eDirectory Partitions/Replicas Viewer

aburgemeister

3 Likes

over 2 years ago

Sometimes it may be nice to have a reliable way to get a quick summary of partitions and replicas from an eDirectory tree. This may be for troubleshooting, or as a record of the current status on a day-to-day basis. As a consultant a common request to a client is, "What partitions do you have defined, and with which replicas on which servers?" For somebody new to eDirectory, getting that answer quickly can be daunting, but it is all there for the taking. As a result of one such request I created this tool which, when running, looks a bit like the following:

ab@mylaptop:~/Desktop> ./replica-view.sh
Enter the LDAP server address (e.g. 1.2.3.4): a2btech.com
Enter the LDAP TLS/SSL server port (636):
Enter the LDAP bind DN (e.g. cn=admin,o=novell):
Enter an optional base DN from which to search for partitions (LDAP format, e.g. dc=sa,dc=system):

Partition: dc=cat,dc=com
  cn=abbox0,dc=abbox0a,dc=server,dc=system - Master
  cn=abbox0b,dc=abbox0b,dc=server,dc=system - Subordinate Reference

Partition: dc=group,o=novell,dc=org
  cn=abbox0,dc=abbox0a,dc=server,dc=system - Master
  cn=abbox0b,dc=abbox0b,dc=server,dc=system - Subordinate Reference

Partition: T=GWAPPSTREE
  cn=abbox0,dc=abbox0a,dc=server,dc=system - Master
  cn=abbox0b,dc=abbox0b,dc=server,dc=system - Read/Write

Partition: o=suse,dc=org
  cn=abbox0,dc=abbox0a,dc=server,dc=system - Subordinate Reference
  cn=abbox0b,dc=abbox0b,dc=server,dc=system - Master

You can enter credentials, or a base DN as well, but a default tree will not require those. Disabling of anonymous binds is more common these days, so do not rule it out.

As a disclaimer: when run with credentials those credentials are visible to things like 'ps' on the box where executed. Also, while I'm using LDAPS explicitly, I am also explicitly trusting whatever certificate the server presents. That could all be improved for security, though if you have a man-in-the-middle situation where you run this, probably on a server itself, you likely have bigger problems than fixing this would help.

I have only coded this for what I believe are valid replica types 0, 1, 2, and 3; this means filtered replicas are not included, though they are rarely used. I also do not have a read-only replica for testing, so I assume that 2 means read-only.

I am also assuming various common utilities are present on the box, but I should probably check for those and prompt to add them on enterprise distributions of Linux; some of those tools include /usr/bin/ldapsearch, hexdump, head, grep, sed, awk, base64, dd, and bash (the shell).

Is this a useful tool to have on hand? Does it work properly, or are there any cases where it is not behaving as expected? Send feedback in the comments section and I"ll implement fixes.

Happy computing!

Tags:

LDAP

eDirectory Tree

Replicas

partitions

edirectory

LDAP Tools

scripting

bash

scripts

Labels:

How To-Best Practice

Collateral

Comment List

Marko Selan 6 months ago

I don't see the script itself, can you add it here ? Thanks
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
Geoffrey Carman over 4 years ago

Step 1. At this stage, assuming eDir on Linux or Windows, not Netware. Make sure they all use the same NTP configuration. step 2: see Step 1
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
sri4netiq over 4 years ago

Hello experts,
I have three eDirectory servers in the topology. Came across time SYNC issues, need some inputs (sequence of action items) on how to get them back to SYNC.
help appreciated !
Sri
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel

Recommended

Menu

eDirectory Tips & Information

eDirectory Partitions/Replicas Viewer

Tags:

Labels:

Resources