SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Sponsor:

Would you like to sponsor this site?
Or buy me a beer?:


Recently Changed Pages:

View All Pages
View All Q Pages


View All Tags


Sign up for Q to post comments.





WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Terms And Conditions for Q users


Pages with comments

PageDateDiscussionTags
2019/06/22 10:36 1 Comment
2019/03/15 16:02 1 Comment
2019/03/15 16:02 1 Comment
2019/03/15 16:02 3 Comments
2017/04/20 15:28 1 Comment
2017/04/20 15:23 1 Comment
2017/04/19 14:44 1 Comment
2017/04/17 20:10 1 Comment
2017/04/17 20:07 1 Comment
2017/04/17 19:58 1 Comment
2017/04/17 19:52 1 Comment

View All Comments

edirectorytips

Notes, Tips & Tricks: eDirectory

This is a notes page, extended with tips & tricks. This page is not really documentation, just stuff for me to remember. Sometimes things will get removed from these pages and turned into real documentation, sometimes not. You might find these notes to come in hand, maybe not. For me, it's just things I don't want to forget.

DSREPAIR dump & recover

NOTE: HIER IS GEEN SUPPORT VOOR - VOOR EIGEN RISICO

Dump

Maak een dumpfile op een server met een RW replica van alle partities:

  • dsrepair -RC

Dit maakt een dump file in sys:\system\dsr_dib\00000000.$du

Restore

Gewoonlijk heb je novell support nodig om dit terug te zetten Zet de dumpfile terug:

  • dsrepair -$du
    • Advanced options → NDS Archive Options → Restore NDS With/Without verification

Hierna controleren of de database open is en daarna de server herstarten. Hierna moet je alle andere servers nog uit de replica rings gooien:

  • dsrepair -a
    • Advances Options → Replica and Partition Operations → Choose Replica → Choose Server → Remove this Server from the Replica Ring

Novell BLOG over deze optie:

Restoring Files
To restore the files backed up with Dsrepair -rc, you need to load DSRepair with the -$DU switch. (That was obvious, right? Gotta love hidden command line options. Years ago I saw a list of all the hidden commands, at that time for Dsrepair. I imagine there are many more now. Anyone have an up to date copy of that, that is allowed to be shared? That would be very useful to have in the public!)
Once you do that, under Netware, go to Advanced Options, then NDS Archive at the bottom. It used to be there was just an option to make a database archive. Now there is a "restore from archive" option.
The problem I ran into was this: I selected the option, indicated "I Agree" to confirm that I know how bad an idea this is if it's done in error, and selected the folder. I then got an operation failed error, with no error message whatsoever. Very frustrating.
Troubleshooting
Running out of ideas, I decided to blast it with DSTrace, using NetWare 6.5 as the server. Here's what I did:
DSTRACE (loads dstrace.nlm)
DSTRACE SCREEN ON (turns on the display to the screen)
DSTRACE +ALL (enables all the flags)
DSTRACE FILE ON (turns on the output to the Sys:\system\dstrace.log file
Then I tried it again. Now there was a -144 error in the REPR tag. Finally, an error code to look for!
I looked it up in the Novell error code web page (TID 10080995, which may work as: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=10080995). Or, you can try this link from the documentation: http://www.novell.com/documentation/nwec/nwec_enu/nwec_list_of_all_codes.html
The -144 error is an "All read only error". This seemed like a red herring, since DSRepair needs to read the DIB backup, not write to it. But it was a path to try to resolve the issue.
The original images were moved onto the isolated VM through the use of a CD-R, since the network was not an option. When you copy files off the CD-R, there is an implicit Read Only attribute on the files copied. That's easy enough to clear. At the console, I ran:
TBX
to load the new Toolbox.nlm replacement (http://www.novell.com/communities/node/3225/tbxnlm)
One of the TBX commands is attrib. I tried the following (modify this to match your path):
attrib -r sys:\system\dsr_dib\*.*
and then tried it again. I found this resolved the issue. This was most frustrating, due to the lack of a useful error message to troubleshoot. I had tried different files from a different server, another copy, and so on. Hopefully this document will give you some ideas and approaches to try and find an error message to even begin to troubleshoot.

DSREPAIR overige opties

  • dsrepair -Av
    • Ignore disk space requirements

LDAP

Netware

Unload/load NLDAP.NLM

Poort en proces informatie: tcpcon → Protocol Information → TCP → TCP Connections

LDAP TRACE op console:

dstrace
dstrace -all
dstrace +time +tags +ldap +auth
dstrace on
ldap dstrace=+all

<voer test uit>

dstrace off

<logfile: sys:\system\dstrace.log>

unload dstrace

Linux

Service status:

/etc/init.d/nldap

Poort en proces informatie: netstat -nap | grep :389

LDAP TRACE op console:

ndstrace
set ndstrace = nodebug / ndstrace -<TAG>
ndstrace
ndstrace file on / ndstrace on / ndstrace screen on
ndstrace +time +tags +ldap

<logfile: /etc/opt/novell/eDirectory/conf/log/ndstrace.log>

set ndstrace = nodebug
exit

NDSTRACE

TRACE FLAGS

ALOC Messages to show the details of memory allocation.
AREQ Messages related to inbound requests from other servers or clients.
AUTH Messages and error reports relating to authentication.
BLNK Backlink and inbound obituary messages and error reports.
CBUF Messages related to outbound DS Client requests.
CHNG Change cache messages.
COLL Status and error reports concerning an object’s update information when the update has been previously received.
CONN Messages that show information about the servers your server is trying to connect to, and about errors and timeouts that might be causing your server not to connect.
DNS Messages about the eDirectory-integrated DNS server processes.
DRLK Distributed reference link messages.
DVRS Messages to show DirXML® driver-specific areas that eDirectory might be working on.
DXML Messages to show details of DirXML events.
IN Messages related to inbound requests and processes.
INIT Messages related to the initialization of eDirectory.
INSP Messages related to the integrity of objects in the source server’s local database. Using this flag increases the demands on the source server’s disk storage system, memory, and processor. Do not leave this flag enabled unless objects are being corrupted.
JNTR Messages related to the following background processes: janitor, replica synchronization, and flat cleaner.
LDAP Messages related to the LDAP server.
LMBR Messages related to the limber process.
LOCK Messages related to the use and manipulation of the source server’s local database locks.
LOST Messages related to lost entries.
MOVE Messages from the move partition or move subtree operations.
NCPE Messages to show the server receiving NCP-level requests.
NMON Messages related to iMonitor.
OBIT Messages from the obituary process.
PART Messages related to partition operations from background processes and from request processing.
PURG Messages about the purge process.
RECM Messages related to the manipulation of the source server’s database.
RSLV Reports related to the processing of resolve name requests.
SADV Messages related to the registration of tree names and partitions with Service Location Protocol (SLP).
SCMA Messages related to the schema synchronization process.
SCMD Messages showing the details of schema-related operations. They give details of both inbound and outbound synchronization.
SKLK Messages related to the replica synchronization process.
SPKT Messages related to eDirectory NCP server-level information.
STRM Messages related to the processing of attributes with a Stream syntax.
SYDL Messages showing more details during the replication process.
SYNC Messages about inbound synchronization traffic (what is being received by the server).
TAGS Displays the tag string that identifies the trace option that generated the event on each line displayed by the trace process.
THRD Messages to show when any background processes (threads) begin and end.
TIME Messages about the transitive vectors that are used during the synchronization process.
TVEC Messages related to the following attributes: Synchronize Up To, Replica Up To, and Transitive Vector.
VCLN Messages related to the establishment or deletion of connections with other servers.

Processen starten

set ndstrace =

*B Backlinker
*F Flat Cleaner
*H Replica Synchronization
*J Purger (onderdeel van synchronisatie)
*L Limber
*S Skulker (controleert welke replica's gesynchroniseerd moeten worden)
*SS Schema Synchronization

Synchronization Process / Skulker process

Event driven

Sync Immediate (met 10 seconcen vertraging na het eerste event, noodzakelijk bij bijvoorbeeld wachtwoorden)
Sync Never (synchronisatie kan wachten tot de eerst volgende synchronisatie ronde, wat binnen 60 minuten is)

Schema Synchronization Process

Loopt elke vier uur en 10 seconcen na een succesvolle schema update

Janitor Process

Loopt elke 2 minuten maar doet dan niet elke taak Taken: 1. Scheduling Flat Cleaner process (elke 60 minuten) 2. Weergeven van Console meldingen bij synthetic time (NetWare only) 3. Optimaliseren van de lokale DS database 4. Controleren of het partition root object hernoemd is 5. Bijwerken en controleren van inherited ACL attributen van de partitie root objects 6. Het status attribute van de DS database voor de lokale server bijwerken 7. Indien er geen lokale replica is het verzorgen van registratie bij een andere server teneinde schema updates te krijgen

Flat Cleaner Process / Purger process

Loopt elke 60 minuten Taken: 1. Purgen van ongebruikte objecten en attributen in bindery en external reference partities 2. Purgen van obituaries met de purgeable staat 3. Controleren van de status en versie attributen van servers in alle partities waarvan de lokale server Master is 4. Controleren dat alle objecten in user-created partities geldige public keys en CA public keys hebben

Backlink Process / Backlinker process / External Reference Check process

Loopt elke 13 uur Taken: 1. Controleert op geldigheid van een external reference door te controleren of het object waar het naar verwijst nog bestaat en of de reden van het bestaan van de external reference nog geldig is. 2. Het verwijderen van de overbodige external references

Limber Process

Loopt elke 3 uur indien succesvol, anders elke 5 minuten Taken: 1. Controleert het netwerk adres voor alle servers in alle partities waarvan de lokale server een kopie heeft 2. Controleert of de relative distinguished name van de lokale server klopt bij de server die de master heeft van de partitie waar de server in zit 3. Bijhouden van het versie attribuut van de server in de database 4. Het nagaan van welke server in de replica ring het dichts bij [root] zit 5. het starten van de Predicate Ststistics collection 6. Controleert het netwerk adres van de server in het server object in de database

ERRORS

618 Inconsistent database → dsrepair op single object
625 Communication error
626 Network error
698 Replica in skulk → cosmetisch → replica is bezig te worden gesynchroniseerd
698 means that the partition is being synchronized. In larger environments this is happening all the time, as per replica the skulker process kicks in every 30-60 minutes. Because only one (inbound) replication request can happen at once (per server) you'll see the 698 all the time (in larger environments, that is) Also, in larger environments, if you never see the 698 error you could ask yourself why there are no multiple (inbound) replication requests. So, in larger environments the errors are a sign that replication is going on and healthy. There is one situation you need to be careful for. There are situations that the 698 error is not cosmetic, but that's always in combination with other errors. So make sure you don't have other errors. Source

Subordinate Reference Replica

Subordinate reference replicas are system-generated replicas that don't contain all the object data of a master or a read/write replica. Subordinate reference replicas, therefore, don't provide fault tolerance. They are internal pointers that are generated to contain enough information for eDirectory to resolve object names across partition boundaries.

You can't delete a subordinate reference replica; eDirectory deletes it automatically when it is not needed. Subordinate reference replicas are created only on servers that hold a replica of a parent partition but no replicas of its child partitions. If a replica of the child partition is copied to a server holding the replica of the parent, the subordinate reference replica is automatically deleted.

Redenen bestaan external references

eDir versions

You could leave a comment if you were logged in.
edirectorytips.txt · Last modified: 2013/05/01 10:45 by sjoerd