SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


edirectorytips
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

edirectorytips [2013/05/01 10:45] (current)
sjoerd created
Line 1: Line 1:
 += Notes, Tips & Tricks: eDirectory
  
 +This is a notes page, extended with tips & tricks. This page is not really documentation,​ just stuff for me to remember. Sometimes things will get removed from these pages and turned into real documentation,​ sometimes not. You might find these notes to come in hand, maybe not. For me, it's just things I don't want to forget. ​
 +
 += DSREPAIR dump & recover
 +NOTE: HIER IS GEEN SUPPORT VOOR - VOOR EIGEN RISICO
 +== Dump
 +Maak een dumpfile op een server met een RW replica van alle partities:
 +* dsrepair -RC
 +Dit maakt een dump file in sys:​\system\dsr_dib\00000000.$du
 +
 +== Restore
 +Gewoonlijk heb je novell support nodig om dit terug te zetten
 +Zet de dumpfile terug:
 +* dsrepair -$du
 +** Advanced options -> NDS Archive Options -> Restore NDS With/​Without verification
 +Hierna controleren of de database open is en daarna de server herstarten.
 +Hierna moet je alle andere servers nog uit de replica rings gooien:
 +* dsrepair -a
 +** Advances Options -> Replica and Partition Operations -> Choose Replica -> Choose Server -> Remove this Server from the Replica Ring
 +
 +[[http://​www.novell.com/​communities/​node/​3262/​restoring-edirectory-with-dsrepair-rc-and-dsrepair-du|Novell BLOG over deze optie:]]
 +<​code>​
 +Restoring Files
 +To restore the files backed up with Dsrepair -rc, you need to load DSRepair with the -$DU switch. (That was obvious, right? Gotta love hidden command line options. Years ago I saw a list of all the hidden commands, at that time for Dsrepair. I imagine there are many more now. Anyone have an up to date copy of that, that is allowed to be shared? That would be very useful to have in the public!)
 +Once you do that, under Netware, go to Advanced Options, then NDS Archive at the bottom. It used to be there was just an option to make a database archive. Now there is a "​restore from archive"​ option.
 +The problem I ran into was this: I selected the option, indicated "I Agree" to confirm that I know how bad an idea this is if it's done in error, and selected the folder. I then got an operation failed error, with no error message whatsoever. Very frustrating.
 +Troubleshooting
 +Running out of ideas, I decided to blast it with DSTrace, using NetWare 6.5 as the server. Here's what I did:
 +DSTRACE (loads dstrace.nlm)
 +DSTRACE SCREEN ON (turns on the display to the screen)
 +DSTRACE +ALL (enables all the flags)
 +DSTRACE FILE ON (turns on the output to the Sys:​\system\dstrace.log file
 +Then I tried it again. Now there was a -144 error in the REPR tag. Finally, an error code to look for!
 +I looked it up in the Novell error code web page (TID 10080995, which may work as: http://​www.novell.com/​support/​search.do?​cmd=displayKC&​docType=kc&​externalId=10080995). Or, you can try this link from the documentation:​ http://​www.novell.com/​documentation/​nwec/​nwec_enu/​nwec_list_of_all_codes.html
 +The -144 error is an "All read only error"​. This seemed like a red herring, since DSRepair needs to read the DIB backup, not write to it. But it was a path to try to resolve the issue.
 +The original images were moved onto the isolated VM through the use of a CD-R, since the network was not an option. When you copy files off the CD-R, there is an implicit Read Only attribute on the files copied. That's easy enough to clear. At the console, I ran:
 +TBX
 +to load the new Toolbox.nlm replacement (http://​www.novell.com/​communities/​node/​3225/​tbxnlm)
 +One of the TBX commands is attrib. I tried the following (modify this to match your path):
 +attrib -r sys:​\system\dsr_dib\*.*
 +and then tried it again. I found this resolved the issue. This was most frustrating,​ due to the lack of a useful error message to troubleshoot. I had tried different files from a different server, another copy, and so on. Hopefully this document will give you some ideas and approaches to try and find an error message to even begin to troubleshoot.
 +</​code>​
 +
 += DSREPAIR overige opties
 +* dsrepair -Av 
 +** Ignore disk space requirements
 +
 += LDAP
 +== Netware
 +Unload/load NLDAP.NLM
 +
 +Poort en proces informatie:
 +tcpcon -> Protocol Information -> TCP -> TCP Connections
 +
 +LDAP TRACE op console:
 +<​code>​
 +dstrace
 +dstrace -all
 +dstrace +time +tags +ldap +auth
 +dstrace on
 +ldap dstrace=+all
 +
 +<voer test uit>
 +
 +dstrace off
 +
 +<​logfile:​ sys:​\system\dstrace.log>​
 +
 +unload dstrace
 +</​code>​
 +
 +== Linux
 +Service status:
 +  /​etc/​init.d/​nldap
 +
 +Poort en proces informatie:
 +netstat -nap | grep :389 
 +
 +LDAP TRACE op console:
 +<​code>​
 +ndstrace
 +set ndstrace = nodebug / ndstrace -<​TAG>​
 +ndstrace
 +ndstrace file on / ndstrace on / ndstrace screen on
 +ndstrace +time +tags +ldap
 +
 +<​logfile:​ /​etc/​opt/​novell/​eDirectory/​conf/​log/​ndstrace.log>​
 +
 +set ndstrace = nodebug
 +exit
 +</​code>​
 +
 += NDSTRACE ​
 +[[http://​www.novell.com/​documentation/​edir88/​edir88tshoot/​index.html?​page=/​documentation/​edir88/​edir88tshoot/​data/​bq0gvax.html|Complete referentie met mogelijkheden]] ​
 +
 +== TRACE FLAGS
 +|ALOC |Messages to show the details of memory allocation.|
 +|AREQ |Messages related to inbound requests from other servers or clients.|
 +|AUTH |Messages and error reports relating to authentication.|
 +|BLNK |Backlink and inbound obituary messages and error reports.|
 +|CBUF |Messages related to outbound DS Client requests.|
 +|CHNG |Change cache messages.|
 +|COLL |Status and error reports concerning an object’s update information when the update has been previously received.|
 +|CONN |Messages that show information about the servers your server is trying to connect to, and about errors and timeouts that might be causing your server not to connect.|
 +|DNS |Messages about the eDirectory-integrated DNS server processes.|
 +|DRLK |Distributed reference link messages.|
 +|DVRS |Messages to show DirXML® driver-specific areas that eDirectory might be working on.|
 +|DXML |Messages to show details of DirXML events.|
 +|IN |Messages related to inbound requests and processes.|
 +|INIT |Messages related to the initialization of eDirectory.|
 +|INSP |Messages related to the integrity of objects in the source server’s local database. Using this flag increases the demands on the source server’s disk storage system, memory, and processor. Do not leave this flag enabled unless objects are being corrupted.|
 +|JNTR |Messages related to the following background processes: janitor, replica synchronization,​ and flat cleaner.|
 +|LDAP |Messages related to the LDAP server.|
 +|LMBR |Messages related to the limber process.|
 +|LOCK |Messages related to the use and manipulation of the source server’s local database locks.|
 +|LOST |Messages related to lost entries.|
 +|MOVE |Messages from the move partition or move subtree operations.|
 +|NCPE |Messages to show the server receiving NCP-level requests.|
 +|NMON |Messages related to iMonitor.|
 +|OBIT |Messages from the obituary process.|
 +|PART |Messages related to partition operations from background processes and from request processing.|
 +|PURG |Messages about the purge process.|
 +|RECM |Messages related to the manipulation of the source server’s database.|
 +|RSLV |Reports related to the processing of resolve name requests.|
 +|SADV |Messages related to the registration of tree names and partitions with Service Location Protocol (SLP).|
 +|SCMA |Messages related to the schema synchronization process.|
 +|SCMD |Messages showing the details of schema-related operations. They give details of both inbound and outbound synchronization.|
 +|SKLK |Messages related to the replica synchronization process.|
 +|SPKT |Messages related to eDirectory NCP server-level information.|
 +|STRM |Messages related to the processing of attributes with a Stream syntax.|
 +|SYDL |Messages showing more details during the replication process.|
 +|SYNC |Messages about inbound synchronization traffic (what is being received by the server).|
 +|TAGS |Displays the tag string that identifies the trace option that generated the event on each line displayed by the trace process.|
 +|THRD |Messages to show when any background processes (threads) begin and end.|
 +|TIME |Messages about the transitive vectors that are used during the synchronization process.|
 +|TVEC |Messages related to the following attributes: Synchronize Up To, Replica Up To, and Transitive Vector.|
 +|VCLN |Messages related to the establishment or deletion of connections with other servers.|
 +
 += Processen starten
 +set ndstrace = 
 +|*B |Backlinker|
 +|*F |Flat Cleaner|
 +|*H |Replica Synchronization|
 +|*J |Purger (onderdeel van synchronisatie)|
 +|*L |Limber|
 +|*S |Skulker (controleert welke replica'​s gesynchroniseerd moeten worden) |
 +|*SS |Schema Synchronization|
 +
 += Synchronization Process / Skulker process
 +
 +Event driven
 + Sync Immediate (met 10 seconcen vertraging na het eerste event, noodzakelijk bij bijvoorbeeld wachtwoorden)
 + Sync Never (synchronisatie kan wachten tot de eerst volgende synchronisatie ronde, wat binnen 60 minuten is)
 +
 += Schema Synchronization Process ​
 +
 +Loopt elke vier uur en 10 seconcen na een succesvolle schema update
 +
 += Janitor Process
 +
 +Loopt elke 2 minuten maar doet dan niet elke taak
 +Taken:
 +1. Scheduling Flat Cleaner process (elke 60 minuten)
 +2. Weergeven van Console meldingen bij synthetic time (NetWare only)
 +3. Optimaliseren van de lokale DS database
 +4. Controleren of het partition root object hernoemd is
 +5. Bijwerken en controleren van inherited ACL attributen van de partitie root objects
 +6. Het status attribute van de DS database voor de lokale server bijwerken
 +7. Indien er geen lokale replica is het verzorgen van registratie bij een andere server teneinde schema updates te krijgen
 +
 += Flat Cleaner Process / Purger process
 +
 +Loopt elke 60 minuten
 +Taken:
 +1. Purgen van ongebruikte objecten en attributen in bindery en external reference partities
 +2. Purgen van obituaries met de purgeable staat
 +3. Controleren van de status en versie attributen van servers in alle partities waarvan de lokale server Master is
 +4. Controleren dat alle objecten in user-created partities geldige public keys en CA public keys hebben
 +
 += Backlink Process / Backlinker process / External Reference Check process
 +
 +Loopt elke 13 uur
 +Taken:
 +1. Controleert op geldigheid van een external reference door te controleren of het object waar het naar verwijst nog bestaat en of de reden van het bestaan van de external reference nog geldig is.
 +2. Het verwijderen van de overbodige external references
 +
 += Limber Process
 +
 +Loopt elke 3 uur indien succesvol, anders elke 5 minuten
 +Taken:
 +1. Controleert het netwerk adres voor alle servers in alle partities waarvan de lokale server een kopie heeft
 +2. Controleert of de relative distinguished name van de lokale server klopt bij de server die de master heeft van de partitie waar de server in zit
 +3. Bijhouden van het versie attribuut van de server in de database
 +4. Het nagaan van welke server in de replica ring het dichts bij [root] zit
 +5. het starten van de Predicate Ststistics collection
 +6. Controleert het netwerk adres van de server in het server object in de database
 +
 += ERRORS ​
 +
 +|618 |Inconsistent database -> dsrepair op single object|
 +|625 |Communication error|
 +|626 |Network error|
 +|698 |Replica in skulk -> cosmetisch -> replica is bezig te worden gesynchroniseerd|
 +
 +>698 means that the partition is being synchronized. In larger environments this is happening all the time, as per replica the skulker process kicks in every 30-60 minutes. Because only one (inbound) replication request can happen at once (per server) you'll see the 698 all the time (in larger environments,​ that is) Also, in larger environments,​ if you never see the 698 error you could ask yourself why there are no multiple (inbound) replication requests. So, in larger environments the errors are a sign that replication is going on and healthy. There is one situation you need to be careful for. There are situations that the 698 error is not cosmetic, but that's always in combination with other errors. So make sure you don't have other errors. [[http://​www.novell.com/​support/​php/​search.do?​cmd=displayKC&​docType=kc&​externalId=10020701&​sliceId=&​docTypeID=DT_TID_1_1&​dialogID=79708037&​stateId=0%200%2079706215|Source]] ​
 +
 += Subordinate Reference Replica
 +
 +Subordinate reference replicas are system-generated replicas that don't contain all the object data of a master or a read/write replica. Subordinate reference replicas, therefore, don't provide fault tolerance. They are internal pointers that are generated to contain enough information for eDirectory to resolve object names across partition boundaries.
 +
 +You can't delete a subordinate reference replica; eDirectory deletes it automatically when it is not needed. Subordinate reference replicas are created only on servers that hold a replica of a parent partition but no replicas of its child partitions.
 +If a replica of the child partition is copied to a server holding the replica of the parent, the subordinate reference replica is automatically deleted.
 +
 += Redenen bestaan external references
 +http://​support.novell.com/​techcenter/​articles/​anp20021101.html
 +
 += eDir versions
 +
 +http://​www.novell.com/​support/​php/​search.do?​cmd=displayKC&​docType=kc&​externalId=3800907&​sliceId=1&​docTypeID=DT_TID_1_1&​dialogID=89794051&​stateId=0%200%2089792188
 +
 +{{tag>​notes edirectory ldap dutch}}
edirectorytips.txt · Last modified: 2013/05/01 10:45 by sjoerd