|
Symbols |
#, in slapd.conf 389
-, in change operation 245
::, in LDIF statements 44
\, in parameter values 389
"", in ldapmodify commands 234
'', in ldapsearch 206
|
A |
access control
ACI attribute 94
ACI language syntax 131
allowing or denying access 98
anonymous access 101, 115
bind rules 99
access at specific time or day 104
access based on attribute value 103
access based on authentication method 104
access from a specific location 104
Boolean 105
general access 101
user and group access 100
change log and 328
defining
with LDIF files 131-152
with Server Console 106-130
dynamic targets 102
overview 93
password protection and 165
permissions 97
rights 98
target DN containing comma and 133, 152
targeting 95
attributes 96
entries 95
using LDAP search filters 96
using LDIF 132
access log 256
configuring 256
manually disabling 257
manually rotating 263
turning off 256
turning on 256
viewing 256
access log parameter
description and syntax 396
viewing and changing 256
access-control information (ACI) instruction, See ACI instruction
access-control list (ACL)
glossary entry 533
overview 94
accesscontrol parameter 413
accessloglevel parameter 403
accesslog-logexpirationtime parameter 398
accesslog-logexpirationtimeunit parameter 398
accesslog-logging-enabled parameter 397
accesslog-logrotationtime parameter 401
accesslog-logrotationtimeunit parameter 402
accesslog-maxlogdiskspace parameter 399
accesslog-maxlogsize parameter 399
accesslog-maxNumOfLogsPerDir parameter 400
accesslog-minfreediskspace parameter 401
account lockout 166, 167, 403
disabling 166
enabling 166
lockout duration 166, 168, 427
maximum password failures 433
modifying preferences 166
parameters 167
password failure counter 166, 168, 446
policy 159-168
modifying 166
parameters 167
setting up 166
scheme
overview 166
setting preferences for 166
unlocking account 456
account lockout parameter 403
account lockout scheme parameter
configuring 166
ACI
creating
using LDIF 131
using Server Console 106
deleting 113
editing 113
ACI attribute
default index for 178
overview 94
ACI instruction
bind rules 99
name 131
password protection and 165
permissions 97
target DN containing comma and 133, 152
targets 95
ACI language syntax 131-145
proxied authorization and 153
ACL, See access-control list
aclupg utility, location of 34
ACR
deleting 113
Add rights 99
Administration Server
functions of 27
master agents and 376
agents
master agent 376
Unix 376
Windows NT 376
subagent 376
configuring 385
enabling 385
starting and stopping on Unix 385
AIX SNMP daemon 384
algorithms
consumer-initiated replication 344-345
metaphone phonetic algorithm 172
searching 170-171
supplier-initiated replication 342-344
alias dereferencing 210
allidsthreshold parameter 459
allowed attributes
creating 59
deleting 59, 61
editing in object class 60
allowing access 98
using LDIF 136
anonymous access
change log restrictions on 328
defining 147
LDIF example 147
overview 101
Server Console example 115
approximate index
CPU cycles and 177
overview 172
query string codes 172
when to use 177
approximate search 203
attribute list, glossary entry 533
attribute parameter 403
attribute to be indexed parameter 177, 460
attribute type field (LDIF) 43
attribute value field (LDIF) 43
attribute values
access based on 103
adding 250
deleting 252
modifying 251
replacing 250
syntax 64, 65
attributes
ACI 94
adding 250
creating 59
defining 63
deleting
multiple 250
using LDIF update statements 252
deleting from object class 59, 60, 61
for integrity updates 89
glossary entry 533
indexing existing 186
multi-valued 64, 65
ntGroupCreateNewAccount attribute 360
ntGroupDomainId 360
ntUserCreateNewAccount 360
ntUserDomainId 359
OID 64
searching for 202
standard 55, 62
syntax 64, 65
targeting 96
user-defined 62
values
adding 250
deleting 252
modifying 251
replacing 250
viewing 62
audit log
configuring 262
disabling 262
enabling 262
manually disabling 262
viewing 261
audit log parameter
description and syntax 404
viewing and changing 261
auditlog-logexpirationtime parameter 405
auditlog-logexpirationtimeunit parameter 406
auditlog-logging-enabled parameter 405
auditlog-logrotationtime parameter 409
auditlog-logrotationtimeunit parameter 410
auditlog-maxlogdiskspace parameter 406
auditlog-maxlogsize parameter 407
auditlog-maxNumOfLogsPerDir parameter 408
auditlog-minfreediskspace parameter 409
authentication 299, 310
access control and 104
certificate-based 303
glossary entry 533
LDAP URLs and 475
authentication certificates glossary entry 533
authmethod keyword 144
|
B |
backing up the database 78, 79
backslash, in parameter values 389
base 64 encoding 44
base DN, ldapsearch and 214
binary data, LDIF and 44
bind failures, account lockout and 168
bind rules
access at specific time or day 104
LDIF example 151
Server Manager example 123
access based on attribute value
example 140
overview 103
access based on authentication method 104
LDIF example 145
Server Manager example 126
access from a specific location 104
LDIF example 151
Server Manager example 124
ACI language syntax 132
anonymous access 101
LDIF example 139
Server Console example 115
Boolean
example 145
overview 105
general access
example 139
overview 101
group access 103
LDIF example 140
Server Console example 119
LDAP URLs 102
LDIF keywords for 137
overview 99
syntax 100
user access 102
LDIF example 138
parent 102
self 103
Server Console example 117
Bind to Server field 29
bindDN
directory tree access and 29
glossary entry 533
Boolean bind rules
example 145
overview 105
Boolean operators, in search filters 204
browser glossary entry 534
|
C |
cache
specifying maximum entries 281, 468
specifying size in bytes 467
cache hit ratio 273
certificate
mapping to a DN 304
password 32
Certificate and Key Directory parameter 410
certificate database
password 303
certificate-based authentication 303
replication and 303
certification authority glossary entry 534
CGI glossary entry 534
change log
access control and 328
configuring for CIR 327
configuring for SIR 321
consumer access to 328
expiration of entries 82
referential integrity and 85, 87
synchronization and 343, 345
change operations 245
add 250
delete 250
replace 250
changelog DB directory parameter 411
changelog DB suffix parameter 412
changetypes
add 246
delete 253
modify 249
character type 478
check password syntax parameter 412
checking password syntax 164
checking the database schema 56
checkpoint interval 461
ciphers
described 301
list of 301, 417
selecting 301
ciphertext glossary entry 534
CIR
glossary entry 534
managing 326-333
CIR agreements
editing 331
connection type 331
consumer 331
description 331
name 331
replicated content 331
schedule 331
client
glossary entry 534
using to find entries 199
client authentication, replication and 325, 332
code page 477
collation order
overview 478
search filters and 216
command line
monitoring database from 276
monitoring server from 268
providing input from 234
command-line scripts 35
bak2db 36, 81
db2bak 36, 79
db2ldif 36
finding 35
getpwenc 36
ldif2db 36
monitor 36
restart-slapd 37
start-slapd 37
stop-slapd 37
vlvindex 37
command-line utilities
certificate-based authentication and 303
db2index 186
db2ldif 69
ldapdelete 240
ldapmodify 234, 235, 236, 450
ldapsearch 201-215
ldif 44
ldif2db 74, 76, 77
ldif2index 186
location of 34
PATH variable and 35
start 31
stop 31
table of 33
commands
export 68
import 72
commas, in DNs 206, 234
ACI targets and 133, 152
specifying LDIF entries with 47, 49
specifying suffix with 45, 46, 50
using ldapsearch with 215
Compare rights 99
compound search filters 203
configuration files
location of 37
slapd.conf 37
slapd.dynamic_ldbm.conf 37
slapd.ldbm.conf 183
configuration parameters 387-470
changing
using Server Console 388
using slapd.conf 388
connections
monitoring 267-268, 269, 271
viewing number of 266
consistency updates 84
consumer server
adding
for supplier-initiated replication 324
glossary entry 534
trust database and 303
consumer-initiated replication
adding suppliers 331
change log access 328
duplicating agreements 331
glossary entry 534
managing 326-333
overview 318
replication algorithm 344-345
using SSL 332
continued lines
in LDIF 43
in LDIF update statements 245
conventions, in this book 26
converting database to LDIF
from the command-line 69
using Server Console 68
copiedFrom attribute 342, 344
counter, password failures 166, 168
country code 479
CPU cycles, index files and 177
creating the directory 50
crypt encryption 165, 443
|
D |
daemon
glossary entry 534
dash, in change operation 245
database
backing up 78, 79
controlling access 93-152
converting to LDIF
from the command-line 69
using Server Console 68
costs of indexing 175
creating using LDIF 50
extending the schema 55-65
integrity update interval 88
maintaining relationships 84
managing with LDIF 67-77
monitoring from command-line 276-279
monitoring from server console 271-276
referential integrity 84
restoring 80-81, 90
restoring with replicated entries 81
schema checking 56
selecting for monitoring 271
updating 175, 244
viewing backend information 271
database backups
creating 78, 79
deleting 81
location of files 79
online 78, 79
overview 78
Database Checkpoint Interval parameter 91
database checkpoint interval parameter 461
Database Durable Transactions parameter 92
database durable transactions parameter 463
database files, directory for 463
database parameter 461
database schema
case sensitivity and 447
checking 56
creating new attributes 63
creating new object classes 58
defined 450
deleting attributes 65
deleting object classes 61
editing object classes 60
extending 55-65
standard 55
viewing attributes 62
viewing object classes 57
database server parameters 458-470
attribute to be indexed 177, 460
database 461
Database Checkpoint Interval 91
database checkpoint interval 461
Database Durable Transactions 92
database durable transactions 463
Database Transaction Log Directory 90
database transaction log directory 464
DBdirectory 463
dynamicconf 37, 462
maximum cache size 467
Maximum DB Cache size in bytes 281
Maximum Entries in Cache 281
maximum entries in cache 467
mode 468
Read-only 272
read-only 469
Root DN 448
Root Password 279
root password 448
root password storage scheme 449
Suffix 83
suffix 469
table of 458
Database Transaction Log directory parameter 90
database transaction log directory parameter 464
database transaction logging
checkpoint interval 91
described 90
durable transactions 92
log file location 90
date format 478
dayofweek keyword 144
DB directory parameter 463
db_home_directory parameter 465
db2index utility
parameters 186
db2ldif utility
example of use 71
exporting LDIF with 69
parameters 70
debug level, specifying 70, 76, 186, 429
default indexes 178
defining
attributes 63
object classes 58
Delete rights 99
deleting
ACI 113
ACR 113
attribute values 252
attributes 250, 252
attributes from an object class 59, 60, 61
database backups 81
entries 253
database integrity and 84
synchronization and 360
LDIF files 77
multiple attributes 250
object classes 61
denying access 98
precedence rule 98
using LDIF 136
DES cipher 301, 303
directory creation 50
directory server
international character sets 477
internationalization and 477
MIB 378
monitoring 264-270
from command line 268
from server console 264
monitoring database
from command line 276
monitoring from server console 264-268
performance counters 264-270
SNMP traps 377
starting and stopping 30
supported languages 479
Directory Server Console
backing up database 78
directory server console, capabilities of 28
Directory Server Entry (DSE), searching 213
Directory Server gateway
glossary entry 534
schema checking and 450
directory service glossary entry 534
directory trees
finding entries in 205
machine data 346
mapping to URLs 349
disk space
access log and 256
index files and 176
log files and 263
distinguished names
for replication 452
glossary entry 534
root 448
specifying local database suffix 469
synchronization and 368
dn field (LDIF) 42
dn.db2 file 181
dn2id.db2 file 181
DNS alias glossary entry 535
dns keyword 143
Domain Name System (DNS) glossary entry 535
domain, access from specific 104
DSE See Directory Server Entry
durable transactions 92, 463
dynamic parameter changes 37, 462
dynamically creating indexes 183
dynamicconf parameter 37, 462
|
E |
enabling NT Synchronization Service 435
Encrypted Port Number parameter
viewing and changing 283
encrypted port number parameter
description and syntax 416
encryption
crypt 165
password 165
replication and 325, 332
root password 448, 449
SHA 165
specifying password storage scheme 443
encryption alias parameter 416
encryption ciphers parameter 417
encryption method, for root password 448, 449
end of file marker 234
enquote_sup_oc parameter 415
entries
adding
using Directory tab 224-232
using LDIF update statements 246
adding using LDIF 235
cache hit ratio 273
creating
synchronization and 355, 358
using LDIF 45-49
deleting 240-244
synchronization and 360
using ldapdelete 240
using LDIF update statements 253
using Server Console 233
finding 205
maintaining relationships 84
managing
using Directory tab 224-233
using Server Console 224-233
mapping to URLs 349
modifying 236-254
synchronization and 361
using ldapmodify 236
using LDIF update statements 249
moving 249
order of creation 235
order of deletion 241, 253
renaming 249
root 50
targeting 95
working with 223-254
entry cache hit ratio 273
environment variables
LDAP_BASEDN 214
overview 35
EOF marker 234
equality index 172
equality search 202
example 205
international example 221
Error log
manually disabling 259
error log
configuring 259
manually rotating 263
specifying 419
turning off 259
turning on 259
viewing 258
Error Log parameter
viewing and changing 259
error log parameter
description and syntax 419
errorlog-logexpirationtime parameter 420
errorlog-logexpirationtimeunit parameter 420
errorlog-logging-enabled parameter 419
errorlog-logrotationtime parameter 424
errorlog-logrotationtimeunit parameter 424
errorlog-maxlogdiskspace parameter 421
errorlog-maxlogsize parameter 422
errorlog-maxNumOfLogsPerDir parameter 422
errorlog-minfreediskspace parameter 423
expiration of passwords
overview 163
slapd.conf parameter 439
warning message 164
export command 68
extending the directory schema 55-65
|
F |
file extension glossary entry 535
file type glossary entry 535
files
access log 256
containing search filters 210
database backup 79
dn.db2 181
dn2id.db2 181
EOF marker 234
error log 258
id2children.db2 181
id2entry.db2 181
locating configuration 37
slapd.conf 37, 388-389, 449
slapd.dynamic_ldbm.conf 37
slapd.ldbm.conf 74, 183
finding
attributes 202
entries 205
supported suffixes 213
fonts, in this book 26
format, LDIF 42
FORTEZZA
activating 310
CAs and 308
defined 307
disabling 314
enabling 314
getting started with 308
managing 307-314
PKCS #11 and 308, 309
specifying options 314
starting the server 312
trust database and 308, 309
FORTEZZA cipher 311
|
G |
general access
example 139
overview 101
general server parameters 390-403
access log 396
account lockout 403
account lockout scheme 166
attribute 403
audit log 261, 404
Certificate and Key Directory 410
changelog DB directory 411
changelog DB suffix 412
check password syntax 412
Encrypted Port Number 283
encrypted port number 416
encryption alias 416
encryption ciphers 417
enquote_sup_oc 415
Error Log 259
error log 419
Idle Time Out 280
lockout duration 427
log level 429
Look Through Limit 281
look through limit 466
max changelog age 430
max changelog records 431
Max File Descriptors 280
maximum password failures 433
maxthreadsperconn 433
NLS 434
NT Synchronization Service enabled 435
NT Synchronization Service port number 436
number of passwords to remember 437
objectClass 438
orcauto 414
order of precedence 389
password change 438, 442
password expiration 439
password history 440
password maximum age 440
password minimum age 441
password minimum length 442
Password Storage Scheme 160
password storage scheme 443
Port Number 283
port number 444
Referral 348
referral 444
reset password failure count after 446
return exact case 447
Schema Check 56
schema check 450
send warning 451
Size Limit 280
size limit 452
Supplier DN 319
supplier DN 452
supplier password 453
Supplier SSL Clients 320
supplier SSL clients 453
threadnumber 454
Time Limit 280
time limit 455
track modifies 455
unlock account 456
glossary of terms 533-540
greater than or equal to search
international example 221, 222
overview 203
groupdn keyword 139
groupdnattr keyword 140
groups
access control and 100
LDIF example 140
Server Console example 119
access to directory 103
creating
synchronization and 359
permissions for 149
|
H |
hostnames glossary entry 535
HTML glossary entry 535
HTTP glossary entry 535
HTTPD glossary entry 535
HTTP-NG glossary entry 535
HTTPS glossary entry 535
|
I |
id field (LDIF) 42
id2children.db2 file 181
id2entry.db2 file 181
Idle Time Out parameter
viewing and changing 280
idletimeout parameter 425
illegal strings, passwords 164
import command 72
importing LDIF
from the command-line 74
using Server Console 72
index files
defaults maintained by directory server 181
directory for 463
specifying cache size 467
indexes
approximate 172, 177
cost of 174-177
creating 177
dynamically 183-186
from Server Console 181
from slapd.conf 183
defaults maintained by directory server 178
dynamic changes to 183-186
equality 172
of existing attributes 186
International 174
international 174
managing 169-190
presence 171, 178
specifying type 460
substring 173, 177
system defaults 178
system resources and 176
types of 171
instancedir parameter 425
interaction table 381
international character sets 477
International index
overview 174
international searches 216-222
equality 221
examples 220
greater than 222
greater than or equal to 221
less than 220
less than or equal to 221
matching rule filter syntax 217
substring 222
using OIDs 218
internationalization
character type 478
collation order 478
country code 479
date format 478
indexing and 174
language tag 479
locales and 477
location of files 434, 478
matching rule filters 217
modifying entries 254
monetary format 478
object identifiers and 479
of LDIF files 53
search filters and 216
supported languages 477
supported locales 479
time format 478
ioblocktimeout parameter 426
IP address glossary entry 535
ip keyword 142
|
J |
jpeg images 44
|
L |
language code
in LDIF entries 53
list of supported 479
language support 477
language tag 479
searching and 216
specifying using locales 479
language tags
described 479
in international searches 219
in LDIF update statements 254
LDAP clients
certificate-based authentication and 303
database schema and 55
glossary entry 536
monitoring database with 276
monitoring server with 268
using to find entries 199
LDAP Data Interchange Format (LDIF) 71
access control keywords
authmethod 144
dayofweek 144
dns 143
groupdn 139
groupdnattr 140
ip 142
target 133
targetattr 134
targetfilter 135
timeofday 143
userdn 138
userdnattr 140
ACI language syntax and 131
binary data 44
converting to
from the command-line 69
using Server Console 68
deleting files 77
entry format 42
Organization 45
Organizational Person 48
Organizational Unit 46
example 51
glossary entry 536
importing
Maximum DB Cache size in Bytes parameter and 281
with ldif2db 74
with Server Console 72
internationalization and 53
line continuation 43
managing databases with 67-77
reasons for converting to 68
Server Console and 235
update statements 244
using to create directory 50
LDAP search filters
DNs with commas and 215
in targets 96
examples 127, 136
LDAP URLs
access control and 102
components of 471
described 471-475
examples 474
security and 475
syntax 471
LDAP_BASEDN environment variable 214
ldapdelete utility
deleting entries 240
DNs with commas and 234
example of use 243
parameters 241
ldapmodify utility 450
creating multiple entries 235
DNs with commas and 234
example of use 240
location of 34
modifying entries 236
parameters 237
schema checking and 236
smart referrals and 349
using with internationalized entries 254
vs. ldapdelete 236
LDAPReplica object class 346
ldapsearch utility
base DN and 214
DNs with commas and 206, 215
example of use 212
format 206
international searches 216
limiting attributes returned 214
parameters
commonly used 207
optional 210
SSL 209
search filters 201
specifying files 214
using 205
verbose mode 212
LDAPServer object class 346
LDIF
specifying entries
organization 45
organizational person 48
organizational unit 47
LDIF entries
binary data in 44
commas in 45, 47, 49, 50
creating 45-53
Organizational People 48
Organizational Units 46
Organizations 45
internationalization and 53
LDIF files
continued lines 43
creating directory using 50
creating multiple entries 235
database management and 67
deleting 77
example 51
importing
from the command-line 74
using Server Console 72
importing from Server Console 235
internationalization and 53
setting access controls 131-152
LDIF format 42
LDIF update statements 244-254
adding attributes 250
adding entries 246
continued lines 245
deleting attribute values 252
deleting attributes 252
deleting entries 253
format of 245
functions of 244
modifying attribute values 251
modifying entries 249
ldif utility
converting binary data to LDIF 44
location of 34
ldif2db utility
example of use 77
importing LDIF with 74
location of 34
parameters 76
ldif2index utility
indexing existing attributes 186
location of 34
length, password 164, 442
less than or equal to search
international example 221
syntax 203
less than search
international example 220
syntax 203
Lightweight Directory Access Protocol (LDAP)
glossary entry 536
managing settings 282
listenhost parameter 426
locales
defined 477
location of files 478
supported 479
localuser parameter 427
locked accounts 166, 167
lockout duration 166, 168
lockout duration parameter 427
log files
access 396
change 343, 345
database transaction 90
error 419
location of 263
manually rotating 263
monitoring 255-264
Security Accounts Manager (SAM) 355
synchronization service event log 366
log level parameter
description and syntax 429
Look Through Limit parameter
role in searching algorithm 171
viewing and changing 281
look through limit parameter
description and syntax 466
|
M |
machine data 346
machine, access from specific 104
mail accounts
creating automatically 371
synchronizing 371
managed device
managed device-initiated communication 377
overview 375
managed object 376
management information base, See MIB
Manager tab 279
managing
FORTEZZA 314
manual synchronization with NT 370
manually rotating log files 263
master agent
overview 376
Unix 376
Windows NT 376
matchingRule format 218
using language tag 219
using language tag and suffix 219
using OID 218
using OID and suffix 219
max changelog age parameter 430
max changelog records parameter 431
Max File Descriptors parameter
viewing and changing 280
maxbersize parameter 432
maxdescriptors parameter 431
maximum cache size parameter
description and syntax 467
Maximum DB Cache size in bytes parameter
viewing and changing 281
Maximum Entries in Cache parameter
viewing and changing 281
maximum entries in cache parameter
description and syntax 467
maximum password failures parameter
description and syntax 433
maxthreadsperconn parameter 433
MD5 message authentication 302
glossary entry 536
signature 536
MD5 signature glossary entry 536
memory
controlling amount used 177
index files and 177
Maximum DB Cache size in Bytes parameter and 281
messaging server, creating accounts automatically 371
metaphone phonetic algorithm 172
MIB
directory server 378
location of 378
netscape-ldap.mib 378
entries table 381
interaction table 381
operations table 379
overview 376
minimum length of passwords 164
minimum password length 442
mode parameter 468
modifying
attribute values 251
entries 249
international entries 254
monetary format 478
monitoring
database from command-line 276-279
database from server console 271-276
server from server console 264-268
moving entries 249
multiple indexes, cost of 175
multiple search filters 203
|
N |
nagle parameter 434
Netscape MIBs 378
Netscape NT Directory Synchronization service 354
netscape-ldap.mib 378
entries table 381
interaction table 381
location of 378
operations table 379
network management station (NMS)
NMS-initiated communication 377
network settings, viewing and changing 282
new attributes, creating 63
NIS
glossary entry 536
NLS parameter 434
ns-slapd
glossary entry 537
location of 34
NT Synchronization Service enabled parameter
description and syntax 435
NT Synchronization Service port number parameter
description and syntax 436
NTGroup object class 357
ntGroupCreateNewAccount 360
ntGroupDomainId attribute 360
ntsynchusessl parameter 436
NTUser object class 356
ntUserCreateNewAccount attribute 360
ntUserDomainId attribute 359
number of passwords to remember parameter 437
|
O |
object class
creating 58
deleting 61
editing 60
glossary entry 537
name 59
OID 59
parent object 59
standard 55
viewing 57
object classes
standard 57
user-defined 57
object identifier
glossary entry 537
object identifier (OID) 479
attribute 64
in matchingRule 218
object class 59
objectClass field (LDIF) 42
objectClass parameter 438
OID
glossary entry 537
OID, See object identifier
online backups
creating from command line 79
creating from server console 78
creating using db2bak 79
operating system environment variables 35
operations table 379
operations, defined 266
operators
Boolean 204
international searches and 216
search filters and 202
suffix 217
optional attributes
creating 59
deleting 59, 61
editing 60
editing in object class 60
orcauto parameter 414
organization, specifying entries for 45
organizational person, specifying entries for 48
organizational unit, specifying entries for 46
|
P |
parent access 102
parent object 59
password
parameters 162
policy 159-168
password change parameter 438, 442
password encryption, types of 443
password expiration parameter 439
password file 32
glossary entry 537
password history parameter 440
password maximum age parameter 440
password minimum age parameter 441
password minimum length parameter 442
password policies
account lockout 166, 167
change after reset 162
expiration warning 164
lockout duration 166, 168
managing 159-168
modifying 160
overview 159-165
password expiration 163
password failure counter 166, 168
password history 165
password length 164
password storage scheme 165
overview 165
setting up 160
syntax checking 164
user defined passwords 163
password policy
parameters 162
password storage scheme
configuring 165
overview 159
Password Storage Scheme parameter
configuring 160
password storage scheme parameter
description and syntax 443
passwords
account lockout 166, 167
certificate 32
changing after reset 162
encryption of 165
encryption types 443
expiration 163, 439
expiration warning 164, 451
failure counter 166, 168
history 165
illegal strings 164
lockout duration 166, 168
managing 159-168
maximum age 440, 441
minimum length 164, 442
modifying preferences 160
resetting 168
reusing 165, 440
root 448
root DN 279
setting 168
setting preferences for 160
supplier 453
synchronizing changes with NT 355
syntax checking 164, 412
user defined 163
PATH variable 35
PDUs 376
performance counters 264, 271
Database tab 271
monitoring the server with 264-270
Server tab 264
performance tuning 279
database 281
server 280
permissions
ACI language syntax 132
allowing or denying access 98
using LDIF 136
assigning rights 98
using LDIF 136
defining
for all users 146
for group of users 149
for single user 147
overview 97
precedence rule 98
specifying for index files 468
Port Number parameter
viewing and changing 283
port number parameter
description and syntax 444
port numbers
less than 1024 444
NT Synchronization Service 436
synchronization service 366
pound symbol, in slapd.conf 389
precedence rule 98
preferences, security 301
presence index
defaults 178
overview 171
presence search
example 204
syntax 203
protocol data units, See PDUs
protocol glossary entry 537
proxied authorization
ACI example 154
ACI language syntax 153
overview 152-157
setting from command line 157
setting using Server Console 155
specifying targets 155
proxy DN
defined 153
uses of 155
proxy DN glossary entry 537
Proxy rights
description 99
public-key encryption glossary entry 537
pw_change parameter 438
pw_exp parameter 439
pw_history parameter 440
pw_inhistory parameter 437
pw_lockout parameter 403
pw_lockoutduration parameter 427
pw_maxage parameter 440
pw_maxfailure parameter 433
pw_minage parameter 441
pw_minlength parameter 442
pw_must_change parameter 442
pw_resetfailurecount parameter 446
pw_syntax parameter 412
pw_unlock parameter 456
pw_warning parameter 451
|
Q |
quotation marks, in parameter values 206, 234, 389
|
R |
RAM glossary entry 537
rc.local
glossary entry 538
RC2 cipher 301, 302
RC4 cipher 301, 302, 303
Read rights 98
read-only mode 272
Read-only parameter 272
read-only parameter 469
redirection 347
ref attribute 351
referential integrity
change log and 85, 87
described 84
disabling 86
enabling 86
replication and 87
specifying attributes to update 89
update interval 88
referral object class 351
Referral parameter 348
role in searching algorithm 170
referral parameter
description and syntax 444
suffix parameter and 469
referrals
example 351
ldapsearch parameter 212
number of hops 211
overview 347
smart 349
URLs 348
relative distinguished name glossary entry 538
renaming entries
database integrity and 84
restrictions 249
replacing attribute values 250
replicated entries, restoring database with 81
replication
certificate-based authentication and 303-304
consumer-initiated 318
glossary entry 538
overview 318
referential integrity and 87
restoring database 81
SSL and 325, 332
supplier DN parameter 452
supplier-initiated 318
replication agreements
adding a consumer 324
adding a supplier 331
creating for CIR 329
creating for SIR 322
duplicating 324, 331
editing for CIR 331
editing for SIR 324
glossary entry 538
required attributes
creating 59
deleting 59, 61
editing 60
reservedescriptors parameter 445
reset password failure count after parameter 446
resetting passwords 168
Resource Summary
viewing 265
resource use, connections 267-268
resource use, monitoring 266-268
restoring database
using bak2db 81
restoring the database 80-81, 90
result_tweak parameter 447
return exact case parameter
description and syntax 447
reusing passwords 165, 440
RFC glossary entry 538
rights
list of 98
setting using LDIF 136
root
glossary entry 538
Root DN parameter
description and syntax 448
Suffix parameter and 83
root DN password
managing 279
root DSE, searching 213
root entry creation 50
Root Password parameter 279
root password parameter 448
root password storage scheme parameter 449
root password, Root DN and 449
|
S |
SASL, See Simple Authentication and Security Layer
scheduling
NT synchronization service 370
schema
checking 56
creating new attributes 63
creating new object classes 58
deleting attributes 65
editing object classes 60
extending 55-65
glossary entry 538
searching 213
standard 55
targets and 96
viewing attributes 62
viewing object classes 57
Schema Check parameter
turning schema checking on or off 56
schema check parameter
description and syntax 450
schema checking
attribute parameter and 403
glossary entry 538
ldapmodify and 236
objectclass parameter and 438
overview 56
turning on or off 56
schema entry, searching 213
schema rules, defining 438
search filters 201-205
Boolean operators 204
contained in file 214
examples 201, 204
matching rule 217
operators in 202
specifying attributes 202
specifying file 210, 243
syntax 201
using compound 203
using multiple 203
search operations
limiting entries checked 466
limiting entries returned 452
setting time limits 455
Search rights 99
search types, list of 202, 216
searches
approximate 203
equality 202, 205, 221
example 212
greater than or equal to 203, 221, 222
international 216
international examples 220
less than 220
less than or equal to 203, 221
of directory tree 205
presence 203, 204
restricting scope of one-level 181
restricting scope of subtree 181
sort criteria 212
specifying scope 208
substring 202, 222
searching algorithm, process described 170-171
Secure Sockets Layer (SSL)
access control and 105
certificate password 32
enabling 299, 310
Encrypted Port Number parameter 416
encryption ciphers parameter 417
glossary entry 538
replication and 325, 332
security parameter 450
server startup and 32
setting preferences 301
specifying directory location 410
security
certificate-based authentication 303
Encrypted Port Number parameter 416
encryption ciphers parameter 417
LDAP URLs and 475
setting preferences 301
specifying SSL directory location 410
Security Accounts Manager (SAM) log file 355
security parameter 450
self access 103
LDIF example 138
Server Manager example 116
Selfwrite rights
description 99
example 129
send warning parameter 451
server
starting with FORTEZZA 312
Server Console
changing configuration parameters 388
converting to LDIF 68
creating indexes 181
glossary entry 538
importing LDIF with 72
monitoring server with 264
restoring database 80
setting access controls 106-130
setting account lockout policies 166-168
setting password policies 159-165
server console
capabilities of 28
server daemon glossary entry 538
server parameters
database 458-470
attribute to be indexed 177, 460
database 461
Database Checkpoint Interval 91
database checkpoint interval 461
Database Durable Transactions 92
database durable transactions 463
Database Transaction Log Directory 90
database transaction log directory 464
DB directory 463
dynamicconf 37, 462
maximum cache size 467
Maximum DB Cache size in Bytes 281
Maximum Entries in Cache 281
maximum entries in cache 467
mode 468
Read-only 272
read-only 469
Root DN 448
Root Password 279
root password 448
root password storage scheme 449
Suffix 83
suffix 469
general 390-403
access log 256
access og 396
account lockout 403
account lockout scheme 166
attribute 403
audit log 261, 404
Certificate and Key Directory 410
changelog DB suffix 412
changelog DBcirectory 411
check password syntax 412
Encrypted Port Number 283
encrypted port number 416
encryption alias 416
encryption ciphers 417
enquote_sup_oc 415
Error Log 259
error log 419
Idle Time Out 280
lockout duration 427
log level 429
Look Through Limit 281
look through limit 466
max changelog age 430
max changelog records 431
Max File Descriptors 280
maximum password failures 433
maxthreadsperconn 433
NLS 434
NT Synchronization Service enabled 435
NT Synchronization Service port number 436
number of passwords to remember 437
objectClass 438
orcautor 414
password change 438, 442
password expiration 439
password history 440
password maximum age 440
password minimum age 441
password minimum length 442
Password Storage Scheme 160
password storage scheme 443
Port Number 283
port number 444
Referral 348
referral 444
reset password failure count after 446
return exact case 447
Schema Check 56
schema check 450
send warning 451
Size Limit 280
size limit 452
Supplier DN 319
supplier DN 452
supplier password 453
Supplier SSL Clients 320
supplier SSL clients 453
threadnumber 454
Time Limit 280
time limit 455
track modifies 455
unlock account 456
server root glossary entry 539
Server Selector glossary entry 539
server service glossary entry 538
servers, updating consumers 81
service
glossary entry 539
Services Control Panel 31
setting passwords 168
SHA encryption 165, 443
simple authentication 105
Simple Authentication and Security Layer (SASL), access control and 105
Simple Network Management Protocol, See SNMP
single user, permissions for 147
SIR
glossary entry 539
managing 318-326
SIR agreements
editing 324
connection type 324
consumer 324
description 324
name 324
replicated content 324
schedule 324
Size Limit parameter
role in searching algorithm 170
viewing and changing 280
size limit parameter
description and syntax 452
slapd glossary entry 539
slapd.at.conf file, schema checking and 450
slapd.conf file
and dynamic changes 37, 462
changing configuration parameters 388
creating indexes from 183
format of 388-389
location of 37
overview 37
root password and 449
schema checking and 450
slapd.dynamic_ldbm.conf file
overview 37
slapd.ldbm.conf file 183
creating indexes using 183
creating international indexes using 183
example 184
international indexes and 183
ldif2db and 74
slapd.oc.conf file, schema checking and 450
smart referrals
creating 349
example 351
ldapsearch parameter 211
SNMP 375-386
agents 376
AIX SNMP daemon 384
configuring 383-386
managed device 375, 377
managed objects 376
master agent
overview 376
Unix 376
Windows NT 376
MIB
entries table 381
interaction table 381
location of 378
operations table 379
NMS-initiated communication 377
overview 375
SNMP tab 385
subagent
configuring 385
configuring contact 386
configuring description 386
configuring location 386
configuring master host 386
configuring master port 386
configuring organization 386
enabling 385
overview 376
starting and stopping on Unix 385
tab 385
traps 377
Solaris, thread concurrency 267, 270
sort criteria 212
special characters, in parameters values 389
SSL
FORTEZZA 307
standard
attributes 55, 62
database schema 55
object classes 55, 57
standard index files 181
Start at field 370
starting the directory server 30
status, synchronization 372
stopping the directory server 30
styles, in this book 26
subagent
configuring 385
enabling 385
overview 376
starting and stopping on Unix 385
substring index
CPU cycles and 177
overview 173
when to use 177
substring search 202
international example 222
Suffix parameter
managing 83
suffix parameter
commas in DN and 470
description and syntax 469
referral parameter and 444
superuser
glossary entry 539
Supplier DN parameter
configuring 319
supplier DN parameter
description and syntax 452
Supplier Password parameter
configuring 320
supplier password parameter
description and syntax 453
supplier server
adding
for consumer-initiated replication 331
glossary entry 539
restoring database 81
trust database and 303
Supplier SSL Clients parameter
viewing and changing 320
supplier SSL clients parameter
description and syntax 453
supplier-initiated replication
adding consumers 324
duplicating agreements 324
glossary entry 539
managing 318-326
overview 318
replication algorithm 342-344
using normal bind 320
using SSL 325
symmetric encryption glossary entry 539
synchronization
automatic creation of mail accounts 371
concurrently changing entries 363
configuring 365
directory server to NT 357
creating entries 358
creating groups 359
deleting entries 360
modifying entries 361
multiple synchronization services 357
NTGroup object class 359
ntGroupCreateNewAccount 360
ntGroupDomainId attribute 360
NTUser object class 359
ntUserCreateNewAccount 360
ntUserDomainId attribute 359
disabling 369
event log file location 366
manual 370
NT to directory server 354
add all users 357
creating entries 355
finding changes 355
NTGroup object class 357
NTUser object class 356
scheduling 370
Start at field 370
starting and stopping 372
status 372
Synchronize every field 370
Synchronization Service
enabling 435
port number 436
synchronization service 354
Synchronize every field 370
syntax
ACI language 131-145
attribute value 64, 65
bind rules 100
LDAP URLs 471
ldapsearch 206
LDIF update statements 245
matching rule filter 217
password 164, 412
search filter 201
specifying for attribute name 403
system connections
monitoring 267-268
system indexes 178
system resources
cost of indexing 176
monitoring 266-268
|
T |
tabs
Manager 279
performance counters 264, 271
SNMP 385
target keyword 133
targetattr keyword 134
targetfilter keyword 135
targeting
ACI language syntax 131
attributes 96
directory entries 95
DNs containing commas 133, 152
LDIF keywords for 133
overview 95
using LDAP search filters 96
using LDAP URLs 102
using LDIF 132
wildcards and 95
TCP/IP glossary entry 539
terms, in this book 26, 533-540
thread concurrency, on Solaris 267
threadnumber parameter 454
threads, monitoring 267, 269-270
time format 478
Time Limit parameter
role in searching algorithm 170
viewing and changing 280
time limit parameter
description and syntax 455
timeofday keyword 143
track modifies parameter
description and syntax 455
transaction logging
checkpoint interval 461
durable transactions 463
traps 377
Triple DES cipher 301, 302, 303
trivial words 164
tuning performance 279
database 281
server 280
|
U |
uid
glossary entry 539
Uniform Resource Locators, See URLs
Unix
AIX SNMP daemon 384
master agent 376
unlock account parameter 456
URL
glossary entry 540
LDAP 444, 471-475
referrals and 348
user access 100
LDIF example 138
Server Console example 117
to child entries 102
to directory 102
to own entry 103
LDIF example 138
Server Manager example 116
user defined passwords 163
userat parameter 457
user-defined attributes 62
user-defined object classes 57
userdn keyword 138
userdnattr keyword 140
useroc parameter 457
users, account lockout 166, 167, 168
UTF-8 477
|
V |
viewing
attributes 62
|
W |
warning, password expiration 164, 451
white space, in parameter values 389
wildcards
in international searches 220
in matching rule filters 220
in targets 95
Windows NT
directory server NT synchronization configuration tool 364
directory server to NT synchronization 357
master agent 376
NT to directory server synchronization 354
schedule 370
setting up synchronization 365
synchronizing with directory server 354
Write rights 99
|
X |
X.500 standard glossary entry 540
|
|
|