Administrator's Guide Netscape Directory Server

Index      DocHome      Next

Contents

List of Figures

List of Tables

Introduction

Directory Server Overview

Prerequisite Reading

Conventions Used in This Book

Related Information

Part 1 Administering Netscape Directory Server

Chapter 1   Introduction to Netscape Directory Server

Overview of Directory Server Management

Using the Directory Server Console

Copying Entry DNs to the Clipboard

Configuring the Directory Manager

Binding to the Directory From Netscape Console

Starting and Stopping the Directory Server

Configuring LDAP Parameters

Starting the Server with SSL Enabled

Cloning a Directory Server

Starting the Server in Referral Mode

Chapter 2   Creating Directory Entries

Managing Entries From the Directory Console

Managing Entries From the Command Line

Providing Input From the Command Line

Adding and Modifying Entries Using ldapmodify

LDIF Update Statements

A Note on Renaming Entries

Adding Attributes to Existing Entries Using LDIF

Deleting an Entry Using LDIF

Maintaining Referential Integrity

How Referential Integrity Works

Using Referential Integrity with Replication

Configuring the Supplier Server

From the Directory Server Console

From the Directory Server Console

From the Directory Server Console

From the Directory Server Console

Chapter 3   Configuring Directory Databases

Creating and Maintaining Suffixes

Creating Suffixes

Maintaining Suffixes

Creating and Maintaining Databases

Creating Databases

Maintaining Directory Databases

Creating and Maintaining Database Links

Configuring the Chaining Policy

Creating a New Database Link

Chaining Using SSL

Maintaining Database Links

Database Links and Access Control Evaluation

Advanced Feature: Tuning Database Link Performance

Detecting Errors During Normal Processing

Managing Threaded Operations

Advanced Feature: Configuring Cascading Chaining

Overview of Cascading Chaining

Summary of Cascading Chaining Configuration Attributes

Cascading Chaining Configuration Example

Using Referrals

Setting Default Referrals

Creating Smart Referrals

Creating Suffix Referrals

Chapter 4   Populating Directory Databases

Importing Data

Importing From the Command Line

Exporting Data

Backing Up and Restoring Data

Backing Up All Databases

Backing Up the dse.ldif Configuration File

Restoring All Databases

Restoring Databases that Include Replicated Entries

Restoring the dse.ldif Configuration File

Enabling and Disabling Read-Only Mode

Chapter 5   Advanced Entry Management

Using Groups

Managing Static Groups

Managing Dynamic Groups

Using Roles

About Roles

Managing Roles Using the Console

Managing Roles Using the Command Line

Examples: Managed Role Definition

Example: Filtered Role Definition

Example: Nested Role Definition

Using Roles Securely

Assigning Class of Service

About CoS

About the CoS Definition Entry

About the CoS Template Entry

How a Pointer CoS Works

How an Indirect CoS Works

How a Classic CoS Works

Managing CoS Using the Console

Managing CoS From the Command Line

Example of a Pointer CoS

Example of an Indirect CoS

Example of a Classic CoS

Creating Role-Based Attributes

Access Control and CoS

Chapter 6   Managing Access Control

Access Control Principles

ACI Structure

ACI Placement

ACI Evaluation

ACI Limitations

Default ACIs

Creating ACIs Manually

The ACI Syntax

Example ACI

Targeting Attributes

Rights Required for LDAP Operations

Permissions Syntax

Bind Rules

Bind Rule Syntax

Anonymous Access (anyone Keyword)

General Access (all Keyword)

Self Access (self Keyword)

Parent Access (parent Keyword)

LDAP URLs

Wildcards

Examples

Examples

Examples

Examples

Creating ACIs From the Console

Access Control Usage Examples

Granting Anonymous Access

Granting Write Access to Personal Entries

Restricting Access to Key Roles

Granting a Group Full Access to a Suffix

Granting Rights to Add and Delete Group Entries

Granting Conditional Access to a Group or Role

Denying Access

Setting a Target Using Filtering

Allowing Users to Add or Remove Themselves From a Group

Defining Permissions for DNs That Contain a Comma

Proxied Authorization ACI Example

Viewing the ACIs for an Entry

Advanced Access Control: Using Macro ACIs

Macro ACI Example

Macro ACI Syntax

Macro Matching for ($dn)

Macro Matching for [$dn]

Macro Matching for ($attr.attrName)

Access Control and Replication

Logging Access Control Information

Compatibility with Earlier Releases

Chapter 7   User Account Management

Managing the Password Policy

Configuring the Password Policy

Configuring the Password Policy Using the Console

Configuring the Password Policy Using the Command-Line

Setting User Passwords

Configuring the Account Lockout Policy

Configuring the Account Lockout Policy Using the Console

Configuring the Account Lockout Policy Using the Command Line

Managing the Password Policy in a Replicated Environment

Inactivating Users and Roles

Inactivating User and Roles Using the Console

Inactivating User and Roles Using the Command Line

Activating User and Roles Using the Console

Activating User and Roles Using the Command Line

Setting Resource Limits Based on the Bind DN

Setting Resource Limits Using the Console

Setting Resource Limits Using the Command Line

Chapter 8   Managing Replication

Replication Overview

Read-Write Replica/Read-Only Replica

Supplier/Consumer

Change Log

Unit of Replication

Replication Identity

Replication Agreement

Compatibility with Earlier Versions of Directory Server

Replication Scenarios

Single-Master Replication

Multi-Master Replication

Cascading Replication

Summary of Steps for Complex Replication Configurations

Detailed Replication Tasks

Configuring Single-Master Replication

Configuring Multi-Master Replication

Configuring Cascading Replication

Deleting the Change Log

Initializing Consumers

Forcing Replication Updates

Replication over SSL

Replication with Earlier Releases

Using the Retro Change Log Plug-In

Monitoring Replication Status

Solving Common Replication Conflicts

Chapter 9   Extending the Directory Schema

Overview of Extending Schema

Managing Attributes

Managing Object Classes

Turning Schema Checking On and Off

Chapter 10   Managing Indexes

About Indexes

About Index Types

About Default, System, and Standard Indexes

Overview of Default Indexes

Overview of System Indexes

Overview of Standard Indexes

Overview of the Searching Algorithm

Balancing the Benefits of Indexing

Creating Indexes

Creating Indexes From the Server Console

Creating Indexes From the Command Line

Adding an Index Entry

Running the db2index.pl Script

Creating Browsing Indexes From the Server Console

Creating Browsing Indexes from the Command Line

Adding a Browsing Index Entry

Running the vlvindex Script

Deleting Indexes

Deleting Indexes From the Server Console

Deleting Indexes From the Command Line

Deleting an Index Entry

Running the db2index.pl Script

Deleting Browsing Indexes From the Server Console

Deleting Browsing Indexes From the Command Line

Deleting a Browsing Index Entry

Running the vlvindex Script

Managing Indexes

Benefits of the All IDs Mechanism

Drawbacks of the All IDs Mechanism

When All IDs Threshold is Too Low

When All IDs Threshold is Too High

All IDs Threshold Tuning Advice for Single- Enterprise Directories

All IDs Threshold Tuning Advice for Service Providers and Extranets

Default All IDs Threshold Value

Symptoms of an Inappropriate All IDs Threshold Value

Changing the All IDs Threshold Value

Attribute Name Quick Reference Table

Chapter 11   Managing SSL

Introduction to SSL in the Directory Server

Obtaining and Installing Server Certificates

Activating SSL

Setting Security Preferences

Using Certificate-Based Authentication

Configuring LDAP Clients to Use SSL

Chapter 12   Monitoring Server and Database Activity

Viewing and Configuring Log Files

Access Log

Error Log

Audit Log

Manual Log File Rotation

Monitoring Server Activity

Viewing the Server Performance Monitor

Overview of Server Performance Monitor Information

General Information (Server)

Resource Summary

Current Resource Usage

Connection Status

Global Database Cache Information

Monitoring Database Activity

Viewing Database Performance Monitors

Overview of Database Performance Monitor Information

General Information (Database)

Summary Information Table

Database Cache Information Table

Database File-Specific Table

Monitoring Database Link Activity

Chapter 13   Monitoring Directory Server Using SNMP

About SNMP

SNMP Overview

NMS-Initiated Communication

Managed Device-Initiated Communication

Overview of the Directory Server Management Information Base

About the Operations Table

The Entries Table

Setting Up SNMP

Setting Up SNMP on Windows NT

Setting Up SNMP on UNIX

Configuring the AIX SNMP Daemon

Starting and Stopping the SNMP Subagent on UNIX

Starting and Stopping the SNMP Service on Windows NT

Configuring SNMP for the Directory Server

Chapter 14   Tuning Directory Server Performance

Tuning Server Performance

Tuning Database Performance

Optimizing Search Performance

Tuning Transaction Logging

Changing the Location of the Database Transaction Log

Changing the Database Checkpoint Interval

Disabling Durable Transactions

Specifying Transaction Batching

Miscellaneous Tuning Tips

Avoid Creating Entries Under the cn=config Entry in the dse.ldif File

Part 2 Plug-Ins Reference

Chapter 15   Administering Directory Server Plug-Ins

Server Plug-in Functionality Reference

7-bit Check Plug-In

ACL Plug-In

ACL Preoperation Plug-In

Binary Syntax Plug-In

Boolean Syntax Plug-In

Case Exact String Syntax Plug-In

Case Ignore String Syntax Plug-In

Chaining Database Plug-In

Class of Service Plug-In

Country String Syntax Plug-In

Distinguished Name Syntax Plug-In

Generalized Time Syntax Plug-In

Integer Syntax Plug-In

Internationalization Plug-In

ldbm Database Plug-In

Legacy Replication Plug-In

Multimaster Replication Plug-In

Octet String Syntax Plug-in

CLEAR Password Storage Plug-In

CRYPT Password Storage Plug-In

NS-MTA-MD5 Password Storage Plug-In

SHA Password Storage Plug-In

SSHA Password Storage Plug-In

Postal Address String Syntax Plug-In

PTA Plug-In

Referential Integrity Postoperation Plug-In

Retro Change Log Plug-In

Roles Plug-In

Telephone Syntax Plug-In

UID Uniqueness Plug-in

URI Plug-in

Enabling and Disabling Plug-Ins From the Server Console

Chapter 16   Using the Pass-Through Authentication Plug-In

How Directory Server Uses PTA

PTA Plug-In Syntax

Configuring the PTA Plug-In

PTA Plug-In Syntax Examples

Specifying One Authenticating Directory Server and One Subtree

Specifying Multiple Authenticating Directory Servers

Specifying One Authenticating Directory Server and Multiple Subtrees

Using Non-Default Parameter Values

Specifying Different Optional Parameters and Subtrees for Different Authenticating Directory Servers

Chapter 17   Using the Attribute Uniqueness Plug-In

Overview of the Attribute Uniqueness Plug-In

Overview of the UID Uniqueness Plug-in

Attribute Uniqueness Plug-In Syntax

Creating an Instance of the Attribute Uniqueness Plug-In

Configuring Attribute Uniqueness Plug-Ins

Configuring Attribute Uniqueness Plug-Ins From the Directory Server Console

Attribute Uniqueness Plug-In Syntax Examples

Replication and the Attribute Uniqueness Plug-In

Simple Replication Scenario

Multi-Master Replication Scenario

Part 3 Appendixes

Appendix A   LDAP Data Interchange Format

LDIF File Format

Continuing Lines in LDIF

Representing Binary Data

Specifying Directory Entries Using LDIF

Defining Directories Using LDIF

LDIF File Example

Storing Information in Multiple Languages

Appendix B   Finding Directory Entries

Finding Entries Using the Server Console

Using ldapsearch

Using Special Characters

ldapsearch Command-Line Format

Commonly Used ldapsearch options

ldapsearch Examples

Returning All Entries

Specifying Search Filters on the Command Line

Searching the Root DSE Entry

Searching the Schema Entry

Using LDAP_BASEDN

Displaying Subsets of Attributes

Specifying Search Filters Using a File

Specifying DNs that Contain Commas in Search Filters

Using Client Authentication When Searching

LDAP Search Filters

Search Filter Syntax

Using Attributes in Search Filters

Using Operators in Search Filters

Using Compound Search Filters

Search Filter Examples

Searching an Internationalized Directory

Matching Rule Filter Syntax

Matching Rule Formats

Using Wildcards in Matching Rule Filters

Supported Search Types

International Search Examples

Less Than Example

Less Than or Equal to Example

Equality Example

Greater Than or Equal to Example

Greater Than Example

Substring Example

Appendix C   LDAP URLs

Components of an LDAP URL

Escaping Unsafe Characters

Examples of LDAP URLs

Appendix D   Internationalization

About Locales

Identifying Supported Locales

Supported Language Subtypes

Glossary

Index

© 2001 Sun Microsystems, Inc. Portions copyright 1999, 2001 Netscape Communications Corporation. All rights reserved.

Last Updated November 26, 2001