Author: Ashwin S

Table of Contents


Automation is one of the basic necessities for command utility of an enterprise software like eDirectory.

In this article, we talk about enhancements made to eDirectory utility ‘ndsbackup’ in eDirectory 8.8.5 for better automation. The eDirectory object based backup/restore utility, ndsbackup was enhanced to support secured way of providing password. ndsbackup utility have the command line option ‘-p <password>’ to pass the userDN password in clear text on the command line. On UNIX platforms, while the command is being executed with this option, the password can be read by anybody using the ‘ps’ command because the password is passed in clear text.

Refer to the screen shots below:

Enhancements for ndsbackup utility

With eDirectory 8.8.5, the following enhancements were made to improve the security by providing option to retrieve the password stored by ndspassstore. This improves the security by making it difficult to crack the password.

The ndspassstore is a utility used to store encrypted password for the eDirectory user. The ndspassstore requires userDN and password as an option. This utility is available on Unix. The ndspassstore uses NICI for encryption.

Command Syntax:

ndspassstore -a <Username> -w <Password>

ndsbackup utility retrieves the stored password from ndspassstore utility after passing the keyword ‘passstore’ instead of password along with option ‘-p’. This will not reveal the password using ‘ps’ command.

Command Syntax:

ndsbackup c [f <ndsbackupfile>] [e] [v]  [w]  [X  <exclude-file>]   [R]   [Replica-server-name]   [-a  admin-user]  [-I include-file]       [-E password]       [--config-file configuration_file_path>]... [eDirectoryobject]

New Option:

-p passstore – passstore specified here is the keyword to retrieve stored password from the ndspassstore utility.


To store the userDN password using ndspassstore utility for which backup/restore will be performed.

#ndspassstore -a admin.novell -w n

Refer to the screen shot below:

To take backup, execute the following command:

#ndsbackup cvf /tmp/test.bak -a admin.novell -p passstore

The ‘ps’ command will not reveal the password.

Refer to the screen shots below:

To restore use xvf instead of cvf, execute the following command:

#ndsbackup xvf /tmp/test.bak -a admin.novell -p passstore


  1. The man pages of ndsbackup and ndspassstore utilities.
  2. eDirectory admin guide for ndspassstore utility at:
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

By: sashwin
Jan 28, 2010
3:28 pm
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow