1NSDB-NCES(8) System Manager's Manual NSDB-NCES(8)
3
7 nsdb-nces - list NSDB container entries on an LDAP server
8
10 nsdb-nces [-?d] [-l nsdbname] [-r nsdbport]
11
13 RFC 5716 introduces the Federated File System (FedFS, for short).
14 FedFS is an extensible standardized mechanism by which system adminis‐
15 trators construct a coherent namespace across multiple file servers
16 using file system referrals. For further details, see fedfs(7).
17 The bulk of FedFS junction information in a FedFS domain is stored on
19 one or more LDAP servers. These servers are known as namespace data‐
20 bases, or NSDBs, for short.
21 FedFS-enabled file servers and clients access the information stored on
23 NSDBs via standard LDAP queries. FedFS-enabled file servers use these
24 queries to resolve FedFS junctions. FedFS administrators use them to
25 manage information about file sets contained in a FedFS domain name
26 space.
27
29 The nsdb-nces(8) command is part of a collection of low-level single-
30 use programs that in intended for testing the NSDB protocol or for use
31 in scripts. It queries an LDAP server for the existance of NSDB Con‐
32 tainer Entries, or NCEs, for short.
33 The top of the Directory Information Tree on an LDAP server has one or
35 more naming contexts. Some LDAP server implementations call these con‐
36 texts "root suffixes". All LDAP entries on that server are contained
37 under one of these contexts.
38 The LDAP object under which FedFS-related entries reside is known as
40 the NSDB Container Entry (or NCE). The NCE can be a naming context
41 object, or it can be located somewhere below the naming context. Both
42 the naming context and the NCE must be world-readable for FedFS-enabled
43 clients and servers to access the NSDB.
44 The nsdb-nces(8) command displays each naming context on a target LDAP
46 server and indicates whether that context contains an NCE. At its sim‐
47 plest, you can think of the nsdb-nces(8) command as a form of NSDB
48 ping. However, it can also convey certain details about the organiza‐
49 tion of any NCEs on an LDAP server. Discovering NCEs on an NSDB is
50 always the first step FedFS-enabled file servers perform when resolving
51 a FedFS junction.
52
54 -d, --debug
55 Specifies that debugging messages be produced during operation.
56 -?, --help
58 Prints an nsdb-nces(8) version and usage message on stderr, then
59 exits.
60 -l, --nsdbname=NSDB-hostname
62 Specifies the hostname of the NSDB to enumerate. If the --nsdb‐
63 name option is not specified, the value of the FEDFS_NSDB_HOST
64 environment variable is consulted. If the variable is not set
65 and the --nsdbname option is not specified, the nsdb-nces(8)
66 command fails.
67 -r, --nsdbport=NSDB-port
69 Specifies the IP port of the NSDB to enumerate. If the --nsdb‐
70 port option is not specified, the value of the FEDFS_NSDB_PORT
71 environment variable is consulted. The default value if the
72 variable is not set is 389.
73
75 The NSDB returns a value that reflects the success of the requested
76 operation.
77 FEDFS_OK
79 The LDAP query succeeded. One or more NSDB container entries
80 were detected on the target LDAP server.
81 FEDFS_ERR_ACCESS
83 The anonymous entity does not have permission to perform the
84 requested operation.
85 FEDFS_ERR_INVAL
87 One of the arguments was not valid.
88 FEDFS_ERR_SVRFAULT
90 An unanticipated non-protocol error occurred.
91 FEDFS_ERR_NSDB_ROUTE
93 The nsdb-nces(8) command was unable to find a route to the spec‐
94 ified NSDB.
95 FEDFS_ERR_NSDB_DOWN
97 The nsdb-nces(8) command determined that the specified NSDB was
98 down.
99 FEDFS_ERR_NSDB_CONN
101 The nsdb-nces(8) command was unable to establish a connection
102 with the specified NSDB.
103 FEDFS_ERR_NSDB_AUTH
105 The nsdb-nces(8) command was unable to authenticate and estab‐
106 lish a secure connection with the specified NSDB.
107 FEDFS_ERR_NSDB_LDAP
109 A non-specific LDAP error occurred on the connection between the
110 nsdb-nces(8) command and specified NSDB.
111 FEDFS_ERR_NSDB_LDAP_VAL
113 An LDAP error occurred on the connection between the nsdb-
114 nces(8) command and specified NSDB. The specific error may be
115 displayed on the command line.
116 FEDFS_ERR_NSDB_NONCE
118 The nsdb-nces(8) command was unable to locate any NCEs on the
119 specified NSDB.
120 FEDFS_ERR_NSDB_RESPONSE
122 The nsdb-nces(8) command received a malformed response from the
123 specified NSDB.
124 FEDFS_ERR_NSDB_FAULT
126 An unanticipated error related to the specified NSDB occurred.
127 FEDFS_ERR_NSDB_PARAMS
129 The local NSDB connection parameter database does not have any
130 connection parameters on record for the specified NSDB.
131 FEDFS_ERR_NSDB_LDAP_REFERRAL
133 The nsdb-nces(8) command received an LDAP referral that it was
134 unable to follow.
135 FEDFS_ERR_NSDB_LDAP_REFERRAL_VAL
137 The nsdb-nces(8) command received an LDAP referral that it was
138 unable to follow. A specific error may be displayed on the com‐
139 mand line.
140 FEDFS_ERR_NSDB_LDAP_REFERRAL_NOTFOLLOWED
142 The nsdb-nces(8) command received an LDAP referral that it chose
143 not to follow, either because the local implementation does not
144 support following LDAP referrals or LDAP referral following is
145 disabled.
146 FEDFS_ERR_NSDB_PARAMS_LDAP_REFERRAL
148 The nsdb-nces(8) command received an LDAP referral that it chose
149 not to follow because the local NSDB connection parameter data‐
150 base had no connection parameters for the NSDB targeted by the
151 LDAP referral.
152
154 Suppose you are the FedFS administrator of the example.net FedFS domain
155 and that you want to know if the LDAP server ldap.example.net is an
156 NSDB. Use:
157 $ nsdb-nces -l ldap.example.net
159 Host: ldap.example.net:389
160 namingContext 'dc=example,dc=net' does not host an NCE.
161 namingContext 'o=fedfs' hosts an NCE at 'o=fedfs'.
162 namingContext 'o=netscaperoot' does not host an NCE.
163 This shows there are three LDAP naming contexts on the target LDAP
165 server. One of these is an NSDB Container Entry. Thus the target LDAP
166 server is an NSDB.
167
169 The nsdb-nces(8) command uses anonymous binding when performing LDAP
170 queries. LDAP naming contexts are typically readable by everyone.
171 The target LDAP server must be registered in the local NSDB connection
173 parameter database. The connection security mode listed in the NSDB
174 connection parameter database for the target LDAP server is used during
175 this operation. See nsdbparams(8) for details on how to register an
176 NSDB in the local NSDB connection parameter database.
177
179 fedfs(7), nsdbparams(8)
180 RFC 5716 for FedFS requirements and overview
182 RFC 4510 for an introduction to LDAP
184
186 This page is part of the fedfs-utils package. A description of the
187 project and information about reporting bugs can be found at
188 http://wiki.linux-nfs.org/wiki/index.php/FedFsUtilsProject.
189
191 Chuck Lever <chuck.lever@oracle.com>
192 3 February 2014 NSDB-NCES(8)