22.1 Using the Command Line Client

One way to access is to use its Java command line client. The command line client has two modes: interactive and batch. In the interactive mode, you run the commands one at a time. In the batch mode, you can run a group of commands unattended. The command line client has logging service for both modes.

The command line client is a Java application. To run it, you must have access to the Java Runtime Environment, Sun JVM 1.3.1, which is installed with eDirectory. You must also have access behind the firewall to the servers you want to manage. You can perform tasks for multiple servers from one server or workstation.

NOTE:The eDirectory Management Toolbox only supports English, both in the command line client and command line help.

In this section:

22.1.1 Displaying the Command Line Help

To display the general command line help before going in to the Client, do the following:

  • Linux: At the command line, enter edirutil -?.

  • Windows: Run drive\novell\nds\\edirutil.exe -?

To display the interactive command line help while you are in the interactive mode, at the Client prompt enter a question mark (?). For example, Client> ?

The help displays information on the command line options like the information in eMBox Command Line Client Options.

22.1.2 Running the Command Line Client in Interactive Mode

Interactive mode lets you run commands one at a time.

In this section:

Running the Client on an eDirectory Server

The Client and Sun JVM 1.3.1 are installed with eDirectory. To open the Client in interactive mode on an eDirectory server, do the following:

  • Linux: At the command line, enter edirutil -i.

  • Windows: Run drive\novell\nds\edirutil.exe -i

The edirutil file gives you a shortcut to running the Client. It points to the Java executable and the default location where the Client is installed with eDirectory. You can also enter the information manually, as described in Setting Up the Path and Classpath for Client.

You must have access behind the firewall to use the command line client for the servers you want to manage—so if you are remote, you'll need VPN access.

Running the Client on a Workstation

To use the Client on a machine other than an eDirectory server:

  • Copy the eMBoxClient.jar file from an eDirectory server to your machine.

    • Windows: \novell\nds\\eMBoxClient.jar

    • Linux: /opt/novell/eDirectory/lib/nds-modules//eMBoxClient.jar

  • Make sure the machine has Sun JVM 1.3.1 installed.

  • Make sure you have access behind the firewall to use the command line client for the servers you want to manage.

You can't use the edirutil command on a workstation as a shortcut to getting in to the Client in interactive mode as you can on a server. You must either set up the environment once in your path and class path, or enter it manually each time. See Setting Up the Path and Classpath for Client.

Setting Up the Path and Classpath for Client

If you are running the Client on an eDirectory server and have not changed the location of Java or the eMBoxClient.jar file, you can use edirutil as a shortcut to running the Client. See Running the Client on an eDirectory Server.

But if you have changed the default locations, or you are running the eMBoxClient.jar file on a machine that is not a server, or you want to enter the classpath manually, you need to set up the path and classpath for the Client as explained in this section.

You can run the Client from anywhere on your machine if you do the following:

  • Add to your path the directory where the Java executable (for example, java.exe) is located, or make sure that Java is already running.

    If you are on a server, this is probably already done for you. On Windows, Linux, and UNIX servers, the directory needs to be in your path.

    On a workstation, you might need to set it up yourself. For example, in Windows, click Start > Settings > Control Panel > System. On the Advanced tab, click Environment Variables and add the path to the Path variable.

    To enter this manually: If the path to the Java executable has not been added to your path, at the command line you will need to first change to the directory containing the Java executable before running. For example, in Windows enter cd c:\novell\nds\\jre\bin

  • Add the path to the eMBoxClient.jar file to your classpath.

    Windows server or workstation: set CLASSPATH=path\eMBoxClient.jar

    Linux server or workstation: export CLASSPATH=path/eMBoxClient.jar

    To enter this manually: An alternative way to specify the classpath is to use the -cp flag for Java each time you want to run:

    java -cp path/eMBoxClient.jar -i
    

    For example, in Windows enter java -cp c:\novell\nds\\eMBoxClient.jar -i

After doing both of these steps, you can run the client in interactive mode from anywhere on your machine using the following command:

java  -i

For information on Java commands, see the Java documentation on the Oracle Web site.

Logging In to a Server

To log in to a server, you need to specify the server name or IP address and the port number to connect to a particular server. A user name and password are not needed for public logins.

For example, after opening the Client in interactive mode, enter

login -s 137.65.123.244 -p 8008 -u admin.mycompany 
-w mypassword -n

For more information about port numbers, see Finding Out eDirectory Port Numbers.

Setting Preferred Languages, Timeout, and Log File

The default language is the client system language, so in most cases you won’t need to explicitly set a language. Similarly, the default timeout should work in most cases. To set the log file, specify the filename and the mode for opening it (append or overwrite).

See the following table for sample commands.

Command

Description

set -L en,de

Sets the language preference to English and German (in that order).

set -T 100

Sets the timeout to 100 seconds. The timeout setting specifies how long to wait for responses from the server.

set -l mylog.txt -o

Uses mylog.txt as the log file and overwrites when opening it.

Default=append

Listing eMTools and Their Services

After logging in to a server, you can use the list command to display a list of the services available on that server.

The list command displays the following eMTools and their services dynamically:

eMTool

Description

Backup

NetIQ eDirectory Backup eMTool

DSMerge

NetIQ eDirectory Merge eMTool

DSRepair

NetIQ eDirectory Repair eMTool

DSSchema

NetIQ eDirectory Schema Operations eMTool

service

NetIQ eDirectory Service Manager eMTool

Use -r to force the refresh of the list. Use -t to list service details. Use -f to list just the command format.

See the following table for sample commands.

Command

Description

list

Lists the eMTools available on the server.

list -r

Refreshes the eMTool list.

list -t backup

Lists Backup services with details.

list -t dsrepair

Lists DSRepair services with details.

list -t dsmerge -f

Lists DSMerge services with command formats only.

Running a Particular Service

You can perform tasks using each of the eMTool services after you have logged in to a server. For example:

Command

Description

dsrepair.rld

Repair local database.

backup.getconfig

Get backup configuration information.

For more information, see the following:

Logging Out From the Current Server

To log out from the current session, use the following command:

logout

If you log in to a different server, you don't need to use this command. You are automatically logged out of the current server.

Exiting the Client

To exit the client, use either of the following commands:

exit

or

quit

22.1.3 Running the Command Line Client in Batch Mode

There are three ways you can run the Client in batch mode:

You can use a combination of the system and internal batch files for more flexibility and for organizing and reusing commands that you run often.

Single Tasks

You can perform a single task in batch mode at the command line, simply by entering the command using the -t option to specify the tool and task, and omitting the -i option (-i specifies interactive mode). For example,

java -s 137.65.123.244 -p 8008 -u admin.mycompany 
-w mypassword -l mylog.txt -t dsrepair.rld -n

For multiple tasks on different servers, or for tasks you perform often, a better alternative is to use an internal batch file. For more information, see the following section, Internal Batch File.

Internal Batch File

To run the Client in batch mode using a Client internal batch file, you need to create a file which contains a group of commands you would run in the interactive mode.

A Client internal batch file lets you run all the commands in the batch file without your attention. You can perform multiple tasks with multiple tools on the same server without logging in and logging out again for each task. From one server, you can also perform tasks with multiple tools on multiple servers.

Internal batch files can help you organize and reuse commands that you perform often, so you don't need to enter them manually at the command line each time.

You can go to the command line and run the internal batch file using a Client command. For example, this command logs in to a server and runs the commands listed in the mybatch.mbx file:

java -s 137.65.123.244 -p 8008 -u admin.mycompany -w mypassword -l mylog.txt -o -b mybatch.mbx -n

Another option is to put the same kind of command in a system batch file, so that you can schedule it to run on the server unattended. See System Batch File.

Here is an example of an internal batch file. It contains examples of the commands you could run and an example of logging in to a different server. This example assumes that you logged in to a server when you opened the Client. Each command must be on a separate line. Lines beginning with # are comments.

# This file is named mybatch.mbx.
# This is an example of commands you could use in 
# an internal command batch file. 

# Backup commands 
backup.getconfig 
backup.backup -b -f mybackup.bak -l backup.log -t -w
 
# DSRepair commands 
dsrepair.rld 

# Log in to a different server
login -s 137.65.123.255 -p 8008 -u admin.mycompany -w mypassword -n

# DSMerge commands 
dsmerge.pr -u admin.mycompany -p admin.mycompany -n mypassword # Schema Operations 
dsschema.rst 
dsschema.dse 
dsschema.rls 
dsschema.gsu 
dsschema.scc 
dsschema.irs -n LocalTree
 
# DSService commands 
service.serviceList 
 
# End of example.

System Batch File

As with other command line tools, you can create system batch files containing Client commands and run them manually at the command line or schedule them to run on the server unattended. For example, you can run backups unattended, using system batch files like the examples described in Doing Unattended Backups, Using a Batch File with the eMBox Client.

From one server, you can perform tasks with multiple tools on multiple servers.

In a system batch file, you can use a combination of Client single commands and internal batch files for more flexibility and for organizing and reusing commands that you run often. For more information, see Internal Batch File above.

Consult the documentation for your operating system or third-party scheduling software for instructions on how to run batch files unattended.

22.1.4 eMBox Command Line Client Options

Option

Description

-? or -h

Display help information

-i

Interactively run commands one at a time.

-s server

Name or IP address of the server.

Default=127.0.0.1

-p port

Port number of the server.

Default=8008

-u user

User DN. For example, admin.mycompany.

Default=anonymous

-w password

Password associated with the user specified with -u.

-m mode

Login mode.

Default=dclient

-n

Do not try to make a secure SSL connection. Use a nonsecure connection.

If you do not use this option, the Client will try to establish an SSL connection, and you must have the JSSE files in your class path or it will return an error. See Establishing a Secure Connection with the Client for more information.

-l log file

Name of the log file.

-o

Overwrite the log file when opening it.

-T timeout

How long (in seconds) to wait for responses from the server.

-L language

List of comma-delimited acceptable languages in order of preference, such as en-US,de_DE. This option defaults to the client system language.

-t [tool.]task options

Perform a single service with this connection. The string following -t should be a valid command.

-b batch file

Perform a group of services as specified in the batch file. The commands in the batch file should be put on separate lines. Lines preceded by # are comments.

22.1.5 Establishing a Secure Connection with the Client

If you use a nonsecure connection, all the information you enter, such as user names and passwords, is sent over the wire in clear text.

If you instead want to establish a secure connection using SSL, do the following:

  • Make sure you don't use the -n option in your command when logging in to a server. It specifies a nonsecure connection. A secure connection is the default.

  • Make sure you have the following Java Secure Socket Extension (JSSE) files in your class path:

    • jsse.jar

    • jnet.jar

    • jcert.jar

    If you don't, the Client will return an error saying that it cannot establish a secure connection.

    You can get these files and information about JSSE from the Oracle Web site.

22.1.6 Finding Out eDirectory Port Numbers

When logging in to a server in the Client, you must specify a port number.

If you specified a port number when you installed eDirectory, use that number.

For all platforms, the default nonsecure port is 8008, and the default secure port is 8030.

The following sections give some additional tips for finding out the port that is assigned to eDirectory:

On Windows

  1. Click Start > Settings > Control Panel.

  2. Double-click the NetIQ eDirectory Services icon, then click the Transport tab.

  3. Look up the secure or nonsecure port.

    • For the nonsecure port, click the plus sign next to HTTP.

    • For the secure port, click the plus sign next to HTTPS.

    Click the plus sign next to Bound Transports to see the port number.

On Linux

You can use this command to see a list of ports:

ndsconfig get | grep http

Look for the lines that say http.server.interface and then a port number.