Previous Next Contents Index


Chapter 10 Managing Your Directory Server

This chapter describes basic directory server management. Specifically, this chapter describes:


Viewing and Configuring Log Files
The Netscape Directory Server provides three types of logs to help you better manage your server and tune performance. These logs include:

Access Log

The access log contains detailed information about client connections to the directory.

Viewing the Access Log

To view the access log for the directory server:

  1. On the Directory Server Console, select the Status tab and then select the Logs icon in the navigation tree in the left pane.

  2. Select the Access Log tab in the right pane.

    3. This tab displays the last 25 entries in the access log by default.

  3. To refresh the current display, click Refresh. Select the Continuous checkbox if you want the display to refresh automatically every ten seconds.

  4. To view an archived access log, select it in the Select Log pull-down menu.

  5. To display a different number of messages, enter the number you want to view in the Lines to show text box and then click Refresh.

  6. You can tell the server to only display messages containing a string you specify. To do this, enter the string in the Show only lines containing text box and then click Refresh.
Configuring the Access Log

You can configure a number of settings to customize the access log, including where the server stores the access log and the creation and deletion policies. You can also disable access logging for the server. You may want to do this because the access log can grow very quickly, (every 2,000 accesses to your server will grow your access log by approximately 1 MB). However, before you turn off access logging, consider that the access log provides beneficial troubleshooting information. To configure the access log for your server:

  1. On the Directory Server Console, select the Configuration tab and then select the Logs icon in the navigation tree.

  2. Select the Access Log tab in the right pane.

  3. To enable access logging, select the Enable Logging checkbox.

    4. Clear this checkbox if you do not want the server to maintain an access log.

    You can also disable access logging manually by changing the accesslog-logging-enabled parameter in the slapd.conf file as follows:

    accesslog-logging-enabled off

    For information on changing server parameters from slapd.conf, see "Changing Parameter Values Using slapd.conf".

  4. Enter the full path and filename you want the server to use for the access log in the text box provided. The default is:

    5. <NSHOME>/slapd-<serverID>/logs/access

  5. If you want the server to periodically archive the current access log and start a new one, define the log file creation policy as follows:

  6. If you want the server to automatically delete old archived access logs, define the log file deletion policy as follows:

  7. When you are finished making changes, click Save.
Error Log

The error log contains detailed messages of errors and events the server experiences during normal operations.

Viewing the Error Log

To view the error log for the directory server:

  1. On the Directory Server Console, select the Status tab and then select the Logs icon in the navigation tree.

  2. Select the Error Log tab in the right pane.

    3. This tab displays the last 25 entries in the error log by default.

  3. To refresh the current display, click Refresh. Select the Continuous checkbox if you want the display to refresh automatically every ten seconds.

  4. To view an archived error log, select it in the Select Log pull-down menu.

  5. To specify a different number of messages, enter the number you want to view in the Lines to show text box and click Refresh.

  6. You can tell the server to only display messages containing a string you specify. To do this, enter the string in the Show only lines containing text box and click Refresh.
Configuring the Error Log

You can change several settings for the error log, including where the server stores the log and what you want the server to include in the log. To configure the error log, complete the following:

  1. On the Directory Server Console, select the Configuration tab and then select the Logs icon in the navigation tree.

  2. Select the Error Log tab in the right pane.

  3. To enable error logging, select the Enable Logging checkbox.

    4. Clear this checkbox if you do not want the server to maintain an error log.

    You can also disable error logging manually by changing the errorlog-logging-enabled parameter in the slapd.conf file as follows:

    errorlog-logging-enabled off

    For information on changing server parameters from slapd.conf, see "Changing Parameter Values Using slapd.conf".

  4. Enter the full path and filename you want the server to use for the error log in the text box provided. The default is:

    5. <NSHOME>/slapd-<serverID>/logs/error

  5. If you want the server to periodically archive the current error log and start a new one, define the log file creation policy as follows:

  6. If you want the server to automatically delete old archived error logs, define the log file deletion policy as follows:

  7. If you want to set the log level, Ctrl+click the options you want the server to include in the Log Level list box. For more information about log level options, see "Log Level".

    8. Changing these values from the defaults may cause your error log to grow very rapidly, so it is recommended that you do not change your logging level unless you are asked to by Netscape Customer Support.

  8. When you are finished making changes, click Save.
Audit Log

The audit log contains detailed information about changes made to each database as well as to server configuration.

Viewing the Audit Log

Before you can view the audit log, you must enable audit logging for the server. See "Configuring the Audit Log" for information. To view the audit log for the directory server, complete the following:

  1. On the Directory Server Console, select the Status tab and then select the Logs icon in the navigation tree.

  2. Select the Audit Log tab in the right pane.

    3. This tab displays the last 25 entries in the audit log by default.

  3. To refresh the current display, click Refresh. Select the Continuous checkbox if you want the display to refresh automatically every ten seconds.

  4. To view an archived audit log, select it in the Select Log pull-down menu.

  5. To display a different number of messages, enter the number you want to view in the Lines to show text box and click Refresh.

  6. You can tell the server to only display messages containing a string you specify. To do this, enter the string in the Show only lines containing text box and click Refresh.
Configuring the Audit Log

You can use the Directory Server Console to enable and disable audit logging and to specify where the audit log file is stored. To configure audit logging, complete the following:

  1. On the Directory Server Console, select the Configuration tab and then select the Logs icon in the navigation tree.

  2. Select the Audit Log tab in the right pane.

  3. To enable audit logging, select the Enable Logging checkbox.

    4. To disable audit logging, clear the checkbox. By default, audit logging is disabled.

    You can also disable audit logging manually by changing the auditlog-logging-enabled parameter in the slapd.conf file as follows:

    auditlog-logging-enabled off

    For information on changing server parameters from slapd.conf, see "Changing Parameter Values Using slapd.conf".

  4. Enter the full path and filename you want the server to use for the audit log in the text box provided. The default is:

    5. <NSHOME>/slapd-<serverID>/logs/audit

  5. If you want the server to periodically archive the current audit log and start a new one, define the log file creation policy as follows:

  6. If you want the server to automatically delete old archived audit logs, define the log file deletion policy as follows:

  7. When you are finished making changes, click Save.

Manual Log File Rotation
The directory server supports automatic log file rotation for all three logs. However, you can manually rotate log files if you have not set automatic log file creation or deletion policies. By default, access, error, and audit log files can be found in the following location:

<NSHOME>/slapd-<serverID>/logs/

To manually rotate log files, do the following:

  1. Shut down the server. See  "Starting and Stopping the Directory Server" for more information.

  2. Move or rename the log file you are rotating. You might want to keep the old log file for future reference.

  3. Restart the server.

Monitoring Server Activity
You can monitor your directory server's current activities from either the server console or the command line. For information on how to monitor your server's activity from the command line, refer to "Monitoring Your Server From the Command Line".

Monitoring Your Server From the Server Console

To monitor your server's activities through the server console:

  1. On the Directory Server Console, select the Status tab and click Performance Counters in the navigation tree in the left pane.

    2. The Server tab in the right pane displays current information about server activity. If the server is currently not running, this tab will not provide performance monitoring information.

  2. Click Refresh to refresh the currently displayed information. If you want the server to continuously update the displayed information, select the Continuous checkbox.
The server provides server monitoring information as described in the following sections:

General Information (Server)

The server provides the following general information:

Resource Summary

The Resource Summary table provides the resource-specific information described in Table  10.1.

Table 10.1 Server Performance Monitoring - Resource Summary table  

Resource
Usage since startup
Average per minute
Connections
Total number of connections to this server since server startup.
Average number of connections per minute since server startup.
Operations Initiated
Total number of operations initiated since server startup. Operations include any client requests for server action, such as searches, adds, and modifies in the directory tree. It is likely that multiple operations will be initiated for each connection.
Average number of operations per minute since server startup.
Operations Completed
Total number of operations completed by the server since server startup.
Average number of operations per minute since server startup.
Entries sent to clients
Total number of entries sent to clients since server startup. Entries are sent to clients as the result of search requests.
Average number of entries sent to clients per minute since server startup.
Bytes sent to clients
Total number of bytes sent to clients since server startup.
Average number of bytes sent to clients per minute since server startup.

Current Resource Usage

The Resource Summary table provides the resource-specific information described in Table  10.2.

Table 10.2 Server Performance Monitoring - Current Resource Usage table  

Resource
Current total
Active Threads
Current number of active threads used for handling requests. Additional threads may also be created by internal server tasks, such as replication.
Open Connections
Total number of open connections. Each connection can account for multiple operations, and therefore multiple threads.
Remaining available connections
Total number of remaining connections that the server can concurrently open. This number is based on the number of currently open connections, and the total number of concurrent connections that the server is allowed to open. In most cases, the latter value is determined by the operating system, and is expressed as the number of file descriptors available to a task. On Windows NT and IBM AIX, the number is generated by the operating system, but is not based on file descriptors. Refer to your operating system documentation for more information.
Threads waiting to write to client
Total number of threads waiting to write to the client. This happens anytime the server must pause while sending data to a client. Reasons for this may include a slow network or client, or an extremely large amount of information being sent to the client.
Threads waiting to read from client
Total number of threads waiting to read from the client. This happens if the server starts to receive a request from the client and then the transmission of that request is halted for some reason. Generally, threads waiting to read are an indication of a slow network or client.
Thread Concurrency
Meaningful on Solaris 2.x only. Provides an indication of the level of thread concurrency.
Databases in use
Total number of databases being serviced by the server. Currently, this value is always 1.

Connection Status

The Connection Status table provides information on the amount of resources in use by each currently open connection as described in Table  10.3.

Table 10.3 Server Performance Monitoring - Connection Status table  

Table Header
Description
Time opened
Indicates the time on the server when the connection was initially opened.
Started
Indicates the number of operations initiated by this connection.
Completed
Indicates the number of operations completed by the server for this connection.
Bound as
Indicates the distinguished name used by the client to connect to the server. If the client has not authenticated to the server, the server displays not bound in this field.
Read/Write
Indicates whether the server is currently blocked for read or write access to the client. Possible values include:

Monitoring Your Server From the Command Line

You can monitor your directory server's current activities from any LDAP client by performing a search against:

objectClass=*

and a search base of:

cn=monitor

and a scope of:

base

For example:

ldapsearch -h directory.airius.com -s base
-b "cn=monitor" "(objectclass=*)"

For information on searching the directory server, see "Using ldapsearch".

When you monitor your server's activities in this way, you see the following information:

version:

Identifies the directory server's current version number.

threads:

Current number of active threads used for handling requests. Additional threads may also be created by internal server tasks, such as replication, or writing to logs.

connection: <fd>:<opentime>:<opsinitiated>:<opscompleted>:<binddn>:[rw]

Provides the following summary information for each open connection (only available if you bind to the directory as the Root DN):

Identifies the number of connections currently in service by the directory server.

totalconnections:

Identifies the number of connections handled by the directory server since it started.

dtablesize:

Shows the number of file descriptors available to the directory server. Each connection requires one file descriptor; one for every open index, one for log file management, and one for ns-slapd itself. Essentially, this value lets you know about how many more concurrent connections can be serviced by the directory server.

For more information on file descriptors, refer to your operating system documentation.

writewaiters:

Identifies the number of threads waiting to write data to a client.

readwaiters:

Identifies the number of threads waiting to read data from a client.

opsinitiated:

Identifies the number of operations the server has initiated since it started.

opscompleted:

Identifies the number of operations the server has completed since it started.

entriessent:

Identifies the number of entries sent to clients since the server started.

bytessent:

Identifies the number of bytes sent to clients since the server started.

currentime:

Identifies the time when this snapshot of the server was taken. The time is displayed in Greenwich mean time (GMT) in UTC format.

starttime:

Identifies the time when the server started. The time is displayed in Greenwich mean time (GMT) in UTC format.

nbackends:

Identifies the number of back ends (databases) the server services. Currently this value is always one.

concurrency:

Solaris 2.x only. Indicates the current level of thread concurrency.


Monitoring Database Activity
You can monitor your database's current activities from the server console or from the command line. For information on how to monitor your database's activities from the command line, refer to "Monitoring the Database From the Command-Line".

Monitoring Database Activity From the Server Console

To monitor your database's activities through the server console:

  1. On the Directory Server Console, select the Status tab.

  2. Select Performance Counters in the navigation tree in the left pane and then select the Database tab in the right pane.

    3. The Database tab displays current information about database activity. If the server is currently not running, this tab will not provide performance monitoring information.

  3. Click Refresh to refresh the currently displayed information. If you want the server to continuously update the displayed information, select the Continuous checkbox and then click Refresh.
The server provides database monitoring information as described in the following sections:

General Information (Database)

The server provides the following general database information:

Summary Information Table

The Summary Information table provides information as described in Table  10.4.

Table 10.4 Database Performance Monitoring - Summary Information table  

Performance Metric
Current Total
Readonly status
Indicates whether the database is currently in read-only mode. Your database is in read-only mode when your readonly slapd.conf parameter is set to on.
Entry cache hits
Indicates the total number of successful entry cache lookups. That is, the total number of times the server could process a search request by obtaining data from the cache rather than by going to disk.
Entry cache tries
Indicates the total number of entry cache lookups since the directory server was last started. That is, the total number of search operations performed against your server since server startup.
Entry cache hit Ratio
Ratio that indicates the number of entry cache tries to successful entry cache lookups. This number is based on the total lookups and hits since the server was last started. The closer this value is to 100% the better. Whenever a search operation attempts to find an entry that is not resident in the entry cache, the directory server has to perform a disk access to obtain the entry. Thus, as this ratio drops towards zero, the number of disk accesses increases and directory server search performance drops.

To improve this ratio, you can increase the number of entries that the directory server maintains in the entry cache by increasing the value on the Maximum Entries in Cache parameter in slapd.ldbm.conf. See "Tuning Database Performance" for information on changing this value using the server console. The maximum value that you can set on this parameter depends on the amount of real memory on your machine as well as the value set for the Maximum Cache Size parameter. That is,
(Maximum Entries in Cache + Maximum Cache Size) x average entry size
should never be greater than the amount of available memory on your machine.

Use caution when changing either of these two parameters. Your ability to improve server performance with these parameters depends on the size of your database, the amount of physical memory available on your machine, and whether directory searches are random. If your database will not fit into memory, and if searches are random (that is, if your directory clients are searching for random and widely scattered directory data), attempting to increase the values set on these parameters will not help directory performance, and may in fact harm overall performance.
Current number of entries in entry cache
Indicates the total number of directory entries currently resident in the entry cache.
Maximum number of entries in entry cache
Indicates the maximum number of directory entries that are allowed to be maintained in the entry cache. This value is managed by the Maximum Entries in Cache parameter in slapd.ldbm.conf. See "Tuning Database Performance" for information on changing this value using the server console.

Database Cache Information Table

The Database Cache Information table provides the caching information as described in Table  10.5.

Table 10.5 Database Performance Monitoring - Database Cache Information table  

Performance Metric
Current Total
Hits
Indicates the number of times the database cache successfully supplied a requested page.
Tries
Indicates the number of times the database cache was asked for a page.
Hit ratio
Indicates the ratio of database cache hits to database cache tries. The closer this value is to 100%, the better. Whenever a directory operation attempts to find a portion of the database that is not resident in the database cache, the directory server has to perform a disk access to obtain the appropriate database page. Thus, as this ratio drops towards zero, the number of disk accesses increases and directory server performance drops.

To improve this ratio, you can increase the amount of data that the directory server maintains in the database cache by increasing the value on the Maximum Cache Size parameter in slapd.ldbm.conf. See "Tuning Database Performance" for information on changing this value using the server console. The maximum value that you can set on this parameter depends on the amount of real memory on your machine as well as the value set for the Maximum Entries in Cache parameter. That is,
(Maximum Entries in Cache + Maximum Cache Size) x average entry size
should never be greater than the amount of available memory on your machine.

Use caution when changing either of these two parameters. Your ability to improve server performance with these parameters depends on the size of your database, the amount of physical memory available on your machine, and whether directory searches are random. If your database will not fit into memory, and if searches are random (that is, if your directory clients are searching for random and widely scattered directory data), attempting to increase the values set on these parameters will not help directory performance, and may in fact harm overall performance.
Pages read in
Indicates the number of pages read from disk into the database cache.
Pages written out
Indicates the number of pages written from the cache back to disk. A database page is written out to disk whenever a read-write page has been modified and then subsequently evicted from the cache. Pages are evicted from the database cache when the cache is full and a directory operation requires a database page that is not currently stored in cache.
Read-only page evicts
Indicates the number of read-only pages discarded from the cache to make room for new pages.
Read-write page evicts
Indicates the number of read-write pages discarded from the cache to make room for new pages. This value differs from Pages Written Out in that these are discarded read-write pages that have not been modified.

Database File-Specific Table

The server displays a table for each index file that makes up your database. Each of the tables provides the information described in Table  10.6.

Table 10.6 Database Performance Monitoring - Database File-Specific table  

Performance Metric
Current Total
Cache hits
Number of times that a search result resulted in a cache hit on this specific file. That is, a search that required data from this file was performed and the required data was successfully obtained from the cache.
Cache misses
Number of times that a search result failed to result in a cache hit on this specific file. That is, a search that required data from this file was performed and the required data could not be found in the cache.
Pages read in
Indicates the number of pages brought to the cache from this file.
Pages written out
Indicates the number of pages for this file written from cache to disk.

Monitoring the Database From the Command-Line

You can monitor your directory server's database activities from any LDAP client by performing a search against

objectClass=*

and a search base of:

cn=monitor,cn=ldbm

and a scope of

base

For example:

ldapsearch -h directory.airius.com -s base
-b "cn=monitor,cn=ldbm" (objectclass=*)

For information on searching the directory server, see "Using ldapsearch".

When you monitor your server's activities in this way, you see the following information:

database

Identifies the type of database you are currently monitoring.

readonly

Indicates whether the database is in read-only mode. 0 indicates that the server is not in read-only mode, 1 indicates that it is in read-only mode.

entrycachehits

Provides the same information as described in "Entry cache hits" in Table  10.4.

entrycachetries

Provides the same information as described in "Entry cache tries" in Table  10.4.

entrycachehitratio

Provides the same information as described in "Entry cache hit Ratio" in Table  10.4.

currententrycachesize

Provides the same information as described in "Current number of entries in entry cache" in Table  10.4.

maxentrycachesize

Provides the same information as described in "Maximum number of entries in entry cache" in Table  10.4.

dbchehits

Provides the same information as described in "Hits" in Table  10.5.

dbcachetries

Provides the same information as described in "Tries" in Table  10.5.

dbcachehitratio

Provides the same information as described in "Hit ratio" in Table  10.5.

dbcachepagein

Provides the same information as described in "Pages read in" in Table  10.5.

dbcachepageout

Provides the same information as described in "Pages written out" in Table  10.5.

dbcacheroevict

Provides the same information as described in "Read-only page evicts" in Table  10.5.

dbcacherwevict

Provides the same information as described in "Read-write page evicts" in Table  10.5.

Next the following information for each file that makes up your database is displayed:

dbfilename-<number>

Indicates the name of the file. <number> provides a sequential integer identifier (starting at 0) for the file. All associated statistics for the file are given this same numerical identifier.

dbfilecachehit-<number>

Provides the same information as described in "Cache hits" in Table  10.6.

dbfilecachemiss-<number>

Provides the same information as described in "Cache misses" in Table  10.6.

dbfilepagein-<number>

Provides the same information as described in "Pages read in" in Table  10.6.

dbfilepageout-<number>

Provides the same information as described in "Pages written out" in Table  10.6.


Managing the Root DN
The Root DN is the privileged database user; that is, access control does not apply to this user. You initially defined the Root DN during installation. The default is cn=Directory Manager.

The password for this user is defined in the Root Password parameter in slapd.conf.

To set your root DN and password and the encryption scheme used for this password:

  1. On the Directory Server Console, select the Configuration tab and then select the root entry in the navigation tree in the left pane.

  2. Select the Manager tab in the right pane.

  3. Enter the new distinguished name for the Root DN in the text box provided.

  4. From the "Manager Password Encryption" pull-down menu, select the storage scheme you want the server to use to store the Root DN password.

  5. Click Save.

Tuning Performance
There are several parameters available to you that allow you to manage performance. These parameters are described in the following sections:

Tuning Server Performance

The server parameters let you manage your server's performance by limiting the amount of resources the server puts into client search requests. LDAP clients can cause the server to actually use smaller values for Size Limit and Time Limit. To configure the server parameters to optimize performance:

  1. On the Directory Server Console, select the Configuration tab and then select the root entry in the navigation tree in the left pane.

    2. The server-wide configuration tabs appear in the right pane.

  2. Select the Performance tab in the right pane.

    3. The current server performance settings appear.

  3. Set the maximum number of entries the server will return to the client in response to a search operation by entering a new value in the "Size Limit" text box.

    4. If you do not want to set a limit, type -1 in this text box.

  4. Enter the maximum amount of real time (in seconds) you want the server to spend performing a search request in the "Time Limit" text box.

    5. If you do not want to set a limit, type zero (0) in this text box.

  5. Enter the time (in seconds) you want the server to maintain an idle connection before terminating it, in the "Idle Timeout" text box.

    6. If you do not want to set a limit, type zero (0) in this text box.

  6. Set the maximum number of file descriptors available to the directory server in the Max Number of File Descriptors text box.

    7. This option is not available for Windows NT or IBM AIX. For more information on this parameter, see "Maximum File Descriptors".

For a better understanding of how these parameters impact your server's searching performance, refer to "The Searching Algorithm".

Tuning Database Performance

The database parameters influence server performance primarily on searches by defining the amount of memory available to the server. To configure the database parameters to optimize performance:

  1. On the Directory Server Console, select the Configuration tab and then select Database in the left pane.

    2. This displays the Database tabs in the right pane.

  2. Select the Performance tab in the right pane.

    3. The current database performance settings appear.

  3. Enter the number of entries you want the server to keep in memory in the "Maximum Entries in Cache" text box.

  4. Enter the amount of memory you want to make available for open index files in the "Maximum Cache Size" text box.

    5. Indexes and index files are described in Chapter  7, "Managing Indexes." For more information on this parameter, see "Maximum Cache Size".

    If you are creating a very large database from LDIF, set this parameter as large as possible. The larger this parameter, the faster your database will be created. As a rule, determine how much free memory you have on your system, divide that number by two, reduce this number by about 1 MB, and set that number on this parameter. For example, if you have 50 MB of free memory on your system, divide by 2 (25 MB) and reduce by 1 MB (24 MB). Set your Maximum cache size in bytes parameter to 24 MB.

    When you are done creating your database, be sure to set this parameter back to some lower value before you run your server in a production environment.

  5. Enter the maximum number of entries you want the server to check in response to a search request in the "Look Through Limit" text box.

    6. If you do not want to set a limit, type -1 in this text box. If you bind to the directory as the Root DN, unlimited is set by default and overrides any settings you specify here.


Managing Network and LDAP Settings
You can view and change the parameters relevant to the server's network and LDAP settings through the Directory Server Console. This section provides information on:

For information on schema checking, see Chapter  3, "Extending the Directory Schema."

Changing Directory Server Port Numbers

You can modify the port or secure port number of your user directory server using the directory server console or by changing the value in slapd.conf. See "Port Number" for more information.

If you want to modify the port or secure port for a Netscape Directory Server that contains the Netscape configuration information (o=NetscapeRoot subtree), you may do so through the Directory Server Console, or by changing the value in both slapd.conf and in the corresponding SIE in the configuration directory.

If you change the configuration directory or user directory port or secure port numbers, you should be aware of the following repercussions:

To modify the port or secure port on which either a user or a configuration directory listens for incoming requests:

  1. On the Directory Server Console, select the Configuration tab and then select the root entry in the navigation tree in the left pane.

  2. Select the Settings tab in the right pane.

  3. Enter the port number you want the server to use for non-SSL communications in the "Port" text box.

  4. Enter the port number you want the server to use for SSL communications in the Encrypted Port text box.

    5. The encrypted port number that you specify must not be the same port number as you are using for normal LDAP communications.

  5. Click Save and then restart the server. See  "Starting and Stopping the Directory Server" for more information.
Enabling the Directory Server to use the NT Synchronization Service

The NT Synchronization Service causes the directory server to start verifying changes made to NT user and group information, and to transmit changes made to NT user and group information to the NT Primary Domain Controller (PDC). Also, the NT Synchronization Service propogates changes made to user and group information from the PDC to the directory server. For information on how directory server to PDC synchronization occurs, see "How Synchronization Occurs". For more information about using the NT Synchronization Service, see Chapter  15, "NT Directory Synchronization."

To enable the Directory Server to use the NT Synchronization Service:

  1. On the Directory Server Console, select the Configuration tab and then select the root entry in the navigation tree in the left pane.

  2. Select the Settings tab in the right pane.

  3. Select the "Enable NT Synchronization Service" checkbox.

  4. Select the "Use SSL in NT Synchronization Service" checkbox if you want to configure the Directory Server and the synchronization service to use SSL during communications.

  5. Specify a Synchronization Port Number. The NT Synchronization Service negotiates changes initiated from the directory server using this port.

  6. Click Save and then restart the server. See  "Starting and Stopping the Directory Server" for more information.
Placing the Entire Directory Server in Read-only Mode

If you maintain more than one database with your directory server and you need to place all your databases in read-only mode, you can place each database in read-only mode individually, or you can place them all in read-only mode at the same time using this option:

  1. On the Directory Server Console, select the Configuration tab and then select the root entry in the navigation tree in the left pane.

  2. Select the Settings tab in the right pane.

  3. Select the "Make entire server read-only" checkbox.

  4. Click Save and then restart the server.
Tracking Modifications to Directory Entries

You can configure the server to maintain special attributes for newly created or modified entries. If you are using your directory server with the NT Synchronization Service, then you must select this option. By default, the track modifications option is enabled.

  1. On the Directory Server Console, select the Configuration tab and then select the root entry in the navigation tree in the left pane.

  2. Select the Settings tab in the right pane.

  3. Select the "Track Entry Modification Times" checkbox.

    4. The server adds the following attributes to a newly created or modified entry:

  4. Click Save and then restart the server. See  "Starting and Stopping the Directory Server" for more information.
 

© Copyright 1999 Netscape Communications Corporation, a subsidiary of America Online, Inc. All Rights Reserved.