Environment
SLES 9
eDirectory 8.7.3
eDirectory 8.7.3
Situation
Large eDirectory database is corrupt and must be
reinstalled. Adding replicas back to a large database can
take hours. Combining the DibClone process with the
eDirectory removal process will save valuable time.
Resolution
This procedure is for recovery of large eDirectory 8.7.3
databases.
1) Stop eDirectory on the target server (problem server)
/etc/init.d/ndsd stop
2) Rename and recreate the /var/nds/dib directory on the target server
mv /var/nds/dib /var/nds/dib-old
mkdir /var/nds/dib
3) Delete the the following objects from eDirectory (be careful to verify the object is associated with the problem server): NCP Server, Ldap Group, Ldap Server, Certificate DNS, Certificate IP, Http Server, SAS Service, SNMP Group
4) Use ndssch to extend the schema for dibclone from one of the servers holding a copy of root.
cd /usr/lib/nds-schema
ndssch admin.context dibclone.sch
5) Add an "ndsclone” entry to the /usr/lib/nds-modules/ndsmodules.conf
Then use the http://IP address:port/dhost page to load the Directory Clone Agent.
Verify ndsclone is running by typing "ndstrace -c modules | grep ndsclone” at the console
NOTE: If you see a -6042 error while running dibclone, then it is most likely caused by the dibclone module not running.
6) Run Clone DIB Configuration in iMonitor.
Click Agent Configuration > Clone DIB Set > Create New Clone.
Specify the fully qualified name of the target server and the file path where the cloned
DIB files will be placed, then check the Create Clone Object and the Clone DIB Online
boxes.
server1.context
The NCP Server name (Clone Object) of the target server must match the target server host
name.
Click Submit.
The NDS Clone object is created and the DIB fileset is copied to the specified destination.
7) Tar the dibset and gzip with:
Change into the directory of the cloned dib
tar -cvf dib.tar *.*
gzip dib.tar
8) Use secure copy to copy the tar to the target server dib directory
scp dib.tar.gz root@ipaddress:/var/nds/dib
9) Copy the nds.conf file from the source to the target and update all the references to the source server in the file with the target server name.
Rename the /etc/nds.conf file on the target:
cd /etc
mv nds.conf nds.conf-old
Copy from the source server:
scp /etc/nds.conf root@ipaddress:/etc/
10) Decompress the dib.tar.gz file on the target
gunzip dib.tar.gz
tar -xvf dib.tar
11) Make sure the master replica of the target Server object is running eDirectory and is available.
When eDirectory initializes on the target server, it communicates with the master replica
where the final naming of the target server is resolved.
12) Copy the SDI Key from the source server to the target server.
scp /var/novell/nici/0/nicisdi.key root@ipaddress:/var/novell/nici/0/
13) Start eDirectory on the target:
/etc/init.d/ndsd start
14) Recreate the Ldap, Security, and HTTP objects on the target server:
ndsconfig upgrade
1) Stop eDirectory on the target server (problem server)
/etc/init.d/ndsd stop
2) Rename and recreate the /var/nds/dib directory on the target server
mv /var/nds/dib /var/nds/dib-old
mkdir /var/nds/dib
3) Delete the the following objects from eDirectory (be careful to verify the object is associated with the problem server): NCP Server, Ldap Group, Ldap Server, Certificate DNS, Certificate IP, Http Server, SAS Service, SNMP Group
4) Use ndssch to extend the schema for dibclone from one of the servers holding a copy of root.
cd /usr/lib/nds-schema
ndssch admin.context dibclone.sch
5) Add an "ndsclone” entry to the /usr/lib/nds-modules/ndsmodules.conf
Then use the http://IP address:port/dhost page to load the Directory Clone Agent.
Verify ndsclone is running by typing "ndstrace -c modules | grep ndsclone” at the console
NOTE: If you see a -6042 error while running dibclone, then it is most likely caused by the dibclone module not running.
6) Run Clone DIB Configuration in iMonitor.
Click Agent Configuration > Clone DIB Set > Create New Clone.
Specify the fully qualified name of the target server and the file path where the cloned
DIB files will be placed, then check the Create Clone Object and the Clone DIB Online
boxes.
server1.context
The NCP Server name (Clone Object) of the target server must match the target server host
name.
Click Submit.
The NDS Clone object is created and the DIB fileset is copied to the specified destination.
7) Tar the dibset and gzip with:
Change into the directory of the cloned dib
tar -cvf dib.tar *.*
gzip dib.tar
8) Use secure copy to copy the tar to the target server dib directory
scp dib.tar.gz root@ipaddress:/var/nds/dib
9) Copy the nds.conf file from the source to the target and update all the references to the source server in the file with the target server name.
Rename the /etc/nds.conf file on the target:
cd /etc
mv nds.conf nds.conf-old
Copy from the source server:
scp /etc/nds.conf root@ipaddress:/etc/
10) Decompress the dib.tar.gz file on the target
gunzip dib.tar.gz
tar -xvf dib.tar
11) Make sure the master replica of the target Server object is running eDirectory and is available.
When eDirectory initializes on the target server, it communicates with the master replica
where the final naming of the target server is resolved.
12) Copy the SDI Key from the source server to the target server.
scp /var/novell/nici/0/nicisdi.key root@ipaddress:/var/novell/nici/0/
13) Start eDirectory on the target:
/etc/init.d/ndsd start
14) Recreate the Ldap, Security, and HTTP objects on the target server:
ndsconfig upgrade
Additional Information
Some applications will create attributes on the NCP Server
object. The Cloned server will be installed with only default
attributes. Additional attributes may need to be manually added or
the application reinstalled.