Chapter 2. Core Server Configuration Reference
The configuration information for Red Hat Directory Server is stored as LDAP entries within the directory itself. Therefore, changes to the server configuration must be implemented through the use of the server itself rather than by simply editing configuration files. The principal advantage of this method of configuration storage is that it allows a directory administrator to reconfigure the server using LDAP while it is still running, thus avoiding the need to shut the server down for most configuration changes.
This chapter gives details on how the configuration is organized and how to alter it. The chapter also provides an alphabetical reference for all attributes.
2.1. Server Configuration - Overview
When the Directory Server is set up, its default configuration is stored as a series of LDAP entries within the directory, under the subtree cn=config. When the server is started, the contents of the cn=config subtree are read from a file (dse.ldif) in LDIF format. This dse.ldif file contains all of the server configuration information. The latest version of this file is called dse.ldif, the version prior to the last modification is called dse.ldif.bak, and the latest file with which the server successfully started is called dse.ldif.startOK.
Many of the features of the Directory Server are designed as discrete modules that plug into the core server. The details of the internal configuration for each plug-in are contained in separate entries under cn=plugins,cn=config. For example, the configuration of the Telephone Syntax Plug-in is contained in this entry:
cn=Telephone Syntax,cn=plugins,cn=config
Similarly, database-specific configuration is stored under
cn=ldbm database,cn=plugins,cn=config for local databases and
cn=chaining database,cn=plugins,cn=config for database links.
The following diagram illustrates how the configuration data fits within the cn=config directory information tree.
2.1.1. LDIF and Schema Configuration Files
The Directory Server configuration data are stored in LDIF files in the /etc/dirsrv/slapd-instance_name directory (/etc/opt/dirsrv/slapd-instance_name on HP-UX). Thus, if a server identifier is phonebook, then for a Directory Server on Red Hat Enterprise Linux 5 (32-bit), the configuration LDIF files are all stored under /etc/dirsrv/slapd-phonebook.
This directory also contains other server instance-specific configuration files.
Schema configuration is also stored in LDIF format, and these files are located in the /etc/dirsrv/slapd-instance_name/schema directory (/etc/opt/dirsrv/slapd->instance_name on HP-UX).
The following table lists all of the configuration files that are supplied with the Directory Server, including those for the schema of other compatible servers. Each file is preceded by a number which indicates the order in which they should be loaded (in ascending numerical and then alphabetical order).
|
Configuration Filename
|
Purpose
|
|---|
|
dse.ldif
|
Contains front-end Directory Specific Entries created by the directory at server startup. These include the Root DSE ("") and the contents of cn=config and cn=monitor (acis only).
|
|
00core.ldif
|
Contains only those schema definitions necessary for starting the server with the bare minimum feature set (no user schema, no schema for any non-core features). The rest of the schema used by users, features, and applications is found in 01common.ldif and the other schema files. Do not modify this file.
|
|
01common.ldif
|
Contains LDAPv3 standard operational schema, such as subschemaSubentry, LDAPv3 standard user and organization schema defined in RFC 2256 (based on X.520/X.521), inetOrgPerson and other widely-used attributes, and the operational attributes used by Directory Server configuration. Modifying this file causes interoperability problems. User-defined attributes should be added through the Directory Server Console.
|
|
05rfc2247.ldif
|
Schema from RFC 2247 and related pilot schema, from "Using Domains in LDAP/X500 Distinguished Names."
|
|
05rfc2927.ldif
|
Schema from RFC 2927, "MIME Directory Profile for LDAP Schema." Contains the ldapSchemas operational attribute required for the attribute to show up in the subschema subentry.
|
|
10presence.ldif
|
Legacy. Schema for instant messaging presence (online) information; the file lists the default object classes with the allowed attributes that must be added to a user's entry in order for instant-messaging presence information to be available for that user.
|
|
10rfc2307.ldif
|
Schema from RFC 2307, "An Approach for Using LDAP as a Network Information Service." This may be superseded by 10rfc2307bis, the new version of rfc2307, when that schema becomes available.
|
|
20subscriber.ldif
|
Contains new schema elements and the Nortel subscriber interoperability specification. Also contains the adminRole and memberOf attributes and inetAdmin object class, previously stored in the 50ns-delegated-admin.ldif file.
|
|
25java-object.ldif
|
Schema from RFC 2713, "Schema for Representing Java® Objects in an LDAP Directory."
|
|
28pilot.ldif
|
Contains pilot directory schema from RFC 1274, which is no longer recommended for new deployments. Future RFCs which succeed RFC 1274 may deprecate some or all of 28pilot.ldif attribute types and classes.
|
|
30ns-common.ldif
|
Schema that contains objects classes and attributes common to the Directory Server Console framework.
|
|
50ns-admin.ldif
|
Schema used by Red Hat Administration Server.
|
|
50ns-certificate.ldif
|
Schema for Red Hat Certificate Management System.
|
|
50ns-directory.ldif
|
Contains additional configuration schema used by Directory Server 4.12 and earlier versions of the directory, which is no longer applicable to current releases of Directory Server. This schema is required for replicating between Directory Server 4.12 and current releases.
|
|
50ns-mail.ldif
|
Schema used by Netscape Messaging Server to define mail users and mail groups.
|
|
50ns-value.ldif
|
Schema for servers' value item attributes.
|
|
50ns-web.ldif
|
Schema for Netscape Web Server.
|
|
60pam-plugin.ldif
|
Reserved for future use.
|
|
99user.ldif
|
User-defined schema maintained by Directory Server replication consumers which contains the attributes and object classes from the suppliers.
|
Table 2.1. Directory Server LDIF Configuration Files
2.1.2. How the Server Configuration Is Organized
The dse.ldif file contains all configuration information including directory-specific entries created by the directory at server startup, such as entries related to the database. The file includes the root Directory Server entry (or DSE, named by "") and the contents of cn=config and cn=monitor.
When the server generates the dse.ldif file, it lists the entries in hierarchical order in the order that the entries appear in the directory under cn=config, which is usually the same order in which an LDAP search of subtree scope for base cn=config returns the entries.
dse.ldif also contains the cn=monitor entry, which is mostly read-only, but can have ACIs set on it.
NOTE
The dse.ldif file does not contain every attribute in cn=config. If the attribute has not been set by the administrator and has a default value, the server will not write it to dse.ldif. To see every attribute in cn=config, use ldapsearch.
2.1.2.1. Configuration Attributes
Within a configuration entry, each attribute is represented as an attribute name. The value of the attribute corresponds to the attribute's configuration.
The following code sample is an example of part of the dse.ldif file for a Directory Server. The example shows, among other things, that schema checking has been enabled; this is represented by the attribute nsslapd-schemacheck, which takes the value on.
dn: cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsslapdConfig
nsslapd-accesslog-logging-enabled: on
nsslapd-enquote-sup-oc: off
nsslapd-localhost: phonebook.example.com
nsslapd-schemacheck: on
nsslapd-port: 389
nsslapd-localuser: nobody
...
2.1.2.2. Configuration of Plug-in Functionality
The configuration for each part of Directory Server plug-in functionality has its own separate entry and set of attributes under the subtree cn=plugins,cn=config. The following code sample is an example of the configuration entry for an example plug-in, the Telephone Syntax plug-in.
dn: cn=Telephone Syntax,cn=plugins,cn=config
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
cn: Telephone Syntax
nsslapd-pluginType: syntax
nsslapd-pluginEnabled: on
Some of these attributes are common to all plug-ins, and some may be particular to a specific plug-in. Check which attributes are currently being used by a given plug-in by performing an ldapsearch on the cn=config subtree.
2.1.2.3. Configuration of Databases
The cn=NetscapeRoot and cn=UserRoot subtrees under the database plug-in entry contain configuration data for the databases containing the o=NetscapeRoot suffix and the default suffix created during setup, such as dc=example,dc=com.
These entries and their children have many attributes used to configure different database settings, like the cache sizes, the paths to the index files and transaction logs, entries and attributes for monitoring and statistics; and database indexes.
2.1.2.4. Configuration of Indexes
Configuration information for indexing is stored as entries in the Directory Server under the following information-tree nodes:
cn=index,cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config
cn=index,cn=UserRoot,cn=ldbm database,cn=plugins,cn=config
cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config