Section 2.7.6, “Log Files,” on page 25.
The three categories of health Normal, War ni ng , and Critical.
Normal
The server health is normal when all the health checks were successful.
The upgrade proceeds without interruption.
Warning
The server health is in the warning category when minor errors are found while checking the health.
If the health check is run as part of the upgrade, you are prompted to either abort or continue.
Warnings normally occur in the following scenarios:
1. Server not listening on LDAP and HTTP ports, either normal or secure or both.
2. Unable to contact any of the nonmaster servers in the replica ring.
3. Servers in the replica ring are not in sync.
For more information, see the following figure.
Install and Upgrade Enhancements 23
Figure 2-2 Health Check with a Warning
novdocx (en) 22 June 2009
Critical
The server health is critical when critical errors were found while checking the health.
If the health check is run as part of the upgrade, the upgrade operation is aborted.
The critical state normally occurs in the following cases:
1. Unable to read or open the DIB. The DIB might be locked or corrupt.
2. Unable to contact all the servers in the replica ring.
3. Locally held partitions are busy.
4. Replica is not in the ON state.
For more information, see the following figure.
24 Novell eDirectory 8.8 What's New Guide
Figure 2-3 Health Check with a Critical Error
novdocx (en) 22 June 2009

2.7.6 Log Files

Every server health check operation, whether it is run with the upgrade or as a standalone utility, maintains the status of the health in a log file.
The content of the log file is similar to the messages displayed on the screen when the checks are happening. For example, see Figure 2-2 and Figure 2-3 above.
The health check log file contains the following:
Status of the health checks (normal, warning, or critical).
URLs to the Novell support site.
The following table gives you the locations for the log file on the various platforms:
Install and Upgrade Enhancements 25
Table 2-2 Health Check Logfile Locations
Platform Logfile Name Logfile Location
novdocx (en) 22 June 2009
Linux and UNIX
NetWare
Windows
ndscheck.log
dscheck.log sys:\system
ndscheck.log install_directory
Depends on the location you specified with the ndscheck -F utility.
If you did not use the -F option, the location of the
ndscheck.log
other options you used at the ndscheck command line as follows:
1. If you used the -h option, the ndscheck.log file is saved in the user’s home directory.
2. If you used the --config-file option, the ndscheck.log file is saved in the server instance’s log directory. You can also select an instance from the multiple instances list.
file is determined by the

2.8 SecretStore Integration with eDirectory

eDirectory 8.8 gives you an option to configure Novell SecretStore® 3.4 during eDirectory configuration. Prior to eDirectory 8.8, you had to manually install SecretStore.
SecretStore is a simple and secure password management solution. It enables you to use a single authentication to eDirectory to access most UNIX, Windows, Web, and mainframe applications.
After you've authenticated to eDirectory, SecretStore-enabled applications store and retrieve the appropriate login credentials. When you use SecretStore, you eliminate the need to remember or synchronize all the multiple passwords required for accessing password-protected applications, Web sites, and mainframes.
To configure SecretStore 3.4 along with eDirectory, you can do the following:
Linux and UNIX:
Use the
ndsconfig add -m ss
parameter. Here, ss denotes SecretStore and is an optional parameter. If you do not mention the module name, all the modules are installed. If you do not want to configure Novell SecretStore, you can pass the
.
no_ss
no_ss
value to this option; that is
-m
NetWare and Windows:
While installing eDirectory, there is an option to specify whether to configure the SecretStore module. By default, this option is selected.
For more information on the SecretStore usage, refer to the Novell SecretStore Administration Guide
(http://www.novell.com/documentation/secretstore33/index.html).
26 Novell eDirectory 8.8 What's New Guide

2.9 Unattended Upgrade to eDirectory 8.8 SP5 on Netware

Novell® ZENworks® Server Management provides the Server Software Packages component for managing files and applications on your network. Using software packages, you can automate the installation and upgrading of software on your servers. Software management is done by creating Server Software Packages and distributing them using Tiered Electronic Distribution. You can configure Server Software Packages so that a server must meet certain minimum requirements before a package is installed on it.
The automated upgrade for eDirectory on Netware for ZFS environment is delivered as SPK along with the source. SPK has to be inserted into the ConsoleOne “Server Software Packages” snap-in for customizing into local environments. Once the Server Software Package ConsoleOne snap-in is installed, you can insert this SPK in the ConsoleOne.
The compiled CPK is not provided since the user is expected to provide values for the variables containing administrator credentials. This SPK needs to be compiled to a CPK in the customer site after providing values to these variables.
For more information on this utility, refer to the “Unattended Upgrade to eDirectory 8.8 SP5 on
Netware” in the eDirectory 8.8 Installation Guide.
novdocx (en) 22 June 2009

2.10 eDirectory Instrumentation Installation

Earlier eDirectory Instrumentation was a part of Novell Audit. From eDirectory 8.8 SP3 version onwards, eDirectory Instrumentation must be installed separately.
For detailed information on installing, configuring, and uninstalling eDirectory Instrumentation refer to the eDirectory Instrumentation section of the Novell eDirectory 8.8 Installation Guide (http:/
/www.novell.com/documentation/edir88/edirin88/data/a2iii88.html) .

2.11 For More Information

Refer to the following for more information on any of the features discussed in this chapter:
Novell eDirectory 8.8 Installation Guide (http://www.novell.com/documentation/edir88/
edirin88/data/a2iii88.html)
Novell eDirectory 8.8 Administration Guide (http://www.novell.com/documentation/edir88/
edir88/data/fbadjaeh.html#fbadjaeh)
On Linux and UNIX:
nds-install, ndsconfig
, and
ndscheck
man pages
Install and Upgrade Enhancements 27
Loading...
+ 63 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use