Novell EDIRECTORY 8.8 SP1, Installation Manual

Page 1: ...Novell w w w n o v e l l c o m novdocx en 6 April 2007 Novell eDirectory 8 8 Installation Guide eDirectoryTM 8 8 S P 1 M a y 2 5 2 0 0 7 I N S T A LL A T IO N G U I D E ...

Page 2: ...port or import deliverables You agree not to export or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as specified in the U S export laws You agree to not use deliverables for prohibited nuclear missile or chemical biological weaponry end uses Please refer to www novell com info exports for more information on exporting Novell software No...

Page 3: ...tes and other countries Novell Client is a trademark of Novell Inc Novell Directory Services and NDS are registered trademarks of Novell Inc in the United States and other countries Ximiam is a registerd trademark of Novell Inc in the United States and other countries ZENworks is a registered trademark of Novell Inc in the United States and other countries Third Party Materials All third party tra...

Page 4: ...novdocx en 6 April 2007 ...

Page 5: ...Requirements 23 2 2 Prerequisites 23 2 3 Hardware Requirements 25 2 4 Forcing the Backlink Process to Run 25 2 5 Updating the eDirectory Schema for Windows 26 2 6 Disk Space Check on Upgrading to eDirectory SP2 or later 26 2 7 Installing Novell eDirectory on Windows 27 2 7 1 Installing or Updating Novell eDirectory 8 8 on Windows 2000 or Server 2003 27 2 7 2 Server Health Checks 28 2 7 3 Communica...

Page 6: ...ds install Utility to Install eDirectory Components 75 4 6 5 Nonroot User Installing eDirectory 8 8 77 4 6 6 Using the Ndsconfig Utility to Add or Remove the eDirectory Replica Server 79 4 6 7 Using ndsconfig to Configure Multiple Instances of eDirectory 8 8 81 4 6 8 Using Ndsconfig to Install a Solaris Server into a Tree with Dotted Name Containers 81 4 6 9 Using the Nmasinst Utility to Configure...

Page 7: ...UNIX 113 7 2 NetWare and Windows 114 8 Upgrade Requirements of eDirectory 8 8 115 8 1 Reference Changes in 8 8 SP2 116 8 2 Upgrade Process in 8 8 SP2 117 8 3 Performing a Dry Run before Upgrading eDirectory 119 8 3 1 Common Problems Encountered during the Upgrade Process 119 9 Configuring Novell eDirectory on Linux Solaris AIX or HP UX Systems 121 9 1 Configuration Utilities 121 9 1 1 The ndsconfi...

Page 8: ...ks 141 B 2 Performing Health Checks 141 B 2 1 With the Upgrade 141 B 2 2 As a Standalone Utility 141 B 3 Types of Health Checks 142 B 3 1 Basic Server Health 142 B 3 2 Partitions and Replica Health 143 B 4 Categorization of Health 143 B 4 1 Normal 143 B 4 2 Warning 143 B 4 3 Critical 144 B 5 Log Files 145 C Configuring OpenSLP for eDirectory 147 C 1 Service Location Protocol 147 C 2 SLP Fundamenta...

Page 9: ...apter 10 Migrating to eDirectory 8 8 SP2 on page 129 Chapter 11 Uninstalling Novell eDirectory on page 133 Appendix A Linux Solaris AIX and HP UX Packages for Novell eDirectory on page 137 Appendix B Server Health Checks on page 141 Appendix C Configuring OpenSLP for eDirectory on page 147 Audience The guide is intended for network administrators Feedback We want to hear your comments and suggesti...

Page 10: ...cross reference path A trademark symbol TM etc denotes a Novell trademark An asterisk denotes a third party trademark When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms the pathname is presented with a backslash Users of platforms that require a forward slash such as Linux and UNIX should use forward slashes as required by your software...

Page 11: ...ments for upgrading to eDirectory 8 8 and eDirectory 8 8 SP2 1 1 1 Upgrade to eDirectory 8 8 You can upgrade to eDirectory 8 8 on the following version of NetWare NetWare 6 5 with Support Pack 3 or later http support novell com filefinder 18197 index html Administrative rights to the eDirectory tree so you can modify the schema 1 1 2 Upgrade to eDirectory 8 8 SP2 You can upgrade to eDirectory 8 8 ...

Page 12: ...u are upgrading a NetWare server as a nonadministrator user ensure that you have met the following prerequisites A NetWare server in the eDirectory 8 8 tree installed as the tree admin Ensure that you have the following rights Supervisor rights to the container the server is being installed into All Attributes rights read compare and write rights over the W0 KAP Security object Entry rights browse...

Page 13: ...k Process to Run Because the internal eDirectory identifiers change when upgrading to Novell eDirectory the backlink process must update backlinked objects for them to be consistent Backlinks keep track of external references to objects on other servers For each external reference on a server the backlink process ensures that the real object exists in the correct location and verifies all backlink...

Page 14: ...Schema Update Yes dsrepair nlm updates the schema and posts the results to the dsrepair log file Ignore errors associated with adding object classes dsrepair nlm is simply applying the Post NetWare 5 Schema Update changes to each object 6 Copy the appropriate patch version of dsrepair nlm to each NetWare server in the eDirectory tree Use the table in Step 1 as a reference Having a correct version ...

Page 15: ...oftware on page 17 Installing into a Tree with Dotted Name Containers on page 17 Unattended Upgrade to eDirectory 8 8 SP2 on Netware on page 18 Remote Installation or Upgrade on page 21 NOTE Unattended Upgrade feature is supported only for SP2 release 1 7 1 Installing or Upgrading Novell eDirectory 8 8 on NetWare 1 At the server console enter nwconfig nlm 2 Select Product Options Install a Product...

Page 16: ...erver health check is conducted by default to ensure that the server is safe for the upgrade Section B 3 2 Partitions and Replica Health on page 143 Based on the results obtained from the health checks the upgrade will either continue or exit as follows If all the health checks are successful the upgrade will continue If there are minor errors the upgrade will prompt you to continue or exit If the...

Page 17: ...is component 4 Click OK and follow the on screen instructions 5 Reboot the client workstation after the installation completes 1 7 5 Installing into a Tree with Dotted Name Containers You can install a NetWare server into an eDirectory tree that has containers with dots in the names for example O novell com or C u s a Using containers with dotted names requires that those dots be escaped with the ...

Page 18: ...soleOne NOTE Pre upgrade health check is not run during unattended upgrade ensure you run dscheck nlm manually before starting the upgrade To perform this 1 Import the applicable SPK into ConsoleOne 2 To do this right click on the Server Software Packages name space and select Insert New Package see Figure 1 2 Figure 1 2 Adding the package into ConsoleOne An SPK has components and properties To se...

Page 19: ...e Figure 1 4 Figure 1 4 Modifying the package variables Edit and change the values of the two variables user_id and pwd user_id administrator name that the install program will use to extend the tree pwd password for the above username These are the only two fields that need to be edited Leave the values of rest of the variables as defined WARNING The installation source folders will be partially ...

Page 20: ... be attached to the SPK before compiling the CPK Steps for attaching the source to the SPK is given below 1 Copy the source to the local machine and name the folder as eDir88 There are references to this folder name inside the SPK and hence please use this suggested name 2 Right click on the Copying files component and select Properties and browse to the Copy File Tab 3 Remove the file set if give...

Page 21: ... NCF and the script files are deleted permanently from the system 1 7 7 Remote Installation or Upgrade During Install or Upgrade the Installer provides the following message and prompts for user input Are you installing remotely through rconsole No Local Yes Remote After prompting this message the Installation typically continues in the XServer Console displaying options to choose the NMAS methods...

Page 22: ...22 Novell eDirectory 8 8 Installation Guide novdocx en 6 April 2007 ...

Page 23: ...lling or Updating Novell eDirectory 8 8 on Windows 2000 or Server 2003 on page 27 2 1 System Requirements One of the following Windows 2000 Server with Service Pack 4 or later Windows 2000 Advanced Server with Service Pack 4 or later Windows Server 2003 IMPORTANT Windows XP is not a supported Novell eDirectory 8 8 platform An assigned IP address A Pentium 200 with a minimum of 64 MB RAM 128 MB rec...

Page 24: ...u would have to change the default from 2 KB to 4 KB for the key size during the CA creation If you are upgrading to eDirectory 8 8 make sure you have the latest NDS and eDirectory patches installed on all non eDirectory 8 8 servers in the tree You can get NDS and eDirectory patches from the Novell Support http support novell com Web site Make sure you have the latest Windows 2000 or 2003 Server S...

Page 25: ...Requirements for processors might be greater than the table indicates depending upon additional services available on the computer as well as the number of authentications reads and writes that the computer is handling Processes such as encryption and indexing can be processor intensive 2 4 Forcing the Backlink Process to Run Because the internal eDirectory identifiers change when upgrading to eDi...

Page 26: ...epair and then discontinues 1 Copy patches dsrepair ntnds8 dsrepair dll from the product CD to the directory where you installed eDirectory for example c novell nds 2 Click Start Settings Control Panel Novell eDirectory Services 3 Select dsrepair dlm in the Service list 4 Enter ins in the Startup Parameters field then click Start After the schema has been updated the Status field next to the dsrep...

Page 27: ...ing Appendix C Configuring OpenSLP for eDirectory on page 147 DHCP Options for Service Location Protocol http www openslp org doc rfc rfc2610 txt OpenSLP Documentation http www openslp org Documentation 3 If you have Autorun turned off run setup bat from the Novell eDirectory 8 8 SP2 CD or from the downloaded file The installation program checks for the following components before it installs eDir...

Page 28: ...umentation edir88 index html for more information For information on using dots in container names see Installing into a Tree with Dotted Name Containers on page 32 10 New installations only In the HTTP Server Port Configuration page specify the ports to use for the eDirectory administrative HTTP server then click Next IMPORTANT Make sure that the HTTP stack ports you set during the eDirectory ins...

Page 29: ...e to this port is clear Therefore a security risk exists For example LDAP passwords can be viewed on a simple bind request An LDAP Simple Bind requires only a DN and a password The password is in clear text If you use port 389 the entire packet is in clear text By default this option is disabled during the eDirectory installation Because port 389 allows clear text the LDAP server services Read and...

Page 30: ... The Require TLS for Simple Bind with Password discourages users from sending observable passwords If this setting is disabled that is not checked users are unaware that others can observe their passwords This option which does not allow the connection only applies to the clear text port If you make a secure connection to port 636 and have a simple bind the connection is already encrypted No one c...

Page 31: ...for the Novell LDAP server The LDAP server loads and appears to run However because the LDAP server does not duplicate or use a port that is already open the LDAP server does not service requests on any duplicated port If you are not certain that port 389 or 636 is assigned to the Novell LDAP server run the ICE utility If the Vendor Version field does not specify Novell you must reconfigure LDAP S...

Page 32: ...DS login method is installed by default 2 7 5 Installing NMAS Client Software The NMAS client software must be installed on each client workstation where you want to use the NMAS login methods 1 At a Windows client workstation insert the Novell eDirectory 8 8 CD 2 From the NMAS directory run nmasinstall exe 3 Select the NMAS Client Components check box Optionally you can select the NICI check box ...

Page 33: ...ORTANT If your tree has containers with dotted names you must escape those names when logging into utilities such as iMonitor iManager and DHost iConsole For example if your tree has novell com as the name of the O enter username novell com in the Username field when logging in to iMonitor see Figure 2 4 Figure 2 4 iMonitor Login Screen ...

Page 34: ...34 Novell eDirectory 8 8 Installation Guide novdocx en 6 April 2007 ...

Page 35: ...OS The following updates are available at https update novell com https update novell com SUSE Linux Enterprise Server X86_64 10 0 20061011 020434 SLES10 Updates For registering and updating SUSE Linux Enterprise 10 refer to Registering SUSE Linux Enterprise 10 with the Novell Customer Center http support novell com techcenter articles RegandUpdate_SLE10 html After installating the latest update e...

Page 36: ...o create a 4 KB key size is recreate the CA on an eDirectory 8 8 server In addition you would have to change the default from 2 KB to 4 KB for the key size during the CA creation For more information refer to Section 3 6 2 Installing NICI on page 47 SLP installed and configured With eDirectory 8 8 SLP does not get installed as part of the eDirectory installation Only a root user can install SLP Fo...

Page 37: ...re that at least one of the servers in the tree has the same or higher eDirectory version as that of the secondary being added as container admin In case the secondary being added is of later version then the schema needs to be extended by the admin of the tree before adding the secondary using container admin Configuring Static IP Address Refer to Configuring Static IP Address on page 12 for more...

Page 38: ... force the backlink to run by issuing the ndstrace c set ndstrace B command from the ndstrace command prompt Then you can unload the ndstrace process by issuing the ndstrace u command Running the backlink process is especially important on servers that do not contain a replica 3 5 Upgrading eDirectory Section 3 5 1 Server Health Checks on page 38 Section 3 5 2 Upgrading on Linux Servers Other Than...

Page 39: ...y The old configuration file etc nds conf is migrated to etc opt novell eDirectory conf directory The old configuration file etc nds conf and the old log files under var nds are retained for reference NOTE ndsconfig upgrade has to be run after nds install if upgrade of the DIB fails and nds install asks to do so 3 5 3 Upgrading Through ZENworks Linux Management on OES Linux SP2 eDirectory 8 8 on O...

Page 40: ...y active channels with the rug ch command 2e To upgrade to eDirectory 8 8 rpms enter the following rug in entire channel oes edir88 This command updates all the eDirectory 8 8 packages including nici yast2 edirectory and novell edirectory install 2f Unsubscribe from the oes edir88 channel rug unsub oes edir88 2g Subscribe to the oes channel rug sub oes 2h Download the 11148 patch rug pin patch 111...

Page 41: ...refer to the ZENworks Linux Management http www novell com documentation zlm index html Through the GUI 1 Stop the server as follows rcndsd stop or etc init d ndsd stop 2 Upgrade the packages 2a Invoke ZENworks Linux Management or Red Carpet 1 Go to System Configuration Red Carpet The Red Carpet screen is displayed 2b Add a service 1 Select Edit Service 2 Conditional In the dialog box that appears...

Page 42: ...detects eDirectory 8 7 3 and eDirectory 8 8 versions appropriately If you install any other eDirectory dependent services from YaST it demotes to lower eDirectory versions 3 Export the paths You can export the paths either manually or using the ndspath script For example to export the paths using the ndspath script enter the following from a command line opt novell eDirectory bin ndspath NOTE Ther...

Page 43: ...r screen 2 Select eDirectory This invokes the eDirectory configuration 3 Select Create Instance 4 Create the new instance in a new or existing tree To create the instance for a new tree do the following 4a Select New Tree 4b Enter the name of the tree 4c Click Next The eDirectory Configuration New Tree Information screen is displayed 4d Enter the admin name with context For example cn admin o nove...

Page 44: ...ile conf_file_path 4 Run pre upgrade health check for the all instances using ndscheck and check the ndscheck log file for any errors before proceeding with the upgrade 5 Stop all instances using ndmanage 6 Untar the tarball in the same location NDSHOME where eDirectory is installed By untaring the tarball in the same location we are overwriting the binaries and libraries 7 Upgrade the following p...

Page 45: ...which are using root user s binaries then before doing the package upgrade you need to run ndscheck for all those instances and make sure that their health is proper by referring ndscheck log If you run nds install it will stop all the instances including non root user s instances After doing the package upgrade nds install won t call ndsconfig upgrade for non root user s instances We need to run ...

Page 46: ...figuration on page 68 3 6 1 Using SLP with eDirectory In earlier releases of eDirectory SLP was installed during the eDirectory install But with eDirectory 8 8 you need to separately install SLP before proceeding with the eDirectory install If you plan to use SLP to resolve tree names it should have been properly installed and configured and the SLP DAs should be stable 1 Install SLP by entering t...

Page 47: ...CORPSERVER myserver mycompany com See the hosts nds man page for more details If you decide to use SLP to resolve the tree name to determine if the eDirectory tree is advertised after eDirectory and SLP are installed enter the following usr bin slpinfo s ndap novell svcname ws treename or For example to search for the services whose svcname ws attribute match with the value SAMPLE_TREE enter the f...

Page 48: ...rmissions to nonroot users Therefore we strongly recommend you to understand the security implications before proceeding A root user needs to complete the following procedure to enable a nonroot user for example john to install NICI 1 Log in as root 2 Edit the etc sudoers configuration file using the visudo command NOTE There is no space between vi and sudo in the command Make an entry with the fo...

Page 49: ... installation program displays a list of eDirectory components that you can install 2 Specify the option for the component you want to install nds install Parameter Description c Specifies the component to be installed based on the packages available You can install more than one component by using the c option multiple times There are two components you can install the eDirectory server and the e...

Page 50: ...nvironment variables export LD_LIBRARY_PATH opt novell eDirectory lib opt novell eDirectory lib nds modules opt novell lib LD_LIBRARY_PATH export PATH opt novell eDirectory bin opt novell eDirectory sbin PATH export MANPATH opt novell man opt novell eDirectory man MANPATH eDirectory Component Packages Installed Description eDirectory Server novell NDSbase novell NDScommon novell NDSmasv novell NDS...

Page 51: ...figures NMAS You can also use the nmasinst utility to configure NMAS server after installation This must be done after configuring eDirectory with ndsconfig For more information on the ndsconfig utility see The ndsconfig Utility on page 121 For more information on the nmasinst utility see Using the nmasinst Utility to Configure NMAS on page 67 3 6 4 Installing Through ZENworks Linux Management on ...

Page 52: ... 3 and eDirectory 8 8 versions appropriately If you install any other eDirectory dependent services from YaST it demotes to lower eDirectory versions 2 Export the paths You can export the paths either manually or using the ndspath script For example to export the paths using the ndspath script enter the following from a command line opt novell eDirectory bin ndspath NOTE There is a space between t...

Page 53: ...ivation code For example oes NOTE Use the same activation code that you use to get the OES updates 5 Click on the Activate button 1d Subscribe to the channel 1 Select Edit Channel Subscription 2 In the dialog box that appears select oes edir88 3 Click Close 1e Apply the packages 1 Click on the Available Software tab and select the oes edir88 channel All the eDirectory packages are displayed 2 Sele...

Page 54: ...opt novell nici var novell nici To ensure that NICI is set to server mode enter the following var opt novell nici set_server_mode If you want to use ZENworks Linux Management server to install eDirectory 8 8 on multiple machines put Step 1 into a pre transaction script and Step 3 into a post transaction script For more information on transactions refer to the ZENworks Linux Management http www nov...

Page 55: ...ext The eDirectory Configuration Instance Information screen is displayed 5 Enter the instance details such as server context server name instance dib and configuration locations 6 Specify the NTP and SLP settings 3 6 5 Nonroot User Installing eDirectory 8 8 A nonroot user can install eDirectory 8 8 using the tarball Prerequisites Ensure that NICI is installed For information on installing NICI re...

Page 56: ...ocation eDirectory opt novell eDirectory bin ndspath script as follows Prefix the ndspath script to the utility and run the utility you want as follows custom_location eDirectory opt novell eDirectory bin ndspath utility_name_with_parameters Go to the custom_location eDirectory opt novell eDirectory bin directory and export the paths in the current shell as follows custom_location eDirectory opt n...

Page 57: ...the ndsconfig utility When this utility is used with arguments it validates all arguments and prompts for the password of the user having Administrator rights If the utility is used without arguments ndsconfig displays a description of the utility and available options This utility can also be used to remove the eDirectory Replica Server and change the current configuration of eDirectory Server Fo...

Page 58: ...ress port m module b port to bind B interface1 port1 interface2 port2 D custom_location config file configuration_file E A server is added to an existing tree in the specified context If the context that the user wants to add the Server object to does not exist ndsconfig creates the context and adds the server LDAP and security services can also be added after eDirectory has been installed into th...

Page 59: ... UNIX server using novell com as the name of the O use the following command ndsconfig new a admin novell com t novell_tree n OU servers O novell com The Admin name and context and the server context parameters are enclosed in double quotes and only the in novell com is escaped using the backslash character You can also use this format when installing a server into an existing tree NOTE You cannot...

Page 60: ...n add the NMAS LDAP SAS SNMP HTTP services and Novell SecretStore ss using the add command If the module name is not specified all the modules are installed o Specifies the HTTP clear port number O Specifies the HTTP secure port number E Enables encrypted replication for the server you are trying to add j Jumps or overrides the health check option before installing eDirectory b port to bind Sets t...

Page 61: ...ters before configuring a tree When configuration parameters are changed ndsd needs to be restarted for the new value to take effect However for some configuration paramters ndsd need not be restarted These paramters are listed below n4u nds inactivity synchronization interval n4u nds synchronization restrictions n4u nds janitor interval n4u nds backlink interval n4u nds drl interval n4u nds flatc...

Page 62: ...smanage Utility on page 62 Listing the Instances on page 62 Creating an Instance through ndsmanage on page 63 Performing Operations for a Specific Instance on page 63 The ndsmanage Utility The ndsmanage utility enables you to do the following List the instances configured Create a new instance Do the following for a selected instance List the replicas on the server Start the instance Stop the inst...

Page 63: ...ed the following screen is displayed Figure 3 1 ndsmanage Utility Output Screen 2 Enter c to create a new instance You can either create a new tree or add a server to an existing tree Follow the instructions on the screen to create a new instance Performing Operations for a Specific Instance You can perform the following operations for every instance Starting a Specific Instance on page 63 Stoppin...

Page 64: ...ance you want to stop The menu expands to include the options you can perform on a specific instance For more information refer to ndsmanage Utility Output Screen with Instance Options page 64 3 Enter k to stop the instance Alternatively you can also enter the following at the command prompt ndsmanage stop config file configuration_file_of_the_instance_configured_by_you Deconfiguring an Instance T...

Page 65: ...r to Stopping a Specific Instance on page 64 Example Mary wants to configure 2 trees on a single host machine Planning the Setup Mary specifies the following instance identifiers Instance 1 Instance 2 Configuring the Instances To configure the instances based on the above mentioned instance identifiers Mary must enter the following commands Instance 1 ndsconfig new t mytree n o novell a cn admin o...

Page 66: ...ting the Instances If Mary wants to know details about the instances in the host she can run the ndsmanage utility To display all instances owned by Mary ndsmanage To display all instances owned by John username is john ndsmanage john To display all instances of all users that are using a particular installation of eDirectory ndsmanage a 3 6 8 Using ndsconfig to Install a Linux Server into a Tree ...

Page 67: ...n context tree_name nmasinst will prompt you for a password This command creates the objects in the Security container that NMAS needs and installs the LDAP extensions for NMAS on the LDAP Server object in eDirectory The first time NMAS is installed in a tree it must be installed by a user with enough rights to create objects in the Security container However subsequent installs can be done by con...

Page 68: ...nstalling NICI Refer to Root User Installing NICI on page 48 2 Root User Installing NOVLsubag To install NOVLsubag complete the following procedure Enter the following command rpm ivh nodeps NOVLsubag_rpm_file_name_with_path For example rpm ivh nodeps novell NOVLsubag 8 8 1 5 i386 rpm 3 Export the paths as follows Manually export the environment variables export LD_LIBRARY_PATH custom_location opt...

Page 69: ...tion utilities 74 MB of disk space for every 50 000 users 4 2 Prerequisites IMPORTANT Check the currently installed Novell and Third Party applications to determine if eDirectory 8 8 is supported before upgrading your existing eDirectory environment You can find out the current status for Novell products in the TID What Novell products are supported with Novell eDirectory 8 8 http support novell c...

Page 70: ...chronize time If you want to synchronize time on Linux Solaris AIX or HP UX systems with NetWare servers use timesync nlm 5 09 or later Conditional If you are installing a secondary server all the replicas in the partition that you install the product on should be in the On state Conditional If you are installing a secondary server into an existing tree as a nonadministrator user ensure that you h...

Page 71: ...ry the backlink process must update backlinked objects for them to be consistent Backlinks keep track of external references to objects on other servers For each external reference on a server the backlink process ensures that the real object exists in the correct location and verifies all backlink attributes on the master of the replica The backlink process occurs two hours after the database is ...

Page 72: ...all Deployment of eDirectory 8 8 refer to Section 3 5 4 Upgrading the Tarball Deployment of eDirectory 8 8 on page 44 in the Linux chapter 4 6 Installing eDirectory The following sections provide information about installing Novell eDirectory on Solaris Section 4 6 1 Server Health Checks on page 72 Section 4 6 2 Using SLP with eDirectory on page 73 Section 4 6 3 Installing NICI on page 74 Section ...

Page 73: ...olute_path_of_NDSslp pkg The SLP package is present in the setup directory in the build For example if you have the build in the home build directory enter the following command pkgadd d home build Solaris Solaris setup NDSslp pkg 2 Follow the onscreen instructions to complete SLP installation 3 Start SLP If you don t want to or cannot use SLP you can use the flat file hosts nds to resolve tree na...

Page 74: ... superuser do allows a root user to give certain users the ability to run some commands as root A root user can do this by editing the etc sudoers configuration file and adding appropriate entries in it For more information refer to the sudo Website http www sudo ws WARNING sudo enables you to give limited root permissions to nonroot users Therefore we strongly recommend you to understand the secu...

Page 75: ...all c component1 c component2 h i j u If you do not provide the required parameters in the command line the nds install utility will prompt you for the parameters The following table provides a description of the nds install utility parameters nds install Parameter Description c Specifies the component to be installed based on the packages available You can install more than one component by using...

Page 76: ...e ndsconfig utility to configure eDirectory Server after installation Novell Modular Authentication ServiceTM NMASTM is installed as part of the server component By default ndsconfig configures NMAS By default ndsconfig configures NMAS You can also use the nmasinst utility to configure NMAS server after installation This must be done after configuring eDirectory with ndsconfig For more information...

Page 77: ...tility and run the utility you want as follows opt novell eDirectory bin ndspath utility_name_with_parameters Export the paths in the current shell as follows opt novell eDirectory bin ndspath After entering the above command run the utilities as you would normally do Call the script in your profile bashrc or similar scripts Therefore whenever you log in or open a new shell you can start using the...

Page 78: ...he utility you want as follows custom_location eDirectory opt novell eDirectory bin ndspath utility_name_with_parameters Go to the custom_location eDirectory opt novell eDirectory bin directory and export the paths in the current shell as follows custom_location eDirectory opt novell eDirectory bin ndspath NOTE Ensure that you enter the above command from the custom_location eDirectory opt directo...

Page 79: ...assword of the user having Administrator rights If the utility is used without arguments ndsconfig displays a description of the utility and available options This utility can also be used to remove the eDirectory Replica Server and change the current configuration of eDirectory Server For more information see The ndsconfig Utility on page 121 Prerequisite for Configuring eDirectory in a Specific ...

Page 80: ...t1 interface2 port2 D custom_location config file configuration_file E A server is added to an existing tree in the specified context If the context that the user wants to add the Server object to does not exist ndsconfig creates the context and adds the server LDAP and security services can also be added after eDirectory has been installed into the existing tree For example to add a server into a...

Page 81: ...s server using O novell com as the name of the O use the following command ndsconfig new a admin novell com t novell_tree n OU servers O novell com The Admin name and context and the server context parameters are enclosed in double quotes and only the dot in novell com is escaped using the backslash character You can also use this format when installing a server into an existing tree NOTE You shou...

Page 82: ...ollowing at the server console command line nmasinst addmethod admin context tree_name config txt_path The last parameter specifies the config txt file for the login method that is to be installed A config txt file is provided with each login method Here is an example of the addmethod command nmasinst addmethod admin novell MY_TREE nmas methods novell Simple Password config txt If the login method...

Page 83: ...eck the currently installed Novell and Third Party applications to determine if eDirectory 8 8 is supported before upgrading your existing eDirectory environment You can find out the current status for Novell products in the TID What Novell products are supported with Novell eDirectory 8 8 http support novell com cgi bin search searchtid cgi 10099872 htm We also highly recommend you to back up eDi...

Page 84: ...ll Attributes rights read compare and write rights over the W0 KAP Security object Entry rights browse rights over Security container object All Attributes rights read and compare rights over Security container object Conditional If you are installing a secondary server into an existing tree as a nonadministrator user ensure that at least one of the servers in the tree has the same or higher eDire...

Page 85: ... 2 minutes to 10 080 minutes 7 days After migrating to eDirectory start the ndstrace process by issuing the ndstrace l log command which runs the process at the background You can force the backlink to run by issuing the ndstrace c set ndstrace B command from the ndstrace command prompt Then you can unload the ndstrace process by issuing the ndstrace u command Running the backlink process is espec...

Page 86: ...ctory Replica Server on page 93 Section 5 6 7 Using ndsconfig to Configure Multiple Instances of eDirectory 8 8 on page 95 Section 5 6 8 Using Ndsconfig to Install an AIX Server into a Tree with Dotted Name Containers on page 95 Section 5 6 9 Using the Nmasinst Utility to Configure NMAS on page 95 Section 5 6 10 nonroot user SNMP configuration on page 96 5 6 1 Server Health Checks With eDirectory ...

Page 87: ...void SLP multicast delays when a SLP DA is not present in the network hosts nds is a static lookup table used by eDirectory applications to search eDirectory partition and servers For more information on hosts nds refer to Using SLP with eDirectory on page 46 and the hosts nds manpage If you decide to use SLP to resolve the tree name to determine if the eDirectory tree is advertised after eDirecto...

Page 88: ...rmissions to nonroot users Therefore we strongly recommend you to understand the security implications before proceeding A root user needs to complete the following procedure to enable a nonroot user for example john to install NICI 1 Log in as root 2 Edit the etc sudoers configuration file using the visudo command NOTE There is no space between vi and sudo in the command Make an entry with the fo...

Page 89: ...nstall Based on the component you choose to install the installation program proceeds to add the appropriate RPMs or packages into the AIX system The following table lists the packages installed for each eDirectory component nds install Parameter Description c Specifies the component to be installed based on the packages available You can install more than one component by using the c option multi...

Page 90: ...after configuring eDirectory with ndsconfig For more information on the ndsconfig utility see The ndsconfig Utility on page 121 For more information on the nmasinst utility see Using the Nmasinst Utility to Configure NMAS on page 95 4 After the installation is complete you need to update the following environment variables and export them as follows Manually export the environment variables eDirec...

Page 91: ... utility_name_with_parameters Export the paths in the current shell as follows opt novell eDirectory bin ndspath After entering the above command run the utilities as you would normally do Call the script in your profile bashrc or similar scripts Therefore whenever you log in or open a new shell you can start using the utilities directly 5 6 5 Nonroot User Installing eDirectory 8 8 A nonroot user ...

Page 92: ...the paths manually you can use the custom_location eDirectory opt novell eDirectory bin ndspath script as follows Prefix the ndspath script to the utility and run the utility you want as follows custom_location eDirectory opt novell eDirectory bin ndspath utility_name_with_parameters Go to the custom_location eDirectory opt novell eDirectory bin directory and export the paths in the current shell ...

Page 93: ...inistrator rights to use the ndsconfig utility When this utility is used with arguments it validates all arguments and prompts for the password of the user having Administrator rights If the utility is used without arguments ndsconfig displays a description of the utility and available options This utility can also be used to remove the eDirectory Replica Server and change the current configuratio...

Page 94: ...d context If the context that the user wants to add the Server object to does not exist ndsconfig creates the context and adds the server LDAP and security services can also be added after eDirectory has been installed into the existing tree For example to add a server into an existing tree you could enter the following command ndsconfig add t corp tree n o company a cn admin o company s srv1 You ...

Page 95: ...rvers O novell com The Admin name and context and the server context parameters are enclosed in double quotes and only the dot in novell com is escaped using the backslash character You can also use this format when installing a server into an existing tree NOTE You should use this format when entering dotted admin name and context while using utilities such as ndsrepair ndsbackup ndsmerge ndslogi...

Page 96: ...text tree_name config txt_path The last parameter specifies the config txt file for the login method that is to be installed A config txt file is provided with each login method Here is an example of the addmethod command nmasinst addmethod admin novell MY_TREE nmas methods novell Simple Password config txt If the login method already exists nmasinst will update it For more information see Managin...

Page 97: ...ce Center http www itrc hp com maintenance and support for HP products NOTE If you have installed the patch PHSS_28436 we recommend that you uninstall it and install patch PHSS_26560 Ensure that the HP UX 11 11 Quality Pack GOLDQPK11 11 is installed Download and install it from HP Support Plus Quality Pack Bundles http www software hp com SUPPORT_PLUS qpk html N0 110 PA RISC 2 0 Processor 256 MB R...

Page 98: ...way If you have more than one server in the tree the time on all the network servers should be synchronized Use Network Time Protocol s NTP xntpd to synchronize time If you want to synchronize time on Linux Solaris AIX or HP UX systems with NetWare servers use timesync nlm 5 09 or later Conditional If you are installing a secondary server all the replicas in the partition that you install the prod...

Page 99: ...rocessor intensive 6 4 Forcing the Backlink Process to Run Because the internal eDirectory identifiers change when upgrading to Novell eDirectory the backlink process must update backlinked objects for them to be consistent Backlinks keep track of external references to objects on other servers For each external reference on a server the backlink process ensures that the real object exists in the ...

Page 100: ... to etc opt novell eDirectory conf var opt novell eDirectory data and var opt novell eDirectory log respectively The new directory var opt novell eDirectory data uses a symbolic link to the var nds directory The old configuration file etc nds conf is migrated to etc opt novell eDirectory conf directory The old configuration file etc nds conf is renamed to etc nds conf_pre88 and the old log files u...

Page 101: ...rade will either continue or exit as follows If all the health checks are successful the upgrade will continue If there are minor errors the upgrade will prompt you to continue or exit If there are critical errors the upgrade will exit See Appendix B Server Health Checks on page 141 for a list of minor and critical error conditions Skipping Server Health Checks To skip server health checks use nds...

Page 102: ...the host is enabled for multicast routing enter the following command bin netstat nr The following entry should be present in the routing table 224 0 0 0 host_IP_address gateway If the entry is not present log in as root and enter the following command to enable multicast routing route add 224 0 0 0 host_IP_address gateway 4 In case of other eDirectory replication on Solaris Linux AIX and HP UX if...

Page 103: ...ame hostname root NOPASSWD usr sbin swinstall For example to enable john to run sbin swinstall as root on the hostname hpux 2 type the following john hpux 2 root NOPASSWD usr sbin swinstall A nonroot user john in the example needs to do the following to install NICI 1 Log in as john and execute the following command sudo swinstall s absolute_path_of_depot NOVLniu0 For example sudo swinstall s home...

Page 104: ...n of the nds install utility parameters The installation program displays a list of eDirectory components that you can install 1b Specify the option for the component you want to install The following table lists the depots installed for each eDirectory component nds install Parameter Description c Specifies the component to be installed based on the packages available You can install more than on...

Page 105: ...rectory lib nds modules opt novell lib SHLIB_PATH export PATH opt novell eDirectory bin opt novell eDirectory sbin PATH export MANPATH opt novell man opt novell eDirectory man MANPATH export TEXTDOMAINDIR opt novell eDirectory share locale TEXTDOMAINDIR eDirectory Component Packages Installed Description eDirectory Server eDirectory DirectoryUserAgent eDirectory NDScommon eDirectory NDSmasv eDirec...

Page 106: ...ion 6 6 3 Installing NICI on page 102 If you want to use SLP and SNMP ensure that they are installed by the root user Write rights to the directory where you want to install eDirectory If you are a nonadministrator user ensure that you have the appropriate rights as mentioned in the Section 6 2 Prerequisites on page 97 section Installing eDirectory 1 Go to the directory where you want to install e...

Page 107: ...L_port o http_port O https_port b port_to_bind B interface1 port1 interface2 port2 D custom_location config file configuration_file For example ndsconfig new t mary tree n novell a admin novell S linux1 d home mary inst1 data b 1025 L 1026 l 1027 o 1028 O 1029 D home mary inst1 var config file home mary inst1 nds conf The port numbers you enter need to be in the range 1024 to 65535 Port numbers le...

Page 108: ...nd server context variables The maximum number of characters allowed for these variables is as follows tree_name 32 characters admin FDN 64 characters server context 64 characters If the parameters are not specified in the command line ndsconfig prompts you to enter values for each of the missing parameters Or you can also use the following syntax ndsconfig def t treename n server context a admin ...

Page 109: ...ces from a tree you could enter the following command ndsconfig rm a cn admin o company ndsconfig Utility Parameters Refer to ndsconfig Utility Parameters on page 59 for more information 6 6 7 Using ndsconfig to Configure Multiple Instances of eDirectory 8 8 You can configure multiple instances of eDirectory 8 8 on a single host For information on multiple instances refer to Section 3 6 7 Using nd...

Page 110: ...g configures NMAS You can also use nmasinst for the same To configure NMAS and create NMAS objects in eDirectory enter the following at the server console command line nmasinst i admin context tree_name nmasinst will prompt you for a password This command creates the objects in the Security container that NMAS needs and installs the LDAP extensions for NMAS on the LDAP Server object in eDirectory ...

Page 111: ... nmas methods novell Simple Password config txt If the login method already exists nmasinst will update it For more information see Managing Login and Post Login Methods and Sequences http www novell com documentation beta nmas30 admin data a53vj9a html in the Novell Modular Authentication Service Administration Guide ...

Page 112: ...112 Novell eDirectory 8 8 Installation Guide novdocx en 6 April 2007 ...

Page 113: ...location using the following command ndsconfig get n4u nds dibdir NOTE In eDirectory 8 8 by default the DIB is located at var opt novell eDirectory data dib and on pre eDirectory 8 8 servers it is located at var nds dib 4 Copy the DIB to the new location as follows cp rp current_DIB_location new_DIB_location For example To copy the DIB to home nds dib enter the following cp rp var opt novell eDire...

Page 114: ...y 8 8 Installation Guide novdocx en 6 April 2007 ndscheck 7 2 NetWare and Windows DIB relocation is currently not supported However on Windows you can locate the DIB in a custom location during the eDirectory installation ...

Page 115: ...ing to check the links between the referenced object and the referencing objects If the referenced object is from a different partition than the one held locally in the server an external reference to that object will be created locally in the external reference partition An external reference is a representation of an object existing in the eDirectory tree however it is not a copy of the object a...

Page 116: ... of 899 343 DS can now do lookups in the index to find all the objects pointing to object 899 Object 899 does not have to keep a reference attribute on itself to remember all the objects referencing it Actually FLAIM maintains the index without knowing how it is used but DS has the code that knows how to use the index However the new way of maintaining references requires a database upgrade when t...

Page 117: ...ine database upgrade utility will be available with eDirectory 8 8 NOTE Incase the administrator wants to run the utility and find out the status of the upgrade this database upgrade tool can be used with a copy of the database or with d option Figure 8 3 ndsdibupg Help Screen The following table discusses the ndsdibupg options Table 8 1 ndsdibupg Options Unix Linux NetWare Windows ndsdibupg dsdib...

Page 118: ... the time required to upgrade the database It is recommended to take a copy of the DIB NOTE eDirectory service should be unloaded or stopped before taking a copy of the database ndsdibupg utility can be run on the copied database to estimate the downtime required for the actual upgrade During this time eDirectory service can be loaded or restarted v Verbosity of the messages The default value is 3...

Page 119: ...g the Upgrade Process The following FAQ section discusses the common problems faced while upgrading from the previous versions of eDirectory to eDirectory 8 8 Question I am upgrading from eDirectory 8 7 x to eDirectory 8 8 The upgrade process failed with an error My eDirectory 8 7 x server no longer comes up Answer While upgrading from 8 7 x to eDirectory 8 8 the database goes through a two phase ...

Page 120: ... of existing disk space depending on the number of objects to be upgraded For e g a DIB size of 15Gig might require another 15Gig free space if all objects in the DIB has reference attributes Question The eDirectory database upgrade proceeds even if I provide a wrong password and admin user Answer eDirectory package upgrade and database upgrade happens based on your file system rights The eDirecto...

Page 121: ...gure Novell Modular Authentication Service on page 122 9 1 1 The ndsconfig Utility You can use the ndsconfig utility to configure eDirectory This utility can also be used to add the eDirectory Replica Server into an existing tree or to create a new tree For more information see Section 3 6 6 Using the ndsconfig Utility to Add or Remove the eDirectory Replica Server on page 57 NOTE Ensure that the ...

Page 122: ... ndsd need not be restarted These parameters are listed below n4u nds inactivity synchronization interval n4u nds synchronization restrictions n4u nds janitor interval n4u nds backlink interval n4u nds drl interval n4u nds flatcleaning interval n4u nds server state up thresholdn4u nds heartbeat scheman4u nds heartbeat data The following table provides a description of all the configuration paramet...

Page 123: ...dentifier for the eDirectory server Default null n4u nds server name The name of the eDirectory Server Default null n4u nds bindery context The Bindery context string Default null n4u nds server context The context that the eDirectory server is added to This parameter cannot be set or changed n4u nds external reference life span The number of hours unused external references are allowed to exist b...

Page 124: ...shold The server state up threshold in minutes This is the time after which the eDirectory checks the server state before returning 625 errors Default 30 Range 1 to 720 n4u nds heartbeat schema The heartbeat base schema synchronization interval in minutes Default 240 Range 2 to 1440 n4u nds heartbeat data The heartbeat synchronization interval in minutes Default 60 Range 2 to 1440 n4u nds dofsync ...

Page 125: ...his parameter specifies the maximum number of file descriptors that eDirectory can use Default maximum allowed by the administrator n4u server max threads The maximum number of threads that will be started by the eDirectory server This is the number of concurrent operations that can be done within the eDirectory server Default 64 Range 32 to 512 Refer to the eDirectory tuning guide to set an optim...

Page 126: ...mmon address given in the SLES systems is 127 0 0 2 it can be anything from 127 0 0 0 to 127 255 255 255 valid loopback addresses http server interfaces Comma separated list of interfaces that HTTP server should use http server request io buffer size Default IO buffer size http server request_timeout seconds Server request timeout http server keep timeout seconds Number of seconds to wait for the ...

Page 127: ...BindRestrictions attribute on the LDAP server object to Disallow anonymous Simple Bind This prevents the clients from doing anonymous binds By default the cipher is set to Export Make LDAP more secure by setting the cipher to HIGH To do this change the bind restrictions attribute of LDAP Server object to Use Higher Cipher greater than 128 bit ...

Page 128: ...128 Novell eDirectory 8 8 Installation Guide novdocx en 6 April 2007 ...

Page 129: ...ry to eDirectory 8 8 SP2 Migrating to eDirectory 8 8 SP2 when platform upgrade is not possible In this scenario you cannot upgrade your operating system to a supported version as the operating system migration path is not possible 10 1 Migrating to eDirectory 8 8 SP2 While Upgrading the Operating System In this scenario you can migrate to eDirectory 8 8 SP2 after upgrading the operating system The...

Page 130: ...indows NT 4 0 SP6 eDirectory 8 7 3 x Windows 2000 SP4 eDirectory 8 7 3 x Windows 2000 SP4 eDirectory 8 8 SP1 Windows NT 4 0 SP6 eDirectory 8 7 3 x Windows 2003 eDirectory 8 7 3 x Windows 2003 eDirectory 8 8 SP1 Windows NT 4 0 SP6 eDirectory 8 7 3 x Windows 2000 AS SP4 eDirectory 8 7 3 x Windows 2000 AS SP4 eDirectory 8 8 SP1 Precautions Before upgrading eDirectory on UNIX and Linux ensure that the...

Page 131: ...directory is present under the dib directory nds conf file nici directory log files 3 Install the operating system 4 Remove the nici folder from var novell and restore the nici folder to var opt novell 5 Ensure that var novell nici is pointing to var opt novell nici 6 Install eDirectory 8 8 SP2 on the server a new install 7 Restore the dib and nds rfl directories 8 Restore the nds conf to the user...

Page 132: ...132 Novell eDirectory 8 8 Installation Guide novdocx en 6 April 2007 ...

Page 133: ... see Using Roll Forward Logs in the Novell eDirectory 8 8 Administration Guide 1 At the server console run NWCONFIG 2 Select Directory Options Remove Directory Services from This Server 3 Follow the online instructions 11 1 1 Reinstalling eDirectory If you used NWCONFIG to uninstall eDirectory follow these steps to reinstall eDirectory 1 Edit the sys system schema schema cfg file to uncomment the ...

Page 134: ...t to remove NICI by clicking Yes The Installation Wizard removes NICI from the server After uninstalling NICI if you want to completely remove NICI from your system delete the C winnt system32 novell nici subdirectory You might need to take ownership of some of the files and directories to delete them WARNING After the NICI subdirectory has been removed any data or information that was previously ...

Page 135: ... all the logs in it If you want to be able to use the logs for restoring eDirectory on this server in the future before removing eDirectory you must first copy the roll forward logs to another location For information about roll forward logs see Using Roll Forward Logs in the Novell eDirectory 8 8 Administration Guide For more information refer to the swremove man page Parameter Description h Disp...

Page 136: ...136 Novell eDirectory 8 8 Installation Guide novdocx en 6 April 2007 ...

Page 137: ...n Linux all the packages are prefixed with novell For example NDSserv is novell NDSserv Package Description NOVLice Contains the Novell Import Convert Export utility and is dependent on the NOVLlmgnt NOVLxis and NLDAPbase packages NDSbase Represents the Directory User Agent This package is dependent on the NICI package The NDSbase package contains the following Authentication toolbox containing th...

Page 138: ... NDSbase package NDSrepair Contains the runtime libraries and the utility that corrects problems in the eDirectory database This package is dependent on the NDSbase package NLDAPbase Contains LDAP libraries extensions to LDAP libraries and the following LDAP tools ldapdelete ldapmodify ldapmodrdn ldapsearch This package is dependent on the NLDAPsdk package NOVLnmas Contains all the NMAS libraries ...

Page 139: ...pendent on the NDSbase NDSserv NOVLntls NOVLlmgnt and NICI packages NOVLncp Contains the Novell Encrypted NCP Services for Unix This package is dependent on the NDScommon package Package Names on other UNIX Platforms Package Names in eDirectory 8 7 1 and 8 7 3 Package Names in eDirectory 8 8 NOVLice NOVLice ICE eDirectory ICE NDSbase NDSbase DirectoryUserAgent eDirectory DirectoryUserAgent NDScomm...

Page 140: ...ia NPKIAPI novell npkiapi npkiapi NOVLembox NOVLembox NOVLembox eDirectory NOVLembox NOVLlmgnt NOVLlmgnt NOVLlmgnt eDirectory NOVLlmgnt NOVLxis NOVLxis NOVLxis eDirectory NOVLxis NOVLntls NOVLntls NTLS novell ntls NTLS Package Names on other UNIX Platforms Package Names in eDirectory 8 7 1 and 8 7 3 Package Names in eDirectory 8 8 ...

Page 141: ... the pre upgrade settings This new health check tool resolves this letting you to ensure that your server is ready to upgrade B 2 Performing Health Checks You can perform server health checks in two ways NOTE You need administrative rights to run the health check utility Section B 2 1 With the Upgrade on page 141 Section B 2 2 As a Standalone Utility on page 141 B 2 1 With the Upgrade The health c...

Page 142: ...ization of Health on page 143 B 3 1 Basic Server Health This is the first stage of the health check where the health check utility checks for the following 1 The eDirectory service is up The DIB is open and able to read some basic tree information such as tree name 2 The server is listening on the respective port numbers Platform Utility Name Linux and UNIX ndscheck Syntax ndscheck help Display co...

Page 143: ...me difference between the servers B 4 Categorization of Health There are three possible categories of health based on the errors found while checking the health of a server Normal page 143 Warning page 143 Critical page 144 The status of the health checks is logged into a logfile For more information refer to Section B 5 Log Files on page 145 B 4 1 Normal All the health checks were successful and ...

Page 144: ... health If the health check is run as part of the upgrade the upgrade operation is aborted For more information see Figure B 2 on page 145 The critical state normally occurs in the following scenarios Unable to read or open the DIB might be locked or corrupt Unable to contact all the servers in the replica ring Locally held partitions are busy Replica is not in the ON state ...

Page 145: ...s of the health in a log file The content of the log file is similar to the messages displayed on the screen when the checks are happening For example see Figure B 1 on page 144 and Figure B 2 on page 145 The health check log file contains the following Status of the health checks normal warning or critical URLs where possible solutions can be found The following table gives the default log file l...

Page 146: ... saved in the server instance s log directory You can also select an instance from the multiple instances list NetWare dscheck log 1 During eDirectory upgrade the log messages would be saved at sys system dscheck upg This file would be recreated each time during upgrade 2 When health check is performed manually using dscheck nlm the default log messages would be saved at sys system dscheck log Win...

Page 147: ...configuration of SLP on an intranet For more information on the OpenSLP project see the OpenSLP http www OpenSLP org Web site and the SourceForge http sourceforge net projects openslp Web site The OpenSLP Web site provides several documents that contain valuable configuration tips Many of these are incomplete at the time of this writing C 2 SLP Fundamentals Service Location Protocol specifies thre...

Page 148: ...it the number of packets that are broadcast or multicast on a subnet The SLP specification manages this by imposing restrictions on service agents and user agents regarding directory agent queries The first directory agent discovered that services the desired scope is the one that a service agent and consequently local user agents will use for all future requests on that scope The Novell SLP imple...

Page 149: ...ache 2 Requesting a list of DA s and scopes from DHCP and adding new ones to the SA s known DA cache 3 Multicasting a DA discovery request on a well known port and adding new ones to the SA s known DA cache 4 Receiving DA advertising packets that are periodically broadcast by DAs and adding new ones to the SA s known DA cache Since a user agent always queries the local service agent first this is ...

Page 150: ...r all DAs to respond with a directed DAAdvert packet A directed packet is not broadcast but sent directly to the SA in response to these requests If this option is set to False no periodic DA discovery request is broadcast by the SA The DAActiveDiscoveryInterval option is a try state parameter The default value is 1 which is a special value meaning that the SA should only send out one DA discovery...