1NSDB-REMOVE-NCI(8) System Manager's Manual NSDB-REMOVE-NCI(8)
3
7 nsdb-remove-nci - remove NSDB container information from an LDAP server
8
10 nsdb-remove-nci [-?d] [-D binddn] [-e nce] [-l nsdbname] [-r nsdbport]
11
13 RFC 5716 introduces the Federated File System (FedFS, for short).
14 FedFS is an extensible standardized mechanism by which system adminis‐
15 trators construct a coherent namespace across multiple file servers
16 using file system referrals. For further details, see fedfs(7).
17 The bulk of FedFS junction information in a FedFS domain is stored on
19 one or more LDAP servers. These servers are known as namespace data‐
20 bases, or NSDBs, for short.
21 FedFS-enabled file servers and clients access the information stored on
23 NSDBs via standard LDAP queries. FedFS-enabled file servers use these
24 queries to resolve FedFS junctions. FedFS administrators use them to
25 manage information about file sets contained in a FedFS domain name
26 space.
27
29 The nsdb-remove-nci(8) command is part of a collection of low-level
30 single-use programs that are intended for testing the NSDB protocol or
31 for use in scripts. This command is a convenient way to remove NSDB
32 features from an LDAP server by removing NSDB container information
33 from the server's Directory Information Tree (or DIT, for short).
34 The top of the DIT on an LDAP server has one or more naming contexts.
36 Some LDAP server implementations call these contexts root suffixes.
37 All LDAP entries on that server are contained under naming contexts.
38 The LDAP object under which FedFS-related entries reside is known as
40 the NSDB Container Entry (or NCE). The NCE can be a naming context
41 object, or it can be located somewhere below the naming context. Both
42 the naming context and the NCE must be world-readable for FedFS-enabled
43 clients and servers to access the NSDB.
44 The nsdb-remove-nci(8) command demotes an NCE to an unremarkable LDAP
46 entry so that NSDB clients cannot discover it. It performs the oppo‐
47 site action from nsdb-update-nci(8). The target NCE object must exist
48 before this operation can complete successfully.
49
51 -d, --debug
52 Specifies that debugging messages be produced during operation.
53 -?, --help
55 Prints an nsdb-remove-nci(8) version and usage message on
56 stderr, then exits.
57 -D, --binddn=bind-distinguished-name
59 Specifies a distinguished name of an entity used to bind to the
60 LDAP server where the NSDB resides. If the --binddn option is
61 not specified, the value of the FEDFS_NSDB_ADMIN environment
62 variable is consulted. If this variable is not set, the NSDB
63 connection parameter database is searched for this DN. If none
64 of these is specified, or if this entity does not have permis‐
65 sion to modify this area of the server's DIT, the nsdb-remove-
66 nci(8) command fails.
67 -e, --nce=NSDB-container-entry-distinguished-name
69 Specifies the distinguished name of the doomed NSDB Container
70 Entry. If the --nce option is not specified, the value of the
71 FEDFS_NSDB_NCE environment variable is consulted. If this vari‐
72 able is not set, then the NSDB connection parameter database is
73 searched for this DN. If none of these is specified, the nsdb-
74 remove-nci(8) command fails.
75 -l, --nsdbname=NSDB-hostname
77 Specifies the hostname of the NSDB where the NSDB Container
78 Entry resides. If the --nsdbname option is not specified, the
79 value of the FEDFS_NSDB_HOST environment variable is consulted.
80 If the variable is not set and the --nsdbname option is not
81 specified, the nsdb-remove-nci(8) command fails.
82 -r, --nsdbport=NSDB-port
84 Specifies the IP port of the NSDB where the NSDB Container Entry
85 resides. If the --nsdbport option is not specified, the value
86 of the FEDFS_NSDB_PORT environment variable is consulted. The
87 default value if the variable is not set is 389.
88
90 The NSDB returns a value that reflects the success of the requested
91 operation.
92 FEDFS_OK
94 The LDAP modify request succeeded.
95 FEDFS_ERR_ACCESS
97 The bound entity does not have permission to perform the
98 requested operation.
99 FEDFS_ERR_INVAL
101 One of the arguments was not valid.
102 FEDFS_ERR_SVRFAULT
104 An unanticipated non-protocol error occurred.
105 FEDFS_ERR_NSDB_ROUTE
107 The nsdb-remove-nci(8) command was unable to find a route to the
108 specified NSDB.
109 FEDFS_ERR_NSDB_DOWN
111 The nsdb-remove-nci(8) command determined that the specified
112 NSDB was down.
113 FEDFS_ERR_NSDB_CONN
115 The nsdb-remove-nci(8) command was unable to establish a connec‐
116 tion with the specified NSDB.
117 FEDFS_ERR_NSDB_AUTH
119 The nsdb-remove-nci(8) command was unable to authenticate and
120 establish a secure connection with the specified NSDB.
121 FEDFS_ERR_NSDB_LDAP
123 A non-specific LDAP error occurred on the connection between the
124 nsdb-remove-nci(8) command and specified NSDB.
125 FEDFS_ERR_NSDB_LDAP_VAL
127 An LDAP error occurred on the connection between the nsdb-
128 remove-nci(8) command and specified NSDB. The specific error
129 may be displayed on the command line.
130 FEDFS_ERR_NSDB_RESPONSE
132 The nsdb-remove-nci(8) command received a malformed response
133 from the specified NSDB.
134 FEDFS_ERR_NSDB_FAULT
136 An unanticipated error related to the specified NSDB occurred.
137 FEDFS_ERR_NSDB_PARAMS
139 The local NSDB connection parameter database does not have any
140 connection parameters on record for the specified NSDB.
141 FEDFS_ERR_NSDB_LDAP_REFERRAL
143 The nsdb-remove-nci(8) command received an LDAP referral that it
144 was unable to follow.
145 FEDFS_ERR_NSDB_LDAP_REFERRAL_VAL
147 The nsdb-remove-nci(8) command received an LDAP referral that it
148 was unable to follow. A specific error may be displayed on the
149 command line.
150 FEDFS_ERR_NSDB_LDAP_REFERRAL_NOTFOLLOWED
152 The nsdb-remove-nci(8) command received an LDAP referral that it
153 chose not to follow, either because the local implementation
154 does not support following LDAP referrals or LDAP referral fol‐
155 lowing is disabled.
156 FEDFS_ERR_NSDB_PARAMS_LDAP_REFERRAL
158 The nsdb-remove-nci(8) command received an LDAP referral that it
159 chose not to follow because the local NSDB connection parameter
160 database had no connection parameters for the NSDB targeted by
161 the LDAP referral.
162
164 Suppose you are the FedFS administrator of the example.net FedFS domain
165 and that you want to disable the NCE o=fedfs on the NSDB nsdb.exam‐
166 ple.net.
167 $ nsdb-remove-nci -l nsdb.example.net -D cn=Manager -e o=fedfs
169 Enter NSDB password:
170 Successfully removed NCI
171 This action does not remove any FedFS records. It simply removes the
172 pointer to the records.
173
175 An entity with appropriate authority, such as an administrator entity,
176 must be used to modify LDAP entries. The nsdb-remove-nci(8) command
177 must bind as such an entity to perform this operation. The nsdb-
178 remove-nci(8) command asks for a password on stdin. Standard password
179 blanking techniques are used to obscure the password on the user's ter‐
180 minal.
181 The target LDAP server must be registered in the local NSDB connection
183 parameter database. The connection security mode listed in the NSDB
184 connection parameter database for the target LDAP server is used during
185 this operation. See nsdbparams(8) for details on how to register an
186 NSDB in the local NSDB connection parameter database.
187
189 fedfs(7), nsdb-nces(8), nsdb-update-nci(8), nsdbparams(8)
190 RFC 5716 for FedFS requirements and overview
192 RFC 4510 for an introduction to LDAP
194
196 This page is part of the fedfs-utils package. A description of the
197 project and information about reporting bugs can be found at
198 http://wiki.linux-nfs.org/wiki/index.php/FedFsUtilsProject.
199
201 Chuck Lever <chuck.lever@oracle.com>
202 3 February 2014 NSDB-REMOVE-NCI(8)