This article looks at simple monitoring of NetIQ eDirectory Server Status using the Event functionality of the Ldap Adapter.

NetIQ eDirectory stores an object of objectclass ncpServer for each eDirectory server in the Directory tree. This has a status attribute which is managed by eDirectory background process, which can be used to determine the status of the Server.

The Ldap Adapter can be configured to monitor the value of this attribute and generate an event if the status is not UP.  This is an ideal trigger point to start an automation workflow.

So what might an eDirectory Health workflow look like?  As ever, there isn’t a one size fits all workflow, no two customers want exactly the same thing, so here is a simple example of what can be done.  My knowledge of eDirectory is pretty limited so think about how you can do this better!

1. Ping Server.
2. Check status of eDirectory servers / synchronization (ndsrepiar -T)
3. If still down, restart eDirectory process
4. Check status again
5. Send notification of server status.

So the first thing is to configure the Ldap Adapter to monitor for eDirectory servers being down:


The filter is : (&(objectclass=ncpServer)(!(status=2)))

The filter says to return all objects of objectclass ncpServer, whose status attribute is not equal to 2 (UP).

Now when an eDirectory server becomes unavailable an event will be generated in Aegis :


So we have our event so a trigger can be built based on this event.

1.  Ping Server.

Pinging the Server is a trivial step – just run from the command line and check the responses, or there is activity here to make life even easier :

2. Check status of eDirectory servers / synchronization (ndsrepiar -T)

Ok so before you can do this step, you have to know which Operating System the eDirectory Server is in order to connect to it and issue commands.  This is pretty easy to do, check the version attribute of the eDirectory server.  The object DN is returned in the event so you already have that.

For example the version for windows might look like this: eDirectory for NT x86_64 v8.8 SP7 [DS]

Or Linux : eDirectory for Linux i586 v8.8 SP7 [DS]

So for these versions a simple regex like : eDirectory for\s+(.*?)\s+\.*

will extract the OS type, Linux or NT.

For this example I am just going to look at linux side.  I want to issue the ndsrepair -T command.  To do this, use the inbuilt SSH activity!

If the command error output contains “Unable to connect to NDS Server. NDS server may be down.” then at least one eDirectory server is down.

3. If still down, restart eDirectory process

All we do here is connect again with ssh activity and issue the command : rcndsd restart

4. Check status again

Basically loop back to step 2. and re-issue ndsrepair -T.  You’ll have to have some retry logic in here to stop it re-trying forever.  Chances are if it fails after first retry you don’t need to retry again.

5.  Send notification of server status.

At this stage everything is either back up or still down.  Notify somebody / Create Help Desk ticket etc.

At this point I am hoping you have spotted the glaringly obvious logic issue with this workflow idea!!  If the Ldap Server Aegis connects to itself is down, you won’t be able to connect to retrieve events in the first place.   Luckily, if any type of Directory cannot be connected to during an event poll, a triggerable event is generated by the Adapter  in Aegis to indicate a connection problem. So now we have two different events which might trigger an eDirectory Health Workflow!

Think about what other events you might want to create and what automation could be done as a result of that event.  Perhaps when a user is created, you want to automate which groups that user becomes a member of.


0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
Martin Cotter
Mar 5, 2014
10:06 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow