Configuring Novell eDirectory on Linux or Solaris Systems

Novell eDirectory includes configuration utilities that simplify the configuration of various eDirectory components. The following sections provide information about functionality and usage of Novell eDirectory configuration components:


Configuration Utilities

This section provides information about using the following eDirectory configuration utilities:


ndsconfig Utility

You can use the ndsconfig utility to configure eDirectory. This utility can also be used to add the NDS Replica Server into an existing tree or to create a new tree. It can also be used to remove the NDS Replica Server. For more information, see Using the ndsconfig Utility to Add or Remove the eDirectory Replica Server.

To change the current configuration of the installed components:

  1. Use the following syntax:

    ndsconfig {set value_list | get [parameter_list] | get help [parameter_list]}

    2.

Refer to Table 7 for a description of ndsconfig parameters.


ldapconfig Utility to Configure the LDAP Server and LDAP Group Objects

You can use the LDAP configuration utility, ldapconfig, on Linux and Solaris systems to modify, view, and refresh the attributes of LDAP Server and Group objects. For more information, see Configuring LDAP Server and LDAP Group Objects on Linux or Solaris Systems.


nmasconfig Utility To Configure Novell Modular Authentication Service

You can use nmasconfig to configure and unconfigure an NMAS server on Solaris and Linux. For more information about configuring and unconfiguring NMAS, see Using the nmasconfig Utility to Configure NMAS Server .

The nmasconfig utility can also be used to manage login methods and login sequence, and to change simple passwords. For more information on the parameters of the nmasconfig utility, see the nmasconfig manpage, nmasconfig.1m.


pkiconfig Utility to Create Novell PKI Objects for eDirectory

The pkiconfig utility lets you create the following PKI objects for eDirectory:

For information on using pkiconfig utility, see the pkiconfig manpage, pkiconfig.1m.


Configuration Parameters

The eDirectory configuration parameters are stored in the nds.conf file.

Table 15 provides a description of these parameters.


Table 15. eDirectory Configuration Parameters

eDirectory Configuration Parameter Description

n4u.base.tree-name

The tree name that Account Management uses. This is a mandatory parameter set by the Account Management installer. This parameter cannot be set or changed by the administrator.

n4u.base.dclient.use-udp

The Directory User Agent can use UDP in addition to TCP for communicating with eDirectory servers. This parameter enables the UDP transport. The default value is 0. The range is 0 or 1.

n4u.base.slp.max-wait

The Service Location Protocol (SLP) API calls time out. The default value is 30. The range is 3 - 100.

n4u.uam.preferred-server

The host name of the machine that hosts the eDirectory service. The Directory User Agent can use a preferred server, if one is available. The preferred server has to be set to any of the servers hosting a master or read/write replica. If the eDirectory replica is present on the Linux or Solaris system, set the preferred server to the hostname of the Linux or Solaris system for efficiency. The default value is null.

n4u.nds.advertise-life-time

eDirectory re-registers itself with the Directory Agent after this time period. The default value is 3600. The range is 1-65535.

n4u.server.signature-level

The Signature Level determines the level of enhanced security support. Increasing this value increases security, but decreases performance. The default value is 1. The range is 0-3.

n4u.nds.dibdir

The eDirectory directory information database. The default value is /var/nds/dib. This parameter is set during installation and cannot be modified later.

n4u.nds.server-name

The name of the eDirectory Server. The default value is null.

n4u.nds.bindery-context

The Bindery Context string. The default value is null.

n4u.nds.server-context

The context into which the eDirectory server is added. This parameter cannot be set or changed.

n4u.nds.external-reference-life-span

The number of hours unused external references are allowed to exist before being removed. The default value is 192. The range is 1-384.

n4u.nds.inactivity-synchronization-interval

The interval, in minutes, after which full synchronization of the replicas is performed, following a period of no change to the information held in eDirectory on the server. The default value is 60. The range is 2-1440.

n4u.nds.synchronization-restrictions

The Off value allows synchronization with any version of eDirectory. The On value restricts synchronization to version numbers you specify as parameters, for example, ON,420,421. The default value is Off.

n4u.nds.janitor-interval

The interval in minutes after which the eDirectory janitor process is executed. The default value is 2. The range is 1-10080.

n4u.nds.backlink-interval

The interval, in minutes, after which eDirectory backlink consistency is checked. The default value is 780. The range is 2-10080.

n4u.nds.flatcleaning-interval

The interval, in minutes, after which the flatcleaner process automatically begins purging and deleting entries from the database. The default value is 720. The range is 1-720.

n4u.nds.server-state-up-threshold

The Server State Up threshold, in minutes.This is the time after which eDirectory checks the server state before returning -625 errors. The default value is 30. The range is 1-720.

n4u.nds.heartbeat-schema

The heartbeat base schema synchronization interval in minutes. The default value is 240. The range is 2-1440.

n4u.nds.heartbeat-data

The heartbeat synchronization interval in minutes. The default value is 60. The range is 2-1440.

n4u.nds.drl-interval

The interval, in minutes, after which eDirectory distributed reference link consistency is checked. The default value is 780. The range is 2-10080.

n4u.server.tcp-port

The default port used if the port number is not specified in the n4u.server.interfaces parameter.

n4u.server.interfaces

The IP address and port number the eDirectory server should listen to for client connections. The value can be a comma-separated list specifying more than one combination of possible settings. You can specify the value as <Interface name>|<IP Address>@<port>. You can specify either the whole string or the interface name or IP address. If the parameter is not specified in the nds.conf file, the eDirectory server gets any one IP address with the default port specified in the n4u.server.interfaces parameter. If the n4u.server.interfaces parameter is also not specified, the default port will be 524. The possible values are given below.

  • Interface name | IP Address - The eDirectory server gets the specified interface name or IP address with the default port.
  • Interface name | IP Address@port - The eDirectory server gets the specified interface name or IP address with the specified port number.

n4u.server.active-interval

A worker thread in the thread pool is active if it is available to execute jobs in the ready queue. This parameter sets the time interval (in milliseconds) within which a thread should return to the thread pool to be considered active. This interval will be scaled internally based on the number of processors configured. The default value is 10,000 milliseconds (10 seconds).

n4u.ldap.lburp.transize

The number of records that will be sent from the Novell Import Conversion Export client to the LDAP server in a single LBURP packet. You can increase the transaction size to ensure that multiple add operations can be performed in a single request. The default transaction size is 25. You can provide a transaction size in the hard-limit range of 1 and 250.


Previous | Next