srinivaskv Respected Contributor.
Respected Contributor.
2672 views

Migrating users and trustees (eDirectory service)

I am migrating Novell OES from one Novell server to another Novell server (which i will be eventually using as Novell file server because it has bigger hard disk) using the miggui (novell migration tools) on the target server. In the Add services to migrate, it only shows file service and iprint. eDirectory service is not shown, so I am not able to migrate users and trustees. How to migrate trustees and users?
Labels (1)
0 Likes
24 Replies
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

Am 05.07.2017 um 13:44 schrieb srinivaskv:
>
> I am migrating Novell OES from one Novell server to another Novell
> server (which i will be eventually using as Novell file server because
> it has bigger hard disk) using the miggui (novell migration tools) on
> the target server. In the Add services to migrate, it only shows file
> service and iprint. eDirectory service is not shown, so I am not able to
> migrate users and trustees. How to migrate trustees and users?
>
>


You're looking for "transfer ID" in Miggui. eDirectory is not a service.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
srinivaskv Respected Contributor.
Respected Contributor.

Re: Migrating users and trustees (eDirectory service)

few questions:
1. wouldn't transfer id rename the target and change it's ip address to that of source and shutdown the source server. I do not want it this way.
I would like to create a replica. so I only want to transfer users and trustees. I used to be able to do this with mls, maptrustees, migtrustees command, but now it does not seem to work.
2. does transfer id require the target server be clean that is no volumes or volume data?
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

Am 07.07.2017 um 11:54 schrieb srinivaskv:
>
> few questions:
> 1. wouldn't transfer id rename the target and change it's ip address to
> that of source and shutdown the source server.


Yes.

> I do not want it this
> way.
> I would like to create a replica. so I only want to transfer users and
> trustees. I used to be able to do this with mls, maptrustees,
> migtrustees command, but now it does not seem to work.
> 2. does transfer id require the target server be clean that is no
> volumes or volume data?
>
>


I guess one of us is confused. Users and trustees aren't server centric,
you have a directory there. When you use miggui or any other proper tool
to transfer files from one server to another *IN THE SAME EDIRECTORY
TREE*, trustees will copy over too. Users do not even exist on
individual servers, they exist in your directory, you can not and need
not transfer those.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
srinivaskv Respected Contributor.
Respected Contributor.

Re: Migrating users and trustees (eDirectory service)

Hi,

Another question along the same lines-i have 2 servers (primary and secondary). When I create a new user in edirectory it does not show in the 2nd server's edirectory (which I access by iManager to the 2nd server). This used to work before but it does not seem to sync now. Sometime takes a long time sometime never at all.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

Start with posting the output of
ndsrepair -T
and
ndsrepair -E
from both boxes.
0 Likes
srinivaskv Respected Contributor.
Respected Contributor.

Re: Migrating users and trustees (eDirectory service)

Output from primary server LFA1 (master):
> ndsrepair -T

[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: LFA1.O=leo.FASTENERS
Repair utility for Novell eDirectory 8.8 - 8.8 SP7 v20702.00
DS Version 20702.02 Tree name: FASTENERS
Server name: .LFA1.leo

Size of /var/opt/novell/eDirectory/log/ndsrepair.log = 13895 bytes.

Building server list
Please Wait...
Preparing Log File "/var/opt/novell/eDirectory/log/ndsrepair.log"
Please Wait...
Collecting time synchronization and server status
Time synchronization and server status information
Start: Thursday, December 06, 2018 14:49:54 Local Time

---------------------------+---------+---------+-----------+--------+-------
DS Replica Time Time is Time
Server name Version Depth Source in sync +/-
---------------------------+---------+---------+-----------+--------+-------
Processing server: .LFA2.leo
.LFA2.leo 20808.03 0 Non-NetWare No + 5
Processing server: .LFA1.leo
.LFA1.leo 20702.02 0 Non-NetWare Yes 0
---------------------------+---------+---------+-----------+--------+-------
Total errors: 0
NDSRepair process completed.

> ndsrepair -E
[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: LFA1.O=leo.FASTENERS
Repair utility for Novell eDirectory 8.8 - 8.8 SP7 v20702.00
DS Version 20702.02 Tree name: FASTENERS
Server name: .LFA1.leo

Size of /var/opt/novell/eDirectory/log/ndsrepair.log = 14699 bytes.

Preparing Log File "/var/opt/novell/eDirectory/log/ndsrepair.log"
Please Wait...
Collecting replica synchronization status
Start: Thursday, December 06, 2018 14:50:16 Local Time
Retrieve replica status

Partition: .[Root].
Replica on server: .LFA2.leo
Replica: .LFA2.leo 12-06-2018 14:30:38
Replica on server: .LFA1.leo
Replica: .LFA1.leo 07-24-2018 17:58:52
Server: CN=LFA2.O=leo 12-06-2018 14:46:16 -601 Remote
Object: [Root]
All servers synchronized up to time: 07-24-2018 17:58:52 Warning

Finish: Thursday, December 06, 2018 14:50:16 Local Time

Total errors: 1
NDSRepair process completed.
-------------------------------------------------------
Output from secondary server LFA2 (read/write)

[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: LFA2.O=leo.FASTENERS
Repair utility for NetIQ eDirectory 8.8 - 8.8 SP8 v20807.08
DS Version 20808.03 Tree name: FASTENERS
Server name: .LFA2.leo

Size of /var/opt/novell/eDirectory/log/ndsrepair.log = 6914 bytes.

Building server list
Please Wait...
Preparing Log File "/var/opt/novell/eDirectory/log/ndsrepair.log"
Please Wait...
Collecting time synchronization and server status
Time synchronization and server status information
Start: Thursday, December 06, 2018 14:54:05 Local Time

---------------------------+---------+---------+-----------+--------+-------
DS Replica Time Time is Time
Server name Version Depth Source in sync +/-
---------------------------+---------+---------+-----------+--------+-------
Processing server: .LFA2.leo
.LFA2.leo 20808.03 0 Non-NetWare Yes 0
---------------------------+---------+---------+-----------+--------+-------
Total errors: 0
NDSRepair process completed.

[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: LFA2.O=leo.FASTENERS
Repair utility for NetIQ eDirectory 8.8 - 8.8 SP8 v20807.08
DS Version 20808.03 Tree name: FASTENERS
Server name: .LFA2.leo

Size of /var/opt/novell/eDirectory/log/ndsrepair.log = 7640 bytes.

Preparing Log File "/var/opt/novell/eDirectory/log/ndsrepair.log"
Please Wait...
Collecting replica synchronization status
Start: Thursday, December 06, 2018 14:54:27 Local Time
Retrieve replica status

Partition: .[Root].
Replica on server: .LFA2.leo
Replica: .LFA2.leo 12-06-2018 14:30:38
All servers synchronized up to time: 12-06-2018 14:30:38
Finish: Thursday, December 06, 2018 14:54:27 Local Time

Total errors: 0
NDSRepair process completed.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

Hi.

Let me state this first: This is a royal mess from top to bottom,
starting with the fact that all your servers are severely outdated.

Your Server LFA1 believes there is a server LFA2 in the same tree, there
is indeed an eDirectory server there, but it's time is not synced with
LFA1, which is a prerequisite for anything remotely working in eDirectory.

*However*, your server LFA2 believes it is alone in it's eDirectory
tree, and doesn't know about LFA1. I can't even fathom how this has
happened, maybe you first installed LFA2 into the same eDirectory tree,
then reinstalled it, this time into a separate tree with the same name
without removing it from the first tree. Although in this case I'd be
surprised how LFA1 can still connect to it.

Whatever, your *by far* best option at this time is to backup all data
from LFA2, down it, remove it from the eDirectory tree of LFA1
completely, and then reinstall it into the existing tree. And *PLEASE*,
use current versions and patch your servers. Your situation might be
recoverable without such drastic steps, but it takes very in-depth
knowledge of eDirectory, and the outcome is insecure an may caontain
pitfalls that come hit you later.

CU,
Massimo

On 06.12.2018 10:34, srinivaskv wrote:
>
> Output from primary server LFA1 (master):
>> ndsrepair -T

>
> [1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf:
> LFA1.O=leo.FASTENERS
> Repair utility for Novell eDirectory 8.8 - 8.8 SP7 v20702.00
> DS Version 20702.02 Tree name: FASTENERS
> Server name: .LFA1.leo
>
> Size of /var/opt/novell/eDirectory/log/ndsrepair.log = 13895 bytes.
>
> Building server list
> Please Wait...
> Preparing Log File "/var/opt/novell/eDirectory/log/ndsrepair.log"
> Please Wait...
> Collecting time synchronization and server status
> Time synchronization and server status information
> Start: Thursday, December 06, 2018 14:49:54 Local Time
>
> ---------------------------+---------+---------+-----------+--------+-------
> DS Replica Time Time is
> Time
> Server name Version Depth Source in sync
> +/-
> ---------------------------+---------+---------+-----------+--------+-------
> Processing server: .LFA2.leo
> .LFA2.leo 20808.03 0 Non-NetWare No
> + 5
> Processing server: .LFA1.leo
> .LFA1.leo 20702.02 0 Non-NetWare Yes
> 0
> ---------------------------+---------+---------+-----------+--------+-------
> Total errors: 0
> NDSRepair process completed.
>
>> ndsrepair -E

> [1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf:
> LFA1.O=leo.FASTENERS
> Repair utility for Novell eDirectory 8.8 - 8.8 SP7 v20702.00
> DS Version 20702.02 Tree name: FASTENERS
> Server name: .LFA1.leo
>
> Size of /var/opt/novell/eDirectory/log/ndsrepair.log = 14699 bytes.
>
> Preparing Log File "/var/opt/novell/eDirectory/log/ndsrepair.log"
> Please Wait...
> Collecting replica synchronization status
> Start: Thursday, December 06, 2018 14:50:16 Local Time
> Retrieve replica status
>
> Partition: .[Root].
> Replica on server: .LFA2.leo
> Replica: .LFA2.leo 12-06-2018 14:30:38
> Replica on server: .LFA1.leo
> Replica: .LFA1.leo 07-24-2018 17:58:52
> Server: CN=LFA2.O=leo 12-06-2018 14:46:16 -601
> Remote
> Object: [Root]
> All servers synchronized up to time: 07-24-2018 17:58:52
> Warning
>
> Finish: Thursday, December 06, 2018 14:50:16 Local Time
>
> Total errors: 1
> NDSRepair process completed.
> -------------------------------------------------------
> Output from secondary server LFA2 (read/write)
>
> [1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf:
> LFA2.O=leo.FASTENERS
> Repair utility for NetIQ eDirectory 8.8 - 8.8 SP8 v20807.08
> DS Version 20808.03 Tree name: FASTENERS
> Server name: .LFA2.leo
>
> Size of /var/opt/novell/eDirectory/log/ndsrepair.log = 6914 bytes.
>
> Building server list
> Please Wait...
> Preparing Log File "/var/opt/novell/eDirectory/log/ndsrepair.log"
> Please Wait...
> Collecting time synchronization and server status
> Time synchronization and server status information
> Start: Thursday, December 06, 2018 14:54:05 Local Time
>
> ---------------------------+---------+---------+-----------+--------+-------
> DS Replica Time Time is
> Time
> Server name Version Depth Source in sync
> +/-
> ---------------------------+---------+---------+-----------+--------+-------
> Processing server: .LFA2.leo
> .LFA2.leo 20808.03 0 Non-NetWare Yes
> 0
> ---------------------------+---------+---------+-----------+--------+-------
> Total errors: 0
> NDSRepair process completed.
>
> [1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf:
> LFA2.O=leo.FASTENERS
> Repair utility for NetIQ eDirectory 8.8 - 8.8 SP8 v20807.08
> DS Version 20808.03 Tree name: FASTENERS
> Server name: .LFA2.leo
>
> Size of /var/opt/novell/eDirectory/log/ndsrepair.log = 7640 bytes.
>
> Preparing Log File "/var/opt/novell/eDirectory/log/ndsrepair.log"
> Please Wait...
> Collecting replica synchronization status
> Start: Thursday, December 06, 2018 14:54:27 Local Time
> Retrieve replica status
>
> Partition: .[Root].
> Replica on server: .LFA2.leo
> Replica: .LFA2.leo 12-06-2018 14:30:38
> All servers synchronized up to time: 12-06-2018 14:30:38
> Finish: Thursday, December 06, 2018 14:54:27 Local Time
>
> Total errors: 0
> NDSRepair process completed.
>
>



--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

Wow. Such a state is unreachable without manual intervention. While it's technically possible to really repair this offset i'd strongly recommend to follow Massimo's advice. It'll save you time and money.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

On 06.12.2018 14:24, mathiasbraun wrote:
>
> Wow. Such a state is unreachable without manual intervention. While it's
> technically possible to really repair this offset i'd strongly recommend
> to follow Massimo's advice. It'll save you time and money.
>
>

I have though about this a bit, and I *think* one way to get there is to
remove a non-running server from the eDir tree and later fire it up again.
In this case here that would have been LFA1. Aka I think LFA1 was the
Master of the tree, it got downed, removed from the tree at LFA2, which
consequently became Master and kicked LFA1 out of it's eDir database,
and then LFA1 got started again. Of course, LFA1 still thinks it's the
master and that LFA2 is in the tree. That's why it can still talk to it,
as LFA2 really still is the same server.
That is most likely what has happened here, at least I can't come up
with some better explanation.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

Best bet, definitely. Now he has to decide which DIB the majority of current information holds. They've been divorced 14 weeks ago...
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

On 07.12.2018 13:44, mathiasbraun wrote:
>
> Best bet, definitely. Now he has to decide which DIB the majority of
> current information holds. They've been divorced 14 weeks ago...
>
>

And likely administration has been done on both sides since then 😉

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

Just like concurrently administering groups in AD: one side wins.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

On 07.12.2018 15:04, mathiasbraun wrote:
>
> Just like concurrently administering groups in AD: one side wins.
>
>

With AD, no side wins, it's all lost. 😉

--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating users and trustees (eDirectory service)

Good point. But wait... MS wins: your money, your data, ...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.