Upload
isabel-horton
View
224
Download
1
Tags:
Embed Size (px)
Citation preview
www.novell.com
Tips and Tricks for Using Novell eDirectory™ Utilities
Tips and Tricks for Using Novell eDirectory™ Utilities
Roger G. HarrisonManager, Software EngineeringNovell, [email protected]
Pat FelstedSenior Software EngineerNovell, [email protected]
Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries
MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
Deployed Versions Novell eDirectory™ and Novell Directory Services® (NDS)
Product Version Build Version
Platforms
NetWare 5.1 SP4 (NDS 7) DS.nlm v7.57 NetWare 5.1
NetWare 5.1 SP 4 (NDS 8) DS.nlm v8.79 NetWare 5.1
eDirectory 8 DS.nlm & DS.dlm v8.79
NetWare 5.0,Win NT/2K
eDirectory 8.5.x DS v85.23 NetWare 5.x,Win,Solaris
NetWare 6 (eDirectory 8.6) DS.nlm v10110.20 NetWare 6
eDirectory 8.6.1 DS v10210.43 NW 5.1,NW 6,Win,Solaris,Linux
NetWare 6 SP1 (eDirectory 8.6.2)
DS.nlm v10310.17 NetWare 6
eDirectory 8.6.2 DS v103xx.xx NW 5.1,NW 6,Win,Solaris,Linux
eDirectory 8.7 DS v10410.xx NW 5.1,NW 6,Win,Solaris,Linux,AIX
Differences Between eDirectory and NDS®
NetWare 6
NetWare
NDS eDirectory
NOS directory focused on managing NetWare® servers
A cross-platform, scalable, standards-based directory
used for managing identities that span all aspects of the network—eDirectory
is the foundation for eBusiness
NetWare 5
Novell eDirectory™ Utilities
• DSRepair• DSBrowse• DSMerge• Backup/Restore• NDSCons
• LDAP snap-in• Index manager snap-in• Novell Import Convert Export (ICE) utility• NDS iMonitor• Novell iManager
DSRepair
• Purpose DSRepair is a tool that provides low-level
integrity checking and maintenance capabilities to address a wide range of problems that may arise in eDirectory
These problems may be originated by• Users• Third-party products• DIB (Data Information Base)
inconsistencies• Hardware failure
• Save yourself grief—use DSRepair appropriately Remember that most DSRepair options are used to
fix problems with the eDirectory DIB, not to perform routine management or maintenance operations• It’s not uncommon for Novell support to have to clean up
problems made far worse by misuse of DSRepair Good Rule: Don’t use an advanced (-a or –x switch)
DSRepair option unless you• Understand what it does• Know the ramifications of using it• Are sure you’re doing it at the right time• Are sure you’re doing it for the right reason
DSRepair:General Tips and Tricks
• DSRepair has options that are similar to those found in regular management utilities but should be used only as a last resort
Some of these options are destructive (by necessity)• Example—removal of a replica from a server should be
done via ConsoleOne® or iManager– DSRepair allows you to forcibly remove a replica, but this
is not the same thing
DSRepair:General Tips and Tricks (cont.)
• Many DSRepair features are integrated into iMonitor
Paradigm: fix the problem when you see it
• Repair while database is live eDirectory 8 and later
DSRepair:General Tips and Tricks (cont.)
• Partition operations are not allowed while repairing
• Disabling index and structure check will cause the rebuilding of the entire database with database locked
• Deselect all options to do ONLY schema check
DSRepair can use temp files with this option
DSRepair:General Tips and Tricks (cont.)
DSRepair:General Tips and Tricks (cont.)
• Repairing network address only works if SAP or SLP are properly configured
• Single object repair may be used on a known entry that is causing a problem
Tip: this is really easy to do via iMonitor
• Launch dsrepair -af to allow copying of stream files if temporary files is selected
DSRepair:General Tips and Tricks (cont.)
• DSRepair only allows the creation of a DIB archive
You can’t reload or restore it This is for troubleshooting use by Novell support
and engineering personnel
DSRepair:NetWare Tips and Tricks
• DSRepair checks volume objects for Novell Storage Solutions™ (NSS) and native NetWare but only checks trustees on native NetWare volumes
DSRepair:Windows Tips and Tricks
• Single object repair can only be run from the command line or iMonitor
command line: -so <8-digit entry_id> eDirectory 8.5 and later
DSBrowse
• Purpose Browse through the DIT (Directory
Information Tree) Search for entries that meet
specified criteria Troubleshoot problems in the
schema, partition, replicas or per object
Force resend of objects from one server to another
DSBrowse:Features
• Object browse Hierarchy Object information
• Attribute browse Attribute lists Attribute Information Values
• Schema browse Class and attribute definitions
• Partition browse• Object search
DSBrowse:General Tips and Tricks
• Use iMonitor iMonitor gives you web-based access to virtually all
of the functionality of DSBrowse (and lots more)
• Search Tips The entry flags are AND’ed together The entry creation and value modification time stamps
are used in comparisons The class field specifies the base class of the searched
objects Attribute flags are AND’ed together Attribute flags may appear on any value The value time stamp query is applied to any value
DSBrowse:Windows Tips and Tricks
• Right click on items in the DIB tree browser view to see what actions you can do on them
DSMerge
• Purpose Allows you to merge (combine) two separate
NDS trees into a single tree
DSMerge:Features
• Two styles of Merge Merge
• Combines trees at the root– Merge feature allows you to merge two trees regardless
of number of servers in each tree
Graft• Grafts the root of one tree as a “branch” of the other
– Graft feature requires that the source tree have onlyone server in it
– Supported in eDirectory 8.5 and later
DSMerge:General Tips and Tricks
• DSMerge is in eDirectory 8.5 (build 85.xx) The DSMerge utility runs on the “source” tree
and merges it into a “target” tree Supports eDirectory builds 7.xx and 8.51 or
later as target Supports source trees (will run on) eDirectory
builds 8.35 or later
DSMerge:General Tips and Tricks
• Check time synchronization before merging Both trees should have the same time source
before the merge because they’re going to be in the same tree after the merge
• You need to handle security objects properly See TID 10053573 for details
DSMerge:General Tips and Tricks
• The schema on both trees must match before you attempt a merge
Use Import Remote Schema in DSRepair to synchronize the schema from one tree to another• You need to do it at least once on each tree• It reports whether schema matches when it completes
You can check for a schema match between two trees without actually doing an import of the schema by starting a merge operation and only going to the point where the schema pre-check results are reported
DSMerge:UNIX Tips and Tricks
• Use “rdate” or “ntpdate” UNIX commands on the “master” source and target tree servers to synchronize times
• Run “ndsmerge -t” and “ndsmerge -c” on the server with the master replica of [Root]
These options check for problems that might cause the merge to fail, list the servers in the tree, and display their synchronization status
DSMerge:UNIX Tips and Tricks
• Command line ndsmerge -m target-tree target-admin source-
admin[target_container]• target-tree
– Name of the target tree• target-admin
– DN of the user with administration rights to the target tree• source-admin
– DN of the user with administration rights to the source tree• target-container
– Name with full context of the container object on the target tree to which the tree object of the source tree has to be combined
– If you specify a value to this parameter, you’re doing a graft operation, and the source tree must have a single server
Backup/Restore
• Purpose Provides a method for backing up and restoring
eDirectory Enables you to recover accidentally deleted
objects Provides a way to recover data after a disaster
Backup/Restore:Features
• New! Hot Continuous Backup in eDirectory 8.7 Highly-scalable—handles trees with millions of entries Highly-available—works on live eDirectory server DIB oriented TSANDS is also supported in eDirectory 8.7
• TSANDS Architecture Customizable to backup only specific kinds of objects Restores selected objects Provides a standard TSA architecture for all platforms
TSANDS-Based Backup/Restore:General Tips and Tricks
• Use multiple servers to backup different sections of the tree to improve performance
• Run backups on a server with a local copy of the data to improve performance
• Third-party support ARCServe BackupExec Tivoli Others
NDSCons
• Purpose Manages the eDirectory modules
on the Windows platforms
NDSCons:Features
• Start and stop services• Set startup modes (automatic/manual)• Hide and show services• Specify command line parameters for
services• Display transport information• DHost configuration file access• License information display in About box
Index Manager Snap-in
• Purpose Create and manage indexes used by the
eDirectory database to maximize performance
Index Manager Snap-in:Features
• Supports three types of indexes Value
• Matches the entire value of the indexed attribute Presence
• Tests to see if the indexed attribute has at least one value
Substring (string syntaxes only)• Matches a subset of the value of the string stored in
the attribute value– This is the most expensive index type– It is also very useful in the real world
» Example—you want to efficiently search for all users whose names begin with “Sam”
Index Manager Snap-in:Tips and Tricks (cont.)
• Don’t overuse indexes Remember that indexes speed search
performance (assuming they’re no attributes involved in the search), but they slow update performance
• You can’t delete operational (system defined) indexes
They’re required for eDirectory to function
Index Manager Snap-in:Tips and Tricks (cont.)
• Access via Indexes tab on the NCP Server properties page in ConsoleOne®
Also via ndsindex utility on Solaris and Linux systems
• Temporarily suspend user-defined indexes to improve update performance—during a bulk import, for instance
Indexes will get updated when you bring them back on line
• You can copy an index on one server to another server Select the index you want to copy Click on Other Servers… Select the server where you want the new index Click Create Index
LDAP Snap-in
• Purpose Manages and configures the eDirectory LDAP
server(s) in your tree
LDAP Snap-in:Features
• Configure LDAP via two objects LDAP Server
• Configures searching, timeouts, TCP ports, security, debug tracing, and filter replica settings
• Allows you to manually refresh the LDAP server LDAP Group
• Configures referral policies, clear text passwords, proxy information, class and attribute mappings, and a list of LDAP servers in a group
LDAP Snap-in:Tips and Tricks
• The LDAP group allows you to configure group parameters for all the servers in the same LDAP group at once
• An LDAP server can only belong to one LDAP group
If you add it to another group, it will be automatically deleted out of the previous one
• Disable TCP port forces all connections to use SSL• Allow clear text passwords allows non-SSL
connections to be established to the server
Import Convert Export (ICE)
• Purpose Imports data into the directory Exports data from the directory Automatically converts data
during operation by applying DirXML™ rules
Import Convert Export:Features
• LDIF file import and export• Delimited data file import and export• .SCH file import (eDirectory 8.7)• Data migration between LDAP directories• Test bed data generation• On-the-fly DirXML rules processing• Flexible
Combine handlers in various ways to do interesting and useful things
Import Convert Export:Features
• Remote access Based on client/server architecture
• Standards-based Works with any LDAP server
• Fast Uses the LDAP Bulk Update/Replication Protocol
(LBURP) protocol when available Up to ten times faster than synchronous LDAP
operations
Import Convert Export:Availability
• Ships with eDirectory 8.5 and later Command line ConsoleOne Snap-in wizard
• Wizards, NDS Import Export…
• Command line version is included in LDAP Libraries for C SDK
Great way to update schema using LDIF files as part of your LDAP application install
Import Convert Export:Architecture
ICE Engine
Source Handler Destination Handler
ICE Engine
Source Handler Destination Handler
Import Convert Export:LDIF Import
ICE Engine
LDIF FileSource Handler
LDAP ServerDestination Handler
Import Convert Export:LDIF Export
ICE Engine
LDAP ServerSource Handler
LDIF FileDestination Handler
Import Convert Export:Server-to-Server Data Migration
ICE Engine
LDAP ServerSource Handler
LDAP ServerDestination Handler
Import Convert Export Tip #1:Get Connected
• Make sure allow clear text passwords is set on the LDAP Server Object if you want to connect with a clear text password
This is our #1 most frequently issue
• If you do not want to use clear text passwords you need to export a .DER file from the security object and specify this
• The default port for SSL is 636
Import Convert Export Tip #1:Get Connected
• Install NICI on your workstation to enable SSL connections
Windows• Use NICI install from www.novell.com
Solaris, Linux, Tru64 (initializing as a non-root user)• Copy the NICI WKS file from /var/nici/0/xmgrcfg.wks to
a location where you have write access• Enter the path in the NICI_VARDIR variable to point to
the directory in which you have placed the/nici/0/XMGRCFG.WKS file
Import Convert Export Tip #2:Control the Amount of Data You Export
• Set search entry and search time limits on exports
You may need to set the server limits to solve problems with not getting all the data you expect on an export• 0 (zero) = unlimited
Don’t forget that these limits can be controlled at both the client (ICE utility) and server
You can use the client limits to limit the amount of data you get for testing purposes
Import Convert Export Tip #3:ICE Works with Any LDAP Server
• You can use the ICE utility to import to or export from any LDAP server regardless of vendor
Import Convert Export Tip #4:Improve Your Import Speeds
•Make sure LDAP server has LBURP extensionfor improved performance
Automatically enabled when available Automatically disabled when unavailable eDirectory 8.5 and later
• Import directly to a server with a writeable replica for all entries involved in the import
This greatly reduces network overhead
Import Convert Export Tip #4:Improve Your Import Speeds
• Temporarily reconfigure the database cache See eDirectory 8.6 Administration Guide
Chapter 13
• Temporarily suspend indexes• Use simple passwords
Server• Requires Novell Modular Authentication Services
(NMAS™) (starter pack is okay) Access is seamless for LDAP clients Novell clients must support NMAS
Import Convert Export Tip #4:Improve Your Import Speeds
• Change the LBURP transaction size (Unix only) “N4U.LDAP.LBURP.TRANSIZE” parameter in
/etc/NDS.CONF Range from 1 to 10,000 (default 25) Generally, higher values are better unless
• The server is running low on memory and the transaction size ends up causing the server to swap to disk
• One or more of the updates in the transaction fail(then they’re done one at a time)– Adding an entry that already exists– Adding an entry and its parent in the same transaction– Any modification that violates protocol or schema rules
Import Convert Export Tip #5:Tricks for Debugging LDIF Files
• Use the latest version Vastly improved error detection and feedback
• Check the syntax of your LDIF file -n option for the LDIF source handler “Display operations but do not perform” option on the LDIF
source handler advanced options dialog
• Use the error log file to get records that have errors• Use the range option to retry records you have fixed
without re-processing the entire file• A fairly common tricky syntax error is stray white
space on a record separator line Error message
“Operation failed: 65(Object class violation), dn:”
Traditional Error Detection
ICE EngineAdd record
17 (undefined attribute type)? LDAP Directory
LDIF File
X
Traditional Error Detection
dn: cn=XMAN000005, ou=Solar System, o=Universechangetype: addgivenname: XMAN-5sn: Universe-5fullname: XMAN-5 Universe-5objectclass: inetorgpersontelephonenumber: 1-800-0000005telephonenumber: 1-801-0000005telephonenumber: 1-900-0000005title: Title-5description: This is the test description of this record.facsimileTelephoneNumber: +1 801 123 4567cn: OtherName3-000005initials: NA...mail: [email protected]: 5 South 5 East $ Salt Lake City, Utah $ USA $ Solar SystempostalCode: 99999postOfficeBox: 99999-0005street: 5 South 5 Eastl: Salt Lake Cityst: UtahphysicalDeliveryOfficeName: Solar System Defense Organizationgroupmembership: cn=We Are the World, ou=Solar System, o=Universeuid: 5
Enhanced Error Detection with Schema Cache
Directory
ICE Engine
ICE Schema Cache
Validate Record
Error: postalCode attribute is not defined
schema
LDIF File
Import Convert Export Tip #6:Enable Forward References
• Forward references are placeholder entries created when an entry referenced by another entry doesn’t already exist
• Makes it possible to import LDIF files where the entries have circular references or are not inparent-child order
o=Acme Corp.
cn=Bob cn=Susan
cn=Jim
cn=Peter,ou=Sales,o=Acme Corp.
ou=Marketing
Typical Creation of an Object
o=Acme Corp.
cn=Bob cn=Susan
cn=Jim
cn=Peter,ou=Sales,o=Acme Corp.
ou=Marketing ou=Sales
Typical Creation of an Object
1. Create ou=Sales
o=Acme Corp.
cn=Bob cn=Susan
cn=Jim
cn=Peter,ou=Sales,o=Acme Corp.
ou=Marketing ou=Sales
cn=Peter
Typical Creation of an Object
2. Create cn=Peter
LDIF File to Add Peter
version: 1
dn: ou=Sales,o=Acme Corp.
changetype: add
objectClass: organizationalUnit
dn: cn=Peter,ou=Sales,o=Acme Corp.
changetype: add
sn: Michaels
givenname: Peter
objectClass: inetOrgPerson
telephonenumber: +1 415 555 0001
mail: [email protected]
userpassword: Peter123
LDIF File in Wrong Order
version: 1
dn: cn=Peter,ou=Sales,o=Acme Corp.
changetype: add
sn: Michaels
givenname: Peter
objectClass: inetOrgPerson
telephonenumber: +1 415 555 0001
mail: [email protected]
userpassword: Peter123
dn: ou=Sales,o=Acme Corp.
changetype: add
objectClass: organizationalUnit
o=Acme Corp.
cn=Bob cn=Susan
cn=Jim
ou=Marketing
Forward References:LDIF File in Wrong Order
o=Acme Corp.
cn=Bob cn=Susan
cn=Jim
ou=Marketing
cn=Peter
1. Create cn=Peter,ou=Sales
Forward References:LDIF File in Wrong Order
o=Acme Corp.
cn=Bob cn=Susan
cn=Jim
ou=Marketing Sales
cn=Peter
A forward reference for Sales is automatically created
Forward References:LDIF File in Wrong Order
o=Acme Corp.
cn=Bob cn=Susan
cn=Jim
ou=Marketing Sales
cn=Peter
eDirectory finishes creating cn=Peter
Forward References:LDIF File in Wrong Order
o=Acme Corp.
cn=Bob cn=Susan
cn=Jim
ou=Marketing Sales
cn=Peter
2. Create forward reference for Sales
4. Attempt to create ou=Sales
2. Create ou=Sales
Forward References:LDIF File in Wrong Order
Salesou=Sales
o=Acme Corp.
cn=Bob cn=Susan
cn=Jim
ou=Marketing
cn=Peter
Sales forward reference is automatically morphed into ou=Sales
Forward References:LDIF File in Wrong Order
o=Acme Corp.
member: cn=Susan,ou=Sales,o=Acme Corp.
Circular Group Membership
cn=Admins
ou=Engineering
cn=Bob cn=SusangroupMembership:
cn=Admins,o=Acme Corp.
LDIF File with Circular Reference
version: 1
dn: cn=Admins,o=Acme Corp.
changetype: add
objectClass: groupOfNames
member: cn=Susan,o=Acme Corp.
dn: cn=Susan,ou=Engineering,o=Acme Corp.
changetype: add
sn: Moss
givenname: Susan
objectClass: inetOrgPerson
telephonenumber: +1 415 555 0002
mail: [email protected]
userpassword: Susan123
groupMembership: cn=Admins,o=Acme Corp.
o=Acme Corp.
Typical Creation of Circular Group Membership
cn=Admins
ou=Engineering
cn=Bob
1. Create group cn=Admins
o=Acme Corp.
cn=Admins
ou=Engineering
cn=Bob cn=SusangroupMembership: cn=Admins,o=Acme Corp.
Typical Creation of Circular Group Membership
2. Create user cn=Susan with groupMembership in cn=Admins
o=Acme Corp.
member: cn=Susan,ou=Sales,o=Acme Corp.
cn=Admins
ou=Engineering
cn=Bob cn=SusangroupMembership: cn=Admins,o=Acme Corp.
Typical Creation of Circular Group Membership
3. Add cn=Susan as member of cn=Admins
LDIF File with Circular Reference
version: 1
dn: cn=Admins,o=Acme Corp.
changetype: add
objectClass: groupOfNames
member: cn=Susan,o=Acme Corp.
dn: cn=Susan,ou=Engineering,o=Acme Corp.
changetype: add
sn: Moss
givenname: Susan
objectClass: inetOrgPerson
telephonenumber: +1 415 555 0002
mail: [email protected]
userpassword: Susan123
groupMembership: cn=Admins,o=Acme Corp.
Breaking the Circular Reference
version: 1dn: cn=Admins,o=Acme Corp.changetype: addobjectClass: groupOfNames
dn: cn=Susan,ou=Engineering,o=Acme Corp.changetype: addsn: Mossgivenname: SusanobjectClass: inetOrgPersontelephonenumber: +1 415 555 0002mail: [email protected]: Susan123groupMembership: cn=Admins,o=Acme Corp.
dn: cn=Admins,o=Acme Corp.changetype: modifyadd: membermember: cn=Susan,o=Acme Corp.-
o=Acme Corp.
Forward References:Circular Group Membership
member: cn=Susan,ou=Sales,o=Acme Corp.
cn=Admins
ou=Engineering
cn=Bob
1. Create group cn=Admins with cn=Susan as a member
o=Acme Corp.
member: cn=Susan,ou=Sales,o=Acme Corp.
Forward References:Circular Group Membership
cn=Admins
ou=Engineering
cn=Bob cn=Susan
cn=Susan is automatically created as a forward reference
o=Acme Corp.
member: cn=Susan,ou=Sales,o=Acme Corp.
Forward References:Circular Group Membership
cn=Admins
ou=Engineering
cn=Bob cn=Susan
2. Create cn=Susan with groupMembership in cn=Admins
cn=Susan
cn=SusangroupMembership: cn=Admins,o=Acme Corp.
o=Acme Corp.
member: cn=Susan,ou=Sales,o=Acme Corp.
Forward References:Circular Group Membership
cn=Admins
ou=Engineering
cn=Bob
cn=Susan is automatically morphed into a real User object
Import Convert Export Tip #7:Make it Easy to Use ICE
• Add the location of ICE to your path and you can run it from anywhere
Import Convert Export Tip #8 :Use Standard I/O Redirection
• The LDIF handler supports stdin/stdout (UNIX only)
Import Convert Export Tip #9:Use ICE to Make Schema Changes
• Allows schema export to LDIF
• Supports schema modifications via LDIF
• Supports .SCH import (eDirectory 8.7)
Import Convert Export Tip #10:Use the Delimited Data Handler
• You can import data from delimited text files using the Delimited Data Handler
Handler identifier is DELIM CSV, tab-separated data, etc. Currently only available from the command line
Import Convert Export Tip #11:Use the DirLoad Handler
• You can create tons of fake test data with just a little work using the DirLoad handler
Handler identifier is LOAD Uses template files to create data Makes it much easier to generate data that models the
real world• Often test data does unrealistic things, e.g., all users are
named User0001, User0002, etc. which messes up the effectiveness of indexes (and the validity of your test results)
Good way to generate test data for application development or lab deployments
Currently only available from the command line
Import Convert Export Tip #12:Use the Import Convert Export Wizard
• ConsoleOne snap-in wizard for common tasks like importing, exporting, and migrating that lead you step by step
• Supported features provides functionality identical to the command line utility
• Saves server information across sessions so you don’t have to re-enter it
Import Convert Export Tip #12:Use the Import Convert Export Wizard
• Access via NDS Import Export Wizard on the ConsoleOne wizards menu
• The advanced buttons on each dialog expose less-frequently-used and advanced features
• Use the restart button at the end if you have a problem and all of your previous settings except passwords will be retained
Import Convert Export Tip #13:Combine Handlers in New Ways
• You can do interesting things by combining handlers in different combinations
DELIM to LDIF LDAP to DELIM LDIF to LDIF (with XML rules)
Import Convert Export Tip #14:Use DirXML Rules
•DirXML rules can be used by the ICE engine to automatically perform tasks like
Placement of new entries Resolving schema mapping issues Providing default values for required attribute
values on object creation
Import Convert Export Tip #15:Easier Data Migration
•The ICE schema cache can be used to automatically update the schema on the destination to accommodate entries from the source
Access via the –C general command line option
ICE Schema Cache
schema
entries
LDAP Directory
ICE Schema Cache
entries
LDAP Directory eDirectoryX
ICE Schema Cache
ICE Schema Cacheschema 1 schema 2
schema 1—schema 2
LDAP Directory eDirectory
ICE Schema Cache
entries
ICE Schema Cache
schema 1—schema 2
LDAP Directory eDirectory
Import Convert Export Tip #16:Get Creative with ICE
•Now that you understand how ICE works, you’ll be able to think of tons of slick tricks (pun intended) of your own
Example: find and clean up rogue ACLs in tree
NDS iMonitor
• Purpose Provides web-based monitoring and diagnostic
capabilities to all servers in your NDS tree Automatically installed with eDirectory 8.5 and
higher• Just point your web browser at http://<server>/nds
NDS iMonitor:Features
• eDirectory Health Check• Synchronization information• Known servers• Agent configuration• Hyperlinked DS Trace• Error information• Object/schema examiner
NDS iMonitor:Features
• Partition list• Agent process status• Agent activity• Verb statistics• Background process schedule• DSRepair (subset)
Novell iManager
• Purpose Provides web-based management and
maintenance for eDirectory• Combines functionality of ConsoleOne and eDirectory
utilities• Role-based
Ships with eDirectory 8.7 and higher
eDirectory Utilities Today
Utilities• Backup/Restore• DSRepair• DSBrowse• DSMerge• ...
eMBox
• A set of tools and utilities with a common point of access on the back end that supports the maintenance of eDirectory
Reuse of existing utility code Command-line accessible (scriptable) Web accessible Cross-platform
Directory Management Toolbox (eMBox)
iManager(eMFrame)
Novell iManager Architecture
LDAP Plug-in
Schema Manager Plug-in
ICE Plug-in
DSMerge Plug-in
DSRepair Plug-in
Backup/Restore Plug-in
eD
ir S
DK
eM
Box S
DK
DHost Process
ServerWeb Server
LD
AP
eMBox
HTTP
Sta
ck
SO
AP
Serv
ice
...
Service Manager
Merge eMTool
Repair eMTool
Backup/Restore eMTool
eDirectory
Bro
wse
r
Getting More Information: BrainShare 2002
• DSRepair TUT330—Advanced DSRepair
• Backup/Restore TUT234—Keeping Your Business Online with eDirectory
Backup and Restore• iMonitor
IO216—Introduction to NDS iMonitor TUT229—Practical NDS iMonitor: Case Studies
in eDirectory Diagnosis• iManager
IO116—iManager Introduction and Overview TUT131—eDirectory Administration and Management
with Novell iManager• one Net Solutions Lab
Getting More Information
• Novell eDirectory 8.6 Administration Guide Sources
• Electronic distribution on eDirectory 8.6.1 CD• Download soft copy or buy hard copy at
http://www.novell.com/documentation Chapter 7
• iMonitor Chapter 8
• DSMerge• Index Manager• Import Convert Export
Chapter 12• Backup/Restore
Getting More Information
• Novell LDAP Developer’s Guide Info on configuring, administrating, and
troubleshooting LDAP and using LDAP utilities• Chapter 11: Import Convert Export (ICE)
ISBN: 0-7645-4720-8
• LDAP Tools section of the LDAP Libraries forC SDK documentation
Import Convert Export (ICE)
• Logicsource II for NDS (www.shop.novell) Especially good DSRepair information