Home > Articles > Certification > Other IT

This chapter is from the book

This chapter is from the book

Implementing eDirectory 8.6

Test Objectives Covered:

  1. Integrate eDirectory 8.6 into an existing network.

  2. Use the eDirectory Import/Export Wizard to manage LDIF files.

Now that you understand the fundamental architecture of the eDirectory tree, it's time to explore how it works. As you manage network objects within eDirectory, pay particular attention to its treelike structure. A well-designed tree will make resource access and management much easier. The structure of the eDirectory tree is both organizational and functional. The location of an object in the tree can affect how users access it and how network administrators manage it.

In this lesson, you will learn how to integrate eDirectory 8.6 objects in two simple steps:

  • Step 1: eDirectory Integration—You must complete four tasks to prepare your network for eDirectory 8.6.

  • Step 2: eDirectory Import/Export Wizard—You can use the eDirectory Import/Export Wizard to create large groups of eDirectory objects from existing LDAP databases.

Step 1: eDirectory Integration

When you install NetWare 6, eDirectory 8.6 is installed by default. If you upgrade to NetWare 6 from an existing network, however, you must carefully complete the following four tasks to prepare your network for eDirectory 8.6:

  1. Apply the latest support packs.

  2. Update the eDirectory schema.

  3. Configure the Novell Certificate Server.

  4. Perform an eDirectory health check.

Let's explore step 1 in more depth, staring with support packs.

Applying the Latest Support Packs

eDirectory 8.6 operates at the core of your network. Thus, you should ensure that the latest NetWare Support Packs have been installed on all of your NetWare servers before implementing eDirectory 8.6. These updates can be downloaded from the Novell Web site at http://support.Novell.com.

Updating the eDirectory Schema

eDirectory uses a mechanism called the schema to define the object naming structure for all network resources. The schema is distributed to all NetWare servers and follows specific rules. Think of the schema as the pulse of eDirectory 8.6.

Prior to installing NetWare 6 and updating your network to eDirectory 8.6, you must update your network's eDirectory schema. This is easily accomplished using NetWare Deployment Manager (which is located in the root of the NetWare 6 Operating System CD). As you recall from Chapter 2, NetWare Deployment Manager is a graphical tool that guides you through the steps required to ensure that all of your servers are using the latest version of the eDirectory schema. The good news is you only have to complete this procedure once!

Configuring the Novell Certificate Server

Prior to installing NetWare 6 and upgrading your network to eDirectory 8.6, you must configure the Novell Certificate Server.

The Novell Certificate Server allows you to mint, issue, and manage digital certificates from within eDirectory by using two key objects:

  • Security container object—The Security container holds security- related objects for the eDirectory tree, including the Organizational CA object. This container physically resides at the very top of the eDirectory tree. The first server installed in eDirectory creates and stores the Security container.

  • Organizational CA object—The Organizational CA object enables secure data transmissions. This object is stored inside the Security container and thus, also resides at the very top of the eDirectory tree. Only one Organizational CA object can exist in an eDirectory tree. Once this object is created, it should not be moved to another server. Deleting and re-creating an organizational CA will invalidate any certificates associated with it.

CAUTION

Make sure that the first eDirectory server is the most reliable one in the tree. This special server will host the Organizational CA object and must be operational during the installation of all other servers into the tree.

You must be running the latest version of the Novell Certificate Server in order to implement eDirectory 8.6. To upgrade your network, follow these simple steps:

  1. Identify the server that is acting as the organizational CA—Use ConsoleOne to browse to your tree's Security container. Double-click the organizational CA and select the Other tab. The server acting as the CA is listed in the Host Server field.

  2. Verify that the CA server is running Novell Certificate Server 2.0 or later—Move to the server that you identified in step 1. From the server console, execute NWCONFIG. Select Product Options, then View/Configure/Remove Installed Products. Finally, look for the PKIS entry to validate the version of Novell Certificate Server you are running.

  3. Verify that the necessary security-related objects exist in your Security container—Inside the Security container, you should find the following three security-related objects: a KAP container object, a W0 security object within the KAP container, and an Organizational CA object. If these objects don't exist, the first NetWare 6 server will create them. The network administrator performing the installation, however, must have Supervisor rights in the Security container, as well as at the [Root] of the eDirectory tree.

  4. Establish the necessary eDirectory rights for operating the CA—To properly administer the Novell Certificate Server, you must have Supervisor eDirectory rights to the W0 object and to the host server's container. In addition, you must have Read entry rights to the NDSPKI:Private Key attribute of the organizational CA.

  5. Download and install the client NICI on the ConsoleOne administrative workstation—The Client NICI can be downloaded from the Novell Web site at http://www.Novell.com/products/cryptograpy.

After you have successfully accomplished these five tasks, updated the directory schema, and applied the latest support packs, your network is ready to accommodate eDirectory 8.6. Ready, set, go!

If you use the Novell Certificate Server 2.20 ConsoleOne Snap-In (which is included with NetWare 6), you will need to ensure that Client NICI 2.02 (or later) is installed on the ConsoleOne administrative workstation.

Performing an eDirectory Health Check

After you install eDirectory 8.6 on your new network, you should run a health check on each NetWare server to ensure that the integration was successful.

TIP

Regular health checks will help keep your directory running smoothly and make upgrades and troubleshooting much easier. In fact, one of the most frequent problems encountered by Novell Technical Support engineers is caused by network administrators who fail to run a health check on their eDirectory tree after a new server has been installed.

A complete health check begins with verifying the version of eDirectory that you are using. Every NetWare server on your network should be running the same version of DS.NLM. Next, you should check time synchronization because all object and property updates rely on consistent time stamps. Then, you should check partition continuity to ensure that all replicas of a partition are in sync. Finally, you should ensure that all NDS SET parameters are operating correctly.

Following are the detailed steps for the four most important eDirectory health checks, as well as a step-by-step guide to repairing the local database if anything goes wrong.

TIP

You must perform these health check procedures for every server in the eDirectory tree. You can start by performing the steps on the server holding the Master replica for each partition (starting with the Tree partition) and working down the Directory tree.

Time Synchronization Check

Start at the NetWare server holding the Master replica for the Tree partition. At the server console, execute DSREPAIR, and then select Time Synchronization to check the version of DS.NLM on each server synchronizing with this one. Also, verify that time stamps are properly synchronized.

Server-to-Server Synchronization Check

At the server console, enter the following DSTRACE commands to check server-to-server synchronization:

  • SET DSTRACE=ON—Activates the trace screen for eDirectory transactions.

  • SET DSTRACE=+SPermits you to view the synchronization of objects.

  • SET DSTRACE=*H—Initiates synchronization between servers.

Next press Ctrl+Esc and select Directory Services from the Current Screens list to view the Directory Services Trace screen. If there are no errors, a message will appear indicating that All Processed=YES. This message should appear for each partition on this server.

Replica Check

In DSREPAIR, you can perform four different health check procedures to ensure that replicas are synchronizing correctly. Follow these simple procedures:

  • Replica Synchronization—Select Report Synchronization Status to view replica synchronization. A server must have a replica for this operation to work.

  • External References—In the Advanced Options menu, select Check External References. This option shows external references, obituaries, and the states of all servers in the backlink list for the obituaries.

  • Replica State—In the Advanced Options menu, select Replica and Partition Operations. Verify that the replica state is on.

  • Replica Ring—In the Advanced Options menu, select Replica and Partition Operations. Then choose a particular partition and select View Replica Ring. Verify that the servers holding replicas of that partition are on and correct.

NOTE

Obituaries are objects that are deleted from the tree and waiting to be purged.

Schema Check

At the server console, enter the following DSTRACE commands to check the health of your eDirectory schema:

  • SET DSTRACE=ON—Activates the trace screen for eDirectory transactions.

  • SET DSTRACE=+SCHEMA—Displays schema information.

  • SET DSTRACE=*SS—Initiates schema synchronization.

At the server console, press Ctrl+Esc and select Directory Services from the Current Screens list to view the Directory Services Trace screen. If there are no errors, a message will appear indicating that All Processed=YES.

Repair the Local Database

If you find errors in your eDirectory database after performing the health checks described above, you can attempt to repair the local database using DSREPAIR. This process may take a considerable amount of time and does lock the database during repair, so make sure that you perform the repair procedure after normal business hours.

In DSREPAIR,

  1. Select the Advanced Options menu.

  2. Choose Repair Local DS Database.

  3. Mark the options on this page as follows:

    Check Local References—Yes

    Rebuild Operational Schema—Yes

    All Other Options—No

  4. This option locks the eDirectory database.

  5. DSREPAIR displays a message stating that authentication cannot occur with this server when the eDirectory database is locked. Press F10 and select Yes.

  6. When the repair process is complete, exit DSREPAIR.

After you have completed all of the eDirectory health checks and repaired the local database, you're done. Now you can rest easy knowing that your eDirectory database is in the best possible condition it can be. And the good news is that you are ready to begin populating your tree with users, servers, containers, and other network objects.

Let's shift our focus to step 2 of eDirectory Implementation—the eDirectory Import/Export Wizard.

After you have completed all of the health check procedures described above, you will need to enter the following commands at the server console to turn off DSTRACE:

  • SET DSTRACE=nodebug—Erases all DSTRACE SET commands.

  • SET DSTRACE=+min—Sets DSTRACE to minimum settings.

  • SET DSTRACE=off—Turns off the DSTRACE screen.

If left running, DSTRACE uses server resources that can slow down critical procedures. So when in doubt, turn it off.

Lab Exercise 3.1: Implement Novell eDirectory 8.6

In Chapter 2, you used the NetWare 6 migration process to move data from a NetWare 5.1 (source) server across the network to a new temporary (destination) NetWare 6 server. After the migration, the temporary NetWare 6 (destination) server then assumed the identity of the source server.

In this lab exercise, you will run the following types of tests to verify that the LABS-SRV1 server is operating properly after the migration:

  • Part I: Verify that Time Synchronization Is Properly Configured

  • Part II: Run a Health Check

In this lab exercise, you will need the following servers:

  • LABS-SRV1 server created in Lab Exercise 2.2.

  • WHITE-SRV1 server created in Lab Exercise 2.2.

Part I: Verify that Time Synchronization Is Properly Configured

Complete the following tasks:

  1. Verify that the LABS-SRV1 server is configured as a Single Reference time provider.

  1. At the LABS-SRV1 server prompt, enter MONITOR.

  2. When the Available Options menu appears, select Server Parameters.

TIP

If you hesitate a too long when making your selection, you'll notice that the General Information window automatically expands, and in the process, hides the Available Options menu. If this occurs, simply press Tab to gain access to the Available Options menu.

  1. When the Select a Parameter Category menu appears, select Time.

  2. When the Time Parameters window appears

    • Verify that the TIMESYNC Type is SINGLE.

    • Verify that the Default Time Server Type is SINGLE.

  3. Exit MONITOR.

Part II: Run a Health Check

Complete the following tasks:

  1. Check server-to-server synchronization:

    1. At the LABS-SRV1 server console prompt, enter each of these commands:
      SET DSTRACE=ON
      SET DSTRACE=+S
      SET DSTRACE=*H

TIP

At the server console, you can press Alt+Esc to toggle between screens or Ctrl+Esc to display a list of active screens.

  1. Press Ctrl+Esc.

  2. When the Current Screens menu appears, select Directory Services.

  3. When the DSTRACE screen appears, review the information on the screen:

    • If no errors were found, skip to step 2.

    • If any errors were found, try reentering the following commands at the server console prompt:

      SET DSTRACE=+S
      SET DSTRACE=*H

    • and then return to step 1b.

  1. Check schema information:

    1. At the LABS-SRV1 server console prompt, enter these commands:

      SET DSTRACE=+SCHEMA
      SET DSTRACE=*SS

    2. Press Ctrl+Esc.

    3. When the Current Screens menu appears, select Directory Services.

    4. When the DSTRACE screen appears, verify that the following message is displayed: All Processed = YES.

  2. Verify the DS.NLM version and check time synchronization:

    1. At the LABS-SRV1 server console prompt, enter DSREPAIR.

    2. When the Available Options menu appears, select Time Synchronization.

    3. When the View Log File (Last Entry): SYS:SYSTEM\DSREPAIR.LOG window appears:

      • Verify that the DS.NLM version is 10110.20 or later.

      • Verify that time is synchronized.

    4. Press Esc to return to the Available Options menu.

  3. Check replica synchronization:

    1. When the Available Options menu appears, select Report Synchronization Status.

    2. When the View Log File (Last Entry): SYS:SYSTEM\DSREPAIR.LOG window appears, verify that the replicas on all servers are synchronized up to time for each partition.

    3. Press Esc to return to the Available Options menu.

  4. Check external references:

    1. When the Available Options menu appears, select Advanced Options Menu.

    2. When the Advanced Options menu appears, select Check External References.

    3. When the View Log File (Last Entry): SYS:SYSTEM\DSREPAIR.LOG window appears, you'll notice that no external references were checked.

    4. Press Esc to return to the Advanced Options menu.

  5. Check the replica state:

    1. When the Advanced Options menu appears, select Replica and Partition Operations.

    2. When the Replicas Stored on This Server window appears, verify that the Replica State is On for all partitions.

    3. Press Esc to return to the Advanced Options menu.

  6. Check the replica ring:

    1. In the Advanced Options menu, select Replica and Partition Operations.

    2. When the Replicas Stored on This Server window appears, select the [Root] partition.

    3. When the Replica Options, Partition: .[Root]. menu appears, select View Replica Ring.

    4. When the Replicas of Partition .[Root]. window appears:

      • Verify that the servers holding replicas of this partition are correct.

      • Verify that the replica state of the [Root] partition is On.

    5. Press Esc three times to return to the Advanced Options menu.

  7. Repair the local database:

    1. When the Advanced Options menu appears, select Repair Local DS Database.

    2. When the Repair Local Database Options window appears

      • In the Rebuild Operational Schema field, you'll notice there is a warning indicating that you should not enable this option unless directed by Technical Support. Change the value to Yes anyway. (To do so, press Y, and then press Enter.)

      • In the Repair All Local References field, verify that Yes is displayed.

      • Leave all other parameters on the page at their default settings.

      • Press F10.

    3. When the Repair Directory menu appears

      • Read the warning indicating that you have selected to lock the DB (DIB) database while the repair operating is running and that users will be prevented from logging in.

      • Select Yes to continue.

    4. Wait while the repair operation proceeds.

    5. When prompted that the repair is complete:

      • In the Total Errors field, note the number of errors. (It should be 0.)

      • Press Enter to continue.

    6. When the View the Current Log File menu appears, select No.

    7. When the Repair Local Database Options window appears

      • If errors were encountered in step 8e, press F10 to repeat the repair process.

      • If errors no were encountered in step 8e, exit DSREPAIR.

NOTE

If errors were encountered, you may want to continue running Repair Local DS Database until no errors are displayed.

  1. Turn off DSTRACE. At the server console prompt, enter these commands:

    Set DSTRACE=nodebug
    Set DSTRACE=+min
    Set DSTRACE=off

Step 2: eDirectory Import/Export Wizard

Once your network is ready to accept eDirectory 8.6 objects, you can take advantage of Novell's new eDirectory Import/Export Wizard to create large batches of objects with the touch of a single button. The wizard uses the Novell Import/Conversion Export (ICE) engine installed with ConsoleOne. This engine allows you to convert LDAP Data Interchange Format (LDIF) files into eDirectory objects.

In this second eDirectory implementation lesson, you will learn how to use the eDirectory Import/Export Wizard to manage LDIF files. But, first, let's review the basics of LDAP and LDIF.

TIP

The NetWare 6 installation program copies two versions of the Novell Import/Conversion Export engine to your server automatically: a Win32 version (ICE.EXE) and a NetWare version (ICE.NLM). On Linux, Solaris, and Tru64 UNIX systems, ICE is included in the "NDSadmut1" package.

LDAP and LDIF Basics

LDAP and LDIF combine to create the directory access file format used by the ICE engine to create large groups of eDirectory objects with the touch of a single button.

LDAP is an Internet communications protocol based on the X.500 Directory Access Protocol (DAP). Fundamentally, LDAP allows client applications to access directory information running on a NetWare server. This is accomplished using an eDirectory service called LDAP Services for eDirectory, which is provided by NLDAP.NLM.

LDIF is a standard that defines an ASCII text file format that is used to exchange data between LDAP-compliant directories. LDIF files are commonly used to initially build a directory database or to add a large number of entries to a directory all at once. In this case, we are using LDIF files with the ICE engine to add a large number of network object entries to eDirectory with the touch of a single button.

So how do they work? LDIF files consist of one or more entries separated by a blank line. Each LDIF entry has an optional entry ID, a required distinguished name, one or more object classes, and multiple attribute definitions. You can specify object classes and attributes in any order.

Table 3.2 describes the LDIF fields used in the following example. This example accomplishes two tasks: it creates an Organization object named ACME, and then it creates a user named AEinstein in the ACME container.

dn: o=ACME
changetype: add
o: ACME
objectClass: organization
objectClass: ndsLoginProperties
objectClass: ndsContainerLoginProperties
objectClass: top
ACL: 2#entry#o=ACME#loginScript
ACL: 2#entry#o=ACME#printJobConfiguration

dn: cn=aeinstein,o=ACME
changetype: add
uid: aeinstein
otherGUID:: bsaWkLmDlk+Sdcy8z17PpA==
givenName: Albert
fullName: Albert Einstein
Language: ENGLISH
Title: Chief Scientist
sn: Einstein
ou: LABS
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: ndsLoginProperties
objectClass: top
ou: NORAD
cn: aeinstein
ACL: 2#subtree#cn=aeinstein,o=ACME#[All Attributes Rights]
ACL: 6#entry#cn=aeinstein,o=ACME#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=aeinstein,o=ACME#printJobConfiguration
ACL: 2#entry#[Root]#networkAddress

Table 3.2 LDIF Field Formats

Parameter

Description

Dn

Specifies the distinguished name for the entry.

changetype

Valid changetype values are add, modify, moddn, and delete.

objectClass

Specifies an object class to use with this entry. Each object class defines the types of attributes allowed or required for the entry.

attribute type

Specifies an attribute to define for the entry.

attribute value

Specifies a value to be assigned to the attribute type.


LDAP and eDirectory share a similar naming syntax. There are, however, two important differences when specifying object names in LDAP:

  • LDAP uses commas (,) as naming separators instead of periods (.)

  • LDAP names always uses typeful full distinguished names

Using the eDirectory Import/Export Wizard

The eDirectory Import/Export Wizard is a snap-in utility built into ConsoleOne. The wizard uses ICE as an import/export engine to manage a collection of handlers that read from or write to LDIF files. For example, to import LDIF data into an LDAP directory, ICE uses an LDIF source handler to read the LDIF file and an LDAP destination handler to send the data to the correct LDAP directory server.

NOTE

ICE replaces BULKLOAD and UIMPORT that were included with previous versions of eDirectory. ICE supports a command-line interface in addition to the Import/Export Wizard.

As you can see in Figure 3.3, the ConsoleOne Import/Export Wizard supports three different tasks:

  • Import data from LDIF files to an LDAP directory

  • Export data from an LDAP directory to an LDIF file

  • Migrate data between LDAP servers

Figure 3.3Figure 3.3 Using the eDirectory Import/Export Wizard in ConsoleOne.

Whether you are importing, exporting, or migrating LDIF data, the steps are nearly identical. Following is a step-by-step description of all three tasks and how to accomplish them by using the eDirectory Import/Export Wizard:

  1. In ConsoleOne, select Wizards, and then select NDS Import/Export.

  2. In the Select Task screen shown in Figure 3.3, choose Import, Export, or Migrate, depending on the task you want to accomplish.

  3. Based on the task you chose in option 2, perform one of the following:

    1. Import—Enter the name of the LDIF file containing the data you want to import, select Next, and then specify the LDAP- complaint server where the data will be imported.

    2. Export—Specify the LDAP-compliant server holding the entries you want to export. Enter a DNS name or IP address.

    3. Migrate—Specify the LDAP-complaint server holding the entries you want to migrate. Enter a DNS name or IP address.

  4. Regardless of the task you select, the wizard will ask you to fill out a form full of import/export options. Follow along in Table 3.3 as you complete the appropriate form. Select Next when you are done.

  5. Based on the option you chose in step 2 above, perform the appropriate task below:

    1. Import—Click Finish to begin the LDIF import.

    2. Export—Specify the search criteria for the entries you want to export. These criteria include Base DN, Scope, Filter, and search Attributes. After you have specified the search criteria, select Next and enter the name of the LDIF file that will store the exported information. Finally, select Next and Finish to begin the LDIF export.

    3. Migrate—Specify the search criteria for the entries you want to migrate, and then select Next and choose an LDAP server where the data will be migrated. Finally, select Next and Finish to migrate the LDIF data.

Table 3.3 eDirectory Import/Export Configuration Options

Option

Description

Server DNS Name/IP

Enter the DNS name or IP address of the source or Address destination LDAP server.

Server DNS Name/IP

Enter the DNS name or IP address of the source or Address destination LDAP server.

Port

Enter the integer port number of the source or destination LDAP server. By default, you can use the number "389" for clear-text or "636" for secure transmissions.

Login Method

Select "Authenticated Login" or "Anonymous" for Guidelines the entry specified in the User DN field.

User DN

If using Authenticated Login, enter the distinguished name of the entry that should be used when binding to the server.

Password

If using Authenticated Login, enter the password for the entry specified in the User DN field.

DER file

(optional) Enter the name of the DER file containing a server key used for SSL authentication. This field is required if you use Port 636 for secure communications. Of course, you can always use the default "RootCert.der" file created during installation in the SYS:\PUBLIC directory.


Using the LBURP Protocol

In addition to the standard synchronous protocol that ICE uses, you can also take advantage of the LDAP Bulk Update/Replication Protocol (LBURP). Excuse me.

LBURP allows ICE to send several update operations in a single request and to receive a response for all update operations in a single response. This asynchronous update processing guarantees that import/export requests are processed in the order specified and adds a tremendous amount of network efficiency to the overall system. LBURP lets ICE present data to the server as fast as the network connection will allow. In fact, if the network connection is fast enough, LBURP will keep the server busy processing update operations 100 percent of the time.

LBURP is enabled by default but you can disable it during an LDIF import by using the Advanced Options screen shown in Figure 3.4. To enable or disable LBURP during an LDIF import, select or deselect the Use LBURP option in Figure 3.4. You can find the Advanced Options screen by selecting the Advanced tab on the LDAP Server Selection screen.

Figure 3.4Figure 3.4 eDirectory Import/Export Wizard Advanced Options.

TIP

Because LBURP is relatively new, eDirectory servers prior to version 8.5 and most non-eDirectory LDAP servers do not support it. If you are using the eDirectory Import/Export Wizard to import an LDIF file to one of these servers, you must disable the LBURP option in order for the import to work.

This completes our comprehensive lesson in eDirectory 8.6 implementation. In this two-step process, you learned how to integrate eDirectory 8.6 into an existing network and import large groups of eDirectory objects using the eDirectory Import/Export Wizard. In step 1, you learned there are three important preintegration tasks that you must accomplish in order to prepare your network for eDirectory 8.6. In addition, you learned how to perform a variety of eDirectory health check procedures after your network has been updated. These procedures included a time synchronization check, server-to-server synchronization check, replica check, and schema check.

Once eDirectory 8.6 was in place, we shifted our attention to the eDirectory Import/Export Wizard. This wizard uses an import/export engine called ICE to manage directory entries in LDIF format. You learned how to use the eDirectory Import/Export Wizard to import data from LDIF files to an LDAP directory, export data from an LDAP directory, and perform a data migration between two LDAP servers.

Congratulations, you are now an eDirectory 8.6 pro! Now it's time to build a comprehensive maintenance plan. At this point, your attention shifts from building it to keeping it running.

Lab Exercise 3.2: Import Users with eDirectory Import/Export Wizard

In this lab exercise, you will learn to use the ConsoleOne eDirectory Import/Export Wizard to import LDIF files that are located on the Sams Publishing web site. You will then use these files to create two Organizational Unit containers in the ACME container and to add users to these containers by using the information in Table 3.4.

In this lab exercise, you will need the following servers:

  • LABS-SRV1 server created in Lab Exercise 2.1.

  • WHITE-SRV1 server created in Lab Exercise 2.2.

Table 3.4 LDIF Import File Information

File

Related Information

First LDIF file

Organizational Unit: Administrators

First LDIF file

Log File: ADM-ICE.LOG

First LDIF file

LDIF File: ADM-LDIF.LDF

Second LDIF file

Organizational Unit: Contractors

Second LDIF file

Log File: CON-ICE.LOG

Second LDIF file

LDIF file: CON-LDIF.LDF


Complete the following tasks:

  1. At the WHITE-SRV1 server console prompt, execute ConsoleOne. If necessary, authenticate as admin.

  2. Import the ADM-LDIF.LDF file.

  1. In ConsoleOne, browse to the ACME Organization object.

  2. Select Wizards, NDS Import/Export.

  3. When the Select Task dialog box appears:

    • Verify that Import LDIF File is selected.

    • Select Advanced.

  4. When the Advanced Options dialog box appears

    • In the Log File field, change the name of the log file to ADM-ICE.LOG.

    • Select Overwrite Existing Log File.

    • Select OK.

  5. When the Select Task dialog box reappears, select Next.

  6. When the Select Source LDIF file dialog box appears

    • Browse to and select the ADM-LDIF.LDF file.

    • Select Advanced.

  7. When the Advanced Options dialog box appears, deselect Exit on Error; then select OK.

  8. When the Select Source LDIF File dialog box reappears, select Next.

  9. When the Select Destination LDAP Server dialog box appears, select New.

  10. When the Add Server dialog box appears

    • In the Description field, enter ACME Import.

    • In the Server DNS Name/IP Address field, enter the IP address of your server. (If you're using the IP address listed in this book, enter 192.168.1.100.)

    • In the Port field, enter 389.

    • In the User DN field, enter cn=admin,o=ACME.

    • Select OK.

TIP

Make sure you use a comma (,) after cn=admin instead of a period (.) because the use of a comma is an LDAP syntax rule.

  1. When the Select Destination LDAP Server screen appears

    • Select ACME Import.

    • In the Password field, enter acme.

    • Select Advanced.

  2. When the Advanced Options dialog box appears, select Allow Forward References, and then select OK.

TIP

When working with LDIF, you may encounter a situation where an operation to add an entry precedes an operation to add its parent. If this occurs, an error is generated because the parent does not exist. This problem can be solved through the use of forward references. Under such a scenario, when an entry is created before its parent, a forward reference is created, which allows the entry to be created. If a subsequent operation creates the parent, the forward reference is converted to a normal entry.

  1. When the Select Destination LDAP Server screen reappears, select Next.

  2. When the summary window appears, select Finish.

  3. You see text similar to the following:
    Source Handler: ICE LDIF handler for Novell eDirectory 8.6.0 version: 10110.05 
    Destination Handler: ICE LDAP handler for Novell eDirectory 8.6.0 version: 10110.05
    ICE log file: ADM-ICE.LOG 
    Start time: Friday, January 25, 2001 5:40:32 am 
    operation in progress . 
    Total entries processed: 24
    Total number of errors: 0 
    End time: Friday, January 25, 2001 5:40:33 am Total Time: 0:00:01.107 
    Time per entry: 00:00-044 
  4. Select Close.

  5. Refresh your tree view by selecting View, Refresh.

  1. Repeat step 2 using the CON-LDIF.LDF file. Also, make the following changes to the process:

    1. Log File: CON-ICE.LOG.

    2. Source File: CON-LDIF.LDF.

  2. After both LDIF files are imported, make sure the following Organizational Unit containers appear in the ACME container:

    • Administrators

    • Contractors

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020