Monthly Archives: October 2011

How to take a LDAP trace – quick version

This video will show you how to take a ldap trace on a linux/DSfW server.

This applies to both eDirectory and DSfW (since DSfW is built on eDir)
A ldap trace is helpf in troublehooting applications or workstations authenticating,
searching, or modifying the directory.
Some commands used in the video

ldapconfig utility:
See the screen level
ldapconfig get |grep -i “ldap screen level”

set the screen level for everything but packet dumping
ldapconfig -s “Operation| Connection| Config| Extensions| Error| Critical| DataConnection”

Setting the screen level to all
ldapconfig -s “ldap screen level=all”

Going back to default screen level
ldapconfig -s “ldap screen level= Error| Critical”

ndstrace section:
turn off the screen and file logging
ndstrace off

clear the filter
set ndstrace = nodebug

enabeling ldap and nmas in the filter
ndstrace +time +tags +ldap +nmas

turn on the screen and logging
ndstrace on

The ndstrace.log is located in

How to take a LDAP trace – long version

How to take a LDAP NMAS trace for DSfW TID 7009602

LDAP on DSfW and how it differs from standard eDirectory LDAP ports

TID 7001886 has information on the ports DSfW uses including the ldap ports.

How to recreate the Domain Users Group

See TID 7009288 for the steps to re-create the Domain Users group

DSfW and Novell Cifs

Novell Cifs is a wonderful way to access files from a workstation not running the Novell Client.
This video shows how to install Novell Cifs and configure it to work with Domain Services for Windows.

The key is to assign the cifs proxy user to the password policy for the DSfW users.

Password Policies with DSfW

The /etc/opt/novell/xad/xad.ini file has the setting to determine if password policies are controlled by the GPO or Novell password policies. XADRETAINPOLICIES =no will use the GPO, XADRETAINPOLICIES = yes can me managed with iManager

How to Join a workstation to a DSfW domain

Joining a workstation to a DSfW domain is the same as joining to an AD domain.
Be sure the workstation’s time is insync with the server and can resolve the domain with nslookup


Prepare and Install Novell’s Domain Services for Windows

TID 7002172 provides steps to follow to ensure a successful install.

Start with a clean install, eDirectory can not be installed on the server prior to installing DSfW.
Be sure the /etc/hosts has the server name and domain name you want for the name of your domain.
List the DSfW server as the first DNS server in the /etc/resolv.conf
If you removed DSfW and are installing again, be sure to follow TID 7005431 to properly clean up the tree.