|
Administrator's Guide Netscape Directory Server |
|
||
|
|
Part 1 Administering Netscape Directory Server
Chapter 1 Introduction to Netscape Directory Server
Overview of Directory Server Management
Using the Directory Server Console
Starting Directory Server Console
Copying Entry DNs to the Clipboard
Configuring the Directory Manager
Binding to the Directory From Netscape Console
Viewing the Current Bind DN From the Console
Starting and Stopping the Directory Server
Starting/Stopping the Server From the Console
Starting/Stopping the Server From the Command Line
Changing Directory Server Port Numbers
Placing the Entire Directory Server in Read-Only Mode
Tracking Modifications to Directory Entries
Starting the Server with SSL Enabled
Creating a New Directory Server Instance
Cloning the Directory Configuration
Starting the Server in Referral Mode
Chapter 2 Creating Directory Entries
Managing Entries From the Directory Console
Creating an Entry Using a Predefined Template
Creating Other Types of Entries
Displaying the Property Editor
Adding an Object Class to an Entry
Adding an Attribute to an Entry
Managing Entries From the Command Line
Providing Input From the Command Line
Creating a Root Entry From the Command Line
Adding and Modifying Entries Using ldapmodify
Adding Entries Using ldapmodify
Modifying Entries Using ldapmodify
Deleting Entries Using ldapdelete
Adding Attributes to Existing Entries Using LDIF
Changing an Attribute Value Using LDIF
Deleting All Values of an Attribute Using LDIF
Deleting a Specific Attribute Value Using LDIF
Modifying an Entry in an Internationalized Directory
Maintaining Referential Integrity
How Referential Integrity Works
Using Referential Integrity with Replication
Configuring the Supplier Server
Enabling/Disabling Referential Integrity
From the Directory Server Console
Recording Updates in the Change Log
From the Directory Server Console
From the Directory Server Console
From the Directory Server Console
Chapter 3 Configuring Directory Databases
Creating and Maintaining Suffixes
Creating a New Root Suffix Using the Console
Creating a New Sub Suffix Using the Console
Creating Root and Sub Suffixes From the Command Line
Enabling Referrals Only During Update Operations
Creating and Maintaining Databases
Creating a New Database for an Existing Suffix Using the Console
Creating a New Database for a Single Suffix From the Command Line
Adding Multiple Databases for a Single Suffix
Adding the Custom Distribution Function to a Suffix
Maintaining Directory Databases
Placing a Database in Read-Only Mode
Creating and Maintaining Database Links
Configuring the Chaining Policy
Creating a New Database Link Using the Console
Creating a Database Link From the Command Line
Updating Remote Server Authentication Information
Database Links and Access Control Evaluation
Advanced Feature: Tuning Database Link Performance
Managing Connections to the Remote Server
Detecting Errors During Normal Processing
Advanced Feature: Configuring Cascading Chaining
Overview of Cascading Chaining
Configuring Cascading Chaining Defaults Using the Console
Configuring Cascading Chaining Using the Console
Configuring Cascading Chaining From the Command Line
Summary of Cascading Chaining Configuration Attributes
Cascading Chaining Configuration Example
Setting a Default Referral Using the Console
Setting a Default Referral From the Command Line
Creating Smart Referrals Using the Directory Server Console
Creating Smart Referrals From the Command Line
Creating Suffix Referrals Using the Console
Creating Suffix Referrals From the Command Line
Chapter 4 Populating Directory Databases
Performing an Import From the Console
Initializing a Database From the Console
Importing From the Command Line
Importing Using the ldif2db Command-Line Script
Importing Using the ldif2db.pl Perl Script
Importing Using the ldif2ldap Command-Line Script
Exporting Directory Data to LDIF Using the Console
Exporting a Single Database to LDIF Using the Console
Exporting to LDIF From the Command Line
Backing Up All Databases From the Server Console
Backing Up All Databases From the Command Line
Backing Up the dse.ldif Configuration File
Restoring All Databases from the Console
Restoring Your Database From the Command Line
Restoring Databases that Include Replicated Entries
Restoring the dse.ldif Configuration File
Enabling and Disabling Read-Only Mode
Chapter 5 Advanced Entry Management
Managing Roles Using the Console
Viewing and Editing an Entry's Roles
Managing Roles Using the Command Line
Examples: Managed Role Definition
Example: Filtered Role Definition
Example: Nested Role Definition
About the CoS Definition Entry
Managing CoS Using the Console
Managing CoS From the Command Line
Creating the CoS Definition Entry From the Command Line
Creating the CoS Template Entry From the Command Line
Creating Role-Based Attributes
Chapter 6 Managing Access Control
Targeting Both an Entry and Attributes
Targeting Entries or Attributes Using LDAP Filters
Targeting Attribute Values Using LDAP Filters
Targeting a Single Directory Entry
Rights Required for LDAP Operations
Defining User Access - userdn Keyword
Anonymous Access (anyone Keyword)
Parent Access (parent Keyword)
Defining Group Access - groupdn Keyword
Defining Role Access - roledn Keyword
Defining Access Based on Value Matching
Using the userattr Keyword With Inheritance
Granting Add Permission Using the userattr Keyword
Defining Access From a Specific IP Address
Defining Access from a Specific Domain
Defining Access at a Specific Time of Day or Day of Week
Defining Access Based on Authentication Method
Creating ACIs From the Console
Displaying the Access Control Editor
Granting Write Access to Personal Entries
Restricting Access to Key Roles
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Granting Conditional Access to a Group or Role
Setting a Target Using Filtering
Allowing Users to Add or Remove Themselves From a Group
Defining Permissions for DNs That Contain a Comma
Proxied Authorization ACI Example
Advanced Access Control: Using Macro ACIs
Macro Matching for ($attr.attrName)
Access Control and Replication
Logging Access Control Information
Compatibility with Earlier Releases
Chapter 7 User Account Management
Configuring the Password Policy
Configuring a Global Password Policy Using the Console
Configuring a Subtree/User Password Policy Using the Console
Configuring a Global Password Policy Using the Command-Line
Configuring Subtree/User Password Policy Using the Command-Line
Configuring the Account Lockout Policy
Configuring the Account Lockout Policy Using the Console
Configuring the Account Lockout Policy Using the Command Line
Managing the Password Policy in a Replicated Environment
Inactivating User and Roles Using the Console
Inactivating User and Roles Using the Command Line
Activating User and Roles Using the Console
Activating User and Roles Using the Command Line
Setting Resource Limits Based on the Bind DN
Setting Resource Limits Using the Console
Setting Resource Limits Using the Command Line
Chapter 8 Managing Replication
Read-Write Replica/Read-Only Replica
Compatibility with Earlier Versions of Directory Server
Handling Complex Replication Configurations
Creating the Supplier Bind DN Entry
Configuring a Read-Write Replica
Configuring a Read-Only Replica
Creating a Replication Agreement
Configuring Single-Master Replication
Configuring the Read-Only Replica on the Consumer Server
Configuring the Read-Write Replica on the Supplier Server
Initializing the Replicas for Single-Master Replication
Configuring Multi-Master Replication
Configuring 2-Way Multi-Master Replication
Configuring the Read-Only Replicas on the Consumer Servers
Configuring the Read-Write Replicas on the Supplier Servers
Initializing the Replicas for Multi-Master Replication
Configuring 4-Way Multi-Master Replication
Configuring the Read-Only Replicas on the Consumer Servers
Configuring the Read-Write Replicas on the Supplier Servers
Initializing the Replicas for Multi-Master Replication
Preventing Monopolization of the Consumer in Multi-Master Replication
Configuring Cascading Replication
Configuring the Read-Only Replica on the Consumer Server
Configuring the Read-Only Replica on the Hub Supplier
Configuring the Read-Write Replica on the Supplier Server
Initializing the Replicas for Cascading Replication
Moving the Change Log to a New Location
Online Consumer Initialization Using the Console
Performing Online Consumer Initialization
Manual Consumer Initialization Using the Command Line
Manual Consumer Initialization Overview
Importing the LDIF File to the Consumer Server
Forcing Replication Updates From the Console
Forcing Replication Updates From the Command Line
Configuring Replication Over SSL Using the Replication Wizard
Replication with Earlier Releases
Configuring Directory Server as a Consumer of a Legacy Directory Server
Using the Retro Change Log Plug-In
Enabling the Retro Change Log Plug-In
Searching and Modifying the Retro Change Log
Retro Change Log and the Access Control Policy
Monitoring Replication Status From the Directory Server Console
Monitoring Replication Status From Administration Express
Solving Common Replication Conflicts
Renaming an Entry with a Multi-Valued Naming Attribute
Renaming an Entry with a Single-Valued Naming Attribute
Solving Orphan Entry Conflicts
Solving Potential Interoperability Problems
Troubleshooting Replication-Related Problems
Interpreting Error Messages and Symptoms
Chapter 9 Extending the Directory Schema
Turning Schema Checking On and Off
About Default, System, and Standard Indexes
Overview of the Searching Algorithm
Balancing the Benefits of Indexing
Creating Indexes From the Server Console
Creating Indexes From the Command Line
Running the db2index.pl Script
Creating Browsing Indexes From the Server Console
Creating Browsing Indexes from the Command Line
Setting Access Control for VLV Information
Deleting Indexes From the Server Console
Deleting Indexes From the Command Line
Running the db2index.pl Script
Deleting Browsing Indexes From the Server Console
Deleting Browsing Indexes From the Command Line
Deleting a Browsing Index Entry
Benefits of the All IDs Mechanism
Drawbacks of the All IDs Mechanism
When All IDs Threshold is Too Low
When All IDs Threshold is Too High
All IDs Threshold Tuning Advice for Single- Enterprise Directories
All IDs Threshold Tuning Advice for Service Providers and Extranets
Default All IDs Threshold Value
Symptoms of an Inappropriate All IDs Threshold Value
Changing the All IDs Threshold Value
Attribute Name Quick Reference Table
Introduction to SSL in the Directory Server
Enabling SSL: Summary of Steps
Obtaining and Installing Server Certificates
Step 1: Generate a Certificate Request
Step 2: Send the Certificate Request
Step 3: Install the Certificate
Step 4: Trust the Certificate Authority
Step 5: Confirm That Your New Certificates Are Installed
Using Certificate-Based Authentication
Setting up Certificate-Based Authentication
Allowing/Requiring Client Authentication
Configuring LDAP Clients to Use SSL
Chapter 12 Monitoring Server and Database Activity
Viewing and Configuring Log Files
Defining a Log File Rotation Policy
Defining a Log File Deletion Policy
Monitoring Your Server From the Directory Server Console
Viewing the Server Performance Monitor
Overview of Server Performance Monitor Information
Global Database Cache Information
Monitoring Your Server From the Command Line
Monitoring Database Activity From the Server Console
Viewing Database Performance Monitors
Overview of Database Performance Monitor Information
General Information (Database)
Database Cache Information Table
Monitoring Databases From the Command Line
Monitoring Database Link Activity
Chapter 13 Monitoring Directory Server Using SNMP
Managed Device-Initiated Communication
Overview of the Directory Server Management Information Base
Configuring the AIX SNMP Daemon
Starting and Stopping the SNMP Subagent on UNIX
Starting and Stopping the SNMP Service on Windows
Configuring SNMP for the Directory Server
Chapter 14 Tuning Directory Server Performance
Changing the Location of the Database Transaction Log
Changing the Database Checkpoint Interval
Disabling Durable Transactions
Specifying Transaction Batching
Avoid Creating Entries Under the cn=config Entry in the dse.ldif File
Chapter 15 Administering Directory Server Plug-Ins
Server Plug-in Functionality Reference
Case Exact String Syntax Plug-In
Case Ignore String Syntax Plug-In
Distinguished Name Syntax Plug-In
Generalized Time Syntax Plug-In
Multimaster Replication Plug-In
CLEAR Password Storage Plug-In
CRYPT Password Storage Plug-In
NS-MTA-MD5 Password Storage Plug-In
Postal Address String Syntax Plug-In
Referential Integrity Postoperation Plug-In
Space Insensitive String Syntax Plug-in
Enabling and Disabling Plug-Ins From the Server Console
Chapter 16 Using the Pass-Through Authentication Plug-In
Configuring the Servers to Use a Secure Connection
Specifying the Authenticating Directory Server
Specifying the Pass-Through Subtree
Configuring the Optional Parameters
Specifying One Authenticating Directory Server and One Subtree
Specifying Multiple Authenticating Directory Servers
Specifying One Authenticating Directory Server and Multiple Subtrees
Using Non-Default Parameter Values
Specifying Different Optional Parameters and Subtrees for Different Authenticating Directory Servers
Using Directory Server for Windows Pass-through Authentication
Chapter 17 Using the Attribute Uniqueness Plug-In
Overview of the Attribute Uniqueness Plug-In
Overview of the UID Uniqueness Plug-in
Attribute Uniqueness Plug-In Syntax
Creating an Instance of the Attribute Uniqueness Plug-In
Configuring Attribute Uniqueness Plug-Ins
Viewing Plug-In Configuration Information
Configuring Attribute Uniqueness Plug-Ins From the Directory Server Console
Configuring Attribute Uniqueness Plug-Ins from the Command Line
Specifying a Suffix or Subtree
Using the markerObjectClass and requiredObjectClass Keywords
Attribute Uniqueness Plug-In Syntax Examples
Replication and the Attribute Uniqueness Plug-In
Multi-Master Replication Scenario
Chapter 18 Configuring IM Presence Information
Overview of IM Presence Information
Schema For the Presence Plug-In
Performance-Related Information
Setting Resource Limits Based on Bind DN
Appendix A LDAP Data Interchange Format
Specifying Directory Entries Using LDIF
Specifying Organization Entries
Specifying Organizational Unit Entries
Specifying Organizational Person Entries
Defining Directories Using LDIF
Storing Information in Multiple Languages
Appendix B Finding Directory Entries
Finding Entries Using the Server Console
ldapsearch Command-Line Format
Commonly Used ldapsearch Options
Specifying Search Filters on the Command Line
Displaying Subsets of Attributes
Specifying Search Filters Using a File
Specifying DNs that Contain Commas in Search Filters
Using Client Authentication When Searching
Using Attributes in Search Filters
Using Operators in Search Filters
Searching an Internationalized Directory
Using Wildcards in Matching Rule Filters
Greater Than or Equal to Example
© 2001 Sun Microsystems, Inc. Portions copyright 1999, 2002-2003 Netscape Communications Corporation. All rights reserved.
Read the Full Copyright and Thrid-Party Acknowledgments.
Last Updated October 30, 2003