1
2NSDB-REMOVE-NCI(8)          System Manager's Manual         NSDB-REMOVE-NCI(8)
3
4
5

NAME

7       nsdb-remove-nci - remove NSDB container information from an LDAP server
8

SYNOPSIS

10       nsdb-remove-nci [-?d] [-D binddn] [-e nce] [-l nsdbname] [-r nsdbport]
11

INTRODUCTION

13       RFC  5716  introduces  the  Federated  File  System (FedFS, for short).
14       FedFS is an extensible standardized mechanism by which system  adminis‐
15       trators  construct  a  coherent  namespace across multiple file servers
16       using file system referrals.  For further details, see fedfs(7).
17
18       The bulk of FedFS junction information in a FedFS domain is  stored  on
19       one  or  more LDAP servers.  These servers are known as namespace data‐
20       bases, or NSDBs, for short.
21
22       FedFS-enabled file servers and clients access the information stored on
23       NSDBs  via standard LDAP queries.  FedFS-enabled file servers use these
24       queries to resolve FedFS junctions.  FedFS administrators use  them  to
25       manage  information  about  file  sets contained in a FedFS domain name
26       space.
27

DESCRIPTION

29       The nsdb-remove-nci(8) command is part of  a  collection  of  low-level
30       single-use  programs that are intended for testing the NSDB protocol or
31       for use in scripts.  This command is a convenient way  to  remove  NSDB
32       features  from  an  LDAP  server by removing NSDB container information
33       from the server's Directory Information Tree (or DIT, for short).
34
35       The top of the DIT on an LDAP server has one or more  naming  contexts.
36       Some  LDAP  server  implementations  call these contexts root suffixes.
37       All LDAP entries on that server are contained under naming contexts.
38
39       The LDAP object under which FedFS-related entries reside  is  known  as
40       the  NSDB  Container  Entry  (or NCE).  The NCE can be a naming context
41       object, or it can be located somewhere below the naming context.   Both
42       the naming context and the NCE must be world-readable for FedFS-enabled
43       clients and servers to access the NSDB.
44
45       The nsdb-remove-nci(8) command demotes an NCE to an  unremarkable  LDAP
46       entry  so  that NSDB clients cannot discover it.  It performs the oppo‐
47       site action from nsdb-update-nci(8).  The target NCE object must  exist
48       before this operation can complete successfully.
49

OPTIONS

51       -d, --debug
52              Specifies that debugging messages be produced during operation.
53
54       -?, --help
55              Prints  an  nsdb-remove-nci(8)  version  and  usage  message  on
56              stderr, then exits.
57
58       -D, --binddn=bind-distinguished-name
59              Specifies a distinguished name of an entity used to bind to  the
60              LDAP  server  where the NSDB resides.  If the --binddn option is
61              not specified, the value  of  the  FEDFS_NSDB_ADMIN  environment
62              variable  is  consulted.   If this variable is not set, the NSDB
63              connection parameter database is searched for this DN.  If  none
64              of  these  is specified, or if this entity does not have permis‐
65              sion to modify this area of the server's DIT,  the  nsdb-remove-
66              nci(8) command fails.
67
68       -e, --nce=NSDB-container-entry-distinguished-name
69              Specifies  the  distinguished  name of the doomed NSDB Container
70              Entry.  If the --nce option is not specified, the value  of  the
71              FEDFS_NSDB_NCE environment variable is consulted.  If this vari‐
72              able is not set, then the NSDB connection parameter database  is
73              searched  for this DN.  If none of these is specified, the nsdb-
74              remove-nci(8) command fails.
75
76       -l, --nsdbname=NSDB-hostname
77              Specifies the hostname of the  NSDB  where  the  NSDB  Container
78              Entry  resides.   If the --nsdbname option is not specified, the
79              value of the FEDFS_NSDB_HOST environment variable is  consulted.
80              If  the  variable  is  not  set and the --nsdbname option is not
81              specified, the nsdb-remove-nci(8) command fails.
82
83       -r, --nsdbport=NSDB-port
84              Specifies the IP port of the NSDB where the NSDB Container Entry
85              resides.   If  the --nsdbport option is not specified, the value
86              of the FEDFS_NSDB_PORT environment variable is  consulted.   The
87              default value if the variable is not set is 389.
88

EXIT CODES

90       The  NSDB  returns  a  value that reflects the success of the requested
91       operation.
92
93       FEDFS_OK
94              The LDAP modify request succeeded.
95
96       FEDFS_ERR_ACCESS
97              The bound  entity  does  not  have  permission  to  perform  the
98              requested operation.
99
100       FEDFS_ERR_INVAL
101              One of the arguments was not valid.
102
103       FEDFS_ERR_SVRFAULT
104              An unanticipated non-protocol error occurred.
105
106       FEDFS_ERR_NSDB_ROUTE
107              The nsdb-remove-nci(8) command was unable to find a route to the
108              specified NSDB.
109
110       FEDFS_ERR_NSDB_DOWN
111              The nsdb-remove-nci(8) command  determined  that  the  specified
112              NSDB was down.
113
114       FEDFS_ERR_NSDB_CONN
115              The nsdb-remove-nci(8) command was unable to establish a connec‐
116              tion with the specified NSDB.
117
118       FEDFS_ERR_NSDB_AUTH
119              The nsdb-remove-nci(8) command was unable  to  authenticate  and
120              establish a secure connection with the specified NSDB.
121
122       FEDFS_ERR_NSDB_LDAP
123              A non-specific LDAP error occurred on the connection between the
124              nsdb-remove-nci(8) command and specified NSDB.
125
126       FEDFS_ERR_NSDB_LDAP_VAL
127              An LDAP error occurred  on  the  connection  between  the  nsdb-
128              remove-nci(8)  command  and  specified NSDB.  The specific error
129              may be displayed on the command line.
130
131       FEDFS_ERR_NSDB_RESPONSE
132              The nsdb-remove-nci(8) command  received  a  malformed  response
133              from the specified NSDB.
134
135       FEDFS_ERR_NSDB_FAULT
136              An unanticipated error related to the specified NSDB occurred.
137
138       FEDFS_ERR_NSDB_PARAMS
139              The  local  NSDB connection parameter database does not have any
140              connection parameters on record for the specified NSDB.
141
142       FEDFS_ERR_NSDB_LDAP_REFERRAL
143              The nsdb-remove-nci(8) command received an LDAP referral that it
144              was unable to follow.
145
146       FEDFS_ERR_NSDB_LDAP_REFERRAL_VAL
147              The nsdb-remove-nci(8) command received an LDAP referral that it
148              was unable to follow.  A specific error may be displayed on  the
149              command line.
150
151       FEDFS_ERR_NSDB_LDAP_REFERRAL_NOTFOLLOWED
152              The nsdb-remove-nci(8) command received an LDAP referral that it
153              chose not to follow, either  because  the  local  implementation
154              does  not support following LDAP referrals or LDAP referral fol‐
155              lowing is disabled.
156
157       FEDFS_ERR_NSDB_PARAMS_LDAP_REFERRAL
158              The nsdb-remove-nci(8) command received an LDAP referral that it
159              chose  not to follow because the local NSDB connection parameter
160              database had no connection parameters for the NSDB  targeted  by
161              the LDAP referral.
162

EXAMPLES

164       Suppose you are the FedFS administrator of the example.net FedFS domain
165       and that you want to disable the NCE o=fedfs  on  the  NSDB  nsdb.exam‐
166       ple.net.
167
168              $ nsdb-remove-nci -l nsdb.example.net -D cn=Manager -e o=fedfs
169              Enter NSDB password:
170              Successfully removed NCI
171       This  action  does not remove any FedFS records.  It simply removes the
172       pointer to the records.
173

SECURITY

175       An entity with appropriate authority, such as an administrator  entity,
176       must  be  used  to modify LDAP entries.  The nsdb-remove-nci(8) command
177       must bind as such an entity  to  perform  this  operation.   The  nsdb-
178       remove-nci(8)  command asks for a password on stdin.  Standard password
179       blanking techniques are used to obscure the password on the user's ter‐
180       minal.
181
182       The  target LDAP server must be registered in the local NSDB connection
183       parameter database.  The connection security mode listed  in  the  NSDB
184       connection parameter database for the target LDAP server is used during
185       this operation.  See nsdbparams(8) for details on how  to  register  an
186       NSDB in the local NSDB connection parameter database.
187

SEE ALSO

189       fedfs(7), nsdb-nces(8), nsdb-update-nci(8), nsdbparams(8)
190
191       RFC 5716 for FedFS requirements and overview
192
193       RFC 4510 for an introduction to LDAP
194

COLOPHON

196       This  page  is  part  of the fedfs-utils package.  A description of the
197       project  and  information  about  reporting  bugs  can  be   found   at
198       http://wiki.linux-nfs.org/wiki/index.php/FedFsUtilsProject.
199

AUTHOR

201       Chuck Lever <chuck.lever@oracle.com>
202
203
204
205                                3 February 2014             NSDB-REMOVE-NCI(8)
Impressum