Documentation Home
> Sun Java System Directory Server Enterprise Edition 6.3 Reference
Sun Java System Directory Server Enterprise Edition 6.3 Reference
Book Information
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
W
X
Z
Preface
Part I Directory Server Reference
Chapter 1 Directory Server Overview
Introduction to Directory Server
Directory Server Architecture
Comparison of Software Installation and Server Instances
Communication With Client Applications
Directory Server Configuration
Data Storage in Directory Server
Data Replication Between Server Instances
Access Control in Directory Server
Chapter 2 Directory Server Security
How Directory Server Provides Security
How Directory Server Provides Access Control
Introduction to ACIs
Scope and Hierarchy in ACIs
ACI Limitations
Default ACIs
ACIs and Replication
Effective Rights
ACI Syntax
ACI Targets
Target Syntax
Target Keywords
target Keyword
targetattr Keyword
targetfilter Keyword
targattrfilters Keyword
targetScope Keyword
ACI Permissions
Permission Syntax
Permission Rights
Permissions for Typical LDAP Operations
ACI Bind Rules
Introduction to Bind Rules
Bind Rule Syntax
Bind Rule Keywords
userdn Keyword
Syntax of the userdn Keyword
LDAP URLs in the userdn Keyword
groupdn Keyword
roledn Keyword
userattr Keyword
Examples of userattr Keyword With Various Bind Types
Use of the userattr Keyword With the parent Keyword for Inheritance
Use of the userattr Keyword to Grant Add Permissions
ip Keyword
dns Keyword
timeofday Keyword
dayofweek Keyword
authmethod Keyword
Boolean Bind Rules
Tuning and Access Control
How Directory Server Provides Authentication
Anonymous Access
Password-Based Authentication
Steps in Password-Based Authentication
Password Policy
Types of Password Policy
Configuration of Password Policy
Certificate-based Authentication
Introduction to Certificate-based Authentication
Steps for Configuring Certificate-based Authentication
Certificates and Certificate Authorities (CA)
CA Hierarchies
Certificate Chains
Verifying a Certificate Chain
Types of Certificates
Contents of a Certificate
Certificate Management
Issuing Certificates
Certificates and the LDAP Directory
Key Management
Renewal and Revocation of Certificates
Registration Authorities
SASL-based Authentication
Proxy Authorization
Account Inactivation
Global Account Lockout
How Directory Server Provides Encryption
Secure Sockets Layer (SSL)
Overview of SSL
Cryptographic Algorithms Used With SSL
SSL Handshake
Messages Exchanged During SSL Handshake
Server Authentication During SSL Handshake
Man-In-the-Middle Attack
Client Authentication During SSL Handshake
Digital Signatures
Key Encryption
Symmetric-Key Encryption
Public-Key Encryption
Key Length and Encryption Strength
Attribute Encryption
Chapter 3 Directory Server Monitoring
Ways to Monitor Directory Server
Directory Server and SNMP
Directory Server and CMM/JMX
Directory ServerMonitoring Attributes
cn=monitor
backendMonitorDN
bytesSent
cache-avail-bytes
connection
connectionPeak
currentConnections
currentTime
dTableSize
entriesSent
nbackEnds
opsCompleted
opsInitiated
request-que-backlog
readWaiters
currentpsearches
startTime
threads
totalConnections
version
cn=disk,cn=monitor
disk-dir
disk-free
disk-state
cn=counters,cn=monitor
cn=monitor,cn=Class of Service,cn=plugins, cn=config
classicHashAvgClashListLength
classicHashAvgClashPercentagePerHash
classicHashMemUsage
classicHashValuesMemUsage
numClassicDefinitions
numClassicHashTables
numClassicTemplates
numCoSAttributeTypes
numIndirectDefinitions
numPointerDefinitions
numPointerTemplates
Chapter 4 Directory Server Replication
Introduction to Replication
Types of Replica
Unit of Replication
Replica Identity
Replication Agreements
Replication Authentication
Replication Change Log
Change Sequence Number
Replica Update Vector
Deleted Entries: Tombstones
Consumer Initialization and Incremental Updates
Referrals and Replication
Replication Configurations
Multi-Master Replication
Concepts of Multi-Master Replication
Multi-Master Replication Over Wide Area Networks
Group Mechanism and Window Mechanism
Replication Compression Mechanisms
Fully Meshed Multi-Master Topology
Cascading Replication
Prioritized Replication
Fractional Replication
Replication and the Retro Change Log Plug-In
Retro Change Log and Multi-Master Replication
Failover of the Retro Change Log
Replication Conflicts and the Retro Change Log
Restrictions on Using the Retro Change Log
Chapter 5 Directory Server Data Caching
Caches and How Directory Server Uses Them
Types of Cache
Database Cache
Entry Cache
Import Cache
File System Cache
Total Aggregate Cache Size
How Directory Server Performs Searches by Using Cache
How Directory Server Performs Base Searches
How Directory Server Performs Subtree and One-Level Searches
How Directory Server Performs Updates by Using the Cache
How Directory Server Initializes a Suffix by Using the Cache
Tuning Cache Settings
Basic Tuning Recommendations
For Maximum Search Rate (Searches Only)
For Maximum Modification Rate (Modifications Only)
Small, Medium, and Large Data Sets
Optimum Search Performance (Searches Only)
Optimum Modify Performance (Modifications Only)
Chapter 6 Directory Server Indexing
Overview of Indexes
Tuning Indexes for Performance
System Indexes and Default Indexes
System Indexes
Default Indexes
Types of Index
Presence Index
Equality Index
Substring Index
Browsing Index
Approximate Index
International Index
Chapter 7 Directory Server Logging
Introduction to Logs
Retro Changelog
Transaction Log
Access, Error, and Audit Logs
Access Logs
Error Logs
Audit Logs
Content of Access, Error, and Audit Logs
Time Stamp
Connection Number
File Descriptor
Slot Number
Operation Number
Method Type
LDAP Version
Error Number
Tag Number
Number of Entries
Elapsed Time
LDAP Request Type
LDAP Response Type
Unindexed Search Indicator
Extended Operation OID
Change Sequence Number in Log Files
Abandon Message
Message ID
SASL Multi-Stage Bind Logging
Options Description
Connection Codes in Log Files
Result Codes in Log Files
Chapter 8 Directory Server Groups and Roles
Directory Server Groups
Static Groups
Dynamic Groups
Nested Groups
Directory Server Roles
Managed Roles
Filtered Roles
Nested Roles
Limitations on Using Roles
Chapter 9 Directory Server Class of Service
About CoS
CoS Definition Entries and CoS Template Entries
CoS Definition Entry
CoS Template Entry
Pointer CoS, Indirect CoS, and Classic CoS
Pointer CoS
Indirect CoS
Classic CoS
CoS Priorities
CoS Limitations
Chapter 10 Directory Server DSMLv2
Introduction to DSML
Implementation of the DSMLv2 Standard
DSML Security
DSML Identity Mapping
Content of the HTTP Header
Accessing the Directory Using DSMLv2
An Empty Anonymous DSML Ping Request
Issuing a DSML Request to Bind as a Particular User
A DSML Search Request
Chapter 11 Directory Server Internationalization Support
About Locales
Identifying Supported Locales
Supported Language Subtypes
Chapter 12 Directory Server LDAP URLs
Components of an LDAP URL
Escaping Unsafe Characters
Examples of LDAP URLs
Chapter 13 Directory Server LDIF and Search Filters
LDIF File Format
Continuing Lines in LDIF
Binary Data in LDIF
Representing Binary Data by Using Standard LDIF Notation
Representing Binary Data by Using the ldapmodify -b Command
Representing Binary Data by Using Base 64 Encoding
Directory Entries in LDIF
Organization Entries in LDIF
Organizational Unit Entries in LDIF
Organizational Person Entries in LDIF
Guidelines for Defining Directories by Using LDIF
Storing Information in Multiple Languages
Guidelines for Providing LDIF Input
Terminating LDIF Input on the Command Line
Using Special Characters
Using Attribute OIDs
Schema Checking
Ordering of LDIF Entries
Managing Large Entries
To Modify the Size Limit Enforced by the Server on Data Sent by Clients
Error Handling
Searching the Directory
Searching the Directory With ldapsearch
ldapsearch Command-Line Format
Using Special Characters
Commonly Used ldapsearch options
ldapsearch Examples
Returning All Entries
Specifying Search Filters on the Command Line
Searching the Root DSE Entry
Searching the Schema Entry
Using LDAP_BASEDN
Displaying Subsets of Attributes
Searching Multi-Valued Attributes
Using Client Authentication When Searching
LDAP Search Filters
Search Filter Syntax
Using Attributes in Search Filters
Using Operators in Search Filters
Using OIDs in Search Filters
Using Compound Search Filters
Specifying Search Filters Using a File
Specifying Non 7-Bit ASCII Characters in Search Filters
Escaped Characters in Distinguished Names within Search Filters
Search Filter Examples
Searching for Operational Attributes
Chapter 14 Directory Server File Reference
Software Layout for Directory Server
Directory Server Instance Default Layout
Part II Directory Proxy Server Reference
Chapter 15 Directory Proxy Server Overview
Introduction to Directory Proxy Server
Directory Proxy Server Architecture
Overview of Directory Proxy Server Features
Chapter 16 Directory Proxy Server Load Balancing and Client Affinity
LDAP Data Source Pools
Load Balancing
Introduction to Load Balancing
Proportional Algorithm for Load Balancing
Saturation Algorithm for Load Balancing
Operational Affinity Algorithm for Load Balancing
Disadvantage of Using the Operational Affinity Algorithm for Load Balancing
Operational Affinity Algorithm for Global Account Lockout
Operational Affinity Algorithm for Cache Optimization
Failover Algorithm for Load Balancing
Client Affinity
Chapter 17 Directory Proxy Server Distribution
LDAP Data Views
LDAP Data View Features
Excluding a Subtree From a Data View
Performing a Search Directed at a Superior Data View on an Excluded, Subordinate Data View
Attribute Renaming and DN Renaming
Attribute Renaming
DN Renaming
Distributing Entries In a Subtree to Different Data Views
Limitations of Distribution Algorithms
Use Cases for Data Views
Data Views to Route All Requests, Irrespective of the Target DN of the Request
Data Views to Route Requests When a List of Subtrees Are Stored on Multiple, Data-Equivalent Data Sources
Data Views to Provide a Single Point of Access When Different Subtrees Are Stored on Different Data Sources
Data Views to Route Requests When Different Parts of a Subtree Are Stored in Different Data Sources
Data Views to Route Requests When Superior and Subordinate Subtrees Are Stored in Different Data Sources
Data Views With Hierarchy and a Distribution Algorithm
Chapter 18 Directory Proxy Server Virtualization
Construction of Virtual Data Views
Virtual Data Transformations
Transformation Models
Mapping Transformations
Write Transformations
Read Transformations
Transformation Actions
Transformation Parameters
Transformation Examples
Additional Virtual Data View Properties
Join Data Views
Primary and Secondary Data Views
Additional Secondary Data View Properties
Join Rules
DN Join Rules
Filter Join Rules
Handling of Shared Entries
Handling of Binds
How Directory Proxy Server Handles Read and Write Operations to Join Data Views
Virtual Data Transformations on Join Data Views
LDIF Data Views
JDBC Data Views
JDBC Data Sources and Data Source Pools
JDBC Object Classes
JDBC Tables
JDBC Attributes
Case Sensitivity in JDBC Data Views
Access Control On Virtual Data Views
Virtual ACI Definition
Global ACIs
Virtual ACI Syntax
Virtual ACI Storage and Access
Virtual ACI Application
Virtual Schema Checking
Schema Checking
Virtual Data Views and LDAP Groups
Chapter 19 Connections Between Directory Proxy Server and Backend LDAP Servers
LDAP Data Sources
Connections Between Directory Proxy Server and Backend LDAP Servers
Opening and Closing Connections Between Directory Proxy Server and Backend LDAP Servers
Connection Pools Between Directory Proxy Server and Backend LDAP Servers
Forwarding Request From Directory Proxy Server to Backend LDAP Servers
Directory Proxy Server Configured for BIND Replay
Directory Proxy Server Configured for Proxy Authorization
Connections When Directory Proxy Server Is Configured for Proxy Authorization
Directory Proxy Server Configured for Proxy Authorization and the Client Request Does Not Contain a Proxy Authorization
Directory Proxy Server Configured for Proxy Authorization and the Client Request Does Contain a Proxy Authorization
Security Issues When Directory Proxy Server Is Configured for Proxy Authorization
Directory Proxy Server Configured to Forward Requests Without the Client Identity
Directory Proxy Server Configured to Forward Requests As an Alternate User
Chapter 20 Connections Between Clients and Directory Proxy Server
Criteria for Allocating a Connection to a Connection Handler
Data Views for Connection Handlers
Resource Limits Policies for Connection Handlers
Customized Search Limits
Request Filtering Policies for Connection Handlers
Subtrees in the Request Filtering Policy
Allowed Subtrees
Prohibited Subtrees
Search Data Hiding Rules in the Request Filtering Policy
Chapter 21 Directory Proxy Server Client Authentication
Client Authentication Overview
Simple Bind Authentication
Password Encryption and Verification
Certificate-Based Authentication
Configuring Certificates in Directory Proxy Server
Using SASL External Bind
Anonymous Access
Directory Proxy Server Client Listeners
Chapter 22 Security in Directory Proxy Server
How Directory Proxy Server Provides Security
Secure Sockets Layer for Directory Proxy Server
Ciphers and Protocols for Directory Proxy Server
Chapter 23 Directory Proxy Server Logging
Introduction to Directory Proxy Server Logs
Log File Rotation
Log File Deletion
Message Severity
Error Logs for Directory Proxy Server
Error Log Levels
Format of an Error Message
Access Logs for Directory Proxy Server
Access Log Levels
Format of an Access Log Message
Message Parts in an Access Log
Access Log Buffer
Tracking Client Requests Through Directory Proxy Server and Directory Server Access Logs
Tracking Operations by Connection
Tracking Operations in Directory Proxy Server
Tracking Operations Between Directory Proxy Server and Directory Server
Client Identification
Chapter 24 Directory Proxy Server Alerts and Monitoring
Administrative Alerts for Directory Proxy Server
Monitoring Data Sources
How Data Sources Are Monitored
Monitoring a Data Source by Listening for Errors
Monitoring Data Sources by Periodically Establishing Dedicated Connections
Monitoring Data Sources by Testing Established Connections
Responding to the Failure of a Data Source
Monitoring Directory Proxy Server
Monitoring Framework for Directory Proxy Server
Simplified Layout of the cn=monitor Entry
Status of Monitored Information
Description of Each Entry Under the cn=monitor Entry
cn=Product
cn=Operating System
cn=Instance
cn=Service
cn=SAP
cn=RSAP
LDAP Remote SAP
cn=Component
Proportional Load Balancing Algorithm For All Data Sources
Proportional Load Balancing Algorithm For Individual Data Sources
cn=JVM
cn=Resource
Connection Handler Thread
Work Queue
Worker Thread
Search Thread
Monitor Thread
Detailed Layout of the cn=monitor Entry
Chapter 25 Directory Proxy Server File Reference
Software Layout for Directory Proxy Server
Directory Proxy Server Instance Default Layout
Appendix A Directory Server Resource Kit File Reference
Software Layout for Directory Server Resource Kit
© 2010, Oracle Corporation and/or its affiliates