Solution for TID: 7000921



By: sideshow

January 27, 2009 12:18 pm

Reads: 285

Comments:0

Rating:0

TID 7000921 outlines an issue with 8.8.2 Linux install when parsing a certain interface for the eDirectory install using the ‘-B’ switch in ndsconfig.

The TID suggests this is an issue with using the -B option to specify eDirectory install on a certain interface while having LDAP accept requests on multiple NICs.

In my testing this is not entirely true as you can replicate this issue with 8.8.2 and the -B switch on a single NIC install.

Using the -B switch in any ndsconfig instance where you specify the Interface as ‘eth0@524′, ‘eth1@524′, etc. will produce the following error when starting eDirectory after install:

Executing customized settings before starting the Novell eDirectory server...
Starting Novell eDirectory server...
                                                                     done
Executing customized settings after starting the Novell eDirectory server...
Novell eDirectory LDAP Server TCP port is disabled.
Novell eDirectory LDAP Server TLS port is disabled.
Validation failed in post_ndsd_start script.
Please refer to //etc/init.d/post_ndsd_start.

The problem appears to be that the configuration file for eDirectory (specified with ndsconfig using –config-file switch) gets populated with the text string that you specified with the -B switch.

Here is an example nds.conf file with the invalid entry for n4u.server.interfaces:

cat /etc/opt/novell/eDirectory/conf/nds.conf
n4u.server.vardir=/eDir/server1/data
n4u.nds.dibdir=/eDir/server1/data/dib
n4u.server.interfaces=eth0@524
http.server.interfaces=eth0@8028
https.server.interfaces=eth0@8030
n4u.server.libdir=/opt/novell/eDirectory/lib
n4u.server.configdir=/etc/opt/novell/eDirectory/conf
http.server.module-base=/eDir/server1/data/nds-http/
n4u.server.log-file=/eDir/server1/log/ndsd.log
n4u.nds.server-name=SERVER1
n4u.base.tree-name=TREE
n4u.nds.preferred-server=SERVER1
n4u.nds.server-context=O=org
https.server.cached-cert-dn=SSL CertificateIP - SERVER1.admin
http.server.session-exp-seconds=7200

If you specify the IP address of the NIC you want to use for eDirectory in the -B switch the n4u.server.interfaces value in nds.conf is valid (eg – n4u.server.interfaces=10.0.0.10@524)

The suggestion in TID is to drop the -B switch and specify the NIC when prompted, for some reason this method also creates a valid entry for n4u.server.interfaces value in nds.conf. Obviously there is some form of conversion from interface to IP address in nds-install / ndsconfig script for 8.8.2 that is being missed when using the ndsconfig options. Under the nds-install script with 8.8.1 no such issue existed.

********
Update: I did some further testing with 8.8.1 and it appears it also does not do the conversion for n4u.server.interfaces however it does do conversion for http.server.interfaces / https.server.interfaces. 8.8.1 example -

n4u.server.interfaces=eth0@524
http.server.interfaces=153.107.46.185@8028
https.server.interfaces=153.107.46.185@8030

Where as 8.8.2 nds.conf will look like this:

n4u.server.interfaces=eth0@524
http.server.interfaces=eth0@8028
https.server.interfaces=eth0@8030

I am now unsure if it ndsconfig was supposed to be able to accept interface names at all?

Regardless, the following options are still valid and the script either works around the issue or allows you to enter an interface name for ndsconfig depending on what the answer to the above question is.
*********

So a couple of options:

  1. As TID 7000921 suggests drop the -B option and specify manually.
  2. Use the -B option but use an IP address rather than interface name.
  3. Continue to use the -B option with an interface name then modify nds.conf with IP address

Option 2 and 3 will allow you to do an install of eDirectory without being prompted for interface however it will be a manual process for each server, if you require an automated install across multiple servers the following should help:

Place your nds-install into a script containing the following logic:

EDIP=`ifconfig $INTERFACE | grep 'inet addr:' | cut -d: -f2 | awk '{print $1}'`
if [[ -z $EDIP ]]
then
echo "Problem with defined Interface, use format eth(x) (e.g. eth0)"
exit
else
echo "$EDIP will be used for eDirectory installation."
fi

Using the above you can pass the interface as eth0 / eth1 as an option into the $INTERFACE variable. This will then give you a $EDIP variable you can pass onto the -B switch in ndsconfig command.

So a fully automated install might look something like the following:

#!/bin/bash                                                
# Filname: ndsinstallv2.sh                                                                               
# Author: Luke Meijer
# Replace the variables; SSPATH, EDPATH, DMPATH with your install file locations
# Usage: installnds.sh [ -i <interface> ]                                          
#        -i which interface for eDirectory to listen on                     

INTERFACE=eth0

function usage()
{
echo -e "eDirectory for Linux install script. Usage: \n
                 -i = Specify Interface, if left out defaults to eth0. \n"
echo -e "If no options specified an 8.8.2 install with a temporary tree on eth0 will be performed. \n"
exit
}

while getopts "i:" Option
do                        
    case $Option in       
        i ) shift;INTERFACE=$1;;
	* ) usage;;
	esac                          
done                                                                               

EDIP=`ifconfig $INTERFACE | grep 'inet addr:' | cut -d: -f2 | awk '{print $1}'`
if [[ -z $EDIP ]]
then
echo "Problem with defined Interface, use format eth(x) (e.g. eth0)"
exit
else
echo "$EDIP will be used for eDirectory installation."
fi

#Security Services Installer Path
##################################
SSPATH=/eDir/utils

#eDirectory Installer Path
###########################
EDPATH=/eDir/eDirectory/setup

#dsrmenu.sh Path
#################
DMPATH=/eDir/utils

echo ". /opt/novell/eDirectory/bin/ndspath" > /etc/bash.bashrc.local

cp $DMPATH/dsrmenu.sh /root/bin

if [ ! -L /root/bin/dsrepair ]
then
    ln -s /root/bin/dsrmenu.sh /root/bin/dsrepair
fi

$EDPATH/nds-install -u -c server -c admutils

/opt/novell/eDirectory/bin/ndsconfig new -t $HOSTNAME-TREE -S $HOSTNAME -n ou=corp.o=org -a cn=admin.o=org -w password -B $EDIP@524 -D /eDir/$HOSTNAME -d /eDir/$HOSTNAME/data/dib --config-file /etc/opt/novell/eDirectory/conf/nds.conf

    /etc/init.d/ndsd stop

    $SSPATH/install.sh -q

    /etc/init.d/ndsd start

    ln -s /etc/opt/novell/nici.cfg /etc/nici.cfg

echo -e "Installation completed. Please logout for PATH variable updates to take effect. \n"

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment