2.5 Upgrading eDirectory

When upgrading eDirectory, you can upgrade from eDirectory 8.8.8.x 64-bit to eDirectory 9.1 64-bit.

NOTE:To upgrade from a 32-bit version of eDirectory to a 64-bit version of eDirectory, first upgrade 32-bit version to eDirectory 8.8.x 64-bit version and then upgrade it to eDirectory 9.1. You can follow the same procedure for upgrading a 64-bit eDirectory to eDirectory 9.1.

The following sections provide information to help you upgrade your existing eDirectory installation to the current version.

NOTE:The ndsconfig upgrade command is used to upgrade the necessary configuration of the individual components such as HTTP, LDAP, SNMP, SAS, and NetIQ Modular Authentication Service (NMAS).

2.5.1 Server Health Checks

With eDirectory 9.1, when you upgrade eDirectory, a server health check is conducted by default to ensure that the server is safe for the upgrade:

Based on the results obtained from the health checks, the upgrade will either continue or exit as follows:

  • If all the health checks are successful, the upgrade will continue.

  • If there are minor errors, the upgrade will prompt you to continue or exit.

  • If there are critical errors, the upgrade will exit.

See Section B.0, eDirectory Health Checks for a list of minor and critical error conditions.

Skipping Server Health Checks

To skip server health checks, run nds-install -j or ndsconfig upgrade -j from the installation folder.

For more information, see Section B.0, eDirectory Health Checks.

2.5.2 Upgrading on Linux Servers Other Than OES

eDirectory upgrade is supported from eDirectory 8.8 onwards.

To upgrade, use the nds-install utility. This utility is located in the Setup directory of the downloaded file for Linux platform. Enter the following command from the Setup directory:


After the upgrade to eDirectory 9.1, the default location of the configuration files, data files, and log files are changed to /etc/opt/novell/eDirectory/conf, /var/opt/novell/eDirectory/data, and /var/opt/novell/eDirectory/log, respectively.

The new directory /var/opt/novell/eDirectory/data uses a symbolic link to the /var/nds directory.

The old configuration file /etc/nds.conf is migrated to /etc/opt/novell/eDirectory/conf directory. The old configuration file /etc/nds.conf and the old log files under /var/nds are retained for reference.

NOTE:Run ndsconfig upgrade after nds-install, if the upgrade of the DIB fails and nds-install asks to do so. If eDirectory services are not starting after upgrading the OS from RHEL 6.8 to 7.1, run the ndsconfig upgrade command.

NOTE:Health check fails due to time sync. To resolve this issue, perform a time sync between the instances. You can ignore this warning message during upgrade.

2.5.3 Unattended Upgrade of eDirectory on Linux

On Linux, eDirectory provides switches and options along with the install script and configuration utility that facilitates the unattended upgrade. The following sections discuss various steps for unattended eDirectory upgrade on Linux:

  1. Perform the health check of eDirectory:

    Health check of all the root instances planned for upgrade is manually done by using ndscheck utility.

    1. export LD_LIBRARY_PATH to the <untarred location of eDirectory>/eDirectory/setup/utils

    2. Run ndscheck using one of the below commands:

      <untarred location of eDirectory>/eDirectory/setup/utils/ndscheck -a <user name> -w passwd --config-file <nds.conf with absolute path> 

      Passing the password through environment variable: <untarred location of 88SP8>/eDirectory/setup/utils/ndscheck -a <user name> -w env:<environment variable> --config-file <nds.conf with absolute path>

      Passing the password through file: <untarred location of 88SP8>/eDirectory/setup/utils/ndscheck -a <user name> -w file:<filename> --config-file <nds.conf with absolute path>

      Any one of the above can be used in the automated script for the health check. For example:

      /Builds/eDirectory/utils/ndscheck -a admin.novell -w n 
      /Builds/eDirectory/utils/ndscheck -a admin.novell -w env:ADM_PASWD 
      /Builds/eDirectory/utils/ndscheck -a admin.novell -w file:adm_paswd 
  2. Upgrade the eDirectory 9.1 packages:

    1. Run the nds-install script to upgrade the packages as below:

      nds-install -u -i -j
  3. Update the following environment variables:

  4. Upgrade eDirectory using the ndsconfig utility for all the root instances by executing the following commands:

    ndsconfig upgrade -a <user name> -w passwd -c --config-file <nds.conf with absolute path> --configure-eba-now <yes/no>

    NOTE:To enable Enhanced Background Authentication, specify yes to the --configure-eba-now switch in the ndsconfig upgrade command. Otherwise, specify no to configure it later.

    Passing the password through environment variable: ndsconfig upgrade -a <user name> -w env:<environment variable> -c --config-file <nds.conf with absolute path> --configure-eba-now <yes/no>

    Passing the password through file: ndsconfig upgrade -a <user name> -w file:<filename with absolute/relative path> -c --config-file <nds.conf with absolute path> --configure-eba-now <yes/no>

    Any of the above can be used in the automated script for the eDirectory upgrade. For example:

    ndsconfig upgrade -a admin.novell -w n -c -–config-file /etc/opt/novell/eDirectory/conf/nds.conf --configure-eba-now <yes/no>
    ndsconfig upgrade -a admin.novell -w env:ADM_PASWD -c --config-file /etc/opt/novell/eDirectory/conf/nds.conf --configure-eba-now <yes/no>
    ndsconfig upgrade -a admin.novell -w <password file path>/adm_paswd -c --config-file /etc/opt/novell/eDirectory/conf/nds.conf --configure-eba-now <yes/no>

2.5.4 Upgrading the Tarball Deployment of eDirectory 9.1

If you want to upgrade the tarball deployment from eDirectory 8.8 to eDirectory 9.1, perform the following steps:

  1. Download the tarball build.

  2. Take backup of the following configuration files:

    • $NDSHOME/eDirectory/etc/opt/novell/eDirectory/conf/ndsimon.conf

    • $NDSHOME/eDirectory/etc/opt/novell/eDirectory/conf/ice.conf

    • $NDSHOME/eDirectory/etc/opt/novell/eDirectory/conf/ndsimonhealth.conf

    • $NDSHOME/eDirectory/etc/opt/novell/eDirectory/conf/ndssnmp/ndssnmp.cfg

    • $NDSHOME is the location where eDirectory is installed.

  3. For upgrade of eDirectory versions lower than 8.8 SP1, do the following:

    • Perform disk space check using ndscheck -D --config-file conf_file_path

    • Create an empty file upgradeDIB under the DIB location of each server instance.

      The list of instances can be obtained using the ndsmanage utility.

  4. Run pre upgrade health check for the all instances using ndscheck and check the ndscheck.log file for any errors before proceeding with the upgrade.

  5. Stop all instances using ndsmanage.

  6. Untar the tarball in the same location ($NDSHOME) where eDirectory is installed. By untarring the tarball in the same location, you are overwriting the binaries and libraries.

  7. Upgrade the following package if necessary.






    • novell-NOVLsubag-9.1.0-0.x86_64.rpm

    • nici64-3.1.0-0.00.x86_64.rpm

      NOTE:For more information on installing 64-bit NICI, refer to the Installing NICI.

  8. Restore the configuration files.

  9. Run the $NDSHOME/eDirectory/opt/novell/eDirectory/bin/ndspath for setting all environment variables.

  10. Run ndsconfig upgrade -j for all instances. While running ndsconfig upgrade follow the order in which the master replica is the first and followed by Read/Write and others.

2.5.5 Upgrading Multiple Instances

This section contains the following information:

Root User has Multiple Instances

If you run nds-install after upgrading the package, it prompts you to upgrade the DIB files of all the eDirectory server instances, which might take a long time to complete. If you wish to perform the DIB upgrade in parallel, you can do it manually. For information about manually upgrading the DIB, refer to the eDirectory Release Notes. If you upgrade the DIB for all the active instances one by one, it runs the ndsconfig upgrade command separately for each instance. If you have a larger DIB, you can select No and run the ndsconfig upgrade in parallel in separate shells, which can reduce the upgrade time of each instance.

Non Root User's Instances

If you have non root users’ instances which are using root users’ binaries, before doing the package upgrade you need to run ndscheck for such instances and make sure that their health is proper by referring the ndscheck.log file. If you run nds-install, it stops all the instances, including the non root user's instances. After doing the package upgrade, the nds-install command does not call ndsconfig upgrade for non-root user's instances. You need to manually run ndsconfig upgrade for all non-root user's instances to start these instances.

Order of Upgrade

While running ndsconfig upgrade, it is recommended to follow the order in which master replica comes first and then Read/Write or other replicas.