1
2NSDB-SIMPLE-NCE(8)          System Manager's Manual         NSDB-SIMPLE-NCE(8)
3
4
5

NAME

7       nsdb-simple-nce - Create a simple NSDB Container Entry
8

SYNOPSIS

10       nsdb-simple-nce [-?d] [-D binddn] [-l nsdbname] [-r nsdbport] parent-dn
11

INTRODUCTION

13       RFC  5716  introduces  the  Federated  File  System (FedFS, for short).
14       FedFS is an extensible standardized mechanism by which system  adminis‐
15       trators  construct  a  coherent  namespace across multiple file servers
16       using file system referrals.  For further details, see fedfs(7).
17
18       The bulk of FedFS junction information in a FedFS domain is  stored  on
19       one  or  more LDAP servers.  These servers are known as namespace data‐
20       bases, or NSDBs, for short.
21
22       FedFS-enabled file servers and clients access the information stored on
23       NSDBs  via standard LDAP queries.  FedFS-enabled file servers use these
24       queries to resolve FedFS junctions.   FedFS  administrators  use  these
25       queries  to  manage  information  about  file sets contained in a FedFS
26       domain name space.
27

DESCRIPTION

29       The nsdb-simple-nce(8) command is part of  a  collection  of  low-level
30       single-use  programs that are intended for testing the NSDB protocol or
31       for use in scripts.  This command is an easy way  to  turn  a  standard
32       LDAP  server  into  an  NSDB by creating an NSDB Container Entry in the
33       server's Directory Information Tree (or DIT, for short).
34
35       The top of the DIT on an LDAP server has one or more  naming  contexts.
36       Some LDAP server implementations call these contexts root suffixes.  An
37       LDAP server's naming contexts are easy for clients  to  locate  with  a
38       well-known search query.  All LDAP entries on that server are contained
39       under naming contexts.
40
41       The LDAP entry under which all other FedFS-related  entries  reside  is
42       known  as  the  NSDB Container Entry (or NCE).  The NCE can be a naming
43       context entry, or it can be located somewhere below a  naming  context.
44       The nsdb-simple-nce(8) command adds an NSDB Container Entry with a dis‐
45       tinguished name that can be created without much prior knowledge of the
46       server's DIT.
47
48       Once  this  entry  is created, the nsdb-simple-nce(8) command automati‐
49       cally adds the new entry's DN to the parent naming context so that NSDB
50       clients can find it.  The result is a ready-to-use NSDB.
51
52       The  nsdb-simple-nce(8) command establishes an NSDB quickly and without
53       fuss.  A more sophisticated  configuration  may  be  established  using
54       standard  LDAP tools and the nsdb-update-nci(8) command.  This might be
55       necessary when preparing an existing LDAP  server  with  a  large  pre-
56       existing DIT for use as an NSDB.
57
58       This  command  has one positional parameter which specifies the distin‐
59       guished name of the parent entry of the new NSDB Container Entry.
60

OPTIONS

62       -d, --debug
63              Enables debugging messages during operation.
64
65       -?, --help
66              Displays nsdb-simple-nce(8) version information and a usage mes‐
67              sage on stderr.
68
69       -D, --binddn=bind-distinguished-name
70              Specifies  a distinguished name of an entity used to bind to the
71              LDAP server where the NSDB resides.  If the --binddn  option  is
72              not  specified,  the  value  of the FEDFS_NSDB_ADMIN environment
73              variable is consulted.  If this variable is not  set,  the  NSDB
74              connection  parameter database is searched for this DN.  If none
75              of these is specified, or if this entity does not  have  permis‐
76              sion  to  modify this area of the server's DIT, the nsdb-simple-
77              nce(8) command fails.
78
79       -l, --nsdbname=NSDB-hostname
80              Specifies the hostname of the NSDB where the target  NCE  should
81              reside.  If the --nsdbname option is not specified, the value of
82              the FEDFS_NSDB_HOST environment variable is consulted.   If  the
83              variable  is not set and the --nsdbname option is not specified,
84              the nsdb-simple-nce(8) command fails.
85
86       -r, --nsdbport=NSDB-port
87              Specifies the IP port of the NSDB where the  target  NCE  should
88              reside.  If the --nsdbport option is not specified, the value of
89              the FEDFS_NSDB_PORT  environment  variable  is  consulted.   The
90              default value if the variable is not set is 389.
91

EXIT CODES

93       The  NSDB  returns  a  value that reflects the success of the requested
94       operation.
95
96       FEDFS_OK
97              The LDAP modify request succeeded.
98
99       FEDFS_ERR_ACCESS
100              The bound  entity  does  not  have  permission  to  perform  the
101              requested operation.
102
103       FEDFS_ERR_INVAL
104              One of the arguments was not valid.
105
106       FEDFS_ERR_SVRFAULT
107              An unanticipated non-protocol error occurred.
108
109       FEDFS_ERR_NSDB_ROUTE
110              The nsdb-simple-nce(8) command was unable to find a route to the
111              specified NSDB.
112
113       FEDFS_ERR_NSDB_DOWN
114              The nsdb-simple-nce(8) command  determined  that  the  specified
115              NSDB was down.
116
117       FEDFS_ERR_NSDB_CONN
118              The nsdb-simple-nce(8) command was unable to establish a connec‐
119              tion with the specified NSDB.
120
121       FEDFS_ERR_NSDB_AUTH
122              The nsdb-simple-nce(8) command was unable  to  authenticate  and
123              establish a secure connection with the specified NSDB.
124
125       FEDFS_ERR_NSDB_LDAP
126              A non-specific LDAP error occurred on the connection between the
127              nsdb-simple-nce(8) command and specified NSDB.
128
129       FEDFS_ERR_NSDB_LDAP_VAL
130              An LDAP error occurred on the connection between  the  nsdb-sim‐
131              ple-nce(8)  command  and specified NSDB.  The specific error may
132              be displayed on the command line.
133
134       FEDFS_ERR_NSDB_RESPONSE
135              The nsdb-simple-nce(8) command  received  a  malformed  response
136              from the specified NSDB.
137
138       FEDFS_ERR_NSDB_FAULT
139              An unanticipated error related to the specified NSDB occurred.
140
141       FEDFS_ERR_NSDB_PARAMS
142              The  local  NSDB connection parameter database does not have any
143              connection parameters on record for the specified NSDB.
144
145       FEDFS_ERR_NSDB_LDAP_REFERRAL
146              The nsdb-simple-nce(8) command received an LDAP referral that it
147              was unable to follow.
148
149       FEDFS_ERR_NSDB_LDAP_REFERRAL_VAL
150              The nsdb-simple-nce(8) command received an LDAP referral that it
151              was unable to follow.  A specific error may be displayed on  the
152              command line.
153
154       FEDFS_ERR_NSDB_LDAP_REFERRAL_NOTFOLLOWED
155              The nsdb-simple-nce(8) command received an LDAP referral that it
156              chose not to follow, either  because  the  local  implementation
157              does  not support following LDAP referrals or LDAP referral fol‐
158              lowing is disabled.
159
160       FEDFS_ERR_NSDB_PARAMS_LDAP_REFERRAL
161              The nsdb-simple-nce(8) command received an LDAP referral that it
162              chose  not to follow because the local NSDB connection parameter
163              database had no connection parameters for the NSDB  targeted  by
164              the LDAP referral.
165

EXAMPLES

167       Suppose you are the FedFS administrator of the example.net FedFS domain
168       and that you want to make the  LDAP  server  ldap.example.net  into  an
169       NSDB.  Ensure the LDAP server has the FedFS schema installed.  The nam‐
170       ing context "dc=example,dc=net" must exist,  and  must  have  an  entry
171       associated with it.  Then you might use:
172
173              $  nsdb-simple-nce  -l  ldap.example.net  -D cn=Manager dc=exam‐
174              ple,dc=net
175              Enter NSDB password:
176              Successfully created simple NCE
177
178       The distinguished name of the new NCE is  "ou=fedfs,dc=example,dc=net".
179       The naming context "dc=example,dc=net" is updated to refer NSDB clients
180       to the "ou=fedfs,dc=example,dc=net" entry.
181
182       To see the new NCE, use nsdb-nces(8).
183

SECURITY

185       LDAP naming contexts are  typically  writable  only  by  administrative
186       entities.   The  nsdb-simple-nce(8) command must bind as an administra‐
187       tive entity to perform this operation.  The nsdb-simple-nce(8)  command
188       asks  for  a  password on stdin.  Standard password blanking techniques
189       are used to obscure the password on the user's terminal.
190
191       The target LDAP server must be registered in the local NSDB  connection
192       parameter  database.   The  connection security mode listed in the NSDB
193       connection parameter database for the target LDAP server is used during
194       this  operation.   See  nsdbparams(8) for details on how to register an
195       NSDB in the local NSDB connection parameter database.
196

SEE ALSO

198       fedfs(7), nsdb-nces(8), nsdb-update-nce(8), nsdbparams(8)
199
200       RFC 5716 for FedFS requirements and overview
201
202       RFC 4510 for an introduction to LDAP
203

COLOPHON

205       This page is part of the fedfs-utils package.   A  description  of  the
206       project   and   information  about  reporting  bugs  can  be  found  at
207       http://wiki.linux-nfs.org/wiki/index.php/FedFsUtilsProject.
208

AUTHOR

210       Chuck Lever <chuck.lever@oracle.com>
211
212
213
214                                3 February 2014             NSDB-SIMPLE-NCE(8)
Impressum