Anonymous_User Absent Member.
Absent Member.
464 views

how to get user entry ID in Suse Linux ?


Hi,

We are using SUSE Linux 11 sp2 x 64 and have one nds server.

We can use dsbrowse on nds server to get the entry id of a user, how can
we get the user entry ID in Suse Linux ?

Examples of entry id are 00072771 , 00077C0F.

Many thanks,

Agnes


--
ayeungied
------------------------------------------------------------------------
ayeungied's Profile: https://forums.netiq.com/member.php?userid=548
View this thread: https://forums.netiq.com/showthread.php?t=49151

Labels (1)
0 Likes
17 Replies
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?

On Wed, 06 Nov 2013 04:14:02 +0000, ayeungied wrote:

> Hi,
>
> We are using SUSE Linux 11 sp2 x 64 and have one nds server.
>
> We can use dsbrowse on nds server to get the entry id of a user, how can
> we get the user entry ID in Suse Linux ?
>
> Examples of entry id are 00072771 , 00077C0F.
>
> Many thanks,
>
> Agnes


iMonitor will show you the EID of objects.

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?

As will LDAP if you request the operation attributes/properties or
'localEntryID' explicitly.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?

On Wed, 06 Nov 2013 11:26:40 +0000, ab wrote:

> As will LDAP if you request the operation attributes/properties or
> 'localEntryID' explicitly.


Good tip, that's not something I was aware of. 🙂

Jim



--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?

Note that it prints it in decimal, not hexadecimal. Hardly a problem, but
if you're used to the dsbrowse/iMonitor view it may be confusing. The
nice thing is that for those looking for a TAO file name (for Identity
Manager), those files are also the decimal representation of the EID, so
no need to convert from hex hexadecimal to decimal. Hooray!

It's the little things, obviously, that bring joy to my life. Not sure
why, since I have scripts to do those conversions for me:

http://www.novell.com/coolsolutions/feature/19731.html

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?


Thank you Jim and ab.

After we found the entry id of the crashed object, we are trying to
repair it on all our ldap servers, 8 run on Suse Linux, 1 runs on NDS NW
server 6.5:-

ldap11:~ # ndsrepair -J 0005B529

[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf:
ldap11.OU=nds.OU=abc.O=abc.defg
Repair utility for Novell eDirectory 8.8 - 8.8 SP7 v20703.00
DS Version 20703.00 Tree name: defg
Server name: .ldap11.nds.abc.defg

Size of /var/opt/novell/eDirectory/log/ndsrepair.log = 6468396 bytes.

Preparing Log File "/var/nds/DSREPAIR.LOG"
Please Wait...
Single Object Repair
Start: Thursday, November 07, 2013 09:10:33 Local Time
CN=khslam.OU=users.O=abc.T=defg

Total Objects = 1, UNKNOWN class objects = 0, Total Values = 242
Total errors: 0
NDSRepair process completed.

However, if we do the repair on the nds server which return the total
values = Total Values = 87.

The user object was created during the crash of the local database of
the nds server , the nds server is the master replica.

How can we receive the total 242 attributes on the nds server from the
ldap servers running on Suse?

Thanks ,

Agnes


--
ayeungied
------------------------------------------------------------------------
ayeungied's Profile: https://forums.netiq.com/member.php?userid=548
View this thread: https://forums.netiq.com/showthread.php?t=49151

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?

On Thu, 07 Nov 2013 07:31:45 +0000, ayeungied wrote:

> How can we receive the total 242 attributes on the nds server from the
> ldap servers running on Suse?


The easiest/safest way is to open a support request and have NetIQ
support fix it for you.

If the server that needs to receive the updates does not hold the master,
you can do a "receive all" on that server, and it should pull the missing
attributes in (but note that this will essentially destroy the replica on
the target server and recreate it). It is also possible to do a "receive
object" using iMonitor's advanced mode, but doing either of these options
is something you should do on your own only if you're absolutely sure of
what you're doing.

There /are/ attributes that are not replicated as well - for example, the
EID is a per-server attribute. So you may not find all the same
attributes (but certainly a difference of 87 to 242 indicates a
likelihood of more than just per-replica attributes missing).

I would be inclined to connect to each server with LDAP and dump the
attributes and compare them to make sure the target server is actually
missing important data.

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?

On Thu, 07 Nov 2013 17:28:06 +0000, Jim Henderson wrote:

> I would be inclined to connect to each server with LDAP and dump the
> attributes and compare them to make sure the target server is actually
> missing important data.


If you're going that far, once you've found the differences, you could
just add them via LDIF against the server that's missing whatever it is.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?

On Thu, 07 Nov 2013 18:00:02 +0000, David Gersic wrote:

> On Thu, 07 Nov 2013 17:28:06 +0000, Jim Henderson wrote:
>
>> I would be inclined to connect to each server with LDAP and dump the
>> attributes and compare them to make sure the target server is actually
>> missing important data.

>
> If you're going that far, once you've found the differences, you could
> just add them via LDIF against the server that's missing whatever it is.


That's true, though if the timestamps are whacked on the target server's
entry, they might still not sync.

Jim



--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?


Hi all,

I found that "Send Entry to all Replicas" in iMonitor.

As all the ldap servers carry the same number of attributes of the user
object A except for the NDS server which is the master replica,
1. May I know if I can run the "Send Entry to all Replicas" for the
case?
2. May I only send entry to only the nds server?
3. May I know if I have to change the Master replica to read/write
replica before I click the "Send Entry to all Replicas" function?

Thanks & Regards,

Agnes


--
ayeungied
------------------------------------------------------------------------
ayeungied's Profile: https://forums.netiq.com/member.php?userid=548
View this thread: https://forums.netiq.com/showthread.php?t=49151

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?

On Mon, 11 Nov 2013 03:46:26 +0000, ayeungied wrote:

> Hi all,
>
> I found that "Send Entry to all Replicas" in iMonitor.


Good. 🙂 It looks like they made it a non-hidden item now.

> As all the ldap servers carry the same number of attributes of the user
> object A except for the NDS server which is the master replica,
> 1. May I know if I can run the "Send Entry to all Replicas" for the
> case?


Send uses the current server's copy as the authoritative copy, so yes,
this should do what you need.

> 2. May I only send entry to only the nds server?


I'm not sure I understand what you're asking here - if you're asking if
you can specify "send from this server to the one specific server", the
answer is "no" - send entry to all replicas means just that.

> 3. May I know if I have to change the Master replica to read/write
> replica before I click the "Send Entry to all Replicas" function?


No, there isn't a need to do that. A Master replica is no different from
a read/write replica other than it is in charge of the partition's
partition and replica operations.

If the server isn't the master, you can also do a "receive all" from
ndsrepair - that effectively destroys and recreates the replica. That's
the next step after a send operation if the send operation doesn't fix
the problem.

Of course, standard disclaimers apply - this is an advanced operation,
and we don't have a full picture of your environment, tree health, or
other information that may be relevant. If you're uncertain about how to
proceed, get someone from support on the phone and they can remotely
diagnose and get you to a solution. Proceeding with advanced operations
is, as always, at your own risk. 🙂

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?


Thank you Jim,

For the ndsrepair , is it the switch of ndsrepair -R only and runs from
a healthy Suse Ldap server?

Agnes


--
ayeungied
------------------------------------------------------------------------
ayeungied's Profile: https://forums.netiq.com/member.php?userid=548
View this thread: https://forums.netiq.com/showthread.php?t=49151

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?

On Mon, 11 Nov 2013 06:44:01 +0000, ayeungied wrote:

> Thank you Jim,
>
> For the ndsrepair , is it the switch of ndsrepair -R only and runs from
> a healthy Suse Ldap server?


No, in ndsrepair if you want to do a "receive all", you use the partition
operations - you don't actually run a local database repair.

You run this on the server that needs to receive the good object (ie, the
server that's missing the attributes).

Be aware that any services on that server that depend on the data being
local won't function until the operation completes - and I would run a
health check first, just to make sure there are no problems that would
hang up the re-creation of the replica (ie, time out of sync,
communcations problems, etc).

If the health check is clean, you do:

ndsrepair -P -Ad

And then walk through the following menu options:

# of the partition in question
10 (View Replica Ring)
# of the server that needs to receive all
4 (Receive all objects from the master to this replica)

Then enter your eDir administrator name and password.

Again, if you're not sure about this, don't do it - open a support ticket
instead. This is an advanced option and used improperly can cause data
loss.

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?


Thanks Jim.

I ran the "Send Entry to all Replicas" from the healthy Suse Ldap server
last night but no luck to repair the user object.
When I click the property of the object in the ConsoleOne, the error
following comes up :
(Error -785) The database subsystem has encountered an error not mapped
to an existing NDS error.
Unable to get the details for the selected object. Some pages may not be
available.
Our NDS server, the master replica local database has been corrupted
after the object create, the object created on 21 Oct while the local
database corrupted on 24 Oct with a dirty reboot.

If we have to run the repair in the nds server, what is the command
then?

Thank you very much !

Agnes


--
ayeungied
------------------------------------------------------------------------
ayeungied's Profile: https://forums.netiq.com/member.php?userid=548
View this thread: https://forums.netiq.com/showthread.php?t=49151

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to get user entry ID in Suse Linux ?

On Tue, 12 Nov 2013 09:14:01 +0000, ayeungied wrote:

> (Error -785) The database subsystem has encountered an error not mapped
> to an existing NDS error.


-785 is a DIB error - your options are to either remove the database from
the server or to open a support ticket and have someone look at the
database directly. This is not something that ndsrepair is generally
equipped to fix (beyond whacking the DIB and re-adding the server to the
tree).

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.