Understanding the ndsconfig Utility Parameters

The ndsconfig utility supports the following parameters:

new

Creates a new tree. If you do not specify the parameters in the command line, the utility prompts you to enter the values for each of the missing parameters.

def

Creates a new tree. If you do not specify the parameters in the command line, ndsconfig applies the default value for each of the missing parameters.

add

Adds a server to an existing tree. Also adds LDAP and SAS services, after you configure Identity Vault in the existing tree.

rm

Removes the Server object and directory services from a tree.

NOTE: This option does not remove the key material objects. You must remove these objects manually.

upgrade

Upgrades eDirectory to a later version.

-i

Instructs the utility to ignore checking whether a tree of the same name exists if you are configuring a new tree. Multiple trees of the same name can exist.

-S server_name

Specifies the server name. The server name can contain periods (for example, netiq.com).

However, you must include escape character for the period. For more information about using escape characters, see Section 8.1, “Using Escape Characters when a Container Name Includes a Period (“.”),” on page 71.

-t treename

Specifies the name of the tree to which you want to add the server. It can have a maximum of 32 characters. If not specified, ndsconfig takes the tree name from the n4u.nds.treename

parameter that is specified in the /etc/opt/novell/eDirectory/conf/nds.conf file. The default treename is $LOGNAME-$HOSTNAME-NDStree.

-n server_context

Specifies the context of the server in which the server object is added. It can have a maximum of 64 characters. If the context is not specified, ndsconfig takes the context from the configuration parameter n4u.nds.server-context specified in the /etc/opt/novell/eDirectory/conf/

nds.conf file. The server context should be specified in the typed form. The default context is org.

-d path_for_DIB

Specifies the directory path where the database files will be stored.

-r

Forcefully adds the replica of the server regardless of the number of servers already added to the server.

Configuring the Identity Vault after Installation 105 -L ldap_port

Specifies the TCP port number on the LDAP server. If the default port 389 is already in use, it prompts you to specify a new port.

-l ssl_port

Specifies the SSL port number on the LDAP server. If the default port 636 is already in use, it prompts you to specify a new port.

-a admin_FDN

Specifies the fully distinguished name of the User object with Supervisor rights to the context in which the server object and Directory services are to be created. The admin name should be specified in the typed form. It can have a maximum of 64 characters. The default value is admin.org.

-e

Enables clear text passwords for LDAP objects.

-m module_name

Specifies the name of the module that you want to install or configure. If you are configuring a new tree, you can specify the ds module only. After configuring the ds module, you can add the NMAS, LDAP, SAS, SNMP, HTTP services, and NetIQ SecretStore (ss) using the add command.

If the module name is not specified, all the modules are installed.

NOTE: If you do not want to configure the SecretStore during an upgrade of eDirectory through the nds-install command, pass the no_ss value to this option. For example, enter

ndsinstall '-m no_ss'.

Specifies the IP address of the remote host that holds a replica of the partition to which this server is being added. Use this option when adding a secondary server (add command) to a tree. The default port number is 524. This helps in faster lookup of the tree since it avoids SLP lookup.

-R

Replicates to the local server the partition to which the server is added. This option disallows adding replicas to the local server.

-c

Prevents prompts during ndsconfig operation, such as yes/no to continue the operation, or prompt to re-enter port numbers when there is a conflict, etc. The utility continues to prompt you for mandatory parameters if they are not passed on command line.

-w admin_password

This option allows passing the admin user password in clear text.

NOTE: NetIQ does not recommend using this option in an environment concerned about password security.

-E

Enables encrypted replication for the server you are trying to add.

-j

Instructs the utility to jump or override the health check option before installing the Identity Vault.

-b port_to_bind

Specifies the default port number on which a particular instance should listen on. This sets the default port number on n4u.server.tcp-port and n4u.server.udp-port. If you use the -b option to specify an NCP port, then the utility assumes that port is the default port and updates the TCP and UDP parameters accordingly.

NOTE: The -b and -B options are mutually exclusive parameters.

-B interface1@port1,interface2@port2,...

Specifies the port number along with the IP address or interface. For example, -B eth0@524, -B 100.1.1.2@524, -B[2015::3]@524.

NOTE

Š The -b and -B options are mutually exclusive parameters.

Š To specify an IPv6 address, you must contain the address in braces ([ ]).

--config-file configuration_file

Specifies the absolute path and file name to store the nds.conf configuration file. For example, to store the configuration file in the /etc/opt/novell/eDirectory/directory, enter the following command:

--config-file /etc/opt/novell/eDirectory/nds.conf -P LDAP_URL(s)

Allows the LDAP URLs to configure the LDAP interface on the LDAP Server object. Uses commas to separate multiple URLs. For example:

-P ldap://1.2.3.4:1389,ldaps://1.2.3.4:1636,ldap://[2015::3]:389 NOTE

Š To specify an IPv6 address, you must contain the address in braces ([ ]). For example, ldap://[2015::3]:389.

Š If you do not specify the LDAP URLs during the initial configuration, you can add them in the ldapInterfaces attribute using the ldapconfig command or in iManager after the initial configuration. For more information, see “Adding LDAP URLS for IPV6 on the LDAP Server Object” on page 78.

-D path_for_data

Creates the data, dib, and log directories in the specified path.

Configuring the Identity Vault after Installation 107 set valuelist

Sets the value for the configurable parameters that you specified for the Identity Vault. Use this option to set the bootstrapping parameters before configuring a tree.

When you change configuration parameters, you must restart ndsd for the new value to take effect. You do not need to restart ndsd for the following configuration parameters:

Š n4u.nds.inactivity-synchronization-interval

Š n4u.nds.synchronization-restrictions

Š n4u.nds.janitor-interval

Š n4u.nds.backlink-interval

Š n4u.nds.drl-interval

Š n4u.nds.flatcleaning-interval

Š n4u.nds.server-state-up-threshold

Š n4u.nds.heartbeat-schema

Š n4u.nds.heartbeat-data get help paramlist

Displays the help strings for the configurable parameters that you specified for the Identity Vault.

If you do not specify a parameter list, the utility lists the help strings for all of the configurable parameters.