Overview#

Some not as well known Examples for using the Ndstrace command.

Basics#

  • "exit" will get you out of the screen.

Using with Multiple Instance#

When using Multiple Instances, use the --config-file parameter.
ndstrace -c connections --config-file /data/nds/int/nds.conf

Unload IDM (Vrdim)#

NOT Recommended to perform this without Novell Support Involved!

To completely unload and load DirXML (Linux and Solaris): We recently verified this still works in 3.6.1

ndstrace -c "unload vrdim"
ndstrace -c "load vrdim" 

Of it running multiple instances or a custom setup:

ndstrace -c "load vridm'  --config-file /data/nds/idv/nds.conf

Show Thread information#

Here are a few more useful ndstrace commands (Linux and Solaris):
# ndstrace -c threads
Thread Pool Information
Summary      : Spawned 24, Died 0
Pool Workers : Idle 8, Total 24, Peak 24
Ready Work   : Current 1, Peak 5, maxWait 112425 us
Sched delay  : Min 3314 us, Max 1022572 us, Avg: 727965 us
Waiting Work : Current 14, Peak 17

View Server Connections#

To Find The Number of Connections to Server

8.7.3.x#

# ndstrace -c connections
Connection Table Information:
Allocated Connections: 64
    1   VALID|AUTHEN    tcp:10.129.110.80:39083 .UNKNOWN.svr.[Directory-Info.com].net
    2   VALID           tcp:10.129.110.80:39087 
    3   VALID|AUTHEN    tcp:10.129.110.80:39088 .UNKNOWN.svr.[Directory-Info.com].net
    4   VALID|AUTHEN    tcp:10.129.110.80:39089 .UNKNOWN.svr.[Directory-Info.com].net
    5   VALID|AUTHEN    tcp:10.129.110.80:39090 .UNKNOWN.svr.[Directory-Info.com].net
    6   VALID|AUTHEN    tcp:10.129.110.80:39093 .UNKNOWN.svr.[Directory-Info.com].net
    7   VALID           tcp:10.129.110.80:39107 
    8   VALID           tcp:10.129.110.80:39108 
    9   VALID           tcp:10.129.110.80:39109 
    ...
   30   VALID|AUTHEN    Local Connection        .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
   31   VALID|AUTHEN    Local Connection        .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
   32   VALID|AUTHEN    Local Connection        .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
   33   VALID|AUTHEN    Local Connection        .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
   34   VALID|AUTHEN    Local Connection        .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
   35   VALID|AUTHEN    Local Connection        .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
   36   VALID|AUTHEN    Local Connection        .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
   37   VALID|AUTHEN    Local Connection        .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net

The connection showing "Local Connection" are LDAP connections. Those showing "TCP:..." are NCP connections.

Different with 8.8.X#

With 8.81 we see:
 ndstrace -c connections

[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf:  francis.dc=svr.dc=willeke.dc=com.WILLEKETREE
Connection Table Information:
Allocated Connections: 64
    1   VALID|AUTHEN    tcp:192.168.1.4:33430   .francis.svr.willeke.com
    2   VALID|AUTHEN    tcp:192.168.1.4:33431   .francis.svr.willeke.com
    3   VALID|AUTHEN    tcp:192.168.1.4:33432   .anonymous.administration.willeke.com
    4   VALID           tcp:192.168.1.4:33434
    5   VALID|AUTHEN    tcp:192.168.1.4:43630   .admin.administration.willeke.com
    6   VALID           tcp:192.168.1.4:33436
    7   VALID|AUTHEN    tcp:192.168.1.4:45004   .admin.administration.willeke.com
    8   VALID           tcp:192.168.1.4:45007
    9   VALID|AUTHEN    tcp:192.168.1.2:1205    .SH.svr.willeke.com
   10   VALID           tcp:192.168.1.2:1206
   13   VALID           tcp:192.168.1.4:33450
Which is more depressing as the LDAP connections are shown only by the server IP address.

To see LDAP IP Connections try:#

netstat -a|grep ldap
tcp        0      0 *:ldap                  *:*                     LISTEN
tcp        0      0 *:ldaps                 *:*                     LISTEN
tcp        0      0 francis.svr.willek:ldap 192.168.1.121:ratio-adp ESTABLISHED
tcp        0      0 francis.svr.wille:ldaps 192.168.:isoipsigport-2 ESTABLISHED
This will show the IP Addresses via LDAP to a Solaris or Linux server.

The *:ldap and *:ldaps shows that the server is listening for connections for LDAP and LDAPS.

Currently there is no method we are aware to see both the userid and the IP Address for connections via LDAP.

To detect NDS Modules loaded#

# ndstrace -c modules

[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf:  francis.dc=svr.dc=wil
leke.dc=com.WILLEKETREE

snmpinst        Not Loaded
snmp-0          Not Loaded
repair          Not Loaded
pkiinst         Not Loaded
nmasldap        Running
nmasinst        Not Loaded
ndsinfo         Not Loaded
ndsclone        Not Loaded              Directory Clone Agent For Novell eDirect
ory 8.8 SP1
merge           Not Loaded
lsss            Running
ldapxs          Running
krbpwd          Not Loaded
dstrace         Not Loaded              Trace For Novell eDirectory 8.8 SP1
dsr             Not Loaded
dsi             Not Loaded
dsbk            Not Loaded
backupcr        Running
auditds         Running
ssncp           Running
pkiserver       Running         Novell Certificate Server
sasl            Running          [ nldap ]
statuslg        Running          [ embox ]
embox           Running         eDirectory Management Tool Box Engine
sss             Running          [ ssldp ssncp ]
ssldp           Running          [ nldap ]
spmdclnt        Running
nmas            Running          [ sasl ]
imon            Running         NDS iMonitor 2.4 for Novell eDirectory v20111.59

nldap           Running         LDAP Agent for Novell eDirectory 8.8 SP1
hconserv        Running         HTTP Console Server For Novell eDirectory 8.8 SP
1
snmp            Running         SNMP Trap Server for Novell eDirectory 8.8.1
gams            Running         Graded Authentication Management Service
niciext         Running         SDI/SASDFM Transport Service
httpstk         Running         HTTP Protocol Stack For Novell eDirectory 8.8 SP
1 [ nds hconserv imon embox ]
nds             Running         Directory Agent For Novell eDirectory 8.8 SP1
masv            Running         Mandatory Access Control Service [ gams ]
dsloader        Running         Loader Services For Novell eDirectory 8.8 SP1 [
httpstk hconserv nldap ]
dhlog           Running         DHost message logging module for Novell eDirecto
ry 8.8 SP1
ncpengine       Running         NCP Protocol Stack For Novell eDirectory 8.8 SP1

ndsd            Running         Novell eDirectory 8.8 SP1 Host Environment

Loading ndstrace#

Load ndstrace in the UI/Curses mode.#

ndstrace 

Using ndstrace in the command line mode#

Load ndstrace in the command line mode, directing output to a file in the background. You can execute the command, tail -f file, from any terminal, to view the messages.
ndstrace -l > /tmp/ndstrace.log &
or
ndstrace -l >> /dev/null & 

To Exit command-line process use

ndstrace -u

Operations when command line#

These commands will setup ndstrace to watch LDAP only:
ndstrace -l > /tmp/ndstrace.log &
ndstrace -c 'set dstrace=nodebug'
ndstrace -c 'set ndstrace=FILE ON'
ndstrace -c 'set ndstrace=*R'
ndstrace -c 'dstrace +time +tags +ldap'
less /tmp/ndstrace.log

For EDirectory Multiple Instances this may work.

ndstrace -l --config-file /data/nds/ext/nds.conf > /data/nds/ext/097-ndstrace.log &
ndstrace -c 'set dstrace=nodebug' --config-file /data/nds/ext/nds.conf
ndstrace -c 'set ndstrace=FILE ON' --config-file /data/nds/ext/nds.conf
ndstrace -c 'set ndstrace=*R' --config-file /data/nds/ext/nds.conf
ndstrace -c 'dstrace +time +tags +ldap' --config-file /data/nds/ext/nds.conf

These commands will setup ndstrace to watch DirXML only:

ndstrace -l > /tmp/ndstrace.log &
ndstrace -c 'set dstrace=nodebug'
ndstrace -c 'set ndstrace=FILE ON'
ndstrace -c 'set ndstrace=*R'
ndstrace -c 'dstrace +time +tags +dvrs'
less /tmp/ndstrace.log

These commands will setup ndstrace to check synchronization:

ndstrace -l > /tmp/ndstrace.log &
ndstrace -c 'set dstrace=nodebug'
ndstrace -c 'set ndstrace=FILE ON'
ndstrace -c 'dstrace +SKLK'
ndstrace -c 'set ndstrace=*H'
less /tmp/ndstrace.log |grep 'All processed = '
If there are no errors, all lines will display 'All Processed = Yes.'

These commands will setup ndstrace to check SCHEMA synchronization:

ndstrace -l > /tmp/ndstrace.log &
ndstrace -c 'set dstrace=nodebug'
ndstrace -c 'set ndstrace=FILE ON'
ndstrace -c 'dstrace +SCMA'
ndstrace -c 'dstrace +SCMD'
ndstrace -c 'set ndstrace=*SS'
less /tmp/ndstrace.log 
If there are no errors, all lines will display 'All Processed = Yes.'

To Exit command-line process use

ndstrace -u

LDAP Trace Only#

Chain commands to get what you want. This turns the screen on, all traces off and then turns LDAP on
ndstrace; ndstrace file on;set ndstrace =NODEBUG;set ndstrace =+LDAP

Enable skulker messages#

Enables skulker messages, and schedules the replica synchronization process to start immediately on the server.
ndstrace -c "ndstrace +sklk; set ndstrace=*h"

ndstrace.log#

Refer to the /var/nds/ndstrace.log file for more information.

Turn File logging On#

ndstrace; ndstrace file on

Set the log file size:#

set ndstrace=*M<size_in_bytes>

Reset Log file:#

set ndstrace=*R

Checking Obituaries#

ndsrepair -C -Ad -A

NMAS Trace#

For NMAS changes on a server: http://www.novell.com/support/viewContent.do?externalId=3815371

Force Immediate Synchronization#

You can Force Immediate Synchronization with ndstrace.

Add more Examples#

If you know of some ndstrace command that you found useful, please post it!

Ndstrace Anomalies#

Ndstrace Command#

Some details on the Ndstrace Command.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-44) was last changed on 23-May-2017 17:01 by jim