Скачать презентацию Tips and Tricks for Using Novell e Скачать презентацию Tips and Tricks for Using Novell e

b7268b0279b8ba81e8ff998693552e3b.ppt

  • Количество слайдов: 106

Tips and Tricks for ™ Using Novell e. Directory Utilities www. novell. com Roger Tips and Tricks for ™ Using Novell e. Directory Utilities www. novell. com Roger G. Harrison Manager, Software Engineering Novell, Inc. roger_harrison@novell. com Pat Felsted Senior Software Engineer Novell, Inc. pfelsted@novell. com

Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

Deployed Versions Novell e. Directory™ and Novell Directory Services® (NDS) Product Version Build Version Deployed Versions Novell e. Directory™ and Novell Directory Services® (NDS) Product Version Build Version Platforms Net. Ware 5. 1 SP 4 (NDS 7) DS. nlm v 7. 57 Net. Ware 5. 1 SP 4 (NDS 8) DS. nlm v 8. 79 Net. Ware 5. 1 e. Directory 8 DS. nlm & DS. dlm v 8. 79 Net. Ware 5. 0, Win NT/2 K e. Directory 8. 5. x DS v 85. 23 Net. Ware 5. x, Win, Solaris Net. Ware 6 (e. Directory 8. 6) DS. nlm v 10110. 20 Net. Ware 6 e. Directory 8. 6. 1 DS v 10210. 43 NW 5. 1, NW 6, Win, Solaris, Linux Net. Ware 6 SP 1 (e. Directory 8. 6. 2) DS. nlm v 10310. 17 Net. Ware 6 e. Directory 8. 6. 2 DS v 103 xx. xx NW 5. 1, NW 6, Win, Solaris, Linux e. Directory 8. 7 DS v 10410. xx NW 5. 1, NW 6, Win, Solaris, Linux, AIX

Differences Between e. Directory and NDS® NDS e. Directory NOS directory focused on managing Differences Between e. Directory and NDS® NDS e. Directory NOS directory focused on managing Net. Ware® servers A cross-platform, scalable, standards-based directory used for managing identities that span all aspects of the network—e. Directory is the foundation for e. Business Net. Ware 5 Net. Ware 6

Novell e. Directory™ Utilities • • • DSRepair DSBrowse DSMerge Backup/Restore NDSCons LDAP snap-in Novell e. Directory™ Utilities • • • DSRepair DSBrowse DSMerge Backup/Restore NDSCons LDAP snap-in Index manager snap-in Novell Import Convert Export (ICE) utility NDS i. Monitor Novell i. Manager

DSRepair • Purpose 4 DSRepair is a tool that provides low-level integrity checking and DSRepair • Purpose 4 DSRepair is a tool that provides low-level integrity checking and maintenance capabilities to address a wide range of problems that may arise in e. Directory 4 These problems may be originated by • Users • Third-party products • DIB (Data Information Base) inconsistencies • Hardware failure

DSRepair: General Tips and Tricks • Save yourself grief—use DSRepair appropriately 4 Remember that DSRepair: General Tips and Tricks • Save yourself grief—use DSRepair appropriately 4 Remember that most DSRepair options are used to fix problems with the e. Directory DIB, not to perform routine management or maintenance operations • It’s not uncommon for Novell support to have to clean up problems made far worse by misuse of DSRepair 4 Good Rule: Don’t use an advanced (-a or –x switch) DSRepair option unless you • • Understand what it does Know the ramifications of using it Are sure you’re doing it at the right time Are sure you’re doing it for the right reason

DSRepair: General Tips and Tricks (cont. ) • DSRepair has options that are similar DSRepair: General Tips and Tricks (cont. ) • DSRepair has options that are similar to those found in regular management utilities but should be used only as a last resort 4 Some of these options are destructive (by necessity) • Example—removal of a replica from a server should be done via Console. One® or i. Manager – DSRepair allows you to forcibly remove a replica, but this is not the same thing

DSRepair: General Tips and Tricks (cont. ) • Many DSRepair features are integrated into DSRepair: General Tips and Tricks (cont. ) • Many DSRepair features are integrated into i. Monitor 4 Paradigm: fix the problem when you see it • Repair while database is live 4 e. Directory 8 and later

DSRepair: General Tips and Tricks (cont. ) • Partition operations are not allowed while DSRepair: General Tips and Tricks (cont. ) • Partition operations are not allowed while repairing • Disabling index and structure check will cause the rebuilding of the entire database with database locked • Deselect all options to do ONLY schema check 4 DSRepair can use temp files with this option

DSRepair: General Tips and Tricks (cont. ) • Repairing network address only works if DSRepair: General Tips and Tricks (cont. ) • Repairing network address only works if SAP or SLP are properly configured • Single object repair may be used on a known entry that is causing a problem 4 Tip: this is really easy to do via i. Monitor • Launch dsrepair -af to allow copying of stream files if temporary files is selected

DSRepair: General Tips and Tricks (cont. ) • DSRepair only allows the creation of DSRepair: General Tips and Tricks (cont. ) • DSRepair only allows the creation of a DIB archive 4 You can’t reload or restore it 4 This is for troubleshooting use by Novell support and engineering personnel

DSRepair: Net. Ware Tips and Tricks • DSRepair checks volume objects for Novell Storage DSRepair: Net. Ware Tips and Tricks • DSRepair checks volume objects for Novell Storage Solutions™ (NSS) and native Net. Ware but only checks trustees on native Net. Ware volumes

DSRepair: Windows Tips and Tricks • Single object repair can only be run from DSRepair: Windows Tips and Tricks • Single object repair can only be run from the command line or i. Monitor 4 command line: -so <8 -digit entry_id> 4 e. Directory 8. 5 and later

DSBrowse • Purpose 4 Browse through the DIT (Directory Information Tree) 4 Search for DSBrowse • Purpose 4 Browse through the DIT (Directory Information Tree) 4 Search for entries that meet specified criteria 4 Troubleshoot problems in the schema, partition, replicas or per object 4 Force resend of objects from one server to another

DSBrowse: Features • Object browse 4 4 Hierarchy Object information • Attribute browse 4 DSBrowse: Features • Object browse 4 4 Hierarchy Object information • Attribute browse 4 4 4 Attribute lists Attribute Information Values • Schema browse 4 Class and attribute definitions • Partition browse • Object search

DSBrowse: General Tips and Tricks • Use i. Monitor 4 i. Monitor gives you DSBrowse: General Tips and Tricks • Use i. Monitor 4 i. Monitor gives you web-based access to virtually all of the functionality of DSBrowse (and lots more) • Search Tips 4 4 4 The entry flags are AND’ed together The entry creation and value modification time stamps are used in comparisons The class field specifies the base class of the searched objects Attribute flags are AND’ed together Attribute flags may appear on any value The value time stamp query is applied to any value

DSBrowse: Windows Tips and Tricks • Right click on items in the DIB tree DSBrowse: Windows Tips and Tricks • Right click on items in the DIB tree browser view to see what actions you can do on them

DSMerge • Purpose 4 Allows you to merge (combine) two separate NDS trees into DSMerge • Purpose 4 Allows you to merge (combine) two separate NDS trees into a single tree

DSMerge: Features • Two styles of Merge 4 Merge • Combines trees at the DSMerge: Features • Two styles of Merge 4 Merge • Combines trees at the root – Merge feature allows you to merge two trees regardless of number of servers in each tree 4 Graft • Grafts the root of one tree as a “branch” of the other – Graft feature requires that the source tree have only one server in it – Supported in e. Directory 8. 5 and later

DSMerge: General Tips and Tricks • DSMerge is in e. Directory 8. 5 (build DSMerge: General Tips and Tricks • DSMerge is in e. Directory 8. 5 (build 85. xx) 4 The DSMerge utility runs on the “source” tree and merges it into a “target” tree 4 Supports e. Directory builds 7. xx and 8. 51 or later as target 4 Supports source trees (will run on) e. Directory builds 8. 35 or later

DSMerge: General Tips and Tricks • Check time synchronization before merging 4 Both trees DSMerge: General Tips and Tricks • Check time synchronization before merging 4 Both trees should have the same time source before the merge because they’re going to be in the same tree after the merge • You need to handle security objects properly 4 See TID 10053573 for details

DSMerge: General Tips and Tricks • The schema on both trees must match before DSMerge: General Tips and Tricks • The schema on both trees must match before you attempt a merge 4 Use Import Remote Schema in DSRepair to synchronize the schema from one tree to another • You need to do it at least once on each tree • It reports whether schema matches when it completes 4 You can check for a schema match between two trees without actually doing an import of the schema by starting a merge operation and only going to the point where the schema pre-check results are reported

DSMerge: UNIX Tips and Tricks • Use “rdate” or “ntpdate” UNIX commands on the DSMerge: UNIX Tips and Tricks • Use “rdate” or “ntpdate” UNIX commands on the “master” source and target tree servers to synchronize times • Run “ndsmerge -t” and “ndsmerge -c” on the server with the master replica of [Root] 4 These options check for problems that might cause the merge to fail, list the servers in the tree, and display their synchronization status

DSMerge: UNIX Tips and Tricks • Command line 4 ndsmerge -m target-tree target-admin sourceadmin[target_container] DSMerge: UNIX Tips and Tricks • Command line 4 ndsmerge -m target-tree target-admin sourceadmin[target_container] • target-tree – Name of the target tree • target-admin – DN of the user with administration rights to the target tree • source-admin – DN of the user with administration rights to the source tree • target-container – Name with full context of the container object on the target tree to which the tree object of the source tree has to be combined – If you specify a value to this parameter, you’re doing a graft operation, and the source tree must have a single server

Backup/Restore • Purpose 4 Provides a method for backing up and restoring e. Directory Backup/Restore • Purpose 4 Provides a method for backing up and restoring e. Directory 4 Enables you to recover accidentally deleted objects 4 Provides a way to recover data after a disaster

Backup/Restore: Features • New! Hot Continuous Backup in e. Directory 8. 7 4 Highly-scalable—handles Backup/Restore: Features • New! Hot Continuous Backup in e. Directory 8. 7 4 Highly-scalable—handles trees with millions of entries 4 Highly-available—works on live e. Directory server 4 DIB oriented 4 TSANDS is also supported in e. Directory 8. 7 • TSANDS Architecture 4 Customizable to backup only specific kinds of objects 4 Restores selected objects 4 Provides a standard TSA architecture for all platforms

TSANDS-Based Backup/Restore: General Tips and Tricks • Use multiple servers to backup different sections TSANDS-Based Backup/Restore: General Tips and Tricks • Use multiple servers to backup different sections of the tree to improve performance • Run backups on a server with a local copy of the data to improve performance • Third-party support 4 ARCServe 4 Backup. Exec 4 Tivoli 4 Others

NDSCons • Purpose 4 Manages the e. Directory modules on the Windows platforms NDSCons • Purpose 4 Manages the e. Directory modules on the Windows platforms

NDSCons: Features • Start and stop services • Set startup modes (automatic/manual) • Hide NDSCons: Features • Start and stop services • Set startup modes (automatic/manual) • Hide and show services • Specify command line parameters for services • Display transport information • DHost configuration file access • License information display in About box

Index Manager Snap-in • Purpose 4 Create and manage indexes used by the e. Index Manager Snap-in • Purpose 4 Create and manage indexes used by the e. Directory database to maximize performance

Index Manager Snap-in: Features • Supports three types of indexes 4 Value • Matches Index Manager Snap-in: Features • Supports three types of indexes 4 Value • Matches the entire value of the indexed attribute 4 Presence • Tests to see if the indexed attribute has at least one value 4 Substring (string syntaxes only) • Matches a subset of the value of the string stored in the attribute value – This is the most expensive index type – It is also very useful in the real world » Example—you want to efficiently search for all users whose names begin with “Sam”

Index Manager Snap-in: Tips and Tricks (cont. ) • Don’t overuse indexes 4 Remember Index Manager Snap-in: Tips and Tricks (cont. ) • Don’t overuse indexes 4 Remember that indexes speed search performance (assuming they’re no attributes involved in the search), but they slow update performance • You can’t delete operational (system defined) indexes 4 They’re required for e. Directory to function

Index Manager Snap-in: Tips and Tricks (cont. ) • Access via Indexes tab on Index Manager Snap-in: Tips and Tricks (cont. ) • Access via Indexes tab on the NCP Server properties page in Console. One® 4 Also via ndsindex utility on Solaris and Linux systems • Temporarily suspend user-defined indexes to improve update performance—during a bulk import, for instance 4 Indexes will get updated when you bring them back on line • You can copy an index on one server to another server 4 4 Select the index you want to copy Click on Other Servers… Select the server where you want the new index Click Create Index

LDAP Snap-in • Purpose 4 Manages and configures the e. Directory LDAP server(s) in LDAP Snap-in • Purpose 4 Manages and configures the e. Directory LDAP server(s) in your tree

LDAP Snap-in: Features • Configure LDAP via two objects 4 LDAP Server • Configures LDAP Snap-in: Features • Configure LDAP via two objects 4 LDAP Server • Configures searching, timeouts, TCP ports, security, debug tracing, and filter replica settings • Allows you to manually refresh the LDAP server 4 LDAP Group • Configures referral policies, clear text passwords, proxy information, class and attribute mappings, and a list of LDAP servers in a group

LDAP Snap-in: Tips and Tricks • The LDAP group allows you to configure group LDAP Snap-in: Tips and Tricks • The LDAP group allows you to configure group parameters for all the servers in the same LDAP group at once • An LDAP server can only belong to one LDAP group 4 If you add it to another group, it will be automatically deleted out of the previous one • Disable TCP port forces all connections to use SSL • Allow clear text passwords allows non-SSL connections to be established to the server

Import Convert Export (ICE) • Purpose 4 Imports data into the directory 4 Exports Import Convert Export (ICE) • Purpose 4 Imports data into the directory 4 Exports data from the directory 4 Automatically converts data during operation by applying Dir. XML™ rules

Import Convert Export: Features • LDIF file import and export • Delimited data file Import Convert Export: Features • LDIF file import and export • Delimited data file import and export • . SCH file import (e. Directory 8. 7) • Data migration between LDAP directories • Test bed data generation • On-the-fly Dir. XML rules processing • Flexible 4 Combine handlers in various ways to do interesting and useful things

Import Convert Export: Features • Remote access 4 Based on client/server architecture • Standards-based Import Convert Export: Features • Remote access 4 Based on client/server architecture • Standards-based 4 Works with any LDAP server • Fast 4 Uses the LDAP Bulk Update/Replication Protocol (LBURP) protocol when available 4 Up to ten times faster than synchronous LDAP operations

Import Convert Export: Availability • Ships with e. Directory 8. 5 and later 4 Import Convert Export: Availability • Ships with e. Directory 8. 5 and later 4 Command line 4 Console. One Snap-in wizard • Wizards, NDS Import Export… • Command line version is included in LDAP Libraries for C SDK 4 Great way to update schema using LDIF files as part of your LDAP application install

Import Convert Export: Architecture ICE Engine Source Handler Destination Handler Import Convert Export: Architecture ICE Engine Source Handler Destination Handler

Import Convert Export: LDIF Import ICE Engine LDIF File Source Handler LDAP Server Destination Import Convert Export: LDIF Import ICE Engine LDIF File Source Handler LDAP Server Destination Handler

Import Convert Export: LDIF Export ICE Engine LDAP Server Source Handler LDIF File Destination Import Convert Export: LDIF Export ICE Engine LDAP Server Source Handler LDIF File Destination Handler

Import Convert Export: Server-to-Server Data Migration ICE Engine LDAP Server Source Handler LDAP Server Import Convert Export: Server-to-Server Data Migration ICE Engine LDAP Server Source Handler LDAP Server Destination Handler

Import Convert Export Tip #1: Get Connected • Make sure allow clear text passwords Import Convert Export Tip #1: Get Connected • Make sure allow clear text passwords is set on the LDAP Server Object if you want to connect with a clear text password 4 This is our #1 most frequently issue • If you do not want to use clear text passwords you need to export a. DER file from the security object and specify this • The default port for SSL is 636

Import Convert Export Tip #1: Get Connected • Install NICI on your workstation to Import Convert Export Tip #1: Get Connected • Install NICI on your workstation to enable SSL connections 4 Windows • Use NICI install from www. novell. com 4 Solaris, Linux, Tru 64 (initializing as a non-root user) • Copy the NICI WKS file from /var/nici/0/xmgrcfg. wks to a location where you have write access • Enter the path in the NICI_VARDIR variable to point to the directory in which you have placed the /nici/0/XMGRCFG. WKS file

Import Convert Export Tip #2: Control the Amount of Data You Export • Set Import Convert Export Tip #2: Control the Amount of Data You Export • Set search entry and search time limits on exports 4 You may need to set the server limits to solve problems with not getting all the data you expect on an export • 0 (zero) = unlimited 4 Don’t forget that these limits can be controlled at both the client (ICE utility) and server 4 You can use the client limits to limit the amount of data you get for testing purposes

Import Convert Export Tip #3: ICE Works with Any LDAP Server • You can Import Convert Export Tip #3: ICE Works with Any LDAP Server • You can use the ICE utility to import to or export from any LDAP server regardless of vendor

Import Convert Export Tip #4: Improve Your Import Speeds • Make sure LDAP server Import Convert Export Tip #4: Improve Your Import Speeds • Make sure LDAP server has LBURP extension for improved performance 4 Automatically enabled when available 4 Automatically disabled when unavailable 4 e. Directory 8. 5 and later • Import directly to a server with a writeable replica for all entries involved in the import 4 This greatly reduces network overhead

Import Convert Export Tip #4: Improve Your Import Speeds • Temporarily reconfigure the database Import Convert Export Tip #4: Improve Your Import Speeds • Temporarily reconfigure the database cache 4 See e. Directory 8. 6 Administration Guide Chapter 13 • Temporarily suspend indexes • Use simple passwords 4 4 4 Server • Requires Novell Modular Authentication Services (NMAS™) (starter pack is okay) Access is seamless for LDAP clients Novell clients must support NMAS

Import Convert Export Tip #4: Improve Your Import Speeds • Change the LBURP transaction Import Convert Export Tip #4: Improve Your Import Speeds • Change the LBURP transaction size (Unix only) 4 “N 4 U. LDAP. LBURP. TRANSIZE” parameter in /etc/NDS. CONF 4 Range from 1 to 10, 000 (default 25) 4 Generally, higher values are better unless • The server is running low on memory and the transaction size ends up causing the server to swap to disk • One or more of the updates in the transaction fail (then they’re done at a time) – Adding an entry that already exists – Adding an entry and its parent in the same transaction – Any modification that violates protocol or schema rules

Import Convert Export Tip #5: Tricks for Debugging LDIF Files • Use the latest Import Convert Export Tip #5: Tricks for Debugging LDIF Files • Use the latest version 4 Vastly improved error detection and feedback 4 -n option for the LDIF source handler “Display operations but do not perform” option on the LDIF source handler advanced options dialog • Check the syntax of your LDIF file 4 • Use the error log file to get records that have errors • Use the range option to retry records you have fixed without re-processing the entire file • A fairly common tricky syntax error is stray white space on a record separator line 4 Error message “Operation failed: 65(Object class violation), dn: ”

Traditional Error Detection LDIF File ICE Engine ? 17 (undefined attribute type) Add record Traditional Error Detection LDIF File ICE Engine ? 17 (undefined attribute type) Add record X LDAP Directory

Traditional Error Detection dn: cn=XMAN 000005, ou=Solar System, o=Universe changetype: add givenname: XMAN-5 sn: Traditional Error Detection dn: cn=XMAN 000005, ou=Solar System, o=Universe changetype: add givenname: XMAN-5 sn: Universe-5 fullname: XMAN-5 Universe-5 objectclass: inetorgperson telephonenumber: 1 -800 -0000005 telephonenumber: 1 -801 -0000005 telephonenumber: 1 -900 -0000005 title: Title-5 description: This is the test description of this record. facsimile. Telephone. Number: +1 801 123 4567 cn: Other. Name 3 -000005 initials: NA. . . mail: Test. Address@novell. com postal. Address: 5 South 5 East $ Salt Lake City, Utah $ USA $ Solar System postal. Code: 99999 post. Office. Box: 99999 -0005 street: 5 South 5 East l: Salt Lake City st: Utah physical. Delivery. Office. Name: Solar System Defense Organization groupmembership: cn=We Are the World, ou=Solar System, o=Universe uid: 5

Enhanced Error Detection with Schema Cache LDIF File ICE Engine Validate Record Error: postal. Enhanced Error Detection with Schema Cache LDIF File ICE Engine Validate Record Error: postal. Code attribute is not defined Directory schema ICE Schema Cache

Import Convert Export Tip #6: Enable Forward References • Forward references are placeholder entries Import Convert Export Tip #6: Enable Forward References • Forward references are placeholder entries created when an entry referenced by another entry doesn’t already exist • Makes it possible to import LDIF files where the entries have circular references or are not in parent-child order

Typical Creation of an Object o=Acme Corp. ou=Marketing cn=Bob cn=Susan cn=Jim cn=Peter, ou=Sales, o=Acme Typical Creation of an Object o=Acme Corp. ou=Marketing cn=Bob cn=Susan cn=Jim cn=Peter, ou=Sales, o=Acme Corp.

Typical Creation of an Object 1. Create ou=Sales o=Acme Corp. ou=Sales ou=Marketing cn=Bob cn=Susan Typical Creation of an Object 1. Create ou=Sales o=Acme Corp. ou=Sales ou=Marketing cn=Bob cn=Susan cn=Jim cn=Peter, ou=Sales, o=Acme Corp.

Typical Creation of an Object 2. Create cn=Peter o=Acme Corp. ou=Sales ou=Marketing cn=Bob cn=Susan Typical Creation of an Object 2. Create cn=Peter o=Acme Corp. ou=Sales ou=Marketing cn=Bob cn=Susan cn=Jim cn=Peter, ou=Sales, o=Acme Corp.

LDIF File to Add Peter version: 1 dn: ou=Sales, o=Acme Corp. changetype: add object. LDIF File to Add Peter version: 1 dn: ou=Sales, o=Acme Corp. changetype: add object. Class: organizational. Unit dn: cn=Peter, ou=Sales, o=Acme Corp. changetype: add sn: Michaels givenname: Peter object. Class: inet. Org. Person telephonenumber: +1 415 555 0001 mail: Peter. Michaels@acmecorp. com userpassword: Peter 123

LDIF File in Wrong Order version: 1 dn: cn=Peter, ou=Sales, o=Acme Corp. changetype: add LDIF File in Wrong Order version: 1 dn: cn=Peter, ou=Sales, o=Acme Corp. changetype: add sn: Michaels givenname: Peter object. Class: inet. Org. Person telephonenumber: +1 415 555 0001 mail: Peter. Michaels@acmecorp. com userpassword: Peter 123 dn: ou=Sales, o=Acme Corp. changetype: add object. Class: organizational. Unit

Forward References: LDIF File in Wrong Order o=Acme Corp. ou=Marketing cn=Bob cn=Susan cn=Jim Forward References: LDIF File in Wrong Order o=Acme Corp. ou=Marketing cn=Bob cn=Susan cn=Jim

Forward References: LDIF File in Wrong Order o=Acme Corp. 1. Create cn=Peter, ou=Sales ou=Marketing Forward References: LDIF File in Wrong Order o=Acme Corp. 1. Create cn=Peter, ou=Sales ou=Marketing cn=Bob cn=Susan cn=Jim cn=Peter

Forward References: LDIF File in Wrong Order o=Acme Corp. Sales ou=Marketing cn=Bob cn=Susan A Forward References: LDIF File in Wrong Order o=Acme Corp. Sales ou=Marketing cn=Bob cn=Susan A forward reference for Sales is automatically created cn=Jim cn=Peter

Forward References: LDIF File in Wrong Order o=Acme Corp. Sales ou=Marketing cn=Bob cn=Susan e. Forward References: LDIF File in Wrong Order o=Acme Corp. Sales ou=Marketing cn=Bob cn=Susan e. Directory finishes creating cn=Peter cn=Jim cn=Peter

Forward References: LDIF File in Wrong Order 2. Create ou=Sales o=Acme Corp. 2. 4. Forward References: LDIF File in Wrong Order 2. Create ou=Sales o=Acme Corp. 2. 4. Sales ou=Marketing cn=Bob cn=Susan cn=Jim cn=Peter Create forward Attempt to reference for create ou=Sales

Forward References: LDIF File in Wrong Order o=Acme Corp. Sales ou=Marketing cn=Bob cn=Susan Sales Forward References: LDIF File in Wrong Order o=Acme Corp. Sales ou=Marketing cn=Bob cn=Susan Sales forward reference is automatically morphed into ou=Sales cn=Jim cn=Peter

Circular Group Membership o=Acme Corp. cn=Admins ou=Engineering member: cn=Susan, ou=Sales, o=Acme Corp. cn=Bob cn=Susan Circular Group Membership o=Acme Corp. cn=Admins ou=Engineering member: cn=Susan, ou=Sales, o=Acme Corp. cn=Bob cn=Susan group. Membership: cn=Admins, o=Acme Corp.

LDIF File with Circular Reference version: 1 dn: cn=Admins, o=Acme Corp. changetype: add object. LDIF File with Circular Reference version: 1 dn: cn=Admins, o=Acme Corp. changetype: add object. Class: group. Of. Names member: cn=Susan, o=Acme Corp. dn: cn=Susan, ou=Engineering, o=Acme Corp. changetype: add sn: Moss givenname: Susan object. Class: inet. Org. Person telephonenumber: +1 415 555 0002 mail: Susan. Moss@acmecorp. com userpassword: Susan 123 group. Membership: cn=Admins, o=Acme Corp.

Typical Creation of Circular Group Membership 1. Create group cn=Admins o=Acme Corp. cn=Admins ou=Engineering Typical Creation of Circular Group Membership 1. Create group cn=Admins o=Acme Corp. cn=Admins ou=Engineering cn=Bob

Typical Creation of Circular Group Membership o=Acme Corp. cn=Admins 2. Create user cn=Susan with Typical Creation of Circular Group Membership o=Acme Corp. cn=Admins 2. Create user cn=Susan with group. Membership in cn=Admins ou=Engineering cn=Bob cn=Susan group. Membership: cn=Admins, o=Acme Corp.

Typical Creation of Circular Group Membership o=Acme Corp. cn=Admins 3. Add cn=Susan as member Typical Creation of Circular Group Membership o=Acme Corp. cn=Admins 3. Add cn=Susan as member of cn=Admins ou=Engineering member: cn=Susan, ou=Sales, o=Acme Corp. cn=Bob cn=Susan group. Membership: cn=Admins, o=Acme Corp.

LDIF File with Circular Reference version: 1 dn: cn=Admins, o=Acme Corp. changetype: add object. LDIF File with Circular Reference version: 1 dn: cn=Admins, o=Acme Corp. changetype: add object. Class: group. Of. Names member: cn=Susan, o=Acme Corp. dn: cn=Susan, ou=Engineering, o=Acme Corp. changetype: add sn: Moss givenname: Susan object. Class: inet. Org. Person telephonenumber: +1 415 555 0002 mail: Susan. Moss@acmecorp. com userpassword: Susan 123 group. Membership: cn=Admins, o=Acme Corp.

Breaking the Circular Reference version: 1 dn: cn=Admins, o=Acme Corp. changetype: add object. Class: Breaking the Circular Reference version: 1 dn: cn=Admins, o=Acme Corp. changetype: add object. Class: group. Of. Names dn: cn=Susan, ou=Engineering, o=Acme Corp. changetype: add sn: Moss givenname: Susan object. Class: inet. Org. Person telephonenumber: +1 415 555 0002 mail: Susan. Moss@acmecorp. com userpassword: Susan 123 group. Membership: cn=Admins, o=Acme Corp. dn: cn=Admins, o=Acme Corp. changetype: modify add: member: cn=Susan, o=Acme Corp. -

Forward References: Circular Group Membership o=Acme Corp. cn=Admins 1. Create group cn=Admins with cn=Susan Forward References: Circular Group Membership o=Acme Corp. cn=Admins 1. Create group cn=Admins with cn=Susan as a member ou=Engineering member: cn=Susan, ou=Sales, o=Acme Corp. cn=Bob

Forward References: Circular Group Membership o=Acme Corp. cn=Admins cn=Susan is automatically created as a Forward References: Circular Group Membership o=Acme Corp. cn=Admins cn=Susan is automatically created as a forward reference ou=Engineering member: cn=Susan, ou=Sales, o=Acme Corp. cn=Bob cn=Susan

Forward References: Circular Group Membership o=Acme Corp. cn=Admins 2. Create cn=Susan with group. Membership Forward References: Circular Group Membership o=Acme Corp. cn=Admins 2. Create cn=Susan with group. Membership in cn=Admins ou=Engineering member: cn=Susan, ou=Sales, o=Acme Corp. cn=Bob cn=Susan

Forward References: Circular Group Membership o=Acme Corp. cn=Admins cn=Susan is automatically morphed into a Forward References: Circular Group Membership o=Acme Corp. cn=Admins cn=Susan is automatically morphed into a real User object ou=Engineering member: cn=Susan, ou=Sales, o=Acme Corp. cn=Bob cn=Susan group. Membership: cn=Admins, o=Acme Corp.

Import Convert Export Tip #7: Make it Easy to Use ICE • Add the Import Convert Export Tip #7: Make it Easy to Use ICE • Add the location of ICE to your path and you can run it from anywhere

Import Convert Export Tip #8: Use Standard I/O Redirection • The LDIF handler supports Import Convert Export Tip #8: Use Standard I/O Redirection • The LDIF handler supports stdin/stdout (UNIX only)

Import Convert Export Tip #9: Use ICE to Make Schema Changes • Allows schema Import Convert Export Tip #9: Use ICE to Make Schema Changes • Allows schema export to LDIF • Supports schema modifications via LDIF • Supports. SCH import (e. Directory 8. 7)

Import Convert Export Tip #10: Use the Delimited Data Handler • You can import Import Convert Export Tip #10: Use the Delimited Data Handler • You can import data from delimited text files using the Delimited Data Handler 4 Handler identifier is DELIM 4 CSV, tab-separated data, etc. 4 Currently only available from the command line

Import Convert Export Tip #11: Use the Dir. Load Handler • You can create Import Convert Export Tip #11: Use the Dir. Load Handler • You can create tons of fake test data with just a little work using the Dir. Load handler 4 4 4 Handler identifier is LOAD Uses template files to create data Makes it much easier to generate data that models the real world • Often test data does unrealistic things, e. g. , all users are named User 0001, User 0002, etc. which messes up the effectiveness of indexes (and the validity of your test results) 4 4 Good way to generate test data for application development or lab deployments Currently only available from the command line

Import Convert Export Tip #12: Use the Import Convert Export Wizard • Console. One Import Convert Export Tip #12: Use the Import Convert Export Wizard • Console. One snap-in wizard for common tasks like importing, exporting, and migrating that lead you step by step • Supported features provides functionality identical to the command line utility • Saves server information across sessions so you don’t have to re-enter it

Import Convert Export Tip #12: Use the Import Convert Export Wizard • Access via Import Convert Export Tip #12: Use the Import Convert Export Wizard • Access via NDS Import Export Wizard on the Console. One wizards menu • The advanced buttons on each dialog expose less -frequently-used and advanced features • Use the restart button at the end if you have a problem and all of your previous settings except passwords will be retained

Import Convert Export Tip #13: Combine Handlers in New Ways • You can do Import Convert Export Tip #13: Combine Handlers in New Ways • You can do interesting things by combining handlers in different combinations 4 DELIM to LDIF 4 LDAP to DELIM 4 LDIF to LDIF (with XML rules)

Import Convert Export Tip #14: Use Dir. XML Rules • Dir. XML rules can Import Convert Export Tip #14: Use Dir. XML Rules • Dir. XML rules can be used by the ICE engine to automatically perform tasks like 4 Placement of new entries 4 Resolving schema mapping issues 4 Providing default values for required attribute values on object creation

Import Convert Export Tip #15: Easier Data Migration • The ICE schema cache can Import Convert Export Tip #15: Easier Data Migration • The ICE schema cache can be used to automatically update the schema on the destination to accommodate entries from the source 4 Access option via the –C general command line

ICE Schema Cache LDAP Directory schema entries ICE Schema Cache LDAP Directory schema entries

ICE Schema Cache LDAP Directory entries X e. Directory ICE Schema Cache LDAP Directory entries X e. Directory

ICE Schema Cache LDAP Directory e. Directory schema 1 schema 2 ICE Schema Cache ICE Schema Cache LDAP Directory e. Directory schema 1 schema 2 ICE Schema Cache schema 1—schema 2

ICE Schema Cache LDAP Directory entries ICE Schema Cache schema 1—schema 2 ICE Schema Cache LDAP Directory entries ICE Schema Cache schema 1—schema 2

Import Convert Export Tip #16: Get Creative with ICE • Now that you understand Import Convert Export Tip #16: Get Creative with ICE • Now that you understand how ICE works, you’ll be able to think of tons of slick tricks (pun intended) of your own 4 Example: find and clean up rogue ACLs in tree

NDS i. Monitor • Purpose 4 Provides web-based monitoring and diagnostic capabilities to all NDS i. Monitor • Purpose 4 Provides web-based monitoring and diagnostic capabilities to all servers in your NDS tree 4 Automatically installed with e. Directory 8. 5 and higher • Just point your web browser at http: ///nds

NDS i. Monitor: Features • e. Directory Health Check • Synchronization information • Known NDS i. Monitor: Features • e. Directory Health Check • Synchronization information • Known servers • Agent configuration • Hyperlinked DS Trace • Error information • Object/schema examiner

NDS i. Monitor: Features • Partition list • Agent process status • Agent activity NDS i. Monitor: Features • Partition list • Agent process status • Agent activity • Verb statistics • Background process schedule • DSRepair (subset)

Novell i. Manager • Purpose 4 Provides web-based management and maintenance for e. Directory Novell i. Manager • Purpose 4 Provides web-based management and maintenance for e. Directory • Combines functionality of Console. One and e. Directory utilities • Role-based 4 Ships with e. Directory 8. 7 and higher

e. Directory Utilities Today Utilities • Backup/Restore • DSRepair • DSBrowse • DSMerge • e. Directory Utilities Today Utilities • Backup/Restore • DSRepair • DSBrowse • DSMerge • . . .

Directory Management Toolbox (e. MBox) • A set of tools and utilities with a Directory Management Toolbox (e. MBox) • A set of tools and utilities with a common point of access on the back end that supports the maintenance of e. Directory 4 4 Reuse of existing utility code Command-line accessible (scriptable) Web accessible e. MBox Cross-platform

Novell i. Manager Architecture Web Server i. Manager DHost Process (e. MFrame) ICE Plug-in Novell i. Manager Architecture Web Server i. Manager DHost Process (e. MFrame) ICE Plug-in Schema Manager Plug-in LDAP Plug-in. . . SOAP Service HTTP Stack e. MBox SDK DSMerge Plug-in Backup/Restore e. MTool Repair e. MTool Merge e. MTool Service Manager LDAP Browser DSRepair Plug-in e. Dir SDK Backup/Restore Plug-in e. MBox e. Directory

Getting More Information: Brain. Share 2002 • DSRepair 4 TUT 330—Advanced DSRepair 4 TUT Getting More Information: Brain. Share 2002 • DSRepair 4 TUT 330—Advanced DSRepair 4 TUT 234—Keeping Your Business Online with e. Directory Backup and Restore • Backup/Restore • i. Monitor 4 4 IO 216—Introduction to NDS i. Monitor TUT 229—Practical NDS i. Monitor: Case Studies in e. Directory Diagnosis • i. Manager 4 4 IO 116—i. Manager Introduction and Overview TUT 131—e. Directory Administration and Management with Novell i. Manager • one Net Solutions Lab

Getting More Information • Novell e. Directory 8. 6 Administration Guide 4 Sources • Getting More Information • Novell e. Directory 8. 6 Administration Guide 4 Sources • Electronic distribution on e. Directory 8. 6. 1 CD • Download soft copy or buy hard copy at http: //www. novell. com/documentation 4 Chapter 7 • i. Monitor 4 Chapter 8 • DSMerge • Index Manager • Import Convert Export 4 Chapter 12 • Backup/Restore

Getting More Information • Novell LDAP Developer’s Guide 4 Info on configuring, administrating, and Getting More Information • Novell LDAP Developer’s Guide 4 Info on configuring, administrating, and troubleshooting LDAP and using LDAP utilities • Chapter 11: Import Convert Export (ICE) 4 ISBN: 0 -7645 -4720 -8 • LDAP Tools section of the LDAP Libraries for C SDK documentation 4 Import Convert Export (ICE) • Logicsource II for NDS (www. shop. novell) 4 Especially good DSRepair information