|
These release notes contain important information available at the time
of the release of iPlanet Directory Server 5.1. New features and
enhancements, known limitations, and other late-breaking issues are
addressed here. Read this document before you begin using iPlanet
Directory Server 5.1.
An electronic version of these release notes can be found at the iPlanet documentation web site:
-
http://docs.iplanet.com/docs/manuals/directory.html
Check the web site prior to installing and setting up your software and
then periodically thereafter to view the most up-to-date release notes
and manuals.
These release notes contain the following sections:
For information on hardware and software requirements, refer to the iPlanet Directory Server Installation Guide.
What's New in iPlanet Directory Server 5.1
iPlanet Directory Server 5.1 contains the following new features and enhancements:
-
Updated and improved management console. The new Directory
Server Console offers an improved dialog for configuring replication,
and a new directory browser. In this release, the Directory tab has
several layout options for navigating the directory tree: as before
with leaf entries in right-hand pane, as a single tree in a single
pane, or with attributes for the selected entry displayed on the right.
For details, refer to Chapter 1 of the iPlanet Directory Server Administrator's Guide.
-
Performance Improvements over Directory Server 5.0. This new release of Directory Server offers increased performance over Directory Server 5.0 and 4.x.
-
Support for IPv6. Directory Server 5.1 can accept incoming
connections from IPv6 clients. Currently the Directory Server cannot
interpret IPv6 addresses in access control instructions, or use IPv6
connections for operations such as replication and chaining. The
Administration Console cannot be used on networks supporting only IPv6.
-
Improved scalability and performance of Roles and Class of Service.
Roles and Class of Service, introduced in iPlanet Directory Server 5.0,
have been enhanced in this release to increase scalability.
-
Support for the Plug-In API. If you need to create custom plug-in functions you can also contact the iPlanet Professional Services organization at:
-
http://www.iplanet.com/services/professional_services_3_3.html
-
Schema Documentation. A new document, iPlanet Directory Server Schema Reference,
describes the schema provided with Directory Server 5.1. The document
focuses on schema objects useful to support your directory information.
Due to architectural changes made in iPlanet
Directory Server, some features that were previously available are no
longer included. These are:
-
NT Sync Service. You can no longer create NT accounts through the directory console. When you right click an entry under the Directory tab in the directory console and select New > User to display the Create New User dialog box, you still see the option NT User. As the NT Sync Service is no longer available, the NT User you create remains an entry in the directory only. No new NT account is created.
-
Database Backend Plug-in Interface. The enhanced pre-operation
interfaces may be used instead of the database backend plug-in
interface, to implement plug-ins that are designed to provide access to
alternative directory data stores.
-
Directory Server Gateway. The Directory Server Gateway is no
longer delivered with iPlanet Directory Server 5.1. We recommend that
you investigate LDAP Tag Library, scheduled to be available as part of
the iPlanet Directory Server Resource Kit 5.1, as a good Directory
Server Gateway replacement. For further information see:
-
http://www.iplanet.com/downloads/developer
Supported Platforms for iPlanet Directory Server 5.1
iPlanet Directory Server 5.1 is supported on the following platforms:
-
Sun Solaris 8 for UltraSPARC (32 and 64-bit) operating environment
-
Microsoft Windows NT 4.0 Server SP 6A (x86 only)
-
Microsoft Windows 2000 Server and Advanced Server SP 2 (x86 only)
-
Hewlett-Packard HP-UX 11.0 (PA-RISC 1.1 or 2.0)
-
IBM AIX 4.3.3 (Power PC)
-
This release of iPlanet Directory Server is not
supported on Sun Solaris 2.6 or Sun Solaris 7. You must upgrade to Sun
Solaris 8 prior to upgrading to or installing iPlanet Directory Server
5.1.
iPlanet Directory Server 5.1 requires specific
operating system patches or service packs to be installed before
iPlanet Directory Server can be installed. Installation of iPlanet
Directory Server 5.1 may fail if the recommended patches or service
packs are not present.
On operating environments other than Windows, you must run the idsktune utility prior to installing iPlanet Directory Server 5.1. After you expand the product package, you will find the idsktune utility in the same directory as the setup program. Install the patches recommended by the idsktune utility. For further information, refer to the iPlanet Directory Server Installation Guide.
You may obtain Sun Solaris patches from:
-
http://sunsolve.sun.com
Enhancements and Problems Corrected in iPlanet Directory Server 5.1
iPlanet Directory Server 5.1 includes enhancements
and fixes to the following known problems that occurred in earlier
releases of iPlanet Directory Server:
- A previous release of iPlanet Directory Server included a security
vulnerability in iPlanet Web Server 4.1. (535057) iPlanet Directory
Server 5.1 uses iPlanet Web Server 6 in which this vulnerability has
been fixed.
-
Server restart is no longer required after a change to the components allowed to chain. (528617)
- In a previous version of iPlanet Directory Server, the
console supported smart referrals only when the DN in the referral
matches the DN of the entry containing the referral. (490281) Updated
functionality in the console has removed this limitation and enhanced
smart referral support.
- With a previous release of iPlanet Directory Server, after
changing the Directory Manager credentials, you were required to exit
Directory Server Console and restart it for the change to be taken into
account. (538549) This limitation has been removed.
-
The behavior of multiple qualifiers with cosAttribute in a CoS definition is no longer undefined.
- With a previous release of iPlanet Directory Server, you
were required to authorize client IP access to the Administration
Server from the machine running Directory Server Console. This
limitation has been removed.
- When a delete operation is performed, the audit log now
displays the DN identity of the operator. The additional information
appears in the audit log as modifiersName: DN, where DN is the identity used to perform the delete operation.
-
The newrdn and newsuperior operations are now recorded in the access log and any errors are described in the error log. (547272)
-
Schema is now replicated during a total update operation. (541599)
-
If you modify your schema on a server and then create a new replica,
the initialization of this replica automatically updates the schema on
the consumer server. Previously, the schema was not replicated when the
replica was initialized, but instead with the first incremental update
of the replica.
-
In previous releases of iPlanet Directory Server, changes to the nsslapd-dbcachesize attribute value under cn=config,
were not always correctly taken into account. (539845, 539847) This
condition is corrected in iPlanet Directory Server 5.1. The server
writes an error message in the error log if the new value you provide
is not within the permitted boundaries.
-
In previous releases of iPlanet Directory Server, deleting a role did not update the nsRoleDN
attribute for each role member (533695). In iPlanet Directory Server
5.1, the Referential Integrity plug-in is configured to manage the nsRoleDN attribute. However, you must enable the Referential Integrity plug-in. By default, this plug-in is disabled.
Known Limitations
This section lists known limitations present for iPlanet Directory
Server 5.1 and their workarounds. The areas with known limitations are
as follows:
Installation
Caution
|
We strongly recommend that no other iPlanet
product (such as iPlanet Web Server) be installed into the same Unix
directory path as the iPlanet Directory Server product, as this may
disable critical functionality required for the correct operation of
the directory server.
In addition, on a Windows NT or Windows 2000
machine, the directory server should be installed independently of any
other iPlanet product to avoid conflicts with DLLs.
|
-
On Windows 2000, setup -f does not work without the -s option (4524708). If you perform installation using a configuration file on Windows 2000, it must be silent. For example:
-
setup -s -f filename
- On Windows, the domain name for your host machine must be
correctly configured prior to installing iPlanet Directory Server 5.1.
To configure the domain name for your host:
-
(On NT) Open the Control Panel and run the Network utility. Select the Protocols tab, select TCP/IP Protocol from the list, and open the Properties dialog box. Correctly fill the fields under the DNS tab.
-
(On 2000) Click right on My Computer, then select Properties. Under the Network Identification tab, select Properties, click More, and correctly fill the Primary DNS suffix of this computer field.
- If you are running iPlanet Directory Server 5.1 on a 64-bit
Sun Solaris 8 UltraSPARC machine, it will run as a 32-bit application.
-
The directory path where you install iPlanet Directory Server 5.1 must not contain space characters.
- If your suffix contains space characters, correct the
suffix generated at installation time to remove the spaces. (4526501)
Using the console, select the top directory entry in the left-hand
navigation pane of the Servers and Applications tab, edit the suffix in the User directory subtree field, and then click OK to save the changes.
-
Do not install iPlanet Directory Server 5.1 on top of an existing
Directory Server installation. If you already have Directory Server 4.x
or 5.0, install iPlanet Directory Server 5.1 in a separate directory.
After migrating your 4.x or 5.0 directory data to your 5.1 directory
and testing the results, remove your 4.x or 5.0 Directory Server.
- On Windows, always use the latest version of DLL files. Do
not overwrite the more recent DLL files with those delivered with
iPlanet Directory Server 5.1.
- Use UTF-8 character set encoding when entering
Distinguished Names during installation. Other encodings such as
ISO-8859-1 are not supported. Installation operations do not convert
data from local character set encoding to UTF-8 character set encoding.
-
LDIF files used to import data must also use UTF-8
character set encoding. Import operations do not convert data from
local character set encoding to UTF-8 character set encoding.
-
Be aware of the DNS naming resolution issue on systems using NIS. (4526504) During installation, setup
detects a default host and domain name. If your NIS domain is different
from your DNS domain, the fully qualified host and domain name
presented by the installer is incorrect. These values must be corrected
to use the DNS domain name.
-
(4527593) AIX fixes have moved from:
-
http://server.software.ibm.com/cgi-bin/support/rs6000.support/downloads
-
as indicated in the iPlanet Directory Server Installation Guide to:
-
http://techsupport.services.ibm.com/server/fixes
-
On AIX, you must install the X11.adt package in order for the console to function. This package is not part of the standard bundle.
Uninstallation
- You will not receive a warning before proceeding with the
uninstallation of the iPlanet Directory Server 5.1 containing your
configuration information under the o=NetscapeRoot suffix. This is the first Directory Server you installed. We strongly recommend that it be the last one you uninstall.
-
On Windows 2000, after uninstallation of directory components installed with silent installation (setup -s -f filename)
reinstallation always places directory components in the original
install folder. (4526014) You can avoid this problem by removing all *.inf files in the \Documents and Settings\Administrator\Local Settings\Temp folder on the system disk drive after uninstallation.
Migration
-
The Directory Server 4.x and 5.0 attributes accesslog-maxlogdiskspace, accesslog-maxlogsize, auditlog-maxlogdiskspace, auditlog-maxlogsize, errorlog-maxlogdiskspace, and errorlog-maxlogsize must be migrated manually. (4529536) Update these values for the Logs entries in the Directory Server Console under the Configuration tab. In each case, *log-maxlogsize values must remain smaller than *log-maxlogdiskspace
values for the attributes to remain coherent. For further information,
refer to the instructions on monitoring server and database activity in
the iPlanet Directory Server Administrator's Guide.
-
The migration procedure may attempt to restart the server while the
server is already running. (4529552) Ignore error messages concerning
attempts to restart the server by migrateInstance5.
-
On systems other than Windows, migration from iPlanet Directory Server 5.0 to 5.1 may fail if the PATH environment variable does not contain . (4529657) If necessary update your PATH appropriately. For example:
-
(ksh) $ export PATH=$PATH:.
-
(csh) % setenv PATH ${PATH}:.
Windows NT / Windows 2000
-
Avoid using stdin and stdout on NT with the ldapmodify command-line utility, particularly with non-ASCII data. We strongly recommend you always use the -f option to specify the file containing the LDIF update statements (-f new_file) as this prevents the statements being read from stdin.
-
On Windows NT 4.0, the maximum address space an application can use is
2 GB. As iPlanet Directory Server 5.1 cannot use more than 2 GB of
virtual memory, the sum of all caches configured for the server must be
strictly less than 2 GB. If the size of the entry caches and of the
database cache exceed this limit, Directory Server will exit with an
error message. For more information on cache limits on NT4, and on
Windows 2000, refer to the iPlanet Directory Server Installation Guide.
-
On Windows 2000, the default font used by the console does not allow
you to input Japanese characters. To avoid this issue, change the font.
You can change the console font by selecting Preferences from the Edit menu in the directory console, and then changing the font through the interface under the Fonts tab.
Security
- Deployments that use SSL for connection confidentiality across open networks that are subject
to possible active attacks against the SSL connection should not use server certificates
issued by one of the public Certification Authority (CA) organizations. (4615324)
To ensure that an attacker with a certificate issued by a public CA cannot use that
certificate to impersonate a directory server, the certificate databases of LDAP clients a
nd of directory servers establishing outgoing SSL connections for replication or chaining
must contain only the certificate of the non-public CA which issued the certificates to the
servers which will be contacted; all other CA certificates of public CAs must be removed
from the LDAP client or directory server’s certificate database.
Deployments thta are not subject to active attacks or deployments that use additional
security mechanisms (such as a VPN when connections traverse the Internet) are not required
to use a non-public Certification Authority to obtain a server certificate.
-
Directory Server does not correctly parse ACI target entry DNs
containing quotes. (4529541) The following example causes a syntax
error:
|
dn:o=mary\"red\"doe,o=iplanet.com,o=isp
changetype:modify
add:aci
aci:(target="ldap:///o=mary\"red\"doe,o=example.com,o=isp")(targ
etattr="*")
(version 3.0; acl "test"; allow (all) userdn ="ldap:///self";)
|
|
-
Use of semicolons in ACI permissions can cause the directory server to crash. (4527617)
- As the server does not enforce read-only permissions on
SSL-enabled servers for certificate database files, key database files
and PIN files, check that the file permissions on UNIX and ACLs on
Windows protect the sensitive information contained in these files.
- If you have enabled certificate-based authentication in
the Directory Server, do not map your certificate to a distinguished
name under cn=config or cn=monitor.
(4529535) If you do so, bind attempts fail. Instead, map your
certificate to an entry located elsewhere in the directory information
tree.
- On Windows NT and Windows 2000, a user on the console can
shut down Directory Server. Care should be taken to restrict console
access to computers running Directory Server.
-
To explicitly deny MODRDN rights using ACIs, you must target the relevant entries but omit the targetattr keyword. (4529533) The following example ACI prevents the cn=helpDeskGroup,ou=groups,o=sun.com group from renaming any entries in the set specified by the pattern cn=*, ou=people,o=sun.com:
|
aci: (target="ldap:///cn=*,ou=people,o=sun.com")
(version 3.0; acl "Deny modrdn rights to the helpDeskGroup";
deny(write)
groupdn="ldap:///cn=helpDeskGroup,ou=groups,o=sun.com";)
|
|
- If the account locking mechanism of the password policy is
enabled, once a user is locked out on a read-only replica, the account
cannot be unlocked. (4527608) To work around the issue, use the ldapmodify utility to set the passwordLockoutDuration attribute to 120 (seconds) and the passwordUnlock attribute to on in cn=config.
-
Macro ACIs do not work if the subject is one of the constant types such as all or anyone. (4529529)
-
Account lockout remains in effect even after the user password is
changed. (4527623) To work around this issue, reset the lockout
attributes accountUnlockTime, passwordRetryCount, and retryCountResetTime to unlock the account.
-
When the password policy is enabled, setting the passwordHistory
attribute to a value lower than the number of times a user password has
already been modified may cause the server to crash. (4530739) The
default passwordHistory value is set to 6 when the password policy is enabled. To avoid this issue, do not reduce the value of passwordHistory after enabling the password policy.
Schema
-
The schema provided with iPlanet Directory Server 5.1 differs from that specified in RFC 2256 for the groupOfNames and groupOfUniquenames object classes. In the schema provided, the member and uniquemember
attribute types are optional, while RFC 2256 specifies that at least
one value for these types must be present in the respective object
class.
-
The LDAP RFCs (and X.500 standards) allow for an object class to have
more than one superior. This behavior is not currently supported by
Directory Server.
-
If you add more than 1 000 attributes to a single object class, the server displays configuration errors and fails to start.
-
Note that the aci attribute is now an operational attribute. It is not returned in a search unless you explicitly request it.
Chaining
-
If chaining is configured between a 5.1 multiplexor and a 4.x farm server, add the nsuniqueid attribute to the 4.x farm server schema If the nsuniqueid
attribute is not added to the 4.x Directory Server schema, the 5.1
multiplexor does not find the entry it expects, so chaining fails. To
add the attribute type to the 4.x schema add the following line to the
4.x farm server slapd-user_at.conf file under /usr/netscape/server4/slapd-serverID/config:
|
attribute nsuniqueid nsuniqueid 2.16.840.1.113730.3.1.542 int
single operational
|
|
-
No explicit error message is sent to the user when an attempt to bind
to a farm server during chaining fails because the password policy has
expired. (4529539)
- If the first farm server fails and returns an operations
error when using a failover server for database chaining, retry the
operation to chain successfully. (4529537) Should the first farm server
fail when using a failover server for database chaining, the client
receives an operations error if it tries to read information from the
multiplexor. The multiplexor does not process this operations error
which prevents the next failover farm server from being contacted, and
as a result, chaining fails. However, if you retry the exact same
operation, chaining succeeds.
Replication
- If you change the port number on a supplier server, the changelog database is cleared
and replication will halt. In this case all consumers, hubs and suppliers must be reinitialized
before replication can continue.
- In the iPlanet Directory Server Administrator's Guide the section "Configuring Directory Server 5.1 as a Consumer of a Legacy Directory Server" incorrectly states that you do not need to specify a Supplier DN when configuring the consumer settings (step 7.) This is incorrect. When you configure the consumer settings, you must specify the Supplier DN that the legacy supplier server will use to bind. If you do not, you will not be able to save the consumer configuration.
- Multi-master replication (MMR) is supported in a single data-center
deployment. Master Directory Servers must be connected via a high-speed,
low-latency network, (with minimum connections speeds of 100Mb/second)
to achieve full MMR support. MMR is not supported on a network where the
bandwidth between Master Directory Servers is less then 1Mb/second and
the latency is greater than 10ms, or on a network that might experience
significant packet loss; which is the throughput and conditions
that you might experience over a wide area network.
Support for wide area network (WAN) deployments is slated for a future
release of iPlanet Directory Server.
- When configuring a multi-master replication deployment, the
referential integrity plug-in must be enabled on all masters.
The Deployment and Administrator's Guides erroneously state
that only one of the masters requires this plug-in.
-
Replication
configured over SSL with certificate-based authentication will not work
if the supplier's certificate is a self-signed one or if the supplier's
certificate is only capable of behaving as an SSL server certificate,
that is, unable to play the role of the client during an SSL handshake.
-
If you need to
change a replica role, you must disable replication, change the replica
role, and then enable replication again. (4527621)
-
Local schema modifications may be overwritten when a consumer database is created. (4529530)
Directory Server Console
- Trailing spaces are not preserved during a remote console import
operation. Trailing spaces are preserved during both local console and ldif2db import operations. (4529532)
-
Creating a Directory Server instance using the console creates a server
in a different time zone on HP and IBM AIX. (4529531) To synchronize
the instance for replication, restart the server using the restart-slapd command-line script. For further information concerning restart-slapd, refer to the iPlanet Directory Server Configuration, Command, and File Reference.
-
Users without read access to configuration information cannot see the
directory suffix in the directory browser of the console. (4525360) To
allow such users read access, add it through ACI. Refer to the iPlanet Directory Server Administrator's Guide for instructions.
-
On HP-UX, the JAVA_FONTS environment variable must be correctly set to enable use of Japanese characters in the console. For example:
-
JAVA_FONTS=/opt/asx/lib/X11/fonts/ttfjpn.st/typefaces
-
Adjust the path accordingly for your environment.
-
Hubs cannot be modified through the directory console. (4527619) Modify the appropriate supplier instead.
-
Users and roles cannot be created through the console as inactivated.
(4521017) Inactivate the user or role after you create it instead.
Core Server
-
The slapd process does not automatically start when the system boots. On UNIX systems write an rc script to start the slapd process at boot time.
-
Stopping the server during export, backup, restore, or index creation causes it to crash.
-
On Windows NT and AIX platforms, do not set Memory available for Cache in the Database Settings to a value greater than 1073741824 bytes (1GB).
-
AIX applications have a restrictive memory model. The AIX ns-slapd executable is created with a value of maxdata=0x50000000 to permit both the entry cache size (nsslapd-cachesize attribute) and database cachesize (nsslapd-dbcachesize attribute) to be up to 1GB each. Raising the maxdata
value increases the maximum entry cache size but lowers the maximum
database cache size by the same amount, and vice versa. Contact your
iPlanet support representative if you need to adjust the maxdata value.
-
Initializing the database with a file that is not accessible causes the server to crash. (4523595)
-
A backup performed on a new database immediately after adding and
initializing it cannot be restored. (4531022) To work around this
issue, stop and restart the server after adding and initializing the
database but before performing the backup.
Server Plug-ins
- iPlanet Directory Server 5.1 provides the UID Uniqueness plug-in.
By default the plug-in is not activated. To ensure attribute uniqueness
for specific attributes, create a new instance of the Attribute
Uniqueness plug-in for each attribute. For more information on the
Attribute Uniqueness plug-in, refer to the iPlanet Directory Server Administrator's Guide.
-
The Referential Integrity plug-in is now off
by default. The Referential Integrity plug-in should only be enabled on
one master replica in a multi-master replication environment to avoid
conflict resolution loops. Before enabling the Referential Integrity
plug-in on servers issuing chaining requests, analyze your performance
resource, time and integrity needs. Integrity checks can consume
significant memory and CPU resources.
-
The Access Control Plug-in does not use the value specified by the nsslapd-groupevalnestlevel
attribute to specify the number of levels of nesting access control
performs for group evaluation. Instead, levels of nesting is hard coded
as 5. (4529540)
-
When disk space is filled, the directory server crashes and does not restart. (4527611)
Roles and Class of Service
-
The nsRoleDN
attribute is used to define a role. It should not be used for
evaluating role membership in a user's entry. When evaluating role
membership, look at the nsrole attribute instead.
-
The behavior for negative CoS template priority values is not defined in the server and cosPriority is not supported by Indirect CoS. Do not enter negative values. Note Indirect CoS does not support cosPriority.
Indexing
-
VLV indexes do not work correctly if they encompass more than one database.
Miscellaneous
-
Do not set command path and library path variables for executing
command line utilities and Perl scripts. Instead change to the
directory where they are stored. Although it is possible to set command
path and library path variables to execute the utilities and scripts,
this is not
the recommended procedure because you run the risk, particularly when
you have more than one server version installed, not only of disrupting
the correct execution of other commands utilities and scripts, but also
of compromising the security of the system.
-
Sun Solaris only. The idsktune
utility reports as missing any patches in the Sun recommended patch
list that are not installed on the system, even if those patches relate
to packages you have not installed.
-
Note the LDAP utility manpages on the Sun Solaris platforms do not document the iPlanet version of the LDAP utilities ldapsearch, ldapmodify, ldapdelete and ldapadd.For information regarding these utilities, refer to the iPlanet Directory Server Configuration, Command, and File Reference.
-
On Sun Solaris, you can monitor only one Directory Server instance at a time with SNMP. (4529542)
- You cannot read logs through the Directory Server Console
if the server is not running. Instead, browse the iPlanet Console page
at
-
http://hostname:administration_server_port_number
-
Select the iPlanet Administration Express link, and then login as admin.
-
For security reasons, many command line scripts written in Perl can now read the bind password interactively (-w - option). This functionality requires the Term::ReadKey Perl module, available separately. You can download this module from:
-
http://www.perl.com/CPAN/CPAN.html
-
All other script functionality remains available without this module. After installing the Term::ReadKey
Perl module, enable the Perl scripts to read the bind password
interactively by editing each script, uncommenting the appropriate
lines.
-
Some of the script and command-line usage information is not up to date.
- Unsynchronized server configuration information can cause
restores to fail. Immediately after changing the configuration, back up
all files under configuration directory, install-dir/slapd-serverid/config, including the dse.ldif file.
-
Changing the maximum size of the transaction log file has no effect if
log files already exist in the database directory. (4523783) Instead,
stop the server, modify nsslapd-db-logfile-size in dse.ldif manually, remove all log.* files from the database directory, and then restart the server.
-
The iPlanet Directory Server Adminstrator's Guide incorrectly suggests stopping the directory server before running ldapmodify to change the transaction log directory. (4525267) Instead, stop the server, modify nsslapd-db-logdirectory in dse.ldif manually, and then restart the server.
-
The server does not support LDAP search requests containing a filter that references virtual attributes. (4527614)
-
bak2db can restore a database only to the default location. (4522793) Create the database remotely and add it with ldapmodify.
-
To create a database remotely, create an LDIF file:
|
dn: cn=databasename,cn=ldbm database,cn=plugins,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
cn: databasename
nsslapd-suffix: o=databasename
nsslapd-directory: /path/to/databasename
dn: cn="o=databasename",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
cn: "o=databasename"
nsslapd-state: backend
nsslapd-backend: databasename
|
|
-
Next, use the ldapmodify utility to add the database:
-
ldapmodify -D "cn=Directory Manager" -w password -f /path/to/databasename
-
To move an existing database to another file system location, dump the database to LDIF format using the db2ldif utility, follow the instructions provided in the iPlanet Directory Server Administrator's Guide to delete the database, create the database at the new location, and then use the ldif2db utility to restore the database you dumped to LDIF format.
-
After the database has been relocated, backups made from the old locations with the db2bak utility are no longer valid. Attempts to restore them may render the server unusable.
Accessing Online Help and Online Documentation
-
The online documentation files are installed with your Directory Server and can be found with your browser.
-
If you are working on under Windows NT or have installed iPlanet Directory Server 5.1 in a different location than /usr/iplanet/servers, adapt the following URLs accordingly.
-
Documentation Home Page:
-
file:///usr/iplanet/servers/manual/en/slapd/dochome.htm
-
iPlanet Directory Server Installation Guide:
-
file:///usr/iplanet/servers/manual/en/slapd/install/contents.htm
-
iPlanet Directory Server Deployment Guide :
-
file:///usr/iplanet/servers/manual/en/slapd/deploy/contents.htm
-
iPlanet Directory Server Administrator's Guide:
-
file:///usr/iplanet/servers/manual/en/slapd/ag/contents.htm
-
iPlanet Directory Server Configuration, Command, and File Reference:
-
file:///usr/iplanet/servers/manual/en/slapd/cli/contents.htm
-
iPlanet Directory Server Schema Reference:
-
file:///usr/iplanet/servers/manual/en/slapd/schema/contents.htm
How to Report Problems
For general information on iPlanet Directory Server 5.1, you can refer to:
-
http://www.iplanet.com/directory
iPlanet Support maintains the online Knowledge Base containing
technical articles and technotes about common iPlanet product issues.
This repository is available at:
-
http://www.iplanet.com/support/knowledge_base_10_1.html
If you have any questions or issues to raise regarding iPlanet Directory Server 5.1, subscribe to the following newsgroup:
-
iplanet.server.directory
If you experience issues with iPlanet Directory Server 5.1, refer to iPlanet Technical Support:
-
http://www.iplanet.com/support/support_services_10_0.html
For More Information
Useful iPlanet information can be found at the following Internet locations:
===================================================================
Copyright (c) 1989 The Regents of the University of California.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
- All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by the University of California,
Berkeley and its contributors.
- Neither the name of the University nor the names of its contributors may
be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSEARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
========================================================================
Copyright (C) 1987, 1988 Student Information Processing Board of the
Massachusetts Institute of Technology.
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted, provided
that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting documentation,
and that the names of M.I.T. and the M.I.T. S.I.P.B. not be used in advertising
or publicity pertaining to distribution of the software without specific,
written prior permission. M.I.T. and the M.I.T. S.I.P.B. make no
representations about the suitability of this software for any purpose.
It is provided "as is" without express or implied warranty.
========================================================================
This product contains the following software derived from RSA Data
Security, Inc.
- MD5 Message-Digest Algorithm
========================================================================
The source code to the Standard Version of Perl can be obtained from CPAN
sites, including http://www.perl.com/.
========================================================================
This product incorporates compression code by the Info-ZIP group. There are
no extra charges or costs due to the use of this code; the original compression
sources are freely available from:
ftp://ftp.cdrom.com/pub/infozip/
|
|