eDirectory Reconfiguration on OES2 SP2 Server



By: BSparimala

September 10, 2010 3:10 pm

Reads: 781

Comments:1

Rating:0

Table of Contents

Abstract

This document will help you in reconfiguring eDirectory on OES Server and restoring all OES Services.

Introduction

While removing and reinstalling the eDirectory Server due to dib corruption with no backup or some other issues requiring it, some of the OES Services are disconnected. Currently, there are no tools to resolve this issue. The Server has to be formatted and completely reinstalled, which can result in data loss and service disruption, which is not acceptable by customers. The following sections describe a manual approach to successfully reconfigure the eDirectory and bring up all the broken OES Services.

Solution

Reconfiguring the eDirectory and bringing back the OES Server up and running are achieved by the following three steps:

  • eDirectory cleanup
  • eDirectory reconfiguration
  • Service configuration

Prerequisites

Before starting, note down the following eDirectory configuration parameters. You will need this information while reconfiguring the eDirectory server.

  • eDirectory tree name
  • Replica server IP
  • eDirectory Admin context
  • eDirectory Server context
  • IP addresses of Servers running NTP and SLP Services

eDirectory Cleanup

Prior to reconfiguring eDirectory, eDirectory has to be cleaned up to avoid any conflicts that can arise during reconfiguration. Follow the steps mentioned below to clean eDirectory.

  • Stop the ndsd daemon if it is running.
    # rcndsd stop
    
  • Delete the eDirectory configuration file, eDirectory instance file, and the eDirectory database. The default path is:
    # rm  -f  /etc/opt/novell/eDirectory/conf/nds.conf
     # rm -f  /etc/opt/novell/eDirectory/conf/instances.0
    # rm -rf /var/opt/novell/eDirectory/data/dib
    
    
  • Using iManager, delete the NCP server object, HTTP server object, SNMP group object, LDAP server object, and LDAP group object from the eDirectory tree.

    Log into iManager with admin credentials.

    Click the View objects button available in the Header frame.

    Select the Tree tab in the Navigation frame.

    Browse the eDirectory tree and select the server context for which reconfiguration is to be done.

    In the Contents frame, select the NCP and HTTP server objects, SNMP group object, LDAP server object, and LDAP group object.

    In the Menu bar above the Content frame, click the Delete button. A confirmation pop-up window is displayed. Click OK to confirm deletion.

eDirectory Reconfiguration

eDirectory reconfiguration could be done on the Root partition Master replica server, Read-Write replica server, or Server without replica.

If the reconfiguration is performed on the Root partition Master replica server, then make any other replica as the Master replica. Access the following link for role transfer:

http://www.novell.com/documentation/edir88/edir88/index.html?page=/documentation/edir88/edir88/data/a2iiiik.html

Section 5.5.3 Changing the Replica Type

If reconfiguration is performed on the CA server, then transfer the CA server role to another server or create a new CA server.

Access the following links:

Section 4.1.9, Moving the Organizational CA to a Different Server

Section 3.4, Creating a Server Certificate Object

When eDirectory is cleaned, follow the listed steps for reconfiguring the eDirectory.

  • Open YaST2 by specifying YaST2 in the command window.
  • Select Open Enterprise Server in the navigation menu in the left corner.
  • From the menu on the top-right corner, select OES Install and configuration.

    The Installation/Configuration menu is displayed.

  • Click the Accept button at the bottom-right corner of the YaST2 window.

    The Novell Open Enterprise Server configuration window is displayed.

  • Enable eDirectory reconfiguration by clicking the Reconfigure is disabled hyperlink after the eDirectory section.

  • Click the eDirectory hyperlink.
  • In the eDirectory Configuration window, verify the eDirectory Tree name and click the Next button.
  • Enter the admin password and click the Next button.
  • Enter the Server context that was collected, as mentioned in the Prerequisites section earlier, and click the Next button.

  • Enter the IP address of the Network Time Protocol Server.
  • If SLP was configured in the previous eDirectory configuration, select the Configure SLP to use an existing Directory Agent radio button. Click the Add button, provide the SLP DA Server IP address in the resulting pop-up window, then click the Add button in the pop-up.
  • Click the Next button.
  • Click the Next button in the Novell Modular Authentication Service window.
  • Verify the listed configuration information and click the Next button.

    eDirectory is configured, and the Installation Completed window is displayed.

  • Click Finish.
  • Select the Configure Later radio button and click the Next button.
  • Close the YaST2 window.

OES Services Reconfiguration

After eDirectory reconfiguration is complete, configure and start all the OES services. The following table lists the services that are already running, and the services that require a manual start, services that require re-initialization, and services that require reconfiguration.

Services Started by Default Services to be Started Manually. Services Requiring Re-Creation Services Requiring Reconfiguration
  • Novell Backup/ Storage Management services
  • Linux User Management (LUM)
  • Novell Remote Management (NRM)
  • Novell Remote Office (NRO)
  • File Transfer Protocol (FTP)
  • iFolder
  • Groupwise
  • DST
  • DFS
  • WBFM
  • Welcome Page
  • CASA
  • Auditing
  • Apple File Protocol (AFP)
  • Novell Cluster Services (NCS)
  • Archive versioning
  • Dynamic Host Configuration Protocol (DHCP)
  • iPrint
  • SAMBA
  • NetStorage
  • iManager
  • NTP
  • QuickFinder
  • Novell Storage Service (NSS)
  • Novell Core Protocol (NCP)
  • Domain Name Service (DNS)
  • Common Internet File System (CIFS)
  • SLP
  • NMAS

The following subsections describe the steps to be followed to reconfigure the services.

Services Requiring Re-Creation

NSS:

Use the NSS management utility to delete and re-create the existing NSS Volumes and Pools eDirectory objects.

  • Start the NSS management utility by executing the command nssmu. Select Pools and press Enter to list all the NSS pools.

  • Select each pool and press F4. Select Yes when prompted to Delete and re-create NDS Pool objects.

    The selected NDS Pool object is re-created.

  • Go back to the main menu, Select Volumes, and press Enter. This lists all the NSS Volumes.
  • Select each volume and press F4. Select Yes when prompted to Delete and recreate NDS Volume objects.

    The selected NDS Volume object is re-created.

  • Restart rcadminfs for re-creating the _ADMIN volume, if it exists.

NCP:

Use the NCP Server command line utility to delete and re-create the NCP volume object from eDirectory.

  • To delete the eDirectory object of the NCP volume, execute the command ncpcon remove volume SYS.

  • To re-create eDirectory object of NCP volume, enter the command ncpcon create volume SYS /usr/novell/sys.

Services Requiring Reconfiguration

DNS:

DNS can be reconfigured in two ways, by using YaST or without YaST

Reconfiguring DNS without YaST

Using iManager, add the following DNS attributes to the newly created NCP server (that is created during reconfiguration of eDirectory).

Attributes Value
DNIP:DNSServerReference NCP server location
DNIP:Locatorptr DNS Locator object location
NCPkeyMaterialName SSL Certificate DNS
ObjectClass dnipDNSDHCPServerVersion
SecurityEquals DNS-DHCP-Group location
DNIP:DNSServerVersion Novell DNS Server 6.0.0
  • Log into iManager with admin credentials.
  • Click the View objects button on the Header frame.
  • Select the Tree tab in the Navigation frame.
  • Browse the eDirectory tree and select the server context.
  • In the Contents frame, select the NCP server object.
  • From the menu bar on top of the Content frame, click Edit.

    A pop-up window is displayed.
  • Select the attributes listed in the table above from the Unvalued Attributes list and add to the valued attributes by pressing the Left Arrow button.
  • Click Edit.

    Another pop-up window is displayed.
  • Set the corresponding value from the table and click OK.

  • In the Contents frame, select the DNS Server object.
  • In the Menu bar at the top of the Content frame, click Edit.

    A pop-up window is displayed.
  • Select DNIP: Server DN from the Unvalued Attributes list and add it to the valued attributes by pressing the Left Arrow Button. Click Edit. Another pop-up window is displayed. Click the browse button and select the NCP server DN and click OK.

Start DNS Service by entering the command rcnovell -named start.

Reconfiguring DNS by using YaST

Follow the below steps to reconfigure the DNS using YaST2.

  • Open YaST2 by executing YaST2 from a command terminal.
  • Select Open Enterprise Server from the left corner of the navigation menu.
  • From the menu on the top-right corner, select OES Install and configuration.

    The Installation/Configuration menu is displayed.

  • Click the Accept button at the bottom-right corner of the YaST2 window.
  • The Novell Open Enterprise Server configuration window is displayed.
  • Enable the Novell DNS Services reconfiguration by clicking the Reconfigure is disabled hyperlink below Novell DNS Services.

  • Click Novell DNS Services and enter the admin password when prompted.

    The Novell DNS Configuration window is displayed.

  • Validate the information displayed and click Next.
  • Ensure that the Create DNS Server Object check box is clear. Click Next.
  • Verify the configuration information listed and click Next.

  • This completes configuration of eDirectory, and the Installation Completed window is displayed.
  • Click Finish.
  • Select the Configure Later radio button and click the Next button.
  • Close the YaST2 window.

Using iManager, add the DNIP:DNSServerReference attribute to a newly created NCP server and add the NCP server location value. Also, add the SecurityEquals attribute and add value DNS-DHCP-Group location.

  • Log into iManager with admin credentials.
  • Click the View objects button available in the Header frame.
  • Select the Tree tab in the Navigation frame.
  • Browse the eDirectory tree and select the server context.
  • In the Contents frame, select the NCP server object.
  • From the Menu bar at the top of the Content frame, click the Edit button.
  • A pop-up window is displayed.
  • Select DNIP:DNSServerReference from the Unvalued Attributes list and add to the valued attributes by pressing the left arrow button.
  • Click the Edit button.
  • Another pop-up window is displayed.
  • Click the browse button, select the NCP server DN, and click OK.

  • Similarly, set the SecurityEquals attribute to the value DNS-DHCP-Group location.
  • In the Contents frame, select the DNS Server object.
  • In the Menu bar at the top of the Content frame, click Edit.
  • A pop-up window is displayed.
  • Select DNIP: Server DN from the Unvalued Attributes list and add to the valued attributes by pressing the left arrow button.
  • Click Edit.
  • Another pop-up window is displayed. Click the browse button, select the NCP server DN, then click OK.

Start DNS Service by executing the command rcnovell -named start.

CIFS:

Follow the below steps to reconfigure the CIFS by using YaST2.

  • Open YaST2 by entering YaST2 in a command terminal.
  • Select Open Enterprise Server from the navigation menu in the left corner.
  • From the menu in the top-right corner, select OES Install and configuration.
  • The Installation/Configuration menu is displayed.

  • click the Accept Button at the bottom-right corner of the YaST2 window. The Novell Open Enterprise Server configuration window is displayed.
  • Enable the Novell CIFS Services reconfiguration by clicking on the “Reconfigure is disabled” hyperlink below the Novell CIFS Services.

  • Click Novell CIFS Services and enter the admin password when prompted.

    The Novell CIFS Configuration window is displayed.

  • Validate the information displayed and click the Next button.
  • If the user context was specified in the previous CIFS configuration eDirectory, click the Add button and add the eDirectory user context. Click Next.
  • Select the Password policies that were earlier assigned to CIFS users. Click Next.
  • Verify the listed configuration information and click Next.

    The configuration of eDirectory is complete, and the Installation Completed window is displayed.

  • Click the Finish button.
  • Select the Configure Later radio button and click Next.
  • Close the YaST2 window.

Before starting CIFS service, re-create the NCP and NSS pools and volume objects, as detailed in sections for NCP and NSS.

Restart the CIFS service by specifying the command rcnovell –cifs restart.

SLP:

This was already covered as part of reconfiguring eDirectory. SLP will be reconfigured only if it was configured during the earlier configuration.

NMAS:

NMAS was already covered as part of reconfiguring eDirectory.

Services to Be Started Manually

AFP:

Before starting the AFP service, re-create the NCP and NSS pools and volume objects, as detailed in sections for NCP and NSS.

Start the AFP Service by executing the command rcnovell -afptcpd start.

NCS:

Before starting the NCS service, re-create the NCP and NSS pools and volume objects, as detailed in sections for NCP and NSS.

Start the NCS service by specifying the command rcnovell -ncs start.

Archive versioning:

Before starting the Archive versioning service, re-create the NCP and NSS pools and volume objects, as detailed in the sections for NCP and NSS.

Start the Archive versioning service by specifying the command rcnovell -ark start and rcadminfs start.

Dynamic Host Configuration Protocol

Start the Dynamic Host Configuration Protocol (DHCP) Server by entering the command rcnovell -dhcpd start.

Iprint:

Start the iPrint Service by entering the command rcnovell -ipsmd start and rcnovell-idsd start.

SAMBA:

Before starting the SAMBA service, re-create the NCP and NSS pools and volume objects, as detailed in sections for NCP & NSS.

Using iManager, start the SAMBA Service.

NetStorage:

Before starting the NetStorage service, re-create the NCP and NSS pools and volume objects, as detailed in sections for NCP & NSS.

Start NetStorage Service by executing the command ‘rcnovell -xregd start’ and ‘rcnovell-xsrvd start’.

iManager

Start iManager Service by executing the command ‘/etc/init.d/tomcat5 start’ and ‘rcapache2 restart’.

NTP:

Start the NTP service by executing the command ‘rcntpd restart’.

QuickFinder:

Before starting QuickFinder service re-create the NCP and NSS pools and volume objects, as detailed in the sections for NCP and NSS.

Generate the index again from QuickFinder Administration.

References

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

1 Comment

  1. By:rrodriguezebiotic

    As far as i see in the eDirectory Cleanup section, the first action must be to stop the ndsd daemon. How could I log into iManager after stoping this daemon and deleting the eDirectory database?

    Perhaps I’ve misunderstood some step!

    But, in any case, as far as I understand this process requires a full-functioning admin account. Any work-around for database corruption such as one where the only admin user has lost its rights?

    Thanks!

Comment