3.5 Linux/UNIX Configuration

3.5.1 32-Bit and 64-Bit Configuration Files

You can configure both 32-bit and 64-bit Linux/UNIX systems with the appropriate configuration file.

32-Bit Configuration

The /etc/opt/novell/nici.cfg file emulates the Windows registry in an editable text file. Most of the entries are set up by the NICI install. A typical /etc/opt/novell/nici.cfg file is shown below.

NICISDI Sync Period:b:1:3c

64-Bit Configuration

The /etc/opt/novell/nici64.cfg file emulates the Windows registry in an editable text file. Most of the entries are set up by NICI install. A typical /etc/opt/novell/nici64.cfg file is shown below.


3.5.2 Understanding a Linux/UNIX Configuration File

Each line can have multiple entries all separated by a colon (:). The first entry in a line is the name, followed by its type. The second is the length in decimal, followed by the actual value. There are two types, string (s) and binary (b). For example, the name of the first line in the sample in 32-Bit Configuration is ConfigDirectory, of type string (s) of 16 characters. The value is /var/opt/novell/nici. The name of the last line is NICISDI Sync Period, of type binary (b) of 1 hexadecimal digit; its value is 0x3c, or 60 in decimal, which represents minutes for this particular parameter.

Each line is described in Table 3-4, or in Table 3-3.

Table 3-4 Linux/Unix Key Values




This executable executed to create user directories. /var/novell/nici/nicimud is supplied by the NICI install.


NICI version string.


NICI build version string.


NICI module’s build date; year, month, and day, each in two decimal digits.


u0 for strong, w1 for import restricted (no longer supported).

NICISDI Sync Period

(Optional) NICISDI synchronization period in minutes, represented in hexadecimal.

The libniciext.so module reads the NICISDI sync period value when ndsd loads it. If the value does not exist, or if the period is zero, NICIEXT does not attempt to read it again. If the value exists and contains a non-zero period, the value is read once in a period before synchronization. You can disable the background synchronization process by deleting the value, or setting the period to zero.

The /var/opt/novell/nici/uid/nicisdi.key file contains the encrypted security domain keys as discussed in Section 4.0, NICISDI: Security Domain Infrastructure. The UID is the numeric user ID defined by the UNIX system. For example, it is typically 0 for root. Having a nicisdi.key file for each user enables multiple instances of eDirectory running with different user IDs to host multiple trees on the same physical box.

All users have read and execute (where applicable) rights to the files in the NICI configuration directory (/var/opt/novell/nici). Only the installing user has full rights in the configuration directory. User directories are created by a setuid executable (nicimud, meaning the NICI Make User directory) provided by NICI install by user IDs. The nicimud creates a user directory upon the first use of NICI by that user, and gives full rights only to the user creating the directory (0700).