Environment
Novell Open Enterprise Server 1 (OES 1) Support Pack 1
Novell Open Enterprise Server 1 (OES 1) Support Pack 2
Novell Open Enterprise Server 2 (OES 2)
Novell Open Enterprise Server (Linux based)
Novell Open Enterprise Server 1 (OES 1) Support Pack 2
Novell Open Enterprise Server 2 (OES 2)
Novell Open Enterprise Server (Linux based)
Situation
Which options can be used for ndsconfig command
Resolution
The ndsconfig utility is a command-line front end to configure eDirectory. When the ndsconfig utility is used with arguments, all the arguments are validated. If it is invoked without arguments, ndsconfig displays the synopsis and the options. After validating the arguments, ndsconfig prompts for the user object's password.
SYNOPSIS
ndsconfig new [-m <modulename>] [-i] [-S <server name>] [-t <tree_name>] [-n <server context>] [-d <path_for_dib>][-P <LDAP URL(s)>] [-L ldap_port>]
[-l <ssl_port>] [-o http port] [-O https port] [-e] -a <admin FDN> [-p <IP address:[port]>] [-R] [-c] [-w <admin password>] [-b <port to bind>]
[-B <interface1@port1, interface2@port2,..>] [-D <path_for_data>] [--config-file <configuration file>]
ndsconfig def [-m <modulename>] [-S <server name>] [-t <tree_name>] [-n <server context>] [-d <path_for_dib>][-P <LDAP URL(s)>] [-L <ldap_port>]
[-l <ssl_port>] [-o http port] [-O https port] [-e] -a <admin FDN> [-w <admin password>] [-c] [-i] [-p <IP address:[port]>] [-R] [-D <path_for_data>]
[--config-file <configuration file>]
ndsconfig add [-m <modulename>] [-S <server name>] [-t <tree_name>] [-n <server context>] [-d <path for dib>][-P <LDAP URL(s)>] [-L <ldap_port>]
[-l <ssl_port>] [-o http port] [-O https port] [-e] -a <admin FDN> [-w <admin password>] [-E] [-p <IP address:[port]>] [-R] [-c] [-b <port to bind>]
[-B <interface1@port1, interface2@port2,..>] [-D <path_for_data>] [--config-file <configuration file>]
ndsconfig rm [-p <IP address:[port]>] [-c] [-w <admin password>] [-a <admin FDN>] [-b <port to bind>] [--config-file <configuration file>]
ndsconfig upgrade [-a <admin FDN>] [-w <admin password>] [-c] [-j] [-p <IP address:[port]>] [--config-file <configuration file>]
ndsconfig {set <valuelist> | get [<paramlist>] | get help [<paramlist>]}[-p <IP address:[port]>] [-R]
DESCRIPTION
The ndsconfig utility is a command-line front end to configure eDirectory.
When the ndsconfig utility is used with arguments, all the arguments are validated. If it is invoked without
arguments, ndsconfig displays the synopsis and the options. After validating the arguments, ndsconfig
prompts for the user object's password.
Configure New Tree
Configures a new tree with the tree name specified by the user in the specified context.
Configure eDirectory
Adds the server into an existing tree in the context the user specifies. If the context to
which the user wants to add the server object does not exist, ndsconfig creates the con‐
text and adds the server. The server name must be unique in the tree.
Remove eDirectory Removes the eDirectory server object from the tree.
Upgrade eDirectory
Upgrades eDirectory to the current version.
On successful completion of the operation, ndsconfig displays a message that the operation was successful. Otherwise it displays an error message.
OPTIONS
new Creates a new Novell eDirectory tree. If the parameters are not specified in the command
line, ndsconfig prompts you to enter values for each of the missing parameters.
def Creates a new eDirectory tree. If the parameters are not specified in the command line,
ndsconfig takes the default value for each of the missing parameters. The default values
are displayed in brackets when the parameters are not specified.
add Adds a server to an existing tree. Also adds LDAP and SAS services, after eDirectory has
been configured in the existing tree.
rm Removes the server object and directory services from a tree.
upgrade Upgrades eDirectory to a later version.
-i While configuring a new tree, ignores checking whether a tree of the same name exists.
Multiple trees of the same name can exist.
-S server name Specifies the server name. The server name can also contain dots (for example, nov‐
ell.com). Because ndsconfig is a command line utility, using containers with dotted names
requires that those dots be escaped out, and the parameters containing these contexts must
be enclosed in double quotes.
For example, to install a new eDirectory tree on a UNIX server using novell.com as the
name of the O, use the following command:
ndsconfig new -a "admin.novell\.com" -t novell_tree -n "OU=servers.O=novell\.com"
The Admin name and context and the server context parameters are enclosed in double
quotes, and only the '.' in novell.com is escaped using the '\' (backslash) character. You
can also use this format when installing a server into an existing tree.
NOTE: You cannot start a name with a dot. For example, you cannot install a server that
has the name .novell, because it starts with a dot ('.').
-t treename The tree name to which the server has to be added. It can have a maximum of 32 characters.
If not specified, ndsconfig takes the tree name from the n4u.nds.tree-name parameter that
is specified in the /etc/opt/novell/eDirectory/conf/nds.conf file. The default treename is
$LOGNAME-$HOSTNAME-NDStree.
-n server context Specifies the context of the server in which the server object is added. It can have a
maximum of 64 characters. If the context is not specified, ndsconfig takes the context
from the configuration parameter n4u.nds.server-context specified in the /etc/opt/nov‐
ell/eDirectory/conf/nds.conf file. The server context should be specified in the typed
form. The default context is org.
-d path for dib Specifies the directory path where the database files are to be stored.
-L ldap_port Specifies the TCP port number on the LDAP server. If the default port 389 is already in
use, it prompts for a new port.
-l ssl_port Specifies the SSL port number on the LDAP server. If the default port 636 is already in
use, it prompts for a new port.
-o Specifies the HTTP clear port number.
-O Specifies the HTTP secure port number.
-e Enables clear text passwords for LDAP objects.
-a admin FDN Specifies the fully distinguished name of the User object with Supervisor rights to the
context in which the server object and Directory services are to be created. The admin
name should be specified in the typed form. It can have a maximum of 64 characters. The
default admin name is admin.org.
-P LDAP URL(s) Configures a list of LDAP Url(s) that LDAP should listen to. You can enter a comma sepa‐
rated list of LDAP Url(s). -P works in conjunction with -l and -L. For example: -P
ldap://1.2.3.4:1389,ldaps://1.2.3.4:1636
-m modulename Specifies the module name to configure. While configuring a new tree, you can configure
only the ds module. After configuring the ds module, you can add the NMAS, LDAP, SAS,
SNMP, HTTP services, and Novell SecretStore (ss) using the add command. If the module name
is not specified, all the modules are installed.
-j Jumps or overrides the health check option before installing eDirectory.
-b port to bind Sets the default port number on which a particular instance should listen on. This sets
the default port number on n4u.server.tcp-port and n4u.server.udp-port. If an NCP port is
passed using the -b option, then it is assumed to be the default port and the TCP and UDP
params are updated accordingly. NOTE: -b and -B are exclusively used.
-B interface1@port1, interface2@port2,..
Specify the port number along with the IP address or interface. For example, -B eth0@524
or -B 100.1.1.2@524 NOTE: -b and -B are exclusively used.
--config-file configuration file
Specify the absolute path and file name to store the nds.conf configuration file. For
example, to store the configuration file in the /etc/opt/novell/eDirectory/ directory,
enter --config-file /etc/opt/novell/eDirectory/nds.conf.
-D path_for_data Creates the data, dib, and log directories in the path mentioned.
-E Enables encrypted replication for the server you are trying to add.
-p IP address:[port]
This option is used for secondary server addition ('add' command) to a tree. It specifies
the IP address of the remote host that holds a replica of the partition to which this
server is being added. The default port number is 524. This helps in faster lookup of the
tree since it avoids SLP lookup.
-R By default a replica of the partition to which the server is added would be replicated to
the local server. This option disallows adding replicas to the local server.
-c This option avoids prompts during ndsconfig operation, such as yes/no to continue the
operation, or prompt to re-enter port numbers when there is a conflict, etc. The user
receives prompts only for entering mandatory parameters if they are not passed on command
line.
-w admin password
This option allows passing the admin user password in clear text. NOTE: Since password is
passed in clear text, this is not recomended as a safe option owing to password insecurity.
set valuelist Sets the value for the specified eDirectory configurable parameters. It is used to set the
bootstrapping parameters before configuring a tree.
When configuration parameters are changed, ndsd needs to be restarted for the new value to
take effect. However, for some configuration paramters, ndsd need not be restarted. These
paramters are listed below:
‐ n4u.nds.inactivity-synchronization-interval
‐ n4u.nds.synchronization-restrictions
‐ n4u.nds.janitor-interval
‐ n4u.nds.backlink-interval
‐ n4u.nds.drl-interval
‐ n4u.nds.flatcleaning-interval
‐ n4u.nds.server-state-up-threshold
‐ n4u.nds.heartbeat-schema
‐ n4u.nds.heartbeat-data
get paramlist Use to view the current value of the specified eDirectory configurable parameters. If the
parameter list is not specified, ndsconfig lists all the eDirectory configurable parameters.
get help paramlist
Use to view the help strings for the specified eDirectory configurable parameters. If the
parameter list is not specified, ndsconfig lists the help strings for all the eDirectory
configurable parameters.
EXAMPLES
To create a new tree, enter the following command:
ndsconfig new -t corp-tree -n o=company -a cn=admin.o=company
To create a new tree with dotted name containers, enter the following command:
ndsconfig new -t corp-tree -n "o=company\.com" -a "cn=admin.o=company\.com"
To add a server into an existing tree, enter the following command:
ndsconfig add -t corp-tree -n o=company -a cn=admin.o=company -s srv1
To remove the eDirectory server object and directory services from a tree, enter the following command:
ndsconfig rm -a cn=admin.o=company
To configure the ds module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m ds
To configure the ldap module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m ldap
To configure the HTTP module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m http
To configure the SNMP module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m snmp
By default, the SAS module will be configured while configuring the LDAP module.
To configure the SAS module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m sas
To configure the SecretStore module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m ss
SYNOPSIS
ndsconfig new [-m <modulename>] [-i] [-S <server name>] [-t <tree_name>] [-n <server context>] [-d <path_for_dib>][-P <LDAP URL(s)>] [-L ldap_port>]
[-l <ssl_port>] [-o http port] [-O https port] [-e] -a <admin FDN> [-p <IP address:[port]>] [-R] [-c] [-w <admin password>] [-b <port to bind>]
[-B <interface1@port1, interface2@port2,..>] [-D <path_for_data>] [--config-file <configuration file>]
ndsconfig def [-m <modulename>] [-S <server name>] [-t <tree_name>] [-n <server context>] [-d <path_for_dib>][-P <LDAP URL(s)>] [-L <ldap_port>]
[-l <ssl_port>] [-o http port] [-O https port] [-e] -a <admin FDN> [-w <admin password>] [-c] [-i] [-p <IP address:[port]>] [-R] [-D <path_for_data>]
[--config-file <configuration file>]
ndsconfig add [-m <modulename>] [-S <server name>] [-t <tree_name>] [-n <server context>] [-d <path for dib>][-P <LDAP URL(s)>] [-L <ldap_port>]
[-l <ssl_port>] [-o http port] [-O https port] [-e] -a <admin FDN> [-w <admin password>] [-E] [-p <IP address:[port]>] [-R] [-c] [-b <port to bind>]
[-B <interface1@port1, interface2@port2,..>] [-D <path_for_data>] [--config-file <configuration file>]
ndsconfig rm [-p <IP address:[port]>] [-c] [-w <admin password>] [-a <admin FDN>] [-b <port to bind>] [--config-file <configuration file>]
ndsconfig upgrade [-a <admin FDN>] [-w <admin password>] [-c] [-j] [-p <IP address:[port]>] [--config-file <configuration file>]
ndsconfig {set <valuelist> | get [<paramlist>] | get help [<paramlist>]}[-p <IP address:[port]>] [-R]
DESCRIPTION
The ndsconfig utility is a command-line front end to configure eDirectory.
When the ndsconfig utility is used with arguments, all the arguments are validated. If it is invoked without
arguments, ndsconfig displays the synopsis and the options. After validating the arguments, ndsconfig
prompts for the user object's password.
Configure New Tree
Configures a new tree with the tree name specified by the user in the specified context.
Configure eDirectory
Adds the server into an existing tree in the context the user specifies. If the context to
which the user wants to add the server object does not exist, ndsconfig creates the con‐
text and adds the server. The server name must be unique in the tree.
Remove eDirectory Removes the eDirectory server object from the tree.
Upgrade eDirectory
Upgrades eDirectory to the current version.
On successful completion of the operation, ndsconfig displays a message that the operation was successful. Otherwise it displays an error message.
OPTIONS
new Creates a new Novell eDirectory tree. If the parameters are not specified in the command
line, ndsconfig prompts you to enter values for each of the missing parameters.
def Creates a new eDirectory tree. If the parameters are not specified in the command line,
ndsconfig takes the default value for each of the missing parameters. The default values
are displayed in brackets when the parameters are not specified.
add Adds a server to an existing tree. Also adds LDAP and SAS services, after eDirectory has
been configured in the existing tree.
rm Removes the server object and directory services from a tree.
upgrade Upgrades eDirectory to a later version.
-i While configuring a new tree, ignores checking whether a tree of the same name exists.
Multiple trees of the same name can exist.
-S server name Specifies the server name. The server name can also contain dots (for example, nov‐
ell.com). Because ndsconfig is a command line utility, using containers with dotted names
requires that those dots be escaped out, and the parameters containing these contexts must
be enclosed in double quotes.
For example, to install a new eDirectory tree on a UNIX server using novell.com as the
name of the O, use the following command:
ndsconfig new -a "admin.novell\.com" -t novell_tree -n "OU=servers.O=novell\.com"
The Admin name and context and the server context parameters are enclosed in double
quotes, and only the '.' in novell.com is escaped using the '\' (backslash) character. You
can also use this format when installing a server into an existing tree.
NOTE: You cannot start a name with a dot. For example, you cannot install a server that
has the name .novell, because it starts with a dot ('.').
-t treename The tree name to which the server has to be added. It can have a maximum of 32 characters.
If not specified, ndsconfig takes the tree name from the n4u.nds.tree-name parameter that
is specified in the /etc/opt/novell/eDirectory/conf/nds.conf file. The default treename is
$LOGNAME-$HOSTNAME-NDStree.
-n server context Specifies the context of the server in which the server object is added. It can have a
maximum of 64 characters. If the context is not specified, ndsconfig takes the context
from the configuration parameter n4u.nds.server-context specified in the /etc/opt/nov‐
ell/eDirectory/conf/nds.conf file. The server context should be specified in the typed
form. The default context is org.
-d path for dib Specifies the directory path where the database files are to be stored.
-L ldap_port Specifies the TCP port number on the LDAP server. If the default port 389 is already in
use, it prompts for a new port.
-l ssl_port Specifies the SSL port number on the LDAP server. If the default port 636 is already in
use, it prompts for a new port.
-o Specifies the HTTP clear port number.
-O Specifies the HTTP secure port number.
-e Enables clear text passwords for LDAP objects.
-a admin FDN Specifies the fully distinguished name of the User object with Supervisor rights to the
context in which the server object and Directory services are to be created. The admin
name should be specified in the typed form. It can have a maximum of 64 characters. The
default admin name is admin.org.
-P LDAP URL(s) Configures a list of LDAP Url(s) that LDAP should listen to. You can enter a comma sepa‐
rated list of LDAP Url(s). -P works in conjunction with -l and -L. For example: -P
ldap://1.2.3.4:1389,ldaps://1.2.3.4:1636
-m modulename Specifies the module name to configure. While configuring a new tree, you can configure
only the ds module. After configuring the ds module, you can add the NMAS, LDAP, SAS,
SNMP, HTTP services, and Novell SecretStore (ss) using the add command. If the module name
is not specified, all the modules are installed.
-j Jumps or overrides the health check option before installing eDirectory.
-b port to bind Sets the default port number on which a particular instance should listen on. This sets
the default port number on n4u.server.tcp-port and n4u.server.udp-port. If an NCP port is
passed using the -b option, then it is assumed to be the default port and the TCP and UDP
params are updated accordingly. NOTE: -b and -B are exclusively used.
-B interface1@port1, interface2@port2,..
Specify the port number along with the IP address or interface. For example, -B eth0@524
or -B 100.1.1.2@524 NOTE: -b and -B are exclusively used.
--config-file configuration file
Specify the absolute path and file name to store the nds.conf configuration file. For
example, to store the configuration file in the /etc/opt/novell/eDirectory/ directory,
enter --config-file /etc/opt/novell/eDirectory/nds.conf.
-D path_for_data Creates the data, dib, and log directories in the path mentioned.
-E Enables encrypted replication for the server you are trying to add.
-p IP address:[port]
This option is used for secondary server addition ('add' command) to a tree. It specifies
the IP address of the remote host that holds a replica of the partition to which this
server is being added. The default port number is 524. This helps in faster lookup of the
tree since it avoids SLP lookup.
-R By default a replica of the partition to which the server is added would be replicated to
the local server. This option disallows adding replicas to the local server.
-c This option avoids prompts during ndsconfig operation, such as yes/no to continue the
operation, or prompt to re-enter port numbers when there is a conflict, etc. The user
receives prompts only for entering mandatory parameters if they are not passed on command
line.
-w admin password
This option allows passing the admin user password in clear text. NOTE: Since password is
passed in clear text, this is not recomended as a safe option owing to password insecurity.
set valuelist Sets the value for the specified eDirectory configurable parameters. It is used to set the
bootstrapping parameters before configuring a tree.
When configuration parameters are changed, ndsd needs to be restarted for the new value to
take effect. However, for some configuration paramters, ndsd need not be restarted. These
paramters are listed below:
‐ n4u.nds.inactivity-synchronization-interval
‐ n4u.nds.synchronization-restrictions
‐ n4u.nds.janitor-interval
‐ n4u.nds.backlink-interval
‐ n4u.nds.drl-interval
‐ n4u.nds.flatcleaning-interval
‐ n4u.nds.server-state-up-threshold
‐ n4u.nds.heartbeat-schema
‐ n4u.nds.heartbeat-data
get paramlist Use to view the current value of the specified eDirectory configurable parameters. If the
parameter list is not specified, ndsconfig lists all the eDirectory configurable parameters.
get help paramlist
Use to view the help strings for the specified eDirectory configurable parameters. If the
parameter list is not specified, ndsconfig lists the help strings for all the eDirectory
configurable parameters.
EXAMPLES
To create a new tree, enter the following command:
ndsconfig new -t corp-tree -n o=company -a cn=admin.o=company
To create a new tree with dotted name containers, enter the following command:
ndsconfig new -t corp-tree -n "o=company\.com" -a "cn=admin.o=company\.com"
To add a server into an existing tree, enter the following command:
ndsconfig add -t corp-tree -n o=company -a cn=admin.o=company -s srv1
To remove the eDirectory server object and directory services from a tree, enter the following command:
ndsconfig rm -a cn=admin.o=company
To configure the ds module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m ds
To configure the ldap module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m ldap
To configure the HTTP module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m http
To configure the SNMP module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m snmp
By default, the SAS module will be configured while configuring the LDAP module.
To configure the SAS module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m sas
To configure the SecretStore module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
cn=admin.o=company -m ss