ndstrace
ndstrace -l > /tmp/ndstrace.log & or ndstrace -l >> /dev/null &
To Exit command-line process use
ndstrace -u
ndstrace -c connections --config-file /data/nds/int/nds.conf
To completely unload and load DirXML (Linux and Solaris): We recently verified this still works in 3.6.1
ndstrace -c "unload vrdim" ndstrace -c "load vrdim"
Of it running EDirectory Multiple Instance or a custom setup:
ndstrace -c "load vridm' --config-file /data/nds/idv/nds.conf
# ndstrace -c threads Thread Pool Information Summary : Spawned 24, Died 0 Pool Workers : Idle 8, Total 24, Peak 24 Ready Work : Current 1, Peak 5, maxWait 112425 us Sched delay : Min 3314 us, Max 1022572 us, Avg: 727965 us Waiting Work : Current 14, Peak 17
ndstrace -c connections --config-file /data/nds/item/nds.conf|grep -E 'uniqueID|CN'|awk -F '[:=]' '{print $2 " "$4}'|sort|uniq -u
10.92.231.2 jwilleke
...
We then took the output of that file and used a bash script to obtain the Domain Name System:
#!/bin/bash
IPLIST="/home/jwilleke/tt.txt"
ndstrace -c connections --config-file /data/nds/unix/nds.conf|grep -E 'uniqueID|CN'|awk -F '[:=]' '{print $2 " "$4}'|sort|uniq -u > $IPLIST
while IFS='' read -r line || [[ -n "$line" ]]; do
# echo "Text read from file: $line"
ipx=`echo $line|cut -d' ' -f1`
uidName=`echo $line|cut -d' ' -f2`
#echo "$ipx"
domain=$(dig -x $ipx +short | head -1)
echo -e "$domain,$ipx,$uidName" >>t.txt
done < "$IPLIST"
# ndstrace -c connections
Connection Table Information:
Allocated Connections: 64
1 VALID|AUTHEN tcp:10.129.110.80:39083 .UNKNOWN.svr.[Directory-Info.com].net
2 VALID tcp:10.129.110.80:39087
3 VALID|AUTHEN tcp:10.129.110.80:39088 .UNKNOWN.svr.[Directory-Info.com].net
4 VALID|AUTHEN tcp:10.129.110.80:39089 .UNKNOWN.svr.[Directory-Info.com].net
5 VALID|AUTHEN tcp:10.129.110.80:39090 .UNKNOWN.svr.[Directory-Info.com].net
6 VALID|AUTHEN tcp:10.129.110.80:39093 .UNKNOWN.svr.[Directory-Info.com].net
7 VALID tcp:10.129.110.80:39107
8 VALID tcp:10.129.110.80:39108
9 VALID tcp:10.129.110.80:39109
...
30 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
31 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
32 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
33 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
34 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
35 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
36 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
37 VALID|AUTHEN Local Connection .GQVRMW.VRU.CardServices.Applications.[Directory-Info.com].net
The connection showing "Local Connection" are LDAP connections. Those showing "TCP:..." are NCP connections.
ndstrace -c connections
[1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: francis.dc=svr.dc=willeke.dc=com.WILLEKETREE
Connection Table Information:
Allocated Connections: 64
1 VALID|AUTHEN tcp:192.168.1.4:33430 .francis.svr.willeke.com
2 VALID|AUTHEN tcp:192.168.1.4:33431 .francis.svr.willeke.com
3 VALID|AUTHEN tcp:192.168.1.4:33432 .anonymous.administration.willeke.com
4 VALID tcp:192.168.1.4:33434
5 VALID|AUTHEN tcp:192.168.1.4:43630 .admin.administration.willeke.com
6 VALID tcp:192.168.1.4:33436
7 VALID|AUTHEN tcp:192.168.1.4:45004 .admin.administration.willeke.com
8 VALID tcp:192.168.1.4:45007
9 VALID|AUTHEN tcp:192.168.1.2:1205 .SH.svr.willeke.com
10 VALID tcp:192.168.1.2:1206
13 VALID tcp:192.168.1.4:33450
Which is more depressing as the LDAP connections are shown only by the server IP address.
netstat -a|grep ldap tcp 0 0 *:ldap *:* LISTEN tcp 0 0 *:ldaps *:* LISTEN tcp 0 0 francis.svr.willek:ldap 192.168.1.121:ratio-adp ESTABLISHED tcp 0 0 francis.svr.wille:ldaps 192.168.:isoipsigport-2 ESTABLISHEDThis will show the IP Addresses via LDAP to a Solaris or Linux server.
The *:ldap and *:ldaps shows that the server is listening for connections for LDAP and LDAPS.
Currently there is no method we are aware to see both the userid and the IP Address for connections via LDAP.
# ndstrace -c modules [1] Instance at /etc/opt/novell/eDirectory/conf/nds.conf: francis.dc=svr.dc=wil leke.dc=com.WILLEKETREE snmpinst Not Loaded snmp-0 Not Loaded repair Not Loaded pkiinst Not Loaded nmasldap Running nmasinst Not Loaded ndsinfo Not Loaded ndsclone Not Loaded Directory Clone Agent For Novell eDirect ory 8.8 SP1 merge Not Loaded lsss Running ldapxs Running krbpwd Not Loaded dstrace Not Loaded Trace For Novell eDirectory 8.8 SP1 dsr Not Loaded dsi Not Loaded dsbk Not Loaded backupcr Running auditds Running ssncp Running pkiserver Running Novell Certificate Server sasl Running [ nldap ] statuslg Running [ embox ] embox Running eDirectory Management Tool Box Engine sss Running [ ssldp ssncp ] ssldp Running [ nldap ] spmdclnt Running nmas Running [ sasl ] imon Running NDS iMonitor 2.4 for Novell eDirectory v20111.59 nldap Running LDAP Agent for Novell eDirectory 8.8 SP1 hconserv Running HTTP Console Server For Novell eDirectory 8.8 SP 1 snmp Running SNMP Trap Server for Novell eDirectory 8.8.1 gams Running Graded Authentication Management Service niciext Running SDI/SASDFM Transport Service httpstk Running HTTP Protocol Stack For Novell eDirectory 8.8 SP 1 [ nds hconserv imon embox ] nds Running Directory Agent For Novell eDirectory 8.8 SP1 masv Running Mandatory Access Control Service [ gams ] dsloader Running Loader Services For Novell eDirectory 8.8 SP1 [ httpstk hconserv nldap ] dhlog Running DHost message logging module for Novell eDirecto ry 8.8 SP1 ncpengine Running NCP Protocol Stack For Novell eDirectory 8.8 SP1 ndsd Running Novell eDirectory 8.8 SP1 Host Environment
ndstrace -l > /tmp/ndstrace.log & ndstrace -c 'set dstrace=nodebug' ndstrace -c 'set ndstrace=FILE ON' ndstrace -c 'set ndstrace=*R' ndstrace -c 'dstrace +time +tags +ldap' less /tmp/ndstrace.log
For EDirectory Multiple Instances this may work.
ndstrace -l --config-file /data/nds/ext/nds.conf > /data/nds/ext/097-ndstrace.log & ndstrace -c 'set dstrace=nodebug' --config-file /data/nds/ext/nds.conf ndstrace -c 'set ndstrace=FILE ON' --config-file /data/nds/ext/nds.conf ndstrace -c 'set ndstrace=*R' --config-file /data/nds/ext/nds.conf ndstrace -c 'dstrace +time +tags +ldap' --config-file /data/nds/ext/nds.conf
These commands will setup ndstrace to watch DirXML only:
ndstrace -l > /tmp/ndstrace.log & ndstrace -c 'set dstrace=nodebug' ndstrace -c 'set ndstrace=FILE ON' ndstrace -c 'set ndstrace=*R' ndstrace -c 'dstrace +time +tags +dvrs' less /tmp/ndstrace.log
These commands will setup ndstrace to check synchronization:
ndstrace -l > /tmp/ndstrace.log & ndstrace -c 'set dstrace=nodebug' ndstrace -c 'set ndstrace=FILE ON' ndstrace -c 'dstrace +SKLK' ndstrace -c 'set ndstrace=*H' less /tmp/ndstrace.log |grep 'All processed = 'If there are no errors, all lines will display 'All Processed = Yes.'
These commands will setup ndstrace to check SCHEMA synchronization:
ndstrace -l > /tmp/ndstrace.log & ndstrace -c 'set dstrace=nodebug' ndstrace -c 'set ndstrace=FILE ON' ndstrace -c 'dstrace +SCMA' ndstrace -c 'dstrace +SCMD' ndstrace -c 'set ndstrace=*SS' less /tmp/ndstrace.logIf there are no errors, all lines will display 'All Processed = Yes.'
To Exit command-line process use
ndstrace -u
ndstrace; ndstrace file on;set ndstrace =NODEBUG;set ndstrace =+LDAP
ndstrace -c "ndstrace +sklk; set ndstrace=*h"
ndstrace; ndstrace file on
set ndstrace=*M<size_in_bytes>
set ndstrace=*R
ndsrepair -C -Ad -A