Using NDS iMonitor to Look at the eDirectory Schema
Articles and Tips: article
Senior Research Engineer
Novell AppNotes
kburnett@novell.com
01 May 2003
During the past several months, we have been discussing NDS iMonitor's inner workings as described by the three NDS Architects who designed it. This issue we will take a break from the inner workings to look at an actual usage example of NDS iMonitor.
NDS iMonitor is a slick tool for looking at your eDirectory Schema. If you need more information about the eDirectory Schema, visit http://developer.novell.com/ndk/doc_ndslib.htm for the Schema Reference document.
Remember that there are two ways to start up NDS iMonitor. The first is to type the URL of the server running NDS iMonitor, followed by /nds. For example:
http://<server name or IP address>/nds
(Depending on the way you have your server set up, you may need to add the port number, which is 8009.)
The second way is to launch NDS iMonitor through the NetWare Management Portal. You can do this by going to the Portal screen and selecting NDS iMonitor from the NDS Management menu in the left column.
Starting Up NDS iMonitor
Start up NDS iMonitor by using the option of your choice as described above. You should see the screen shown in Figure 1, or one that looks very similar to it.
Look at the left column of NDS iMonitor. Under the Links column, select Schema. This will bring up the Scema screen, as shown in Figure 2.
As you look under the Synchronization column on the left-hand side of the screen, you should see two main options: Attribute Definitions and Class Definitions. These two links allow you to look at your tree's schema. You can see the current Schema plus any extensions that have been added.
On the Class Definitions option there are two sub-options listed: Base and Inherited. The Class Definitions lists the name of each class, its rules and its attributes. You can use the navigation on the left to browse for and access individual attributes. The Base sub-option lists class hierarchy, flag information, and attribute options for the selected class. The attributes listed in Base are those that are defined directly for the object.
This list does not, however, include any inherited attributes.The Inherited sub-option lists class hierarchy, flag information and attribute options for the selected class. The attributes listed in Inherited include both base attributes and attributes inherited from higher-level objects.
When you click on the Base sub-option, you will see a screen like the one shown in Figure 3, only with information about your server.
Looking at Your Schema Class Definitions
We are looking at the schema on server DNU.Novell in DNU_TREE. Note that the column on the left is split into two scrollable boxes.
The top box lists all of the class definitions in your schema. You have the ability to scroll down this list and select any class definition you would like to examine. In my case, I have selected the class Alias, as is shown in Figure 4.
Note that the class's Flags are set for this definition. Also shown is the Modification Time, which is the last time the object was modified. If the modification time is not what you expect, it is usually because the object is still waiting to be synchronized. The OID listed on the page is the object identifier. OID is the X.500 term for the ASN.1 ID given to uniquely identify the object.
You can also see the Class Rules for the class. For example, the Alias Definition page in Figure 4 shows that its Super Class is Top and the associated Attribute Rules are shown.
The bottom left box in Figure 4 shows all of the Schema Replicas in your directory tree. As you can see, my tree only has one replica. If you peruse the Schema Document mentioned previously in this article, you will note that the Schema information the iMonitor displays is very similar to the Schema document. In addition, iMonitor shows you information specific to your particular schema, such as any changes or extensions you have made to the schema.
You can also look at the class rules for the class you have chosen. For my example, the Alias Class Rules show that its Super Class is Top and that the Alias object does not have to be contained by any other object. Also the Attribute rules indicate that the Alias object has a Required attribute, that being the name of the attribute.
Examining Your Schema Attribute Definitions
You can click on the "Aliased Object Name" Required attribute. Doing so reveals something like what you see in Figure 5.
The Required attribute definition
This is the attribute definition for our Alias object's Required Name attribute. The attribute definition contains the attribute name, the last date in which the attribute was modified, the flags associated with this attribute, the syntax of the attribute, the upper and lower limits of values for the attribute and the attribute's OID.
You can also access an attribute definition page by clicking on Attribute Definitions in the left column. This will display a scrollable page that contains all of the attribute definitions in your schema in alphabetic order.
Agent Synchronization
Let's switch gears now and look at a second real-world example of the power and flexibility of NDS iMonitor--Agent Synchronization. Agent Synchronization allows you to view the synchronization status of your directory's partitions. You can filter the information on this page by selecting from the options listed in the Assistant frame on the left side of the page, as shown in Figure 6.
The information you see in the Partition Synchronization page
Click the Agent Synchronization link under the Links: heading on the left side of the NDS iMonitor screen. This will take you to the Agent Synchronization screen. You will note that the main heading is the Partition Synchronization Status header with a bold brown background. This table lists the partition, number of errors, last successful synchronization, and maximum ring delta. Let's look at each of these in greater detail.
Partition.
For each partition, this lists the type and links to object information for the partition. In my case, the link is to DNU_TREE. Clicking this link takes you to the Browse page, which lets you browse your directory tree.
Errors.
This lists the number of replicas with errors since the last synchronization. In my example, there are no errors. However, NDS iMonitor has a very flexible error definition database. If you did have an error, say -605, you can click on the Error Index link under the Links: heading to go to the error index. There you can find the -605 error and click on it to discover that you have a "no such partition" error.
Last Successful Sync.
This lists the amount of time since all replicas of an individual partition were successfully able to synchronize from this server. In our case, it has been 59 minutes and 1 second since the last successful synchronization.
Maximum Ring Delta.
This lists the amount of data which might not be successfully synchronized to all the replicas in the ring. For example, if a users have changed their login scripts in the past 30 minutes, and the maximum ring delta has a 45-minute allocation, the users logging in might not be successfully synchronized, and they might get the previous login script when they login in. However, if users change their login script more than 45 minutes ago, they should get the new login script consistently from all replicas.
If unknown is listed under the Maximum Ring Delta, then the trasitive synchronized vector is inconsistent and the maximum ring delta cannot be calculated because of a problem, such as replica/partition operations in progress. In our case, the time is 0:00:00; hence there is no wait time and it is immediate.
Replica's Perishable Data Delta.
This lists the amount of data on the partition which has not been successfully replicated yet and which would be lost if the server went down immediately. In our example this is 291332:14:28. Now you may wonder what the 291332 is and I will explain.
Since server DNU and hence DNU_TREE is a one partition system, there is no secondary partition to replicate the data to in case of failure of the primary partition. So this is saying that there has been 291332 hours since the beginning of computing time (1970) in which this data has not been replicated. Or in other words, if the primary partition fails, the data is gone.
Lastly, note the information in the upper left hand panel is entitled Filter By. You have several options to filter you data by replica type that include All, Master, Read/Write, Read Only, Subordinate Reference, Filtered Write and Filtered Read. If you don't have a replica of Read/Write for example, you will get an error:
No replica found of type: Read/Write.
Conclusion
iMonitor is an extremely powerful diagnostic tool. One of its many uses is to help you examine the schema for your directory tree. iMonitor will give you not only the same basic schema information as the schema reference document (refer to: http://developer.novell.com/ndk/doc/ndslib/index.html?page=/ndk/doc/ndslib/schm_enu/data/h4q1mn1i.html ), but it will show you any changes in real-time that you have made for your particular directory tree.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.