|Sun ONE Directory Server 5.2 Reference Manual|
Chapter 7 Server Instance Files
This chapter provides an overview of the files stored under ServerRoot/slapd-serverID. Having an overview of the files and configuration information stored in each instance of Directory Server will help you understand the file changes or absence of file changes that occur in the course of directory activity. It will also help you to detect errors and intrusion, by indicating what kind of changes to expect, and as a result, what changes are considered abnormal.
Overview of Directory Server Files
Directory Server files and command-line scripts are stored under ServerRoot/slapd-serverID, where serverID is the server identifier. The only exception is the migrateInstance5 script, which is stored under ServerRoot/bin/slapd/admin/bin.
A summary of the files installed in a typical directory installation is provided in Appendix A of the Sun ONE Directory Server Installation and Tuning Guide.
To reflect the directory structure under ServerRoot/slapd-serverID, this chapter is divided into the following sections:
Each section describes the file type and contents.
Each Directory Server instance contains the following three directories for storing backup related files:
- bak - the default directory in which database backups (created with the db2bak script) are placed. The bak directory contains one directory for each database backup, the name of which corresponds to the time and date of the backup, for example 2002_12_13_174524. This directory holds the backup copy of the database. Note that you can specify an alternative location for the database backups if you do not want them to be stored in the default bak directory. See "db2bak (Create Backup of Database)" for more information.
- confbak - the default directory in which the Admin Server configuration is stored, (and from which the configuration is read) when the saveconfig and restoreconfig scripts are used. See "saveconfig (Save Administration Server Configuration)" and "restoreconfig (Restore Administration Server Configuration)" for more information.
- conf_bk - contains a backup copy of the dse.ldif configuration file from the time of installation. This copy can be used for comparison with the current configuration file, should problems arise.
Each Directory Server instance contains the following directory for storing configuration files:
- config - contains the configuration files as explained in "Server Configuration Overview" on page 75.
The dse.ldif file is a configuration file for each directory instance, whereas the admin server configuration (everything under o=NetscapeRoot) is only in the configuration directory. The configuration directory is usually the first directory that was installed, or may be a completely separate instance.
For small deployments, it is possible to install configuration, user and other directories on the same directory instance. For larger deployments, consider placing the configuration directory in its own instance. Refer to the Sun ONE Server Console Server Management Guide for information on the appropriate location of configuration, user and group data.
Each Directory Server instance contains the db directory for storing all the database files. The following list shows the sample contents of the db directory at installation.
DBVERSION __db.002 __db.005
NetscapeRoot/ __db.003 log.0000017
__db.001 __db.004 userRoot/
- db.00x files - used internally by the database. These files should not be moved, deleted, or modified in any way.
- log.xxxxxxxxxx files - store the transaction logs per database.
- DBVERSION - stores the version of the database.
- NetscapeRoot - this directory stores the o=NetscapeRoot database created by default during a typical installation. This branch of the directory stores admin server configuration information. The same configuration directory can be used to store the admin server configuration information for all directory instances. Refer to the Sun ONE Server Console Server Management Guide for information on the appropriate location of configuration, user and group data.
- userRoot - this directory stores the user-defined suffix (user-defined databases) created during a typical installation, for example dc=example,dc=com.
The following list shows the sample contents of the NetscapeRoot directory:
To ensure that database filenames are unique across suffixes, the files are prefixed with the suffix name. So, for the NetscapeRoot suffix in the above example, all the filenames in the directory start with NetscapeRoot_.
The NetscapeRoot and userRoot subdirectories contain a file of the format suffix_ index_name.db3 for every index currently defined in the database (where index_name is the name of the attribute being indexed). In addition to these suffix_index_name.db3 files, the subdirectories contain a file named suffix_id2entry.db3. This file contains the actual directory database entries. All other database files can be recreated from this one, if necessary.
Each Directory Server instance contains the ldif directory for storing ldif related files. The following list shows the default contents of the ldif directory.
The following list describes the contents of each of the ldif files:
- European.ldif - contains European character samples.
- Example.ldif - a sample ldif file.
- Example-roles.ldif - a sample ldif file similar to Example.ldif except that it uses roles and class of service instead of groups for setting access control and resource limits for Directory Administrators
- Example-Plugin.ldif - a sample ldif file to be used with the examples provided in the Sun ONE Directory Server Plug-In API Programming Guide.
- identityMapping_Examples.ldif - a sample identity mapping configuration file. For more information on identity mapping, refer to the Sun ONE Directory Server Administration Guide.
On UNIX installations, each Directory Server instance contains a locks directory for storing lock related files. The following list shows the sample contents of the locks directory.
The lock mechanisms stored under the subdirectories exports, imports, and server prevent simultaneous operations from conflicting with each other. The lock mechanisms allow one server instance to run at a time, with possible multiple export jobs. They also permit only one ldif2db import operation (or one directoryserver ldif2db operation for Solaris 9) at a time. This means that no export and slapd server operations can be run during an import.
This restriction does not apply to the ldif2db.pl script (directoryserver ldif2db-task for Solaris 9), since you can run multiple ldif2db.pl operations at any time.
Each Directory Server instance contains a logs directory for storing log related files. The following list shows a sample of the logs directory contents.
access audit.rotationinfo pid
access.rotationinfo errors slapd.stats
- The content of the access, audit, and errors log files is dependent on the log configuration.
- The slapd.stats file is a memory-mapped file that cannot be read in an editor. It contains data collected by the Directory Server SNMP data collection component. This data is read by the SNMP subagent in response to SNMP attribute queries and is communicated to the SNMP master agent responsible for handling Directory Server SNMP requests.
- The pid is the slapd process identifier.
Access logs and their content are described in detail in Chapter 8 "Access Logs and Connection Codes".