ndsconfig command line options

  • 7002310
  • 07-Jan-2009
  • 26-Apr-2012

Environment

Novell Open Enterprise Server 1 (OES 1) Support Pack 1
Novell Open Enterprise Server 1 (OES 1) Support Pack 2
Novell Open Enterprise Server 2 (OES 2)
Novell Open Enterprise Server (Linux based)

Situation

Which options can be used for ndsconfig command

Resolution

The ndsconfig utility is a command-line front end to configure eDirectory. When  the ndsconfig utility is used with arguments, all the arguments are validated. If it is invoked without arguments, ndsconfig displays the synopsis and the options. After validating the arguments, ndsconfig prompts for the user object's password.

SYNOPSIS
       ndsconfig  new  [-m  <modulename>]  [-i]  [-S  <server  name>]  [-t  <tree_name>]  [-n <server context>] [-d <path_for_dib>][-P <LDAP URL(s)>] [-L ldap_port>]  
       [-l <ssl_port>] [-o http port] [-O https  port]  [-e]  -a <admin  FDN>  [-p  <IP  address:[port]>]  [-R]  [-c]  [-w  <admin password>] [-b <port to bind>]
       [-B <interface1@port1, interface2@port2,..>] [-D <path_for_data>] [--config-file <configuration file>]

       ndsconfig  def  [-m  <modulename>]  [-S  <server  name>]  [-t  <tree_name>]  [-n   <server   context>]  [-d <path_for_dib>][-P  <LDAP  URL(s)>]  [-L <ldap_port>]
       [-l <ssl_port>] [-o http port] [-O https port] [-e] -a <admin FDN> [-w <admin password>] [-c] [-i] [-p <IP address:[port]>] [-R]  [-D  <path_for_data>] 
       [--config-file <configuration file>]

       ndsconfig  add  [-m  <modulename>]  [-S  <server name>] [-t <tree_name>] [-n <server context>] [-d <path for dib>][-P <LDAP URL(s)>] [-L <ldap_port>]
       [-l <ssl_port>] [-o http port] [-O https port] [-e] -a <admin  FDN> [-w  <admin  password>]  [-E]  [-p <IP address:[port]>] [-R] [-c] [-b <port to bind>]
       [-B <interface1@port1, interface2@port2,..>] [-D <path_for_data>] [--config-file <configuration file>]

       ndsconfig rm [-p <IP address:[port]>] [-c] [-w <admin password>]  [-a  <admin  FDN>]  [-b  <port  to  bind>] [--config-file <configuration file>]

       ndsconfig  upgrade [-a <admin FDN>] [-w <admin password>] [-c] [-j]  [-p <IP address:[port]>] [--config-file <configuration file>]

       ndsconfig {set <valuelist> | get [<paramlist>] | get help [<paramlist>]}[-p <IP address:[port]>] [-R]

DESCRIPTION
       The ndsconfig utility is a command-line front end to configure eDirectory.

       When the ndsconfig utility is used with arguments, all the arguments are validated. If it is invoked without
       arguments,  ndsconfig  displays  the  synopsis  and  the  options. After validating the arguments, ndsconfig
       prompts for the user object's password.

       Configure New Tree
                         Configures a new tree with the tree name specified by the user in the specified context.

       Configure eDirectory
                         Adds the server into an existing tree in the context the user specifies. If the context to
                         which  the  user wants to add the server object does not exist, ndsconfig creates the con‐
                         text and adds the server. The server name must be unique in the tree.

       Remove eDirectory Removes the eDirectory server object from the tree.

       Upgrade eDirectory
                         Upgrades eDirectory to the current version.

On successful completion of the operation, ndsconfig displays a message that the operation was successful. Otherwise it displays an error message.

OPTIONS

new             Creates  a  new Novell eDirectory tree. If the parameters are not specified in the command
                    line, ndsconfig prompts you to enter values for each of the missing parameters.

def               Creates a new eDirectory tree. If the parameters are not specified in  the  command  line,
                    ndsconfig  takes  the default value for each of the missing parameters. The default values
                    are displayed in brackets when the parameters are not specified.

add              Adds a server to an existing tree. Also adds LDAP and SAS services, after  eDirectory  has
                    been configured in the existing tree.

rm                Removes the server object and directory services from a tree.

upgrade      Upgrades eDirectory to a later version.

-i                 While  configuring  a  new  tree, ignores checking whether a tree of the same name exists.
                   Multiple trees of the same name can exist.

-S server name    Specifies the server name. The server name  can  also  contain  dots  (for  example,  nov‐
                  ell.com).  Because ndsconfig is a command line utility, using containers with dotted names
                   requires that those dots be escaped out, and the parameters containing these contexts must
                   be enclosed in double quotes.

                  For  example,  to  install  a new eDirectory tree on a UNIX server using novell.com as the
                  name of the O, use the following command:
                  ndsconfig new -a "admin.novell\.com" -t novell_tree -n "OU=servers.O=novell\.com"

                  The Admin name and context and the  server  context  parameters  are  enclosed  in  double
                  quotes, and only the '.' in novell.com is escaped using the '\' (backslash) character. You
                   can also use this format when installing a server into an existing tree.

                  NOTE: You cannot start a name with a dot. For example, you cannot install  a  server  that
                  has the name .novell, because it starts with a dot ('.').

-t treename  The tree name to which the server has to be added. It can have a maximum of 32 characters.
                  If not specified, ndsconfig takes the tree name from the n4u.nds.tree-name parameter  that
                  is specified in the /etc/opt/novell/eDirectory/conf/nds.conf file. The default treename is
                  $LOGNAME-$HOSTNAME-NDStree.

-n server context      Specifies the context of the server in which the server object is added.  It  can  have  a
                  maximum  of  64  characters.  If the context is not specified, ndsconfig takes the context
                  from the configuration parameter n4u.nds.server-context  specified  in  the  /etc/opt/nov‐
                  ell/eDirectory/conf/nds.conf  file.  The  server  context should be specified in the typed
                  form. The default context is org.

-d path for dib   Specifies the directory path where the database files are to be stored.

-L ldap_port      Specifies the TCP port number on the LDAP server. If the default port 389  is  already  in
                 use, it prompts for a new port.

-l ssl_port    Specifies  the  SSL  port number on the LDAP server. If the default port 636 is already in
                 use, it prompts for a new port.

-o              Specifies the HTTP clear port number.

-O             Specifies the HTTP secure port number.

-e              Enables clear text passwords for LDAP objects.

-a admin FDN      Specifies the fully distinguished name of the User object with Supervisor  rights  to  the
                 context  in  which  the  server object and Directory services are to be created. The admin
                 name should be specified in the typed form. It can have a maximum of  64  characters.  The
                 default admin name is admin.org.

-P LDAP URL(s)    Configures  a  list of LDAP Url(s) that LDAP should listen to. You can enter a comma sepa‐
                 rated list of LDAP Url(s). -P works in conjunction with  -l  and  -L.   For  example:   -P
                 ldap://1.2.3.4:1389,ldaps://1.2.3.4:1636

-m modulename     Specifies  the  module  name to configure. While configuring a new tree, you can configure
                 only the ds module. After configuring the ds module, you can  add  the  NMAS,  LDAP,  SAS,
                 SNMP, HTTP services, and Novell SecretStore (ss) using the add command. If the module name
                 is not specified, all the modules are installed.

-j               Jumps or overrides the health check option before installing eDirectory.

-b port to bind   Sets the default port number on which a particular instance should listen  on.  This  sets
                 the  default port number on n4u.server.tcp-port and n4u.server.udp-port. If an NCP port is
                 passed using the -b option, then it is assumed to be the default port and the TCP and  UDP
                 params are updated accordingly.  NOTE: -b and -B are exclusively used.

-B interface1@port1, interface2@port2,..
                 Specify  the  port number along with the IP address or interface. For example, -B eth0@524
                 or -B 100.1.1.2@524 NOTE: -b and -B are exclusively used.

--config-file configuration file
                 Specify the absolute path and file name to store  the  nds.conf  configuration  file.  For
                 example,  to  store  the  configuration file in the /etc/opt/novell/eDirectory/ directory,
                 enter --config-file /etc/opt/novell/eDirectory/nds.conf.

-D path_for_data  Creates the data, dib, and log directories in the path mentioned.

-E            Enables encrypted replication for the server you are trying to add.
     
-p  IP address:[port]
                This option is used for secondary server addition ('add' command) to a tree. It  specifies
                the  IP  address  of  the remote host  that holds a replica of the partition to which this
                server is being added. The default port number is 524. This helps in faster lookup of  the
                tree since it avoids SLP lookup.

-R           By  default a replica of the partition to which the server is added would be replicated to
                the local server. This option disallows adding replicas to the local server.

-c            This option avoids prompts during ndsconfig operation, such  as  yes/no  to  continue  the
               operation,  or  prompt  to  re-enter  port numbers when there is a conflict, etc. The user
               receives prompts only for entering mandatory parameters if they are not passed on  command
               line.

-w   admin password
              This option allows passing the admin user password in clear text.  NOTE: Since password is
               passed in clear text, this is not recomended as a safe option owing  to  password  insecurity.

 set valuelist     Sets the value for the specified eDirectory configurable parameters. It is used to set the
               bootstrapping parameters before configuring a tree.
               When configuration parameters are changed, ndsd needs to be restarted for the new value to
               take effect.  However, for some configuration paramters, ndsd need not be restarted. These
               paramters are listed below:

                         ‐ n4u.nds.inactivity-synchronization-interval
                         ‐ n4u.nds.synchronization-restrictions
                         ‐ n4u.nds.janitor-interval
                         ‐ n4u.nds.backlink-interval
                         ‐ n4u.nds.drl-interval
                         ‐ n4u.nds.flatcleaning-interval
                         ‐ n4u.nds.server-state-up-threshold
                         ‐ n4u.nds.heartbeat-schema
                         ‐ n4u.nds.heartbeat-data

get paramlist     Use to view the current value of the specified eDirectory configurable parameters. If  the
               parameter  list  is not specified, ndsconfig lists all the eDirectory configurable parameters.

get help paramlist
               Use to view the help strings for the specified eDirectory configurable parameters. If  the
               parameter  list  is not specified, ndsconfig lists the help strings for all the eDirectory
               configurable parameters.

EXAMPLES

To create a new tree, enter the following command:
               ndsconfig new -t corp-tree -n o=company -a cn=admin.o=company

To create a new tree with dotted name containers, enter the following command:
               ndsconfig new -t corp-tree -n "o=company\.com" -a "cn=admin.o=company\.com"

To add a server into an existing tree, enter the following command:
               ndsconfig add -t corp-tree -n o=company -a cn=admin.o=company -s srv1

To remove the eDirectory server object and directory services from a tree, enter the following command:
               ndsconfig rm -a cn=admin.o=company

To configure the ds module, enter the  following  command:  ndsconfig  add  -t  corp-tree  -n  o=company  -a
               cn=admin.o=company -m ds

To  configure  the  ldap  module,  enter  the  following command: ndsconfig add -t corp-tree -n o=company -a
               cn=admin.o=company -m ldap

To configure the HTTP module, enter the following command:  ndsconfig  add  -t  corp-tree  -n  o=company  -a
              cn=admin.o=company -m http

To  configure  the  SNMP  module,  enter  the  following command: ndsconfig add -t corp-tree -n o=company -a
              cn=admin.o=company -m snmp

By default, the SAS module will be configured while configuring the LDAP module.

To configure the SAS module, enter the following  command:  ndsconfig  add  -t  corp-tree  -n  o=company  -a
              cn=admin.o=company -m sas

To configure the SecretStore module, enter the following command: ndsconfig add -t corp-tree -n o=company -a
              cn=admin.o=company -m ss