jspωiki
Ndstrace

Overview #

Ndstrace is a command "Window" Utility that displays the server debugging messages within eDirectory

Ndstrace Anomalies #

Some things we have noticed about Ndstrace

NDSTRACE Examples #

Some NDSTRACE Examples we have used that we have found helpful, but often forget.

Ndstrace Log Searches #

Often we find ourselves digging through a Ndstrace files looking for that proverbial needle. We found some Ndstrace Log Searches that seem to work pretty well in assisting.

Ndstrace#

Is by default located at: /opt/novell/eDirectory/bin/ndstrace
ndstrace  [-l|-u|-c  "command1;......"|--version]  [-h  <local_interface:port>]  [--config-file  <configuration_file_path>] [thrd <thread ID>] [svty <severity_level>] [conn <connection_ID>]

You can load Ndstrace in two modes, the UI/Curses mode and Command-line mode. The Ndstrace command without any option loads the ndstrace utility in the UI/Curses mode. Type Exit from this mode to unload the utility.

Ndstrace Description#

Ndstrace utility allows you to perform:
  • Display messages related to the internal view of eDirectory activity.
    • Filter the type and amount of messages displayed.
  • initiate certain synchronization processes
  • Tune certain eDirectory parameters on the server

Ndstrace Options#

Ndstrace Options allow you to decide what is displayed and operation performed
  • -l - Loads the Ndstrace utility in the command-line mode. You can redirect the output messages to a file in the background.
  • -u - Unloads the ndstrace utility.
  • -c command
    • You can run several ndstrace commands through the Command-line as a list with items separated by semicolons (;).
    • For example, you can run this command to seize the EBA CA role:
    • ndstrace -c "config ebassl_srv seize_ebaca"
    • Note: Be informed that you should run the Seize EBACA Role operation only if the server hosting EBACA is down or not responding.
  • --version - Prints the Ndstrace version information.
  • -h - Specifies the interface and port on which the server is listening.
  • --config-file - Specifies the location of the nds.conf configuration file.
  • thrd <thread ID>
    • Filters the trace messages based on the NDS Thread ID.
    • For example, to enable filtering for NDS Thread ID 35, enter the following:
    • dstrace thrd 35
    • To disable filtering based on NDS Thread ID, enter the following:
    • dstrace thrd
  • svty <severity_level> - Filters the trace messages based on the severity level. The severity levels can be FATAL, WARN, ERR, INFO, and DEBUG.
    • For example, to enable filtering for severity level fatal, enter the following:
    • dstrace svty fatal
    • To disable filtering based on the severity level, enter the following:
    • dstrace svty
  • conn <connection_ID> - Filters the trace messages based on the connection ID.
    • For example, to enable filtering for connection ID 21, enter the following:
    • dstrace conn 21
    • To disable filtering based on connection ID, enter the following:
    • dstrace conn

Ndstrace Basic Commands#

Syntax
set ndstrace = <Flag>

Flags:

  • ON - Enables the ndstrace debugging screen, but does not set or reset filters.
  • OFF - Disables the ndstrace debugging screen, but does not reset the filters.
  • ALL - Enables all debugging trace message filters. Buffers are turned on with this command.
  • DEBUG Turns on a predefined set of general debugging messages by enabling the following filters: TAGS, FRAG, JNTR, SPKT, BEMU, INIT, LMBK, RECM, SCMA, SKLK, BLNK, INSP, MISC, PART and TVEC.
  • AGENT Turns on a predefined set of DS Agent-related debugging messages by enabling the following filters: TAGS, JNTR, AREQ, BLNK, RSLV and TVEC.
  • NODEBUG Turns off all the filters.

Filters#

Ndstrace Filters allow you to show the specific messages you desire to view.

Syntax

set ndstrace = [+|-]<filter>

ndstrace [+|-]<filter> [ [+|-]<filter> .... ]
  • ABUF - Enables inbound and outbound packet buffers that contain data being received in conjunction with, or in response to, an eDirectory request.
  • ALOC - Enables debugging and error messages to show the details of memory allocation.
  • AREQ - Enables status and error reports concerning inbound requests from other servers or clients.
  • AUMN - Eanbles messages related to auditing information.
  • AUNC - Enables audit ncp debugging messages.
  • AUSK - Enables audit skulking debugging messages.
  • AUTH - Enables authentication messages and error reports.
  • BASE - Enables debugging error messages at the minimum debugging level.
  • BEMU - Enables debugging messages for operations performed by bindery emulator.
  • BLDT - Enables more debugging messages logged by the backlinker background process.
  • BLNK - Enables back link and inbound obituary messages and error reports.
  • CBUF - Enables debugging error messages to display outbound DS Client requests.
  • CHNG - Enables Change Cache messages.
  • COLL - Enables status and error reports concerning an object's update information when the update has been previously received.
  • CONN - Enables debugging error messages to show information about the servers your server is trying to connect to, and to see errors and timeouts that might be causing your server not to connect.
  • DBG - Displays information useful for debugging and troubleshooting.
  • DNS - Enables debugging error messages about the eDirectory-integrated DNS server processes.
  • DVRS - Enables debugging error messages to show DirXML Driver-specific areas that eDirectory might be working on.
  • DXML - Enables debugging and error messages to show the details of Identity Manage events.
  • EBA - Enables debugging of the Enhanced Background Authentication (EBA) feature. 
  • FRAG - Enables messages from the NCP fragger, which breaks eDirectory messages into messages sized of NCP.
  • HTTP - Enables messages from the HTTP stack. Only on Windows and UNIX.
  • IN - Enables status messages and error reports concerning inbound requests and processes.
  • INIT - Enables debugging of error messages related to the initialization of eDirectory.
  • INSP - Enables status messages and error reports concerning the integrity of the objects in the source server's local database. Important: Use of this flag increases the demands on the source server's disk storage system, memory, and processor. Do not leave this flag enabled unless objects are being corrupted.
  • JNTR - Enables status messages and error reports concerning the following background processes: janitor, replica synchronization, and Flat Cleaner.
  • LDAP - Enables LDAP server messages.
  • LMBR - Enables limber status messages and error reports.
  • LOCK - Enables status messages and error reports concerning the use and manipulation of the source server's local database locks.
  • LOST - Enables lost entry messages.
  • MISC - Various messages and errors from different sources in eDirectory.
  • MOVE - Enables messages from the move partition or move subtree operations.
  • NCPE - Enables debugging error messages to show the server receiving requests at the NCP level.
  • NICI - Enables messages logged by NICI extensions (security bundle).
  • NMAS - Enables NMAS debugging. These messages are logged by NMAS. Useful for logging trace messages related to login, authentication, etc.
  • NMON - Enables debugging and error messages about Imonitor.
  • OBIT - Enables messages from the obituary process.
  • OBJP - Enables object producer.
  • PART - Enables status messages and error reports about partition operations from background processes and from the request processing.
  • PKIA - Enables PKI api information - also logged by PKI modules.
  • PKII - Enables information logged pki modules.
  • PURG - Enables debugging error messages about the purge process.
  • RECM - Enables status messages and error reports concerning the manipulation of the source server's database.
  • RSLV - Enables status messages and error reports concerning the processing of resolve name requests.
  • SADV - Enables debugging error messages for the registration of tree names and partitions with the Service Location Protocol (SLP).
  • SCMA - Enables status messages and error reports concerning the schema synchronization process.
  • SCMD - Enables debugging and error messages to show details of schema-related operations. It gives details of both inbound and outbound synchronization.
  • SKLK - Enables status messages and error reports concerning the replica synchronization process.
  • SPKT - Enables debugging error messages about eDirectory NCP server-level information.
  • SRCH - Enables messages logged by the agent during search operations.
  • SRDT - Enables detailed search messages.
  • SSLI - Enables messages related to the SSL/TLS functionality.
  • SSTR - Enables information logged by SecretStore module.
  • STRM - Enables status messages and error reports concerning the processing of attributes with a Stream syntax.
  • SVTY - Severity; various levels are "FATAL", "WARNING", "ERROR","INFO", and "DEBUG".
  • SYDL - Enables debugging error messages to show more details during the replication process.
  • SYNC - Enables debugging error messages of inbound synchronization traffic (what is being received by this server).
  • TAGS - Enables the tag string that identifies the trace option that generated the event on each line output by the trace process.
  • THRD - Enables debugging error messages to show when any background processes (threads) begin and end.
  • TIME - Enables debugging error messages about the TransitiveVector that are used during the synchronization process.
  • TVEC - Enables various messages pertaining to the following attributes: SynchronizedUpTo, replicaUpTo, and Transitive Vector.
  • VCLN - Enables status messages and error reports concerning the establishment or deletion of connections with other servers.

Starting EDirectory Background Processes#

Syntax
set ndstrace = *<flag>

Flags#

  • A - Resets the address cache on source server.
  • AD - Disables the address cache on source server.
  • AE - Enables the address cache on source server.
  • B - Schedules the back link process to begin execution on the source server in one second.
  • CT - Displays the source server's outbound connection table and the current statistical information for the table. These statistics do not give any information about the inbound connections from other servers or clients to the source server.
  • CTD - Displays, in comma-delimited format, the source server's outbound connection table and the current statistical information for the table. These statistics do not give any information about the inbound connections from other servers or clients to the source server.
  • D <hex> - Removes the specified LocalEntryID from the source server's Send All Object list. The LocalEntryID must specify a Partition Root Entry that is specific to the server's local database. This command is usually used only when a Send All Updates is endlessly trying and cannot be com pleted because a server is inaccessible.
  • E - Re-initializes the source server's entry cache.
  • F Schedules the partition purge process to being execution on the source server in five seconds.
  • FL<1-10> - Sets the number of rolling log files used by DSTrace. You can configure a maximum of 10 rolling log files. By default, DSTrace must use at least 1 rolling log file. If you set the parameter to 0, DSTrace uses 1 as the parameter value.
  • G <hex> - Rebuilds the change cache of the specified root partition ID.
  • H - Schedules the replica synchronization process to begin execution immediately on the source server.
  • HR - Clears the in-memory last sent vector.
  • I <hex> - Adds the specified local entry ID to the source server's Send All Object list. The entry ID must specify a partition root object that is specific to the server's local database. The replica synchronization process checks the Send All Object list. If the entry ID of a partition's root object is in the list, eDirectory synchronizes all objects and attributes in the partition, regardless of the value of the Synchronized Up To attribute.
  • J - Schedules the janitor process to begin execution on the source server in five seconds.
  • L - Schedules the limber process to begin execution on the source server in five seconds.
  • M<bytes> - Changes the maximum file size used by the source server's ndstrace.log file. The command can be used regardless of the state of the debugging file. The <bytes> specified must be a value between 10000 bytes and 100 MB. If the value specified is higher or lower than the specified range, no change occurs.
  • P - Displays the current values of the eDirectory tunable parameters. You must enable the RECM tag to display the eDirectory tunable parameters.
  • R - Resets the ndstrace.log file to zero bytes.
  • S - Schedules the eDirectory replica synchronization process to begin execution on the source server in three seconds. Only replicas already scheduled to be synchronization will be synchronized.
  • SS - Schedules the schema synchronization process to begin immediately on the source server. Only those target servers that have not been successfully synchronized in the last 24 hours will be synchronized.
  • SSA - Schedules the schema synchronization process to begin immediately and forces schema synchronization with all target servers, even if they have been synchronized in the last 24 hours.
  • SSD - Resets the source server's Target Schema Sync list. This list identifies which servers the source server should synchronize with during the schema synchronization process. A server that does not hold any replicas sends a request to be included in the target list of a server that contains a replica with its server object.
  • SSL - Prints the schema synchronization list of target servers.
  • ST - Displays the status information for the background processes on the source server.
  • STX - Displays the status information for the backLink (external references) on the source server.
  • STS - Displays the status information for schema synchronization process on the source server.
  • STO - Displays the status information for the back link process (obituaries) on the source server.
  • STL - Displays the status information for the limber process on the source server.
  • U <entryID> - If the command does not include an LocalEntryID, changes the status of any server that has been previously labeled Down to Up. If the command includes a LocalEntryID, changes the status of the specified server from Down to Up. Entry IDs are specific to the source server's database and must refer to an object that represents a server.
  • Z - Displays the currently scheduled tasks. You must enable the RECM tag to display the currently scheduled tasks.

Tuning EDirectory Background Processes#

Ndstrace allows you to modify EDirectory Background Processes and enhance EDirectory Performance Tuning

Syntax
set ndstrace = !<flag><value>

Flags#

  • B <int> - Sets the interval, in minutes, for the back link process. The default interval is 1500 minutes (25 hours). The range is 2 to 10080 minutes (168 hours).
  • D <int> - Sets the inbound and outbound synchronization interval to the specified number of minutes. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours). You can disable priority sync by entering set dstrace=!d.
  • DI <int> - Sets the inbound synchronization interval to the specified number of minutes. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours). This can be used for priority sync also.
  • DO <int> - Sets the outbound synchronization interval to the specified number of minutes. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours). This can be used for priority sync also.
  • E - Schedules the inbound and outbound synchronization processes to begin execution.
  • EI - Schedules the inbound synchronization process to begin execution.
  • EO - Schedules the outbound synchronization process to begin execution.
  • F<int> - Sets the interval, in minutes, for the flat cleaner process. The default interval is 240 minutes (4 hours). The range is 2 to 10080 minutes (168 hours).
  • H<int> - Sets the interval, in minutes, for the heartbeat synchronization process. The default interval is 30 minutes. The range is 2 to 1440 minutes (24 hours).
  • I<int> - Sets the interval, in minutes, for the heartbeat synchronization process. The default interval is 30 minutes. The range is 2 to 1440 minutes (24 hours).
  • J<int> - Sets the interval, in minutes, for the janitor process. The default interval is 2 minutes. The range is 1 to 10080 minutes (168 hours).
  • M - Reports the maximum memory used by eDirectory.
  • N [0] - Sets the name form: zero (0) specifies hex only, and one (1) specifies full dot form.
  • SI<int> - Sets the interval, in minutes, for the inbound schema synchronization process. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours).
  • SO<int> - Sets the interval, in minutes, for the outbound schema synchronization process. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours).
  • SI0<int> - Disables the inbound schema synchronization process for the specified number of minutes. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours).
  • SO0<int> - Disables the outbound schema synchronization process for the specified number of minutes. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours).
  • T<int> - Sets the interval, in minutes, for checking the server's UP state. The default interval is 30 minutes. The range is 1 to 720 minutes (12 hours).
  • EO - Schedules the outbound synchronization process to begin execution.
  • F<int> - Sets the interval, in minutes, for the flat cleaner process. The default interval is 240 minutes (4 hours). The range is 2 to 10080 minutes (168 hours).
  • H<int> - Sets the interval, in minutes, for the Heartbeat Synchronization process. The default interval is 30 minutes. The range is 2 to 1440 minutes (24 hours).
  • I<int> - Sets the interval, in minutes, for the Heartbeat Synchronization process. The default interval is 30 minutes. The range is 2 to 1440 minutes (24 hours).
  • J<int> - Sets the interval, in minutes, for the Janitor process. The default interval is 2 minutes. The range is 1 to 10080 minutes (168 hours).
  • M - Reports the maximum memory used by eDirectory.
  • N [0] - Sets the name form: zero (0) specifies hex only, and one (1) specifies full dot form.
  • SI<int> - Sets the interval, in minutes, for the inbound schema synchronization process. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours).
  • SO<int> - Sets the interval, in minutes, for the outbound schema synchronization process. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours).
  • SI0<int> - Disables the inbound schema synchronization process for the specified number of minutes. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours).
  • SO0<int> - Disables the outbound schema synchronization process for the specified number of minutes. The default interval is 24 minutes. The range is 2 to 10080 minutes (168 hours).
  • T<int> - Sets the interval, in minutes, for checking the server's UP state. The default interval is 30 minutes. The range is 1 to 720 minutes (12 hours).
  • V[<ver>[,<ver>]] - Lists the restricted EDirectory Versions. If no EDirectory Versions are listed, there are no restrictions. Each version is separated by a comma.

NOTE - If a parameter or an argument contains a special character such as, $, #, etc, it must be preceded with back slash character

More Information #

There might be more information for this subject on one of the following: