Netscape logo Configuration, Command, and File Reference
Netscape Directory Server                                                                                                                                  
Previous
 Contents
 Index
 DocHome Next

 

Chapter 3   Plug-in Implemented Server Functionality Reference



This chapter contains reference information on Netscape Directory Server (Directory Server) server plug-ins. The chapter is divided into the following sections:


Overview

The configuration for each part of Directory Server plug-in functionality has its own separate entry and set of attributes under the subtree cn=plugins,cn=config. Code Example 2-2, which you saw in chapter 2, "Core Server Configuration Reference," shows some of the plug-in configuration attributes.  

dn: cn=Telephone Syntax,cn=plugins,cn=config
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
cn: Telephone Syntax
nsslapd-pluginPath: /usr/netscape/servers/lib/syntax-plugin.so
nsslapd-pluginInitfunc: tel_init
nsslapd-pluginType: syntax
nsslapd-pluginEnabled: on

Some of these attributes are common to all plug-ins while others may be particular to a specific plug-in. You can check which attributes are currently being used by a given plug-in by performing an ldapsearch on the cn=config subtree.


Object Classes for Plug-in Configuration

All plug-ins are instances of the nsSlapdPlugin object class, which in turn inherits from the extensibleObject object class. For plug-in configuration attributes to be taken into account by the server, both of these object classes (in addition to the top object class) must be present in the entry, as shown in the following example:  

dn:cn=ACL Plugin,cn=plugins,cn=config
objectclass:top
objectclass:nsSlapdPlugin
objectclass:extensibleObject


Server Plug-in Functionality Reference

The tables that follow provide you with a quick overview of the plug-ins provided with Directory Server, along with their configurable options, configurable arguments, default setting, dependencies, general performance related information, and further reading. Information in these tables will help you to weigh plug-in performance gains and costs and choose the optimal settings for your deployment. The "Further Information" row cross references further reading where this is available.


7-bit Check Plug-in

Plug-in Name

7-bit check (NS7bitAtt)

DN of Configuration Entry

cn=7-bit check,cn=plugins,cn=config

Description

Checks certain attributes are 7-bit clean

Configurable Options

on | off

Default Setting

on

Configurable Arguments

list of attributes (uid mail userpassword) followed by "," and then suffix(es) on which the check is to occur

Dependencies

None

Performance Related Information

None

Further Information

If your Directory Server uses non-ASCII characters, for example, Japanese, turn this plug-in off.


ACL Plug-in

Plug-in Name

ACL Plugin

DN of Configuration Entry

cn=ACL Plugin,cn=plugins,cn=config

Description

ACL access check plug-in

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

N/A

Further Information

Chapter 6, "Managing Access Control," in the Netscape Directory Server Administrator's Guide.


ACL Preoperation Plug-in

Plug-in Name

ACL preoperation

DN of Configuration Entry

cn=ACL preoperation,cn=plugins,cn=config

Description

ACL access check plug-in

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

database

Performance Related Information

None

Further Information

Chapter 6, "Managing Access Control," in the Netscape Directory Server Administrator's Guide.


Binary Syntax Plug-in

Plug-in Name

Binary Syntax

DN of Configuration Entry

cn=Binary Syntax,cn=plugins,cn=config

Description

Syntax for handling binary data

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

N/A


Boolean Syntax Plug-in

Plug-in Name

Boolean Syntax

DN of Configuration Entry

cn=Boolean Syntax,cn=plugins,cn=config

Description

Syntax for handling booleans.

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

N/A


Case Exact String Syntax Plug-in

Plug-in Name

Case Exact String Syntax

DN of Configuration Entry

cn=Case Exact String Syntax,cn=plugins,cn=config

Description

Syntax for handling case-sensitive strings

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

N/A


Case Ignore String Syntax Plug-in

Plug-in Name

Case Ignore String Syntax

DN of Configuration Entry

cn=Case Ignore String Syntax,cn=plugins,cn=config

Description

Syntax for handling case-insensitive strings

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

N/A


Chaining Database Plug-in

Plug-in Name

Chaining Database

DN of Configuration Entry

cn=Chaining database,cn=plugins,cn=config

Description

Syntax for handling DNs

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

Chapter 3, "Configuring Directory Databases," in the Netscape Directory Server Administrator's Guide.


Class of Service Plug-in

Plug-in Name

Class of Service

DN of Configuration Entry

cn=Class of Service,cn=plugins,cn=config

Description

Allows for sharing of attributes between entries

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

Chapter 5, "Advanced Entry Management," in the Netscape Directory Server Administrator's Guide.


Country String Syntax Plug-in

Plug-in Name

Country String Syntax Plug-in

DN of Configuration Entry

cn=Country String Syntax,cn=plugins,cn=config

Description

Syntax for handling countries

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

N/A


Distinguished Name Syntax Plug-in

Plug-in Name

Distinguished Name Syntax

DN of Configuration Entry

cn=Distinguished Name Syntax,cn=plugins,cn=config

Description

Syntax for handling DNs

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

N/A


Generalized Time Syntax Plug-in

Plug-in Name

Generalized Time Syntax

DN of Configuration Entry

cn=Generalized Time Syntax,cn=plugins,cn=config

Description

Syntax for dealing with dates, times and time zones

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

The Generalized Time String consists of a four digit year, two digit month (for example, 01 for January), two digit day, two digit hour, two digit minute, two digit second, an optional decimal part of a second, and a time zone indication. We strongly recommend that you use the Z time zone indication, which stands for Greenwich Mean Time.


HTTP Client Plug-in

Plug-in Name

HTTP Client

DN of Configuration Entry

cn=HTTP Client,cn=plugins,cn=config

Description

HTTP client plug-in

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

database

Performance Related Information

N/A

Further Information

N/A


Integer Syntax Plug-in

Plug-in Name

Integer Syntax

DN of Configuration Entry

cn=Integer Syntax,cn=plugins,cn=config

Description

Syntax for handling integers

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

N/A


Internationalization Plug-in

Plug-in Name

Internationalization Plugin

DN of Configuration Entry

cn=Internationalization Plugin,cn=plugins,cn=config

Description

Syntax for handling DNs

Configurable Options

on | off

Default Setting

on

Configurable Arguments

The Internationalization has one argument, which must not be modified: serverRoot/slapd-serverID/config/slapd-collations.conf

This directory stores the collation orders and locale s used by the internationalization plug-in.

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

See Appendix D, "Internationalization," in the Netscape Directory Server Administrator's Guide.


ldbm database Plug-in

Plug-in Name

ldbm database Plug-in

DN of Configuration Entry

cn=ldbm database plug-in,cn=plugins,cn=config

Description

Implements local databases

Configurable Options

N/A

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

See Database Plug-in Attributes for further information on database configuration.

Further Information

Chapter 3, "Configuring Directory Databases," in the Netscape Directory Server Administrator's Guide.


Legacy Replication Plug-in

Plug-in Name

Legacy Replication plug-in

DN of Configuration Entry

cn=Legacy Replication plug-in,cn=plugins,cn=config

Description

Enables a current version Directory Server to be a consumer of a 4.x supplier

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None. This plug-in can be disabled if the server is not (and never will be) a consumer of a 4.x server.

Dependencies

database

Performance Related Information

None

Further Information

Chapter 8, "Managing Replication," in the Netscape Directory Server Administrator's Guide.


Multimaster Replication Plug-in

Plug-in Name

Multimaster Replication Plugin

DN of Configuration Entry

cn=Multimaster Replication plugin,cn=plugins,cn=config

Description

Enables replication between two current Directory Servers

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

database

Performance Related Information

N/A

Further Information

You can turn this plug-in off if you only have one server which will never replicate. See also chapter 8, "Managinng Replication," in the Netscape Directory Server Administrator's Guide.


Octet String Syntax Plug-in

Plug-in Name

Octet String Syntax

DN of Configuration Entry

cn=Octet String Syntax,cn=plugins,cn=config

Description

Syntax for handling octet strings

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

N/A


CLEAR Password Storage Plug-in

Plug-in Name

CLEAR

DN of Configuration Entry

cn=CLEAR,cn=Password Storage Schemes,cn=plugins,cn=config

Description

CLEAR password storage scheme used for password encryption

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

Chapter 7, "User Account Management," in the Netscape Directory Server Administrator's Guide.


CRYPT Password Storage Plug-in

Plug-in Name

CRYPT

DN of Configuration Entry

cn=CRYPT,cn=Password Storage Schemes,cn=plugins,cn=config

Description

CRYPT password storage scheme used for password encryption

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

Chapter 7, "User Account Management," in the Netscape Directory Server Administrator's Guide.


NS-MTA-MD5 Password Storage Scheme Plug-in

Plug-in Name

NS-MTA-MD5

DN of Configuration Entry

cn=NS-MTA-MD5,cn=Password Storage Schemes,cn=plugins,cn=config

Description

NS-MTA-MD5 password storage scheme for password encryption

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

You can no longer choose to encrypt passwords using the NS-MTA-MD5 password storage scheme. The storage scheme is still present but only for reasons of backward compatibility; i.e. if the data in your directory still contains passwords encrypted with the NS-MTA-MD5 password storage scheme. See chapter 7, "User Account Management," in the Netscape Directory Server Administrator's Guide.


SHA Password Storage Scheme Plug-in

Plug-in Name

SHA

DN of Configuration Entry

cn=SHA,cn=Password Storage Schemes,cn=plugins,cn=config

Description

SHA password storage scheme for password encryption

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

If there are not passwords encrypted using the SHA password storage scheme, you may turn this plug-in off. If you want to encrypt your password with the SHA password storage scheme, we recommend that you choose SSHA instead, as SSHA is a far more secure option.

Further Information

Chapter 7, "User Account Management," in the Netscape Directory Server Administrator's Guide.


SSHA Password Storage Scheme Plug-in

Plug-in Name

SSHA

DN of Configuration Entry

cn=SSHA,cn=Password Storage Schemes,cn=plugins,cn=config

Description

SSHA password storage scheme for password encryption

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

Chapter 7, "User Account Management," in the Netscape Directory Server Administrator's Guide.


Postal Address String Syntax Plug-in

Plug-in Name

Postal Address Syntax

DN of Configuration Entry

cn=Postal Address Syntax,cn=plugins,cn=config

Description

Syntax used for handling postal addresses

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

N/A


Presence Plug-in

Plug-in Name

Presence

DN of Configuration Entry

cn=Presence,cn=plugins,cn=config

Description

Syntax used for handling postal addresses

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

database

Performance Related Information

Check the reference provided in Further Information.

Further Information

Chapter 18, "Configuring IM Presence Informtion," in the Netscape Directory Server Administrator's Guide.


PTA Plug-in

Plug-in Name

Pass-Through Authentication Plugin

DN of Configuration Entry

cn=Pass Through Authentication,cn=plugins,cn=config

Description

Enables pass-through authentication, the mechanism which allows one directory to consult another to authenticate bind requests.

Configurable Options

on | off

Default Setting

off

Configurable Arguments

ldap://example.com:389/o=example

Dependencies

None

Performance Related Information

Check the reference provided in Further Information.

Further Information

Chapter 16, "Using the Pass-though Authentication Plug-in," in the Netscape Directory Server Administrator's Guide.


Referential Integrity Postoperation Plug-in

Plug-in Name

Referential Integrity Postoperation

DN of Configuration Entry

cn=Referential Integrity Postoperation,cn=plugins,cn=config

Description

Enables the server to ensure referential integrity

Configurable Options

All configuration and on | off

Default Setting

off

Configurable Arguments

When enabled, the post operation Referential Integrity plug-in performs integrity updates on the member, uniquemember, owner, and seeAlso attributes immediately after a delete or rename operation. You can reconfigure the plug-in to perform integrity checks on all other attributes.

Configurable arguments are as follows:

  1. Check for referential integrity.
    -1 = no check for referential integrity
    0 = check for referential integrity is performed immediately
    positive integer = request for referential integrity is queued and processed at a later stage. This positive integer serves as a wake-up call for the thread to process the request, at intervals corresponding to the integer specified.

  2. Log file for storing the change; for example, /usr/netscape/servers/logs/referint
  3. All the additional attribute names you want to be checked for referential integrity.

Dependencies

database

Performance Related Information

You should enable the Referential Integrity plug-in on only one supplier in a multi-master replication environment to avoid conflict resolution loops. When enabling the plug-in on chained servers, you must be sure to analyze your performance resource and time needs as well as your integrity needs. Note that integrity checks can be time-consuming and draining on memory/CPU.

Further Information

See chapter 3, "Configuring Directory Databases," in the Netscape Directory Server Administrator's Guide.


Retro Changelog Plug-in

Plug-in Name

Retro Changelog Plugin

DN of Configuration Entry

cn=Retro Changelog Plugin,cn=plugins,cn=config

Description

Used by LDAP clients for maintaining application compatibility with Directory Server 4.x versions. Maintains a log of all changes occurring in the Directory Server. The Retro Changelog offers the same functionality as the changelog in the 4.x versions of Directory Server.

Configurable Options

on | off

Default Setting

off

Configurable Arguments

See Retro Changelog Plug-in Attributes for further information on the two configuration attributes for this plug-in.

Dependencies

None

Performance Related Information

May slow down Directory Server performance.

Further Information

Chapter 8, "Managing Replication," in the Netscape Directory Server Administrator's Guide.


Roles Plug-in

Plug-in Name

Roles Plugin

DN of Configuration Entry

cn=Roles Plugin,cn=plugins,cn=config

Description

Enables the use of roles in the Directory Server

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

database

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

Chapter 5, "Advanced Entry Management," in the Netscape Directory Server Administrator's Guide.


Space Insensitive String Syntax Plug-in

Plug-in Name

Space Insensitive String Syntax

DN of Configuration Entry

cn=Space Insensitive String Syntax,cn=plugins,cn=config

Description

Syntax for handling space-insensitive values

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. It is recommended that you leave this plug-in running at all times.

Further Information

This plug-in enables the Directory Server to support space and case insensitive values. Applications can now search the directory using entries with ASCII space characters.

For example, applications that use AOL Screen Names can search the Directory Server using filters that contain Screen Names--a search or compare operation that uses jOHN Doe will match entries that contain any of the following Screen Name values: johndoe, john doe, and John Doe.

For more information about finding directory entries, see Appendix B, "Finding Directory Entries," in the Netscape Directory Server Administrator's Guide.

The nsAIMID attribute type, which is a part of the Presence schema, uses this syntax. For details, see "Schema for the Presence Plug-in" in the Netscape Directory Server Administrator's Guide.


State Change Plug-in

Plug-in Name

State Change Plugin

DN of Configuration Entry

cn=State Change Plugin,cn=plugins,cn=config

Description

Enables state-change-notification service.

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

N/A

Further Information

N/A


Telephone Syntax Plug-in

Plug-in Name

Telephone Syntax

DN of Configuration Entry

cn=Telephone Syntax,cn=plugins,cn=config

Description

Syntax for handling telephone numbers

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. Netscape recommends that you leave this plug-in running at all times.

Further Information

N/A


UID Uniqueness Plug-in

Plug-in Name

UID Uniqueness plug-in

DN of Configuration Entry

cn=UID Uniqueness,cn=plugins,cn=config

Description

Checks that the values of specified attributes are unique each time a modification occurs on an entry.

Configurable Options

on | off

Default Setting

off

Configurable Arguments

Enter the following arguments:

uid
"DN"
"DN"...

if you want to check for UID attribute uniqueness in all listed subtrees.

However, enter the following arguments:

attribute="uid"
MarkerObjectclass= "ObjectClassName"

and, optionally,

requiredObjectClass= "ObjectClassName"

if you want to check for UID attribute uniqueness when adding or updating entries with the requiredObjectClass, starting from the parent entry containing the ObjectClass as defined by the MarkerObjectClass attribute.

Dependencies

database

Performance Related Information

Directory Server provides the UID Uniqueness plug-in by default. If you want to ensure unique values for other attributes, you can create instances of the UID Uniqueness plug-in for those attributes. See chapter 17, "Using the Attribute Uniqueness Plug-in," in the Netscape Directory Server Administrator's Guide for more information about the Attribute Uniquenss plug-in.

The UID Uniqueness plug-in is off by default due to operation restrictions that need to be addressed before enabling the plug-in in a multi-master replication environment. Turning the plug-in on may slow down Directory Server performance.

Further Information

Chapter 17, "Using the Attribute Uniqueness Plug-in," in the Netscape Directory Server Administrator's Guide.


URI Syntax Plug-in

Plug-in Name

URI Syntax

DN of Configuration Entry

cn=URI Syntax,cn=plugins,cn=config

Description

Syntax for handling URIs (Unique Resource Identifiers) including URLs (Unique Resource Locators)

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information