eDirectory Recovery on Linux with DibClone

  • 3765453
  • 09-Mar-2007
  • 26-Apr-2012


eDirectory 8.7.3


Large eDirectory database is corrupt and must be reinstalled. Adding replicas back to a large database can take hours. Combining the DibClone process with the eDirectory removal process will save valuable time.


This procedure is for recovery of large eDirectory 8.7.3 databases.

1) Stop eDirectory on the target server (problem server)

/etc/init.d/ndsd stop

2) Rename and recreate the /var/nds/dib directory on the target server

mv /var/nds/dib /var/nds/dib-old
mkdir /var/nds/dib

3) Delete the the following objects from eDirectory (be careful to verify the object is associated with the problem server): NCP Server, Ldap Group, Ldap Server, Certificate DNS, Certificate IP, Http Server, SAS Service, SNMP Group

4) Use ndssch to extend the schema for dibclone from one of the servers holding a copy of root.

cd /usr/lib/nds-schema
ndssch admin.context dibclone.sch

5) Add an "ndsclone” entry to the /usr/lib/nds-modules/ndsmodules.conf
Then use the http://IP address:port/dhost page to load the Directory Clone Agent.

Verify ndsclone is running by typing "ndstrace -c modules | grep ndsclone” at the console
NOTE: If you see a -6042 error while running dibclone, then it is most likely caused by the dibclone module not running.

6) Run Clone DIB Configuration in iMonitor.
Click Agent Configuration > Clone DIB Set > Create New Clone.

Specify the fully qualified name of the target server and the file path where the cloned
DIB files will be placed, then check the Create Clone Object and the Clone DIB Online


The NCP Server name (Clone Object) of the target server must match the target server host

Click Submit.
The NDS Clone object is created and the DIB fileset is copied to the specified destination.

7) Tar the dibset and gzip with:
Change into the directory of the cloned dib
tar -cvf dib.tar *.*
gzip dib.tar

8) Use secure copy to copy the tar to the target server dib directory
scp dib.tar.gz root@ipaddress:/var/nds/dib

9) Copy the nds.conf file from the source to the target and update all the references to the source server in the file with the target server name.

Rename the /etc/nds.conf file on the target:
cd /etc
mv nds.conf nds.conf-old

Copy from the source server:

scp /etc/nds.conf root@ipaddress:/etc/

10) Decompress the dib.tar.gz file on the target

gunzip dib.tar.gz
tar -xvf dib.tar

11) Make sure the master replica of the target Server object is running eDirectory and is available.
When eDirectory initializes on the target server, it communicates with the master replica
where the final naming of the target server is resolved.

12) Copy the SDI Key from the source server to the target server.

scp /var/novell/nici/0/nicisdi.key root@ipaddress:/var/novell/nici/0/

13) Start eDirectory on the target:

/etc/init.d/ndsd start

14) Recreate the Ldap, Security, and HTTP objects on the target server:

ndsconfig upgrade

Additional Information

Some applications will create attributes on the NCP Server object. The Cloned server will be installed with only default attributes. Additional attributes may need to be manually added or the application reinstalled.