iPlanet Directory Server Administrator's Guide: Chapter 15 Administering Directory Server Plug-Ins

Previous Contents Index DocHome Next

iPlanet Directory Server Administrator's Guide

Chapter 15 Administering Directory Server Plug-Ins

Directory Server plug-ins extend the functionality of the server. iPlanet Directory Server ships with several plug-ins to help you manage your directory. This chapter contains general information on the types of plug-ins available, and how to enable or disable them. This chapter is divided into the following sections:

Server Plug-in Functionality Reference

Enabling and Disabling Plug-Ins From the Server Console

Server Plug-in Functionality Reference

The following tables provide you with a quick overview of the plug-ins provided with iPlanet Directory Server 5.0, along with their configurable options, configurable arguments, default setting, dependencies, general performance related information and further reading. These tables will allow you to weigh up plug-in performance gains and costs and choose the optimal settings for your deployment. The Further Information heading cross references further reading where this is available.

7-bit Check Plug-In

Plug-in Name

7-bit check (NS7bitAtt)

DN of Configuration Entry

cn=7-bit check,cn=plugins,cn=config

Description

Checks certain attributes are 7-bit clean

Configurable Options

on | off

Default Setting

on

Configurable Arguments

list of attributes (uid mail userpassword) followed by "," and then suffix(ex) on which the check is to occur

Dependencies

None

Performance Related Information

None

Further Information

If your Directory Server uses non-ASCII characters, for example, Japanese, turn this plug-in off.

ACL Plug-In

Plug-in Name

ACL Plugin

DN of Configuration Entry

cn=ACL Plugin,cn=plugins,cn=config

Description

ACL access check plug-in

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

N/A

Further Information

Chapter 6 "Managing Access Control."

ACL Preoperation Plug-In

Plug-in Name

ACL preoperation

DN of Configuration Entry

cn=ACL preoperation,cn=plugins,cn=config

Description

ACL access check plug-in

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

database

Performance Related Information

None

Further Information

Chapter 6 "Managing Access Control."

Binary Syntax Plug-In

Plug-in Name

Binary Syntax

DN of Configuration Entry

cn=Binary Syntax,cn=plugins,cn=config

Description

Syntax for handling binary data

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Boolean Syntax Plug-In

Plug-in Name

Boolean Syntax

DN of Configuration Entry

cn=Boolean Syntax,cn=plugins,cn=config

Description

Syntax for handling booleans

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Case Exact String Syntax Plug-In

Plug-in Name

Case Exact String Syntax

DN of Configuration Entry

cn=Case Exact String Syntax,cn=plugins,cn=config

Description

Syntax for handling case-sensitive strings

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Case Ignore String Syntax Plug-In

Plug-in Name

Case Ignore String Syntax

DN of Configuration Entry

cn=Case Ignore String Syntax,cn=plugins,cn=config

Description

Syntax for handling case-insensitive strings

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Chaining Database Plug-In

Plug-in Name

Chaining Databse

DN of Configuration Entry

cn=Chaining database,cn=plugins,cn=config

Description

Syntax for handling DNs

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Chapter 3 "Configuring Directory Databases."

Class of Service Plug-In

Plug-in Name

Class of Service

DN of Configuration Entry

cn=Class of Service,cn=plugins,cn=config

Description

Allows for sharing of attributes between entries

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Chapter 5 "Advanced Entry Management."

Country String Syntax Plug-In

Plug-in Name

Country String Syntax Plug-in

DN of Configuration Entry

cn=Country String Syntax,cn=plugins,cn=config

Description

Syntax for handling countries

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Distinguished Name Syntax Plug-In

Plug-in Name

Distinguished Name Syntax

DN of Configuration Entry

cn=Distinguished Name Syntax,cn=plugins,cn=config

Description

Syntax for handling DNs

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Generalized Time Syntax Plug-In

Plug-in Name

Generalized Time Syntax

DN of Configuration Entry

cn=Generalized Time Syntax,cn=plugins,cn=config

Description

Syntax for dealing with dates, times and time zones

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

The Generalized Time String consists of the following:
four digit year, two digit month (for example, 01 for January), two digit day, two digit hour, two digit minute, two digit second, an optional decimal part of a second and a time zone indication. We strongly recommend that you use the Z time zone indication which stands for Greenwich Mean Time.

Integer Syntax Plug-In

Plug-in Name

Integer Syntax

DN of Configuration Entry

cn=Integer Syntax,cn=plugins,cn=config

Description

Syntax for handling integers

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Internationalization Plug-In

Plug-in Name

Internationalization Plugin

DN of Configuration Entry

cn=Internationalization Plugin,cn=plugins,cn=config

Description

Syntax for handling DNs

Configurable Options

on | off

Default Setting

on

Configurable Arguments

The Internationalization has one argument which must not be modified: /usr/iplanet/servers/slapd-serverID/config/slapd-collations.conf
This directory stores the collation orders and locales used by the internationalization plug-in.

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

See Appendix D, "Internationalization."

ldbm Database Plug-In

Plug-in Name

ldbm database Plug-in

DN of Configuration Entry

cn=ldbm database plug-in,cn=plugins,cn=config

Description

Implements local databases

Configurable Options

N/A

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

See iPlanet Directory Server Configuration, Command, and File Reference for further information on database plug-in attributes.

Further Information

Chapter 3 "Configuring Directory Databases."

Legacy Replication Plug-In

Plug-in Name

Legacy Replication plug-in

DN of Configuration Entry

cn=Legacy Replication plug-in,cn=plugins,cn=config

Description

Enables iPlanet Directory Server 5.0 to be a consumer of a 4.1 supplier

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None. This plug-in can be disabled if the server is not (and never will be) a consumer of a 4.1 server.

Dependencies

database

Performance Related Information

None

Further Information

Chapter 8 "Managing Replication."

Multimaster Replication Plug-In

Plug-in Name

Multimaster Replication Plugin

DN of Configuration Entry

cn=Multimaster Replication plugin,cn=plugins,
cn=config

Description

Enables replication between two 5.0 Directory Servers

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

databse

Performance Related Information

N/A

Further Information

You can turn this plug-in off if you only have one server which will never replicate. See also Chapter 8 "Managing Replication."

Octet String Syntax Plug-in

Plug-in Name

Octet String Syntax

DN of Configuration Entry

cn=Octet String Syntax,cn=plugins,cn=config

Description

Syntax for handling octet strings

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

CLEAR Password Storage Plug-In

Plug-in Name

CLEAR

DN of Configuration Entry

cn=CLEAR,cn=Password Storage Schemes,cn=plugins, cn=config

Description

CLEAR password storage scheme used for password encryption

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Chapter 7 "User Account Management."

CRYPT Password Storage Plug-In

Plug-in Name

CRYPT

DN of Configuration Entry

cn=CRYPT,cn=Password Storage Schemes,cn=plugins, cn=config

Description

CRYPT password storage scheme used for password encryption

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Chapter 7 "User Account Management."

NS-MTA-MD5 Password Storage Plug-In

Plug-in Name

NS-MTA-MD5

DN of Configuration Entry

cn=NS-MTA-MD5,cn=Password Storage Schemes,cn=plugins, cn=config

Description

NS-MTA-MD5 password storage scheme for password encryption

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. iPlanet recommends that you leave this plug-in running at all times.

Further Information

You cannot choose to encrypt passwords using the NS-MTA-MD5 password storage scheme. The storage scheme is present in iPlanet Directory Server 5.0 but only for reasons of backward compatibility with earlier versions of Directory Server. See Chapter 7 "User Account Management."

SHA Password Storage Plug-In

Plug-in Name

SHA

DN of Configuration Entry

cn=SHA,cn=Password Storage Schemes,cn=plugins,cn=config

Description

SHA password storage scheme for password encryption

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

If your directory does not contain passwords encrypted using the SHA password storage scheme, you may turn this plug-in off. You should choose SSHA preferablly than SHA because SSHA is a far more secure option.

Further Information

Chapter 7 "User Account Management."

SSHA Password Storage Plug-in

Plug-in Name

SSHA

DN of Configuration Entry

cn=SSHA,cn=Password Storage Schemes,cn=plugins,cn=config

Description

SSHA password storage scheme for password encryption

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Chapter 7 "User Account Management."

Postal Address String Syntax Plug-In

Plug-in Name

Postal Address Syntax

DN of Configuration Entry

cn=Postal Address Syntax,cn=plugins,cn=config

Description

Syntax used for handling postal addresses

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

PTA Plug-In

Plug-in Name

Pass-Through Authentication Plugin

DN of Configuration Entry

cn=Pass Through Authentication,cn=plugins,cn=config

Description

Enables pass-through authentication, the mechanism which allows one directory to consult another to authenticate bind requests. This plug-in is not listed in Directory Server Console if you use the same server for your user directory and configuration directory.

Configurable Options

on | off

Default Setting

off

Configurable Arguments

ldap://iplanet.com:389/o=iplanet

Dependencies

None

Performance Related Information

Chapter 16, "Using the Pass-Through Authentication Plug-In."

Further Information

Chapter 16, "Using the Pass-Through Authentication Plug-In."

Referential Integrity Postoperation Plug-In

Plug-in Name

Referential Integrity Postoperation

DN of Configuration Entry

cn=Referential Integrity Postoperation,cn=plugins, cn=config

Description

Enables the server to ensure referential integrity

Configurable Options

All configuration and on | off

Default Setting

off

Configurable Arguments

When enabled the post operation Referential Integrity plug-in performs integrity updates on the member, uniquemember, owner and seeAlso attributes immediately after a delete or rename operation. You can reconfigure the plug-in to perform integrity checks on all other attributes.
Configurable arguments are as follows:
(1) Check for referential integrity
-1 = no check for referential integrity
0 = check for referential integrity is performed immediately
positive integer = request for referential integrity is queued and processed at a later stage. This positive integer serves as a wake-up call for the thread to process the request, at intervals corresponding to the integer specified.
(2) Log file for storing the change, for example /usr/iplanet/logs/referint
(3) All the additional attrribute names you want to be checked for referential integrity.

Dependencies

database

Performance Related Information

You should enable the Referential Integrity plug-in on only one master in a multimaster replication environment to avoid conflict resolution loops. When enabling the plug-in on chained servers you must be sure to analyze your performance resource and time needs as well as your integrity needs.

Further Information

See "Maintaining Referential Integrity".

Retro Change Log Plug-In

Plug-in Name

Retro Changelog Plugin

DN of Configuration Entry

cn=Retro Changelog Plugin,cn=plugins,cn=config

Description

Used by LDAP clients for maintaining application compatibility with Directory Server 4.x versions. Maintains a log of all changes occuring in the Directory Server. The Retro Changelog offers the same functionality as the changelog in the 4.x versions of Directory Server.

Configurable Options

on | off

Default Setting

off

Configurable Arguments

See iPlanet Directory Server Configuration, Command, and File Reference for further information on the two configuration attributes for the retro change log plug-in.

Dependencies

None

Performance Related Information

May slow down Directory Server performance.

Further Information

Chapter 8 "Managing Replication."

Roles Plug-In

Plug-in Name

Roles Plugin

DN of Configuration Entry

cn=Roles Plugin,cn=plugins,cn=config

Description

Enables the use of roles in the Directory Server

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Chapter 5 "Advanced Entry Management."

Telephone Syntax Plug-In

Plug-in Name

Telephone Syntax

DN of Configuration Entry

cn=Telephone Syntax,cn=plugins,cn=config

Description

Syntax for handling telephone numbers

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

UID Uniqueness Plug-in

Plug-in Name

UID Uniqueness plug-in

DN of Configuration Entry

cn=UID Uniqueness,cn=plugins,cn=config

Description

Checks that the values of specified attributes are unique each time a modification occurs on an entry.

Configurable Options

on | off

Default Setting

off

Configurable Arguments

Enter the following arguments:
uid
"DN"
"DN"...
if you want to check for uid attribute uniqueness in all listed subtrees.
However, enter the following arguments:
attribute="uid"
MarkerObjectclass = "ObjectClassName"
and optionally
requiredObjectClass = "ObjectClassName"
if you want to check for uid attribute uniqueness when adding or updating entries with the requiredObjectClass, starting from the parent entry containing the ObjectClass as defined by the MarkerObjectClass attribute.

Dependencies

N/A

Performance Related Information

This plug-in may slow down Directory Server performance.
In a multimaster replication environment, the UID Uniqueness plug-in will not work at all and should therefore not be enabled.
If you try to add a new entry to a server where the UID Uniqueness plug-in is enabled and a referral has been created in a subtree, then the UID Uniqueness plug-in will not work. It will not work because if it sees any other error apart from noSuchObject (meaning that the entry does not already exist), which it will do if a referral is created, then it will return an operations error preventing you from adding your new entry. To prevent being blocked by such an operations error, disable the plug-in on the server where you created the referral. If, however, you still want to run a UID Uniqueness check, make sure that you only activate the plug-in on the last of the referred to servers to prevent it from blocking the referral mechanism.

Further Information

Chapter 17, "Using the Attribute Uniqueness Plug-In."

URI Plug-in

Plug-in Name

URI Syntax

DN of Configuration Entry

cn=URI Syntax,cn=plugins,cn=config

Description

Syntax for handling URIs (Unique Resource Identifiers) including URLs (Unique Resource Locators)

Configurable Options

on | off

Default Setting

on

Configurable Arguments

None

Dependencies

None

Performance Related Information

Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.

Further Information

Enabling and Disabling Plug-Ins From the Server Console

To enable and disable plug-ins over LDAP using the Directory Server Console:

On the Directory Server Console, select the Configuration tab.

Double-click the Plugins folder in the navigation tree.

Select the plug-in from the Plugins list.

To disable the plug-in, clear the "Enabled" checkbox. To enable the plug-in, check this checkbox.

Click Save.

Restart the directory server.

Plug-in Name	7-bit check (NS7bitAtt)
DN of Configuration Entry	cn=7-bit check,cn=plugins,cn=config
Description	Checks certain attributes are 7-bit clean
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	list of attributes (uid mail userpassword) followed by "," and then suffix(ex) on which the check is to occur
Dependencies	None
Performance Related Information	None
Further Information	If your Directory Server uses non-ASCII characters, for example, Japanese, turn this plug-in off.

Plug-in Name	ACL Plugin
DN of Configuration Entry	cn=ACL Plugin,cn=plugins,cn=config
Description	ACL access check plug-in
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	N/A
Further Information	Chapter 6 "Managing Access Control."

Plug-in Name	ACL preoperation
DN of Configuration Entry	cn=ACL preoperation,cn=plugins,cn=config
Description	ACL access check plug-in
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	database
Performance Related Information	None
Further Information	Chapter 6 "Managing Access Control."

Plug-in Name	Binary Syntax
DN of Configuration Entry	cn=Binary Syntax,cn=plugins,cn=config
Description	Syntax for handling binary data
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Plug-in Name	Boolean Syntax
DN of Configuration Entry	cn=Boolean Syntax,cn=plugins,cn=config
Description	Syntax for handling booleans
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Plug-in Name	Case Exact String Syntax
DN of Configuration Entry	cn=Case Exact String Syntax,cn=plugins,cn=config
Description	Syntax for handling case-sensitive strings
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Plug-in Name	Case Ignore String Syntax
DN of Configuration Entry	cn=Case Ignore String Syntax,cn=plugins,cn=config
Description	Syntax for handling case-insensitive strings
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Plug-in Name	Chaining Databse
DN of Configuration Entry	cn=Chaining database,cn=plugins,cn=config
Description	Syntax for handling DNs
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information	Chapter 3 "Configuring Directory Databases."

Plug-in Name	Class of Service
DN of Configuration Entry	cn=Class of Service,cn=plugins,cn=config
Description	Allows for sharing of attributes between entries
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information	Chapter 5 "Advanced Entry Management."

Plug-in Name	Country String Syntax Plug-in
DN of Configuration Entry	cn=Country String Syntax,cn=plugins,cn=config
Description	Syntax for handling countries
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Plug-in Name	Distinguished Name Syntax
DN of Configuration Entry	cn=Distinguished Name Syntax,cn=plugins,cn=config
Description	Syntax for handling DNs
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Plug-in Name	Generalized Time Syntax
DN of Configuration Entry	cn=Generalized Time Syntax,cn=plugins,cn=config
Description	Syntax for dealing with dates, times and time zones
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information	The Generalized Time String consists of the following: four digit year, two digit month (for example, 01 for January), two digit day, two digit hour, two digit minute, two digit second, an optional decimal part of a second and a time zone indication. We strongly recommend that you use the Z time zone indication which stands for Greenwich Mean Time.

Plug-in Name	Integer Syntax
DN of Configuration Entry	cn=Integer Syntax,cn=plugins,cn=config
Description	Syntax for handling integers
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Plug-in Name	Internationalization Plugin
DN of Configuration Entry	cn=Internationalization Plugin,cn=plugins,cn=config
Description	Syntax for handling DNs
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	The Internationalization has one argument which must not be modified: /usr/iplanet/servers/slapd-serverID/config/slapd-collations.conf This directory stores the collation orders and locales used by the internationalization plug-in.
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information	See Appendix D, "Internationalization."

Plug-in Name	ldbm database Plug-in
DN of Configuration Entry	cn=ldbm database plug-in,cn=plugins,cn=config
Description	Implements local databases
Configurable Options	N/A
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	See iPlanet Directory Server Configuration, Command, and File Reference for further information on database plug-in attributes.
Further Information	Chapter 3 "Configuring Directory Databases."

Plug-in Name	Legacy Replication plug-in
DN of Configuration Entry	cn=Legacy Replication plug-in,cn=plugins,cn=config
Description	Enables iPlanet Directory Server 5.0 to be a consumer of a 4.1 supplier
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None. This plug-in can be disabled if the server is not (and never will be) a consumer of a 4.1 server.
Dependencies	database
Performance Related Information	None
Further Information	Chapter 8 "Managing Replication."

Plug-in Name	Multimaster Replication Plugin
DN of Configuration Entry	cn=Multimaster Replication plugin,cn=plugins, cn=config
Description	Enables replication between two 5.0 Directory Servers
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	databse
Performance Related Information	N/A
Further Information	You can turn this plug-in off if you only have one server which will never replicate. See also Chapter 8 "Managing Replication."

Plug-in Name	Octet String Syntax
DN of Configuration Entry	cn=Octet String Syntax,cn=plugins,cn=config
Description	Syntax for handling octet strings
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Plug-in Name	CLEAR
DN of Configuration Entry	cn=CLEAR,cn=Password Storage Schemes,cn=plugins, cn=config
Description	CLEAR password storage scheme used for password encryption
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information	Chapter 7 "User Account Management."

Plug-in Name	CRYPT
DN of Configuration Entry	cn=CRYPT,cn=Password Storage Schemes,cn=plugins, cn=config
Description	CRYPT password storage scheme used for password encryption
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information	Chapter 7 "User Account Management."

Plug-in Name	NS-MTA-MD5
DN of Configuration Entry	cn=NS-MTA-MD5,cn=Password Storage Schemes,cn=plugins, cn=config
Description	NS-MTA-MD5 password storage scheme for password encryption
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. iPlanet recommends that you leave this plug-in running at all times.
Further Information	You cannot choose to encrypt passwords using the NS-MTA-MD5 password storage scheme. The storage scheme is present in iPlanet Directory Server 5.0 but only for reasons of backward compatibility with earlier versions of Directory Server. See Chapter 7 "User Account Management."

Plug-in Name	SHA
DN of Configuration Entry	cn=SHA,cn=Password Storage Schemes,cn=plugins,cn=config
Description	SHA password storage scheme for password encryption
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	If your directory does not contain passwords encrypted using the SHA password storage scheme, you may turn this plug-in off. You should choose SSHA preferablly than SHA because SSHA is a far more secure option.
Further Information	Chapter 7 "User Account Management."

Plug-in Name	SSHA
DN of Configuration Entry	cn=SSHA,cn=Password Storage Schemes,cn=plugins,cn=config
Description	SSHA password storage scheme for password encryption
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information	Chapter 7 "User Account Management."

Plug-in Name	Postal Address Syntax
DN of Configuration Entry	cn=Postal Address Syntax,cn=plugins,cn=config
Description	Syntax used for handling postal addresses
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Plug-in Name	Pass-Through Authentication Plugin
DN of Configuration Entry	cn=Pass Through Authentication,cn=plugins,cn=config
Description	Enables pass-through authentication, the mechanism which allows one directory to consult another to authenticate bind requests. This plug-in is not listed in Directory Server Console if you use the same server for your user directory and configuration directory.
Configurable Options	on \| off
Default Setting	off
Configurable Arguments	ldap://iplanet.com:389/o=iplanet
Dependencies	None
Performance Related Information	Chapter 16, "Using the Pass-Through Authentication Plug-In."
Further Information	Chapter 16, "Using the Pass-Through Authentication Plug-In."

Plug-in Name	Referential Integrity Postoperation
DN of Configuration Entry	cn=Referential Integrity Postoperation,cn=plugins, cn=config
Description	Enables the server to ensure referential integrity
Configurable Options	All configuration and on \| off
Default Setting	off
Configurable Arguments	When enabled the post operation Referential Integrity plug-in performs integrity updates on the member, uniquemember, owner and seeAlso attributes immediately after a delete or rename operation. You can reconfigure the plug-in to perform integrity checks on all other attributes. Configurable arguments are as follows: (1) Check for referential integrity -1 = no check for referential integrity 0 = check for referential integrity is performed immediately positive integer = request for referential integrity is queued and processed at a later stage. This positive integer serves as a wake-up call for the thread to process the request, at intervals corresponding to the integer specified. (2) Log file for storing the change, for example /usr/iplanet/logs/referint (3) All the additional attrribute names you want to be checked for referential integrity.
Dependencies	database
Performance Related Information	You should enable the Referential Integrity plug-in on only one master in a multimaster replication environment to avoid conflict resolution loops. When enabling the plug-in on chained servers you must be sure to analyze your performance resource and time needs as well as your integrity needs.
Further Information	See "Maintaining Referential Integrity".

Plug-in Name	Retro Changelog Plugin
DN of Configuration Entry	cn=Retro Changelog Plugin,cn=plugins,cn=config
Description	Used by LDAP clients for maintaining application compatibility with Directory Server 4.x versions. Maintains a log of all changes occuring in the Directory Server. The Retro Changelog offers the same functionality as the changelog in the 4.x versions of Directory Server.
Configurable Options	on \| off
Default Setting	off
Configurable Arguments	See iPlanet Directory Server Configuration, Command, and File Reference for further information on the two configuration attributes for the retro change log plug-in.
Dependencies	None
Performance Related Information	May slow down Directory Server performance.
Further Information	Chapter 8 "Managing Replication."

Plug-in Name	Roles Plugin
DN of Configuration Entry	cn=Roles Plugin,cn=plugins,cn=config
Description	Enables the use of roles in the Directory Server
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information	Chapter 5 "Advanced Entry Management."

Plug-in Name	Telephone Syntax
DN of Configuration Entry	cn=Telephone Syntax,cn=plugins,cn=config
Description	Syntax for handling telephone numbers
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Plug-in Name	UID Uniqueness plug-in
DN of Configuration Entry	cn=UID Uniqueness,cn=plugins,cn=config
Description	Checks that the values of specified attributes are unique each time a modification occurs on an entry.
Configurable Options	on \| off
Default Setting	off
Configurable Arguments	Enter the following arguments: uid "DN" "DN"... if you want to check for uid attribute uniqueness in all listed subtrees. However, enter the following arguments: attribute="uid" MarkerObjectclass = "ObjectClassName" and optionally requiredObjectClass = "ObjectClassName" if you want to check for uid attribute uniqueness when adding or updating entries with the requiredObjectClass, starting from the parent entry containing the ObjectClass as defined by the MarkerObjectClass attribute.
Dependencies	N/A
Performance Related Information	This plug-in may slow down Directory Server performance. In a multimaster replication environment, the UID Uniqueness plug-in will not work at all and should therefore not be enabled. If you try to add a new entry to a server where the UID Uniqueness plug-in is enabled and a referral has been created in a subtree, then the UID Uniqueness plug-in will not work. It will not work because if it sees any other error apart from noSuchObject (meaning that the entry does not already exist), which it will do if a referral is created, then it will return an operations error preventing you from adding your new entry. To prevent being blocked by such an operations error, disable the plug-in on the server where you created the referral. If, however, you still want to run a UID Uniqueness check, make sure that you only activate the plug-in on the last of the referred to servers to prevent it from blocking the referral mechanism.
Further Information	Chapter 17, "Using the Attribute Uniqueness Plug-In."

Plug-in Name	URI Syntax
DN of Configuration Entry	cn=URI Syntax,cn=plugins,cn=config
Description	Syntax for handling URIs (Unique Resource Identifiers) including URLs (Unique Resource Locators)
Configurable Options	on \| off
Default Setting	on
Configurable Arguments	None
Dependencies	None
Performance Related Information	Do not modify the configuration of this plug-in. You should leave this plug-in running at all times.
Further Information

Previous Contents Index DocHome Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.

Last Updated March 23, 2001