Sun ONE logo     Index     Next    
Sun ONE Directory Server Administration Guide


About This Guide

Purpose of This Guide
Typographical Conventions
Default Paths and Filenames
Downloading Directory Server Tools
Suggested Reading
Introduction to Sun™ ONE Directory Server
Overview of Directory Server Management
Starting and Stopping the Directory Server
Starting and Stopping the Server From the Command Line (Unix)
Starting and Stopping the Server From the Control Panel (Windows)
Starting and Stopping the Server From the Console (All Platforms)
Starting the Server with SSL Enabled
Using the Directory Server Console
Starting Directory Server Console
Navigating the Directory Server Console
Viewing the Current Bind DN From the Console
Changing Your Login Identity
Using the Online Help
The Console Clipboard
Console Settings
Configuring LDAP Parameters
Configuring the Directory Manager
Changing Directory Server Port Numbers
Setting Global Read-Only Mode
Tracking Modifications to Directory Entries
Verifying Plug-In Signatures
Configuring the Verification of Plug-In Signatures
Viewing the Status of a Plug-In
Configuring DSML
Enabling DSML Requests
Configuring DSML Security
DSML Identity Mapping
Creating Directory Entries
Configuration Entries
Modifying the Configuration Using the Console
Modifying the Configuration From the Command Line
Modifying the dse.ldif File
Managing Entries Using the Console
Creating Directory Entries
Modifying Entries With a Custom Editor
Modifying Entries With the Generic Editor
Deleting Directory Entries
Bulk Operations Using the Console
Managing Entries From the Command Line
Providing LDIF Input
Adding Entries Using ldapmodify
Modifying Entries Using ldapmodify
Renaming an Entry Using ldapmodify
Deleting Entries Using ldapdelete
Deleting Entries Using ldapmodify
Setting Referrals
Setting the Default Referrals
Creating Smart Referrals
Encrypting Attribute Values
Configuring Attribute Encryption Using the Console
Configuring Attribute Encryption From the Command Line
Maintaining Referential Integrity
How Referential Integrity Works
Configuring Referential Integrity
Using Referential Integrity with Replication
Creating Your Directory Tree
Creating Suffixes
Creating a New Root Suffix Using the Console
Creating a New Subsuffix Using the Console
Creating Suffixes From the Command Line
Managing Suffixes
Disabling or Enabling a Suffix
Setting Access Permissions and Referrals
Deleting a Suffix
Creating Chained Suffixes
Creating a Proxy Identity
Setting Default Chaining Parameters
Creating Chained Suffixes Using the Console
Creating Chained Suffixes From the Command Line
Access Control Through Chained Suffixes
Chaining Using SSL
Managing Chained Suffixes
Configuring the Chaining Policy
Disabling or Enabling a Chained Suffix
Setting Access Permissions and Referrals
Modifying the Chaining Parameters
Optimizing Thread Usage
Deleting a Chained Suffix
Configuring Cascading Chaining
Setting the Cascading Parameters
Transmitting LDAP Controls for Cascading
Populating Directory Contents
Setting Suffix Read-Only Mode
Importing Data
Importing LDIF Files
Initializing a Suffix
Exporting Data
Exporting the Entire Directory to LDIF Using the Console
Exporting a Single Suffix to LDIF Using the Console
Exporting to LDIF From the Command Line
Backing Up Data
Backing Up Your Server Using the Console
Backing Up Your Server From the Command Line
Backing Up the dse.ldif Configuration File
Restoring Data from Backups
Restoring Replicated Suffixes
Restoring Your Server Using the Console
Restoring Your Server from the Command Line
Restoring the dse.ldif Configuration File
Advanced Entry Management
Managing Groups
Assigning Roles
About Roles
Assigning Roles Using the Console
Managing Roles From the Command Line
Defining Class of Service (CoS)
About CoS
CoS Limitations
Managing CoS Using the Console
Managing CoS From the Command Line
Creating Role-Based Attributes
Managing Access Control
Access Control Principles
ACI Structure
ACI Placement
ACI Evaluation
ACI Limitations
Default ACIs
ACI Syntax
Defining Targets
Defining Permissions
Bind Rules
Bind Rule Syntax
Defining User Access - userdn Keyword
Defining Group Access - groupdn Keyword
Defining Role Access - roledn Keyword
Defining Access Based on Value Matching
Defining Access From a Specific IP Address
Defining Access from a Specific Domain
Defining Access at a Specific Time of Day or Day of Week
Defining Access Based on Authentication Method
Using Boolean Bind Rules
Creating ACIs From the Command Line
Viewing aci Attribute Values
Creating ACIs Using the Console
Viewing the ACIs of an Entry
Creating a New ACI
Editing an ACI
Deleting an ACI
Access Control Usage Examples
Defining Permissions for DNs That Contain a Comma
Proxy Authorization ACI Example
Viewing Effective Rights
Using the Get Effective Rights Control
Advanced Access Control: Using Macro ACIs
Macro ACI Example
Macro ACI Syntax
Access Control and Replication
Logging Access Control Information
Compatibility with Earlier Releases
User Account Management
Overview of Password Policies
Preventing Dictionary-Style Attacks
Password Policies in a Replicated Environment
Configuring the Global Password Policy
Configuring the Password Policy Using the Console
Configuring the Password Policy From the Command Line
Managing Individual Password Policies
Defining a Policy Using the Console
Defining a Policy From the Command Line
Assigning Password Policies
Resetting User Passwords
Inactivating and Activating Users and Roles
Setting User and Role Activation Using the Console
Setting User and Role Activation From the Command Line
Setting Individual Resource Limits
Setting Resource Limits Using the Console
Setting Resource Limits From the Command Line
Managing Replication
Summary of Steps for Configuring Replication
Choosing Replication Managers
Configuring a Dedicated Consumer
Creating the Suffix for the Consumer Replica
Enabling a Consumer Replica
Advanced Consumer Configuration
Configuring a Hub
Creating the Suffix for the Hub Replica
Enabling a Hub Replica
Advanced Hub Configuration
Configuring a Master Replica
Defining the Suffix for the Master Replica
Enabling a Master Replica
Advanced Multi-Master Configuration
Creating Replication Agreements
Configuring Fractional Replication
Considerations for Fractional Replication
Defining the Attribute Set
Enabling Fractional Replication
Initializing Replicas
When to Initialize
Convergence After Multi-Master Initialization
Initializing a Replica Using the Console
Initializing a Replica From the Command Line
Initializing a Replica Using Binary Copy
Enabling the Referential Integrity Plug-In
Replication Over SSL
Replication Over a WAN
Configuring Network Parameters
Scheduling Replication Activity
Data Compression
Modifying the Replication Topology
Managing Replication Agreements
Promoting or Demoting Replicas
Disabling Replicas
Moving the Change Log
Keeping Replicas in Sync
Replication With Earlier Releases
Configuring Directory Server 5.2 as a Consumer of Directory Server 4.x
Updating Directory Server 5.1 Schema
Using the Retro Change Log Plug-In
Enabling the Retro Change Log Plug-In
Trimming the Retro Change Log
Accessing Retro Change Log
Monitoring Replication Status
Command-Line Tools
Replication Status Tab
Solving Common Replication Conflicts
Solving Naming Conflicts
Solving Orphan Entry Conflicts
Solving Potential Interoperability Problems
Extending the Directory Schema
Schema Checking
Setting Schema Checking Using the Console
Setting Schema Checking From the Command Line
Overview of Extending the Schema
Modifying the Schema Files
Modifying the Schema From the Command Line
Modifying the Schema Using the Console
Managing Attribute Definitions
Viewing Attributes
Creating Attributes
Editing Attributes
Deleting Attributes
Managing Object Class Definitions
Viewing Object Classes
Creating Object Classes
Editing Object Classes
Deleting Object Classes
Replicating Schema Definitions
Modifying Replicated Schema Files
Limiting Schema Replication
Managing Indexes
Overview of Indexing
System Indexes
Default Indexes
Standard Index Files in a Database
Attribute Name Quick Reference Table
Managing Indexes
Managing Indexes Using the Console
Managing Indexes From the Command Line
Reindexing a Suffix
Modifying the Set of Default Indexes
Managing Browsing Indexes
Browsing Indexes for the Console
Browsing Indexes for Client Searches
Implementing Security
Introduction to SSL in the Directory Server
Summary of Steps for Enabling SSL
Obtaining and Installing Server Certificates
Creating a Certificate Database
Generating a Certificate Request
Installing the Server Certificate
Trusting the Certificate Authority
Activating SSL
Choosing Encryption Ciphers
Allowing Client Authentication
Configuring Client Authentication
SASL Authentication Through DIGEST-MD5
SASL Authentication Through GSSAPI (Solaris Only)
Identity Mapping
Configuring LDAP Clients to Use Security
Configuring Server Authentication in Clients
Configuring Certificate-Based Authentication in Clients
Using SASL DIGEST-MD5 in Clients
Using Kerberos SASL GSSAPI in Clients
Managing Log Files
Defining Log File Policies
Defining a Log File Rotation Policy
Defining a Log File Deletion Policy
Manual Log File Rotation
Access Log
Errors Log
Audit Log
Monitoring Server Activity
Monitoring Your Server Using the Console
Monitoring Your Server From the Command Line
Monitoring Directory Server Using SNMP
SNMP in Sun ONE Servers
Overview of the Directory Server MIB
Setting Up SNMP
On UNIX Platforms
On AIX Platforms
On Windows Platforms
Configuring SNMP in the Directory Server
Starting and Stopping the SNMP Subagent
On UNIX and AIX Platforms
On Windows Platforms
Using the Pass-Through Authentication Plug-In
How Directory Server Uses PTA
Configuring the PTA Plug-In
Creating the Plug-In Configuration Entry
Configuring PTA to Use a Secure Connection
Setting the Optional Connection Parameters
Specifying Multiple Servers and Subtrees
Modifying the PTA Plug-In Configuration
Using the UID Uniqueness Plug-In
Enforcing Uniqueness of the uid Attribute
Configuring the Plug-In Using the Console
Configuring the Plug-In From the Command Line
Enforcing Uniqueness of Another Attribute
Using the Uniqueness Plug-In With Replication
Single-Master Replication Scenario
Multi-Master Replication Scenario
Third Party Licence Acknowledgements


Index     Next    
Copyright 2003 Sun Microsystems, Inc. All rights reserved.