Configuring the Directory Server
Configuring Security in the Directory Server
Managing Root User, Global Administrator, and Administrator Accounts
Working With Multiple Root Users
Root Users and the Privilege Subsystem
Managing Root Users With dsconfig
To View the Default Root User Privileges
To Edit the Default Root User Privileges
To Change a Root User's Password
To Change a Root User's Privileges
Setting Root User Resource Limits
Managing Global Administrators
Password Policies in a Replicated Environment
To View the List of Password Policies
Properties of the Default Password Policy
To View the Properties of the Default Password Policy
To Create a New Password Policy
To Create a First Login Password Policy
To Assign a Password Policy to an Individual Account
To Prevent Password Policy Modifications
To Assign a Password Policy to a Group of Users
To Change the Directory Manager's Password
To Reset and Generate a New Password for a User
Managing a User's Account Information
To View a User's Account Information
To View Account Status Information
To Create a Static Group With groupOfNames
To Create a Static Group With groupOfUniqueNames
To Create a Static Group With groupOfEntries
To List All Members of a Static Group
To List All Static Groups of Which a User Is a Member
To Determine Whether a User is a Member of a Group
To List All Members of a Dynamic Group
To List All Dynamic Groups of Which a User Is a Member
To Determine Whether a User Is a Member of a Dynamic Group
Defining Virtual Static Groups
To Create a Virtual Static Group
To List All Members of a Virtual Static Group
To List All Virtual-Static Groups of Which a User Is a Member
To Determine Whether a User is a Member of a Virtual Static Group
Maintaining Referential Integrity
Overview of the Referential Integrity Plug-In
To Enable the Referential Integrity Plug-In
Simulating DSEE Roles in an OpenDS Directory Server
To Determine Whether a User is a Member of a Role
You can control search operations on the server for each client account by assigning resource limits to the entry. Resource limits are assigned by adding specific operational attributes to the user entry. The directory server then enforces the limits based on the account that the client uses to bind to the directory.
The resource limits that you set on specific user accounts take precedence over the resource limits set in the server-wide configuration. The following limits can be set:
Look-through limit. Specifies the maximum number of entries examined for a search operation. Use the ds-rlim-lookthrough-limit operational attribute.
Size limit. Specifies the maximum number of entries returned in response to a search operation. use the ds-rlim-size-limit operational attribute.
Time limit. Specifies the maximum time spent processing a search operation. Use the ds-rlim-time-limit operational attribute.
Note - The Directory Manager can use unlimited resources by default.
dn: uid=kvaughan,ou=people,dc=example,dc=com changetype: modify add: ds-rlim-lookthrough-limit ds-rlim-lookthrough-limit: 1000 - add: ds-rlim-size-limit ds-rlim-size-limit: 500 - add: ds-rlim-time-limit ds-rlim-time-limit: 300
$ ldapmodify -h localhost -p 1389 -D "cn=Directory Manager" -w password \ --filename add_resource.ldif Processing MODIFY request for uid=kvaughan,ou=people,dc=example,dc=com MODIFY operation successful for DN uid=kvaughan,ou=people,dc=example,dc=com