eDir

March 2015 OES 11 SP2 Scheduled Maintenance Update 10332

March 2015 OES 11 SP2 Scheduled Maintenance Update 10332

 

How to apply the patch with zypper.  YaST Online Update can also be used.

1) List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes

2) List the Updates
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-March-2015-Scheduled-Maintenance | 10332 | security | Needed

3) Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-March-2015-Scheduled-Maintenance

4) Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates

Should see the following:
OES11-SP2-Updates | oes11sp2-March-2015-Scheduled-Maintenance   | 10332 | Installed

5) To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates

6) To apply all SLES 11 SP3 updates run the following command
zypper up… Continue reading

January 2015 Scheduled Maintenance Update

January 2015 Scheduled Maintenance has been released

How to apply the patch with zypper.  YaST Online Update can also be used.

1) List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes

2) List the Updates
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-January-2015-Scheduled-Maintenance | 10105 | security | Needed

3) Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-January-2015-Scheduled-Maintenance

4) Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates

Should see the following:
OES11-SP2-Updates | oes11sp2-January-2015-Scheduled-Maintenance   | 10105

5) To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates

6) To apply all SLES 11 SP3 updates run the following command
zypper up -t patch -r… Continue reading

December 2014 Scheduled Maintenance Update

December 2014 Scheduled Maintenance has been released

How to apply the patch with zypper.  YaST Online Update can also be used.

List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes

zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-December-2014-Scheduled-Maintenance | 9879 | security | Needed

[clear-line]Install the maintenance patch
OES11SP2
zypper up -t patch oes11sp2-December-2014-Scheduled-Maintenance

Then list the patches again to verify the patch is listed as Installed
OES11SP2
zypper pch OES11-SP2-Updates

Should see the following:
OES11-SP2-Updates | oes11sp2-December-2014-Scheduled-Maintenance   | 9879

To apply all OES11 SP2 updates run the following command
zypper up -t patch -r OES11-SP2-Updates

To apply all SLES 11 SP3 updates run the following command
zypper up -t patch -r SLES11-SP3-Updates

Key DSfW specific bugs fixed with this maintenance… Continue reading

CVE-2014-0224 Fixes in eDirectory

The following Hotfixes for NESCM 3.1 and eDirectory (888, 887 & 885) standalones address the OpenSSL security vulnerability described in CVE-2014-0224 can be found below.

For OES11 SP1/SP2 and OES2 SP3 LTSS the updates are in the respective channels.

– eDirectory 8.8 SP8 Patch 2 HotFix 1 (All Platforms)
Download URL: http://download.novell.com/Download?buildid=4A2ah857Bgs~

– eDirectory 8.8 SP7 Patch 6 HotFix 1 (All Platforms)
Download URL: http://download.novell.com/Download?buildid=wldDBGgzzng~

– eDirectory 8.8 SP5 Patch6 Hotfix2 for NetWare
Download URL: http://download.novell.com/Download?buildid=MzoS_HY0LYw~

– Identity Assurance Solution Client 3.1 Hotfix 1
Download URL: http://download.novell.com/Download?buildid=OXteBss0i-k~

Below is the list of patches that have been released addressing openssl security fixes:

1. OpenSSL on 24th June.

2. GnuTLS on 30th June.

3. iPrint Client on 10th July.

4. eDirectory on 10th July.

All these were duplicated across OES2 SP3, OES11 SP1 and OES11 SP2.

May 2014 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 2

May 2014 OES11SP2 Scheduled Maintenance for eDirectory 8.8 SP8 patch 2 (9156)

How to apply the patch with zypper.  YaST Online Update can also be used.

List repositories to ensure the update the server is registerd and the updated repository is present
zypper lr
Should see the following:
nu_novell_com:OES11-SP2-Updates | OES11-SP2-Updates | Yes | Yes

List patches in the Updates repository
zypper pch OES11-SP1-Updates
Should see the following:
OES11-SP2-Updates | oes11sp2-edirectory-888-patch2 | 9156 | security| Needed

Install the maintenance patch
zypper up -t patch oes11sp1-edirectory-887-patch2

Then list the patches again to verify the patch is listed as Installed
zypper pch OES11-SP2-Updates
Should see the following:
OES11-SP2-Updates | oes11sp1-edirectory-888-patch2 | 9156 | security| Installed

To apply all OES11 SPa updates run the following command
zypper up -t patch -r OES11-SP2-Updates

Bugs: 627162653702782375795332, … Continue reading

Copy file permissions with chmod –reference

If you file you need to set permissions on and there is another file that already has the desired permissions, use the –reference switch with chmod.

chmod –reference <reference file> <target file>

Example:  Say eDirectory is not starting or even cores on startup.  Taking a strace points to a library.  You see symbolic link for libldapsdk.so is missing.  libldapsdk.so.0 is there.

You can quickly create the symbolic link with the ln -s command

ln -s libldapsdk.so.0.0.0 libldapsdk.so

The permissions now need to be set.  For this library it is simple, chmod 777, but some say you are not good with chmod or the permissions are a little different.  The easy way to do set the files is copy from another library link.

chmod –reference libldapsdk.so.0 libldapskd.so

I/OTest script to check if the disk I/O is causing slow performance

Slow VM Performacne, use IOTest to see if the disk IO is the culprit

This script will test the disk IO by copying 500Mb of data using the same block size as eDir uses and with the same api eDir uses “fdatasync”.
This writes 500 Mb of data each iteration to the iotest.log in the dib directory, usually the /var/opt/novell/eDirectory/data/dib/
It will overwrite the previous data in the iotest.log each time it runs.  Anything under 100 MB/s is a concern and will cause slowness for eDirectory and possible memory build up.  IO causes a bottleneck for events to be written to disk.  A build up of memory by ndsd can cause a ndsd to take all available memory (both virtual and resident) causing ndsd to core.

If slow IO writes are seen with the iotest script begin the process of adding hard drives and reducing the… Continue reading

New Patch for eDir 8.8.7.5

Patch 8.8.7.5 was released and immediately pulled after seeing ndsd cores due to ldap search filters of (guid=).  A new patch is now available.  To view if the new patch has been applied run the command:
zypper list-patches –bugzilla=864542

To apply the patch run the command:

zypper up -t patch oes11sp1-edirectory-887-patch5-8910

The following packages will be upgraded:
novell-NDSbase novell-NDSbase-32bit novell-NDScommon novell-NDSimon
novell-NDSrepair novell-NDSserv novell-NOVLembox novell-NOVLice
novell-NOVLsnmp novell-NOVLsubag novell-dclient novell-dclient-32bit
novell-edirectory-jclnt novell-edirectory-tsands
novell-edirectory-tsands-32bit novell-nmas novell-nmas-libnmasext
novell-nmas-libspmclnt novell-nmas-libspmclnt-32bit novell-nmasclient
novell-nmasclient-32bit novell-npkiapi novell-npkiapi-32bit novell-npkiserver
novell-npkit novell-npkit-32bit novell-sss

To downlowd the stand alone eDirectory patch and to learn more about the patch see eDirectory 8.8 SP7 Patch 5 HotFix 1 (All Platforms)

OES11SP2 is Available for Download

OES11sp2 is now available for download.

Sites and Subnets functionality is the biggest addition to DSfW.  It will allow the configuration of users to authenticate to a specific Domain Controller.  For this feature to work all Domain Controllers must be OES11sp2 servers.
Easy Wins configuration, Mac Client Support, Windows 8 Support,  Windows 2012 Support, and SASL NTMSSP Support are also big additions.
The SASL NTLMSSP Support will allow NTLM over LDAP bind request to be fullfilled.  Since more and more applications are supporting SASL NTLMSSP as the primary authentication mechanism for 2008 and 2012 servers this will allow more applications to work directly with DSfW.
The Novell Client has worked with well DSfW since OES2SP3, but that configuration was not supported.  It is now supported.
Download and test OES11sp2.  It is more robust and feature rich than previous… Continue reading

NDSD Health Check Script

I’ve received a great deal of feed back on the DSfW Health Check Script and applied some changes. One of the suggestions was to do only a ndsd (eDirectory) script. The DSfW Health Check Script works for both DSfW and eDirectory servers, but if all you want to do is check eDirectory health on a DSfW server or want a script only for ndsd that is smaller and simple this is an option.

I am always looking for suggestions. I’ve created a video for the ndsd_heaclthchk script. Watch to to learn about configuring it for your specific needs.

For for NDSD Health Check in the download section.

The configuration options are as follows

# Set emailsetting to 1 to send e-mail log when finished. Set to 0 or remove the 1 to disable
emailsetting=0

# Set emailonerror to 1 to send e-mail log if an error is returned. Set to… Continue reading

Latest DSfW Health Check Script

I’ve received a great deal of feed back on the DSfW Health Check Script and applied some changes.
I am always looking for suggestions. I’ve created an updated video with the latest script. Watch to to learn about configuring it for your specific needs.

 

OES 11 SP1 eDirectory Install

Looking to install  eDirectory on OES 11 SP1?  Here is a video going through the install and giving some tips on doing a successful install.

 

Troubleshooting High Utilization – High Utilization Gstack tool

Some times ndsd or another process can cause a server to go into high utilization or to become unresponsive.  A great TID to follow for OES servers is TID 7007332 – Troubleshooting ndsd becoming unresponsive on OES Linux.  A TID specific for DSfW servers to start with is TID 7010462- Troubleshooting slow logins and unresponsive DSfW server.

When trouble shooting a process stuck in high utilization or causing a server to slow down or become unresponsive looking at a top output for a daemon like ndsd with individual threads shown and a correlating gstack can show us which thread is in high utilization and what that thread is doing.  In most cases it is best to take a number of gstacks every 10 seconds to 60 seconds depending on the situation.  We can see not only what that thread is doing but if the… Continue reading

DSfW and eDirectory Health Check

It is a good idea to periodically check the health of DSfW and eDirectory servers.

This video concentrates on a script I wrote that can be ran on both eDirectory and DSfW servers.

The script demonstrated in this video is called dsfw_edir_healthchk.sh.  To get the latest version of the script click on the DSfW Health Check link in the download section on DSfWDude.com.

A great TID to start off with for a eDirectory health check is TID 3564075.
On a DSfW server start off with an eDirectory health check as well as TID 7001884 which has DSfW specific commands to check the health and overall operation of a DSfW server.

The script does most of the suggestions in both TIDs mentioned above plus a few more checks.

For eDirectory there are 8 checks the script does and… Continue reading

Open Enterprise Server 11 SP1 is released

Open Enterprise Server 11 SP1 has been released today

LearnEventually, hopefully in the next update or two to more about OES11SP1 here

The download links for OES11 SP1 are:

Download link: http://download.novell.com/SummaryFree.jsp?buildid=rmqoq2iehSQ~
Documentation: http://www.novell.com/documentation/oes11/

As far as Domain Services for Windows goes, the install will now allow you to choose between a simplified install or the standard.  The simplified install of DSfW reduces the number of screen, removing many of the screens that most people click next on with out any changes too.  The install is also more intuitive.  If follows along with the type of DSfW install you are doing instead of starting with the eDirectory configuration.

OES11SP1 has also improved gposync.  This should help reduce issues with gopsync not working correctly or properly syncing gpos out to the ADC DSfW servers.

OES11SP1 migrations for DSfW servers are now supported.  The supported migrations are:… Continue reading

July 2012 Maintenance for OES11 is released

July 2012 Maintenance for OES 11 along with July 2012 Scheduled Maintenance for eDirectory 8.8 SP6 patch 6 have been released

Key DSfW specific bugs fixed with this maintenance patch

  • – 771737: OES11SP1LH: MMC can not create a User
  • – 761449: Can not Create Groups or OUs with MMC
  • – 758572: DSFW: Windows 7 remote assistance is not working.
  • – 766772: UpdatePDCMaster.pl failed during PDC role transfer
  • – 763854: Managing GPOs fail due to SYSVOL DFS referral link pointing to wrong path
  • – 738214: DSfW – All xadsd threads stuck in pthread_cond_wait/lock wait, causing xadsd to be unresponsive
  • – 758992: DSFW: Polycom SSO configuration fails with error “”Access Denied”” while changing password
  • – 703655: SYSVOL DFS referral link points to ADC and interrupts GPO Administrator operations

July 2012 Scheduled Maintenance for OES11

  • – 583261: httpstkd randomly stops
  • – 658145: NSS volume with Di and RI flags, incorrectly blocks root user… Continue reading

July 2012 Maintenance for OES2SP3 eDirectory 8.8 SP6 patch 6 released

The July 2012 Maintenance Patch for eDirectory 8.8 SP6 has been release
The 64 bit version can be found here
The 32 bit version can be found here

List of bug fixes in the July 2012 Maintenance for OES2SP3 for eDirectory patch 6

  • – 679767: NMAS Client aborts NCP connection and returns error -625 immediately upon having sent NMAS Start Session request on an idle NCP connection where server sent Watchdog packets.
  • – 733188: eDirectory returns error 48 ‘Anonymous Simple Bind Disabled’ for authenticated TLS bind
  • – 749516: Dclient DDCGetSEVList function does not return cifs users GUID causing CIFS users authorization failure and Memory/CPU spike up.
  • – 765688: Right granted to dynamic group is assigned to whole tree, not just its members
Files included in the patch
novell-dclient-32bit-8.8.6.6-0.7.x86_64.rpm 372.8 KB (381796)
novell-dclient-8.8.6.6-0.7.x86_64.rpm 385.3 KB (394647)
novell-edirectory-jclnt-8.8.6.6-0.7.x86_64.rpm 273.7 KB (280353)
novell-edirectory-ldap-extensions-32bit-8.8.6.3-0.11.x86_64.rpm 28.2 KB (28933)
novell-edirectory-ldap-extensions-8.8.6.3-0.11.x86_64.rpm 29.7 KB (30492)
novell-edirectory-tsands-32bit-8.8.6.6-0.7.x86_64.rpm 257.4 KB… Continue reading

July 2012 Maintenance for OES11 eDirectory 8.8 SP6 patch 6 released

The July 2012 Maintenance Patch for eDirectory 8.8 SP6 has been release
The 64 bit version can be found here

List of bug fixes in the July 2012 Maintenance for OES11 for eDirectory patch 6

  • – 679767: NMAS Client aborts NCP connection and returns error -625 immediately upon having sent NMAS Start Session request on an idle NCP connection where server sent Watchdog packets.
  • – 733188: eDirectory returns error 48 ‘Anonymous Simple Bind Disabled’ for authenticated TLS bind
  • – 749516: Dclient DDCGetSEVList function does not return cifs users GUID causing CIFS users authorization failure and Memory/CPU spike up.
  • – 765688: Right granted to dynamic group is assigned to whole tree, not just its members
novell-dclient-32bit-8.8.6.6-1.1.x86_64.rpm 350.2 KB (358675)
novell-dclient-8.8.6.6-1.1.x86_64.rpm 352.7 KB (361182)
novell-edirectory-jclnt-8.8.6.6-1.1.x86_64.rpm 267.9 KB (274431)
novell-edirectory-tsands-32bit-8.8.6.6-1.1.x86_64.rpm 258.3 KB (264554)
novell-edirectory-tsands-8.8.6.6-1.1.x86_64.rpm 265.3 KB (271675)
novell-NDSbase-32bit-8.8.6.6-1.1.x86_64.rpm 406.9 KB (416672)
novell-NDSbase-8.8.6.6-1.1.x86_64.rpm 553.3 KB (566596)
novell-NDScommon-8.8.6.6-1.1.x86_64.rpm 225.7 KB (231121)
novell-NDSimon-8.8.6.6-1.4.x86_64.rpm 2.5 MB (2672112)… Continue reading

Categories