9.4 iMonitor Features

9.4.1 Viewing eDirectory Server Health

From the Agent Summary page, you can view the health of your eDirectory servers, including synchronization information, agent process status, and the total servers known to your database.

  1. In iMonitor, click Agent Summary Agent Summary button.

  2. Choose from the following options:

    Agent Synchronization Summary lets you view the number and types of replicas you have and the length of time since they have been successfully synchronized. You can also view the number of errors for each replica type. If there is only one replica or partition to view, the heading is Partition Synchronization Status.

    If the Agent Synchronization Summary doesn’t appear, there are no replicas you can view based on your identity.

    Servers Known to Database Totals lets you view the type and count of servers known to your database, and whether they are up or down.

    Agent Process Status Totals let you view the status of processes without the administrator's intervention that run on an agent. When there is a problem or piece of information, a status is recorded. The table increases or decreases, depending on the number of recorded statuses.

9.4.2 Viewing Partition Synchronization Status

From the Agent Synchronization page you can view the synchronization status of your partitions. You can filter the information by selecting from the options listed in the Assistant frame on the left side of the page.

  1. In iMonitor, click Agent Synchronization in the Assistant frame.

  2. Choose from the following options:

    Partition Synchronization Status lets you view the partition, number of errors, last successful synchronization, and maximum ring delta.

    Partition lets you view the links to each partition's Replica Synchronization page.

    Last Successful Sync lets you view the amount of time since all replicas of an individual partition were successfully able to synchronize from the server.

    Maximum Ring Delta shows the amount of data that might not be successfully synchronized to all the replicas in the ring. For example, if a user has changed his login script within the past 30 minutes, and the maximum ring delta has a 45-minute allocation, the user's login might not be successfully synchronized, and he might get the previous login script when he attempts to log in. If, however, the user changed his login script more than 45 minutes ago, he should get the new login script consistently from all replicas.

    If Unknown is listed under Maximum Ring Delta, it means the transitive synchronized vector is inconsistent and the maximum ring delta cannot be calculated due to replica/partition operations occurring, or some other problem.

9.4.3 Viewing Obituary Process Status and Change Cache Count

To view the obituary process status and the change cache count of a given partition, navigate to the partition root object of that partition. Data is displayed for three different types of obituaries:

  • OBIT_DEAD: created when an object is deleted.

  • OBIT_NEWRDN: created when an object is renamed.

  • OBIT_MOVED: created when an object is moved from one location to another.

When the objects are processed, they can be in four different distinct states. They move from ISSUED state to PURGEABLE state, then finally get purged. Following are the four distinct states:

  • ISSUED

  • NOTIFIED

  • OK_TO_PURGE

  • PURGEABLE

There are 12 different distinct combinations for a given object. Following are the distinct combinations:

  • OBIT_DEAD_ISSUED

  • OBIT_DEAD_NOTIFIED

  • OBIT_DEAD_OK_TO_PURGE

  • OBIT_DEAD_PURGEABLE

  • OBIT_NEWRDN_ISSUED

  • OBIT_NEWRDN_NOTIFIED

  • OBIT_NEWRDN_OK_TO_PURGE

  • OBIT_NEWRDN_PURGEABLE

  • OBIT_MOVED_ISSUED

  • OBIT_MOVED_NOTIFIED

  • OBIT_MOVED_OK_TO_PURGE

  • OBIT_MOVED_PURGEABLE

A number is displayed against each of these combinations, which denotes the total number of objects that are in a particular state at the end of the last obituary processing cycle.

The change cache count displays the number of objects present in the change cache of the partition in the current server. The following figure shows the obit count and the change cache count for a particular partition root object of that partition.

Figure 9-3 Obit and Change Cache Count Information

9.4.4 Viewing Server Connection Information

From the Agent Information page you can view the connection information for your server.

  1. In iMonitor, click Agent Information in the Assistant frame.

  2. Choose from the following options:

    Ping Info shows that iMonitor has attempted an IP ping to the set of addresses being advertised for the server. Success is as indicated.

    DNS Name shows that iMonitor has attempted to do an address reversal on IP addresses supported by the server and is indicating the associated DNS name.

    Depending on the transport, configuration, and platform you are running on, you might not see this information.

    Connection Information lets you view connection information for the server, including the server referral, time delta, Root Most Master, and replica depth.

    Depending on the transport, configuration, and platform you are running on, you might not see this information.

    Server Referral lets you view the set of addresses by which your server can be reached.

    Time Synchronized indicates that synthetic or future time is not being used unless a replica's last-issued time stamp is greater than the current time.

    eDirectory believes time is synchronized well enough to issue time stamps based on the server's current time. The time synchronization protocol might or might not currently be in a synchronized state.

    Time Delta lets you view the difference in time between iMonitor and the remote server in seconds. A negative integer indicates that iMonitor's time is ahead of the server's time. A positive integer indicates that iMonitor's time is slower than the server.

    Root Most Master specifies that the replica that is highest or closest to the root of the naming tree is a master replica.

    Replica Depth lets you view the depth of the rootmost replica (the number of levels between the rootmost replica and the root of the tree).

9.4.5 Viewing Known Servers

From the Known Servers List, you can view the list of servers known to the database of the source server. You can filter the list to show all servers known to the database or to show all servers in the replica ring. If a server has an icon next to it, the server participates in a replica ring.

  1. In iMonitor, click Known Servers in the Assistant frame.

  2. Choose from the following options:

    Entry ID lists the identifier on the local server for an object. Entry IDs cannot be used across servers.

    NDS Revision lists the eDirectory build number or version being cached or stored on the server that you are communicating with.

    Status shows whether the server is up, down, or unknown. If the status shows as unknown, this means that this server has never needed to communicate with the server being shown as unknown.

    Last Updated shows the last time this server attempted to communicate with the server and found out it was down. If this column is not showing, all servers are currently up.

9.4.6 Viewing Replica Information

From the Partitions page, you can view information about the replicas on the server you are communicating with. You can filter the page by selecting from the options in the Assistant frame on the left side of the page.

Server Partition Information let you view information about the server's partition, including the entry ID, replica state, purge time, and last modification time.

Partition let you view information about the partition Tree object on the server.

Purge Time indicates the time when you can remove previously deleted data from the database because all replicas have seen the deletion.

Last Modification Time lets you view the last-issued time stamp of data written to the database for the replica. This lets you see if time is in the future and if synthetic time is being used.

Replica Synchronization lets you view the Replica Synchronization Summary page that refers to the partition. The Replica Synchronization page shows information about the partition synchronization status and replica status. You can also view lists of partitions and replicas.

9.4.7 Controlling and Configuring the DS Agent

From the Agent Configuration page, you can control and configure the DS Agent. The functionality you have on this page will depend on the rights of the current identity and the version of eDirectory you are looking at.

  1. In iMonitor, click Agent Configuration Agent Configuration button.

  2. Choose from the following options:

    • Agent Information let you view the connection information for your server.

    • Partitions lets you view the replicas on the server you are communicating with.

    • Replication Filters lets you view the replication filters configured for the specified eDirectory agent. NDS eDirectory 8.5 (build version 85.xx) was the first eDirectory version to implement a feature known as Filtered Replicas. See Filtered Replicas for more information on what Filtered Replicas are, why they are used, and how to configure them.

    • Agent Triggers initiate certain background processes. These triggers are equivalent to using the SET DSTRACE=*option command.

    • Background Process Settings modify the interval at which certain background processes run. These settings are equivalent to the SET DSTRACE=!option command.

    • Agent Synchronization lets you disable or enable inbound or outbound synchronization. You can specify in hours the amount of time you want synchronization disabled.

    • Database Cache lets you configure the amount of database cache used by the DS database engine. Various cache statistics are also provided to assist you in determining whether you have an appropriate amount of cache available. Having an inadequate amount of cache might severely impact your system’s performance.

    • Login Settings allows you you to specify whether eDirectory updates login attributes when users log in. The following options control how eDirectory responds when a user logs in:

      • Login Update Delay specifies the amount of time (in seconds) between updates. For example, if one or more users log in during the delay, eDirectory adds any changes to a queue. When the delay is over, eDirectory applies all queued changes.

      • Login Update Disable Interval specifies an interval of time (in seconds) during which the login attributes for a specific user will not be updated. A typical interval is 3600 seconds (1 hour). For example, when a user logs in for the first time at 8:00 AM, eDirectory updates attributes, and the interval starts. If the user logs in again before 9:00 AM, eDirectory does not update the attributes. The default is 0, which means no disable interval is set.

9.4.8 Configuring Trace Settings

From the Trace Configuration page, you can set trace settings. NetIQ iMonitor's DSTrace is a server-centric feature. That is, it can be initiated only on a server where iMonitor is running. If you need to access this feature on another server, you must switch to the iMonitor running on that server.

To access information on the Trace Configuration page, you must be the equivalent of Administrator of the server or a console operator. You are prompted to enter your user name and password so your credentials can be verified before you can access information on this page.

  1. In iMonitor, click Trace Configuration Trace Configuration button.

  2. Choose from the following options:

    • Update lets you submit changes to Trace Options and Trace Line Prefixes. If DSTrace is off, click Trace On to turn it on. If DSTrace is already on, click Update to submit changes to the current trace.

    • Trace On/Off turns DSTrace on or off. The button text changes based on the current DSTrace state. If DSTrace is on, the button text will read Trace Off. Clicking it toggles DSTrace between off and on. When DSTrace is off, clicking Trace On is equivalent to clicking Update.

    • Trace Line Prefixes lets you choose which pieces of data are added to the beginning of any trace line.

    • DS Trace Options apply to the events on the local DS Agent where the trace is initiated. The options show errors, potential problems, and other information about eDirectory on your local server. Turning on DS Trace options can increase CPU utilization and might reduce your system’s performance. Therefore, DS Trace should generally be used for diagnostic purposes, not as a standard practice. These options are a more convenient equivalent of the SET DSTRACE=+option command.

    • Event Configuration lists the eDirectory event options you can enable or disable for monitoring in DSTrace. The event system generates events for local activities such as adding objects, deleting objects, and modifying attribute values. For each type of event, a structure is returned that contains information specific to that type of event.

    • Trace History lets you view a list of previous trace runs. Each previous trace log is identified by the period of time during which the trace data was being gathered.

    • Trace Triggers let you view the trace flags that must be set in order to display the specified DS Agent information in DSTrace. These triggers might write large quantities of information to trace. Generally, we recommend that these triggers be enabled only when instructed by NetIQ Support.

  3. Click Trace On to turn DS Trace on and submit any changes.

  4. Click Trace button or Trace Live to view DS Trace in iMonitor.

9.4.9 Viewing Process Status Information

From the Agent Process Status page, you can view background process status errors and more information about each error that occurred. You can filter the information on this page by selecting from the options listed in the Assistant frame on the left side of the page.

In iMonitor, click Agent Process Status in the Assistant frame. Background process statuses that are currently reported include the following:

  • Schema synchronization

  • Obituary processing

  • External reference/DRL

  • Limber

  • Repair

9.4.10 Viewing Agent Activity

From the Agent Activity page, you can determine traffic patterns and potential system bottlenecks. You can use this page to view the verbs and requests that are currently being handled by eDirectory. You can also see which of those requests are attempting to obtain DIB locks in order to write to the database and how many of those requests are waiting to obtain a DIB lock.

If you are viewing a server running NetIQ eDirectory 8.6 or later, you will also see a list of partitions and the servers that participate in the replica ring with the server specified in the Navigator frame. With the introduction of NetIQ eDirectory 8.6, synchronization is no longer single threaded. Any eDirectory 8.6 or later version server might outbound multiple partitions simultaneously to one or more replication partners. For this reason, the synchronization activity page was created so you can more easily monitor this parallel synchronization strategy.

  1. In iMonitor, click Agent Activity in the Assistant frame.

  2. Choose from the following options:

    • Verb Activity and Statistics lets you view a running count of all verbs called and requests made since eDirectory was last initialized. These pages also shows how many of those requests are currently active and the minimum, maximum, and average times (shown in milliseconds) that it takes to process those requests.

    • Synchronization Current and Schedule lists different times that inbound and outbound synchronization occurred. If inbound or outbound synchronization is currently taking place, you see an icon indicating that the process is active, when that cycle was started, and which server it is occurring with.

      If inbound and outbound synchronization is disabled, you see an icon indicating that fact and when it is scheduled to be re-enabled. For outbound synchronization, the next scheduled time is also shown.

    • Events lets you view a list of the currently active events, statistics for event handlers and a summary of event statistics, and the current event rights functions that have been called.

    • Background Process Schedule lets you view the background processes that are scheduled, what their current state is, and when they are scheduled to run again.

9.4.11 Viewing Traffic Patterns

From the Verb Statistics page, you can determine traffic patterns and potential system bottlenecks. You can use this page to view a running count of all verbs called and requests made since eDirectory was last initialized. This page also shows how many of those requests are currently active and the minimum, maximum, and average times (in milliseconds) it takes to process those requests. Background process, bindery, and standard eDirectory requests are tracked.

If you view this page on an older version of eDirectory, you might not see as much information as if you are running eDirectory 8.5 or later.

9.4.12 Viewing Background Processes

From the Background Process Schedule page, you can view the background processes that are scheduled, what their current state is, and when they are scheduled to run again. NetIQ iMonitor's Background Process Schedule is a server-centric feature. That is, it can only be viewed on a server where iMonitor is running. If you need to access the background process schedule on another server, you must switch to the iMonitor running on that server. As you upgrade more servers to eDirectory 8.5 or later versions, iMonitor's server-centric features will be more available to you. Other server-centric features include the DSTrace and DSRepair pages.

To access information on the Background Process Schedule page, you must be the equivalent of Administrator of the server or a console operator. You are prompted to log in so your credentials can be verified before you can access information on this page.

9.4.13 Configuring Background Processes

To decrease how long background process cycles run, administrators can configure one of the following Background Process Delay Settings policies on the Background Process Settings window in iMonitor:

  • CPU

  • Hard Limit

  • Purger Delay

To configure the background process:

  1. Log into iMonitor.

  2. Go to Agent Configuration > Background process settings.

  3. Scroll down to the Background Process Delay Settings section and set the delay interval to any value from 0 through 100 milliseconds.

    By default, the Hard Limit policy is enabled with all the three processes sleeping for 100 milliseconds.

    or

    Select the CPU Policy and configure as appropriate.

    By default, the Maximum CPU utilization % parameter is set to 80% and Maximum Delay Limit is set to 100 milliseconds.

  4. In the Purger Interval field, enter the delay interval.

    By default, it is set to 30 minutes. You can change it depending on your requirement.

9.4.14 Viewing eDirectory Server Errors

From the Error Index page, you can view information about the errors found on your eDirectory servers. The errors are separated into two fields: eDirectory-specific errors and other errors that might be of interest. Each error listed is hyperlinked to a description that contains an explanation, possible cause, and troubleshooting actions.

  1. In iMonitor, click Error Index in the Assistant frame.

    From the Error Index page you can link to the latest NetIQ documentation on errors, technical information, and white papers.

9.4.15 Viewing DSRepair Information

From the DSRepair page, you can view problems and back up or clean up your DIB sets. NetIQ iMonitor's DSRepair is a server-centric feature. That is, it can be initiated only on a server where iMonitor is running. If you need to access the DSRepair information on another server, you must switch to the iMonitor running on that server. As you upgrade more servers to later versions of eDirectory, iMonitor's server-centric features will be more available to you. Other server-centric features include the DSTrace and Background Process Schedule pages.

To access information on this page, you must be the equivalent of Administrator of the server or a console operator. You are prompted to log in so your credentials can be verified before you can access information on this page.

  1. In iMonitor, click DSRepair DS Repair button.

  2. Choose from the following options:

    • Downloads lets you retrieve repair-related files from the file server. You will not be able to access dsrepair.log if the DSRepair utility is running or you have initiated a repair from the DSRepair page in iMonitor until the operation is finished.

    • Delete Old DIB Sets lets you delete an old DIB set by clicking the red X.

      WARNING:This action is irreversible. When you select this option, the old DIB set will be purged from the file system.

    • DS Repair Advanced Switches lets you fix problems, check for problems, or create a backup of your database. You will not need to enter information in the Support Options field unless you are directed to do so by NetIQ Support.

  3. Click Start Repair to run DS Repair on this server.

9.4.16 Viewing Agent Health Information

From the Agent Health page, you can view health information about the specified eDirectory agent and the partitions and replica rings it participates in.

  1. In iMonitor, click Agent Health in the Assistant frame.

  2. Click the links to view detailed information.

9.4.17 Browsing Objects in Your Tree

From the Browse page, you can browse any object in your tree. The Navigation bar at the top of the page lets you know what server the object you are viewing is on, and the path to the object. The Replica frame on the left of the page lets you view or access the same object on any real partition. Click any underlined object on the page to view more information about an object. You can also click any portion of the name in the Navigator frame to browse up the tree.

The information displayed on this page depends on the eDirectory rights you are logged in with, the type of object you are browsing, and the version of NDS or eDirectory you are running. This page displays XRef objects if you are logged in with Supervisor rights. You can use the replica list to jump to a real copy of the replica. If you are browsing for objects in dynamic groups, the time stamp will not be displayed for the dynamic members.

Replica Synchronization displays the synchronization status of the replica that contains this object.

Entry Synchronization shows which attributes need to be synchronized from this server’s point of view.

Connection Information indicates where iMonitor got the information for this object.

Entry Information displays the names, flags, base class, modification time stamp, and summary of connection information for the object.

Send Entry to All Replicas resends this entry’s attributes to all other replicas. This process could take some time if the object has many attribute values. This does not make all other copies of the object identical. It simply allows the other replicas to reconsider each attribute.

Send All (visible only if the object being browsed is a partition root and the Advanced Mode Option is enabled) resends all entries in this partition to all the servers holding replicas of the partition. This does not make all copies of the objects being sent identical. It simply allows the other replicas to reconsider each object and its attributes.

9.4.18 Viewing Entries for Synchronization or Purging

From the Change Cache page, you can view a list of entries that this server needs to consider for synchronization or purging. This option is available only if the server you are accessing is running eDirectory 8.6 or later and the object you are viewing is a partition root. You must have Supervisor rights to the eDirectory server to view this page.

Entry Synchronization lets you determine why an entry needs to be synchronized.

NOTE:iMonitor only lists a limited number of objects in the Change Cache page. If you want to view all objects in the change cache, either for a specific partition or for all partitions on a server, you can run a Change Cache Dump Report in the Reports page. See Configuring and Viewing Reports for more information about configuring and running reports in iMonitor.

9.4.19 Viewing NetIQ Identity Manager Details

From the DirXML Summary page, you can view a list of any DirXML drivers running on your server, the status of each driver, any pending associations, and driver details.

  1. In iMonitor, click DirXML Summary DirXML Summary button.

  2. Choose from the following options:

    Status displays the current state of the specified driver. Possible states include stopped, starting, running, shut down, pending, and getting schema.

    Start Option displays the current startup option specified for the selected driver.

    Pending displays the number of associations that have not yet been made.

    Driver Details Icon displays subscriber and publisher details, XML rules, filters, and pending association lists for DirXML drivers running on your server. Details on the first 50 pending objects are also displayed on this page. The XML rule details provided on this page can be used to determine what to look for in the pending objects to allow their creation to proceed for the specified DirXML driver.

9.4.20 Viewing the Synchronization Status of a Replica

From the Replica Synchronization page, you can view the synchronization status of a replica.

  1. In iMonitor, click Agent Synchronization in the Assistant frame.

  2. Click Replica Synchronization for the partition you want to view.

  3. Use the links on this page and in the navigation bar on the left to access other partitions and jump through your replica ring.

9.4.21 Configuring and Viewing Reports

From the Reports page, you can view and delete reports run directly on this server. Some reports might take a long time to run and can be resource intensive.

Scheduled reports run without authenticating as a user, using the [Public] identity. Any reports you run directly are run as your identity. All report data is stored on the server from which you run the report. iMonitor stores report data in the following directories by default, depending on the operating system:

Platform

Directory

Windows

C:\Novell\NDS\ndsimon\dsreports\

Linux

/var/opt/novell/eDirectory/data/dsreports

The Report Config page lets you view a list of preconfigured, custom, and scheduled reports. Use this page to modify and run reports and to create custom reports for iMonitor pages. The following table lists preconfigured reports included with iMonitor.

Report

Description

Server Information

Walks the entire tree, communicates with every NCP server it can find, and reports any errors it finds. Use this report to diagnose time synchronization and limber problems, or to find out if the current server is able to communicate with all other servers from this server’s perspective. If selected in the Configuration page, this server can also generate NDS Agent Health information for every server in the tree.

Obituary Listing

Lists all obituaries on this server.

Object Statistics

Evaluates the objects in a given scope, then generates lists of objects matching the requested criteria. These criteria include such things as future time, unknown objects, renamed objects, counts of base classes, containers, alias, and external references.

Change Cache Dump

Lists all the objects in the change cache for the selected partition or for all partitions on the server. This report also generates an XML dump of the objects in the change cache, along with attributes and values that need to be synchronized across servers. The report provides information for analyzing all objects in the change cache.

NOTE:

  • In order to run a Change Cache Dump Report, you must have eDirectory 8.8 SP8 or later installed.

  • iMonitor stores change cache dumps in the same directory as the actual Change Cache Dump Report, as listed in the previous table.

Service Advertising

Lists all directories and servers known to the current server through SLP or SAP.

Agent Health

Gathers health information for the current server.

Value Count

Generates a list of objects with attribute, which have value count more than a value you specify.

Viewing and Deleting Reports

  1. In iMonitor, click Reports Reports button.

  2. Click Delete Report icon to delete a report or View Report icon to view a report.

Running a Report

  1. In iMonitor, click Reports > Report Config.

  2. Click Run Report icon to run a report.

Configuring or Scheduling a Report

  1. In iMonitor, click Reports > Report Config.

  2. Click Configure Report icon to configure and schedule a report.

  3. Select any options you want, then click Save Defaults to save the options you selected.

  4. (Optional) Configure the report to run either periodically or at a later time.

    1. Specify a frequency, start time, and start day.

    2. Click Schedule.

  5. Click Run Report to start the report.

Creating a Custom Report

Custom reports let you launch any iMonitor page as a report.

  1. In iMonitor, click Reports > Report Config.

  2. In the Runable Report list, click Configure Report icon Custom Reports.

  3. Enter a name for the report, then enter the URL for the iMonitor page you want to launch as a report.

    When running a custom report, enter the URL as follows:

    /nds/required page

  4. In the Saved reports field, specify the number of versions of the report you want to keep or retain.

  5. (Optional) Click Save to save the report.

  6. (Optional) Configure the report to run either periodically or at a later time.

    1. Specify a frequency, start time, and start day.

    2. Click Schedule.

  7. Click Run Report to start the report.

9.4.22 Viewing Schema, Class, and Attribute Definitions

From the Schema page, you can view your schema, class, and attribute definitions. You can view the schema that is loaded on your tree, with any extensions that have been made, and information specific to your particular schema, such as any changes or extensions you’ve made to the schema.

  1. In iMonitor, click Schema in the Assistant frame.

  2. Choose from the following options:

    Synchronization List lists the servers that this server will synchronize with. This option is available only for servers running NDS eDirectory 8.5 or later. You must have Supervisor rights on the server to view this information.

    Schema Root displays information about the schema replica closest to the root of the tee in this context.

    Each eDirectory server stores a replica of the schema in its entirety. The schema replica is stored separately from the partitions that contain directory objects. Changes to any one schema replica are propagated to the other replicas. You can perform modifications to the schema only through a server that stores a writable replica of the root partition. Servers storing read-only replicas of the root partition can read but not modify schema information.

    Attribute Definitions lists the name of each attribute, the syntax that the attribute value will be in, and the constraints that the attribute operates under. Use the navigation frame on the left to browse for and access individual attributes.

    Class Definitions lists the name of each class, its rules, and its attributes. Use the navigation frame on the left to browse for and access individual attributes.

9.4.23 Searching for Objects

From the Search page, you can search objects based on a variety of query options and filters. The search query options and filters are grouped in two levels of search request forms: basic and advanced. The basic search request form is designed for average users of eDirectory and simple searches. The advanced search request form is designed for advanced users and complicated searches. Currently, only server-level search is supported.

All the search options and filters in the four sections are conjunctive. Blank fields (except the Relative Distinguished Name) will be ignored. Use the Ctrl key to deselect an item or select more than one item on the multilists. Deselected multilists will also be ignored.

  1. In NetIQ iMonitor, click Search Search button.

  2. Choose from the following options:

    • Scope Options lets you specify the scope of the search.

    • Entry Filters lets you specify search query filters related to the entry information.

    • Attribute and Value Filters lets you specify search query filters related to the attributes and values.

    • Display Options lets you specify options which control the display format of the search results.

      NOTE:The Display Options settings are only available if you click Advanced to view all Advanced Search options.

  3. Click the Help button at the bottom of the search request form to see brief help information added to the form itself.

    Click Reload or Refresh to clear the help information.

9.4.24 Using the Stream Viewer

From the Stream Viewer page, you can view the current stream in any of the following formats:

  • Plain text

  • HTML

  • GIF

  • JPEG

  • BMP

  • WAV

  • Hex Dump

  • Other

If you have stream attributes that you consistently want to view in a particular format, you can use the Stream Viewer to select default display settings.

NDS Stream Attribute Setup changes the default display format for streams in your browser. It is up to your browser to display the stream correctly, so it might not always apply the settings you have selected.

You must be authenticated to the server to apply any changes you have made to the default settings. Your changes are stored in streams.ini (for Windows servers) or streams.conf (for Linux server), so you can also manually edit the default settings.

9.4.25 Clone DIB Set

This option creates a complete DIB fileset duplicate of an eDirectory database stored on a single server (the source server). The DIB Clone must be taken from the source server that holds all the master replicas in the tree. The clone can then be placed on another server (the target server). When the target server initiates eDirectory, it loads the DIB fileset, contacts the master replica of the server object, resolves its name, then synchronizes any changes to the DIB fileset made after the clone was created.

The clone of an eDirectory DIB set should only be placed on a server running the same operating system as the server the clone was created on. For example, if you want to restore a cloned DIB fileset to a Linux server, create the clone on a Linux server and not on a Windows server.

Although the back end for this feature was shipped with eDirectory 8.7, it was not supported until eDirectory 8.7.1 running iMonitor 2.4 or later. This option does not apply to any version of NetIQ eDirectory or NDS prior to 8.7.

Figure 9-4 Clone DIB Set Page in iMonitor

This section includes the following information:

Clone DIB Set Use Cases

Clone DIB Set provides the following use cases:

  • Create a new server with partitions already in an “on” state.

    Advantages include the following:

    • All servers in the ring do not need to be up and running to add a new server to the replica ring.

    • A new server will automatically have all partitions with no synchronization necessary.

    • Quicker up time.

  • Disaster recovery

    Advantages

    Disadvantages

    • Only need one copy of the partition to succeed.

    • Less down time on large servers with multiple partitions.

    • Must have at least one good copy of the partitions in question.

    • Won't handle any SSL or security backups.

    • Does not handle the file system.

  • Backup and restore

    Advantages

    Disadvantages

    • Quicker up time, especially on large scale databases.

    • Only adds core eDirectory. LDAP, SNMP, SSL, etc. are not installed or configured.

    • Will not get the latest changes. Only a snapshot is taken. Roll forward logs are not executed.

    Because of the listed disadvantages, we do not recommend using Clone DIB Set for backup and restore purposes.

Creating a Clone

A clone DIB fileset can be created with the originating server either online or offline. The offline method requires eDirectory to be brought down. In the online mode, eDirectory is up and not locked.

WARNING:Do not use the Dibclone utility on an Identity Management server to clone another server, because this generates unnecessary TAO files on the cloned server.

Online Method

  1. Load the ndsclone module on the source server.

    Platform

    To Extend the Schema

    Windows

    In NDSCons.exe, select dsclone.dll, then click Start.

    Linux

    Add an ndsclone entry to the ndsmodules.conf file, then use the http://IP address:port/dhost page to load the Directory Clone Agent.

    NOTE:The ndsclone module can also be loaded using the ndstrace -c "load ndsclone" command.

  2. Disable the inbound sync from iMonitor agent configuration page before starting the clone DIB process on the source server.

  3. Create the clone DIB fileset.

    1. Run Clone DIB Configuration in iMonitor.

      Click Agent Configuration > Clone DIB Set > Create New Clone.

    2. Specify the fully qualified name of the target server and the file path where the cloned DIB files will be placed, then check the Create Clone Object and the Clone DIB Online boxes.

      The NCP Server name (Clone Object) of the target server must match the target server name.

    3. Click Submit.

      The NDS Clone object is created and the DIB fileset is copied to the specified destination.

  4. Install and configure eDirectory on the target server and bring down the server.

  5. Copy the DIB directory containing the cloned DIB fileset to the target server.

    Additionally, on Linux system, copy the /etc/opt/novell/eDirectory/conf/nds.conf file from the source server to the target server and update the following references to the target server:

    • Change the IP Address for the following parameters

      • n4u.server.interfaces

      • http.server.interfaces

      • https.server.interfaces

    • Provide the NCP Server Name which is created in step 3b in the n4u.nds.server-name parameter

    • Provide the Preferred Server Name in n4u.nds.preferred-server parameter. Usually the host name of the target server is considered as the preferred server name.

  6. Remove the nicisdi.key from /var/opt/novell/nici/0 and /var/opt/novell/nici/0/backup on the target server.

  7. Now start the target server and run the ndsconfig upgrade command.

    NOTE:On Windows, You need to run the eDirectory Setup file. You also need to select and login to the eDirectory tree while the Setup file is being run to upgrade your eDirectory server.

  8. Ensure that master replica of the target Server object is running eDirectory and is available. When eDirectory initializes on the target server, it communicates with the master replica where the final naming of the target server is resolved.

  9. Make sure that the replica attribute value of the target server is synched with all the servers. Once the attribute changes are available on all servers, re-enable the inbound sync on the source server. The inbound sync can be enabled either through the iMonitor agent configuration page or through DSTrace.

  10. To complete the eDirectory configuration, see Completing the eDirectory Configuration.

Offline Method

  1. Create the clone DIB fileset.

    1. Run Clone DIB Configuration in iMonitor.

      Click Agent Configuration > Clone DIB Set > Create New Clone.

    2. Specify the fully qualified name of the target server, check the Create Clone Object box, then uncheck the Clone DIB Online box.

      The NCP Server name of the target server must match the target server name.

    3. Click Submit.

      The NDS clone object is created, the DIB is locked in the source server, and an error reports that eDirectory is locked.

  2. Install and configure eDirectory on the target server and bring down the server.

  3. Manually copy the *.nds, nds*, and nds.rfl/*.* files from the source server’s DIB directory to a destination or media on the target server convenient for moving the set to the target server's DIB directory. Additionally, on Linux system, transfer the /etc/opt/novell/eDirectory/conf/nds.conf file to the target server and update the following references to the target server:

    • Change the IP Address for the following parameters

      • n4u.server.interfaces

      • http.server.interfaces

      • https.server.interfaces

    • Provide the NCP Server Name which is created in step 1b in the n4u.nds.server-name parameter

    • Provide the Preferred Server Name in n4u.nds.preferred-server parameter. Usually the host name of the target server is considered as the preferred server name.

  4. Remove the nicisdi.key from /var/opt/novell/nici/0 and /var/opt/novell/nici/0/backup on the target server.

  5. Export NDSD_DISABLE_INBOUND=Y environment variable, then start ndsd to disable the inbound sync on the source server.

  6. Restart eDirectory on the source server.

    If eDirectory is restarted on the source server before the files are copied, this clone is invalid. The new NCP Server object must then be deleted and the clone must be recreated.

  7. Now start the target server and run the ndsconfig upgrade command.

    NOTE:On Windows, You need to run the eDirectory Setup file. You also need to select and login to the eDirectory tree while the Setup file is being run to upgrade your eDirectory server.

  8. Make sure that the replica attribute value of the target server is synched with all the servers. Once the attribute changes are available on all servers, reenable the inbound sync on the source server. The inbound sync can be enabled either through the iMonitor agent configuration page or through DSTrace.

  9. Install eDirectory and start the server on the target server, with the DIB directory containing the cloned DIB fileset.

    Ensure that master replica of the new target server object is running eDirectory and is available. When eDirectory initializes on the target server, it communicates with the master replica where the final naming of the target server is resolved.

  10. To complete the eDirectory configuration, see Completing the eDirectory Configuration.

Completing the eDirectory Configuration

SDIKEY

  1. Bring down eDirectory on the target server.

  2. Move or rename the /var/opt/novell/nici/0/nicisdi.key and the /var/opt/novell/nici/0/backup/nicisdi.key file on file system of the target server.

    Platform

    Directory

    Windows

    C:\WINDOWS\system32\novell\nici\nicisdi.key

    Linux

    /var/opt/novell/nici/0/nicisdi.key

    /var/opt/novell/nici/0/backup/nicisdi.key

  3. Start eDirectory on the target server.

Configuring SAS, LDAP, and SNMP Services

All the services listed below can be configured in one operation by entering the following command at the command line:

ndsconfig upgrade [-a admin FDN]

IMPORTANT:The above command is applicable only to Linux.

For configuring the services individually, refer the following tables:

SAS

Platform

Command or Tool

Windows

Create SAS Service object and Certificates by using iManager.

LDAP

Platform

Command or Tool

Windows

Create LDAP Server and Group Objects by using iManager.

SNMP

Platform

Command or Tool

Windows

rundll32 snmpinst, snmpinst -c createobj -a userFDN -p password -h hostname_or_IP_address