|Sun ONE Directory Server 5.2 Reference Manual|
About This Reference Manual
Sun ONE Directory Server 5.2 is a powerful and scalable distributed directory server based on the industry-standard Lightweight Directory Access Protocol (LDAP). Sun ONE Directory Server software is part of the Sun Open Net Environment (Sun ONE), Sun's standards-based software vision, architecture, platform, and expertise for building and deploying Services On Demand.
Sun ONE Directory Server is the cornerstone for building a centralized and distributed data repository that can be used in your intranet, over your extranet with your trading partners, or over the public Internet to reach your customers.
Purpose of This Reference Manual
Most Directory Server administrative tasks can be performed through the Sun ONE Server Console, the graphical user interface provided with Sun ONE Directory Server. For information on using the Sun ONE Server Console, see Sun ONE Server Console Server Management Guide, and for details of how to use the console to manage the Directory Server in particular, see the Sun ONE Directory Server Administration Guide.
This reference manual deals with the other methods of managing the Directory Server, namely altering the server configuration attributes via the command line and using the command-line utilities.
The reference manual provides comprehensive information on the command-line utilities and scripts provided with Sun ONE Directory Server, configuration attributes, file formats, schemas, and error and connection codes.
For experienced users of Sun ONE Directory Server and the previous documentation set, note that this reference manual combines the Configuration, Command and File Reference and the Schema Reference of previous releases.
Contents of This Reference Manual
This reference manual contains the following sections:
Part 1 - Command-Line Utilities and Scripts
Directory Server comes with a set of configurable command-line utilities that you can use to search and modify entries in the directory and administer the server. Chapter 1 "Command-Line Utilities" describes these command-line utilities and contains information on where the utilities are stored and how to access them. In addition to these command-line utilities, Directory Server also provides ns-slapd and slapd.exe command-line utilities for performing directory operations as described in Appendix B "ns-slapd and slapd.exe Command-Line Utilities."
In addition to command-line utilities, several non-configurable scripts are provided with the Directory Server that make it quick and easy to perform routine server administration tasks from the command line. Chapter 2 "Command-Line Scripts" lists the most frequently used scripts and contains information on where the scripts are stored and how to access them.
Part 2 - Server Configuration
Core Server Configuration
The format and method for storing configuration information for Sun ONE Directory Server 5.2 mark a significant change from previous versions of the Directory Server. A full explanation of these changes and a listing for all server attributes can be found in Chapter 3 "Core Server Configuration" and Chapter 5 "Plug-In Implemented Server Functionality."
Core Server Configuration Attributes
This chapter provides an alphabetical reference of all the attributes involved in configuring and monitoring the core server functionality.
Plug-in Implemented Server Functionality Reference
This chapter serves as a plug-in implemented server functionality reference and includes an alphabetical list of attributes common to all plug-ins, attributes allowed by certain plug-ins, database plug-in attributes, and retro changelog plug-in attributes.
Migration From Earlier Versions
In version 4.x of Directory Server, all configuration parameters were stored in text files. However, in Sun ONE Directory Server 5.2, configuration attributes are stored as LDAP configuration entries in a dse.ldif file. The mapping of configuration parameters in Directory Server 4.1, 4.11, and 4.12 to the corresponding configuration entries and attributes in Sun ONE Directory Server 5.2 is described in Chapter 6 "Migration From Earlier Versions."
Part 3 - File Reference
Server Instance File Reference
This chapter provides an overview of the files and configuration information stored in each instance of Directory Server. This assists administrators in understanding the changes or absence of changes in the course of directory activity. In terms of security, such an overview can help administrators to detect errors and intrusion as they know what kind of changes to expect and what should be considered abnormal behavior.
Access Log and Connection Code Reference
Monitoring allows you to detect and remedy failures and, when done proactively, to anticipate and resolve potential problems before they result in failure or poor performance. This chapter provides the information you need to understand the structure and content of the logs, thereby enabling you to monitor your directory more effectively.
Part 4 - Directory Server Schema
This chapter provides an overview of some of the basic concepts of the directory schema, and lists the files in which the schema is described. It describes object classes, attributes and Object Identifiers (OIDs), and briefly discusses extending server schema and schema checking.
Object Class Reference
This chapter contains an alphabetical list of the object classes accepted by the default schema. It provides a definition of each object class, and lists its required and allowed attributes. The object classes listed in this chapter are available for you to use to support your own information in the Directory Server. Object classes that are used by the Directory Server or other Sun ONE products for internal operations are not documented here.
This chapter contains an alphabetic list of the standard attributes. It provides a definition of each attribute, and gives the attribute syntax and OID.
Operational Attributes, Special Attributes, and Special Object Classes
This chapter describes the operational attributes used by the directory server. Operational attributes may be available for use on every entry in the directory, regardless of whether they are defined for the object class of the entry. This chapter also describes certain special attributes and object classes that are used by the server.
This appendix provides an extensive list of the error messages generated by Sun ONE Directory Server. While this list is not exhaustive, the information presented in this chapter will serve as a a good starting point for common problems.
Using the ns-slapd and slapd.exe Command-Line Utilities
This appendix looks at the ns-slapd (UNIX) and slapd.exe (Windows) command-line utilities that can also be used to perform the same tasks as the scripts and utilities described previously.
Directory Server allows you to store, manage, and search for entries and their associated attributes in a number of different languages. This appendix provides information on the locales and language types supported by Sun ONE Directory Server.
One way to express an LDAP query is to use a URL to specify the directory server host machine and the DN or filter for the search. This appendix provides information on the components of an LDAP URL and on escaping unsafe characters. It also provides several LDAP URL examples.
LDAP Data Interchange Format
Sun ONE Directory Server uses the LDAP Data Interchange Format (LDIF) to describe a directory and directory entries in text format. This appendix provides information on the LDIF file format, specifying directory entries using LDIF, defining directories using LDIF, and storing information in multiple languages.
Before using this manual we strongly recommend that you read the online release notes to obtain the latest information about new features and enhancements in this release of Sun ONE Directory Server. The release notes can be found at
This reference manual does not describe many of the basic directory and architectural concepts that you need to successfully design, implement, and administer your directory service.
To familiarize yourself with basic directory concepts, refer to the Sun ONE Directory Server Getting Started Guide. This guide provides you with enough information to install Sun ONE Directory Server for evaluation purposes. Complete installation and configuration information is provided in the Sun ONE Directory Server Installation and Tuning Guide.
To plan, implement, and administer your directory, refer to the Sun ONE Directory Server Deployment Guide and the Sun ONE Directory Server Administration Guide.
This section explains the typographical conventions used in this book.
Monospaced font - This typeface is used for literal text, such as the names of attributes and object classes when they appear in text. It is also used for URLs, filenames and examples.
Italic font - This typeface is used for emphasis, for new terms, and for text that you must substitute for actual values, such as placeholders in path names.
The greater-than symbol (>) is used as a separator when naming an item in a menu or sub-menu. For example, Object > New > User means that you should select the User item in the New sub-menu of the Object menu.
Notes, Cautions and Tips highlight important conditions or limitations. Be sure to read this information before continuing.
Default Paths and Filenames
All path and filename examples in the Sun ONE Directory Server product documentation are one of the following two forms:
ServerRoot/...- The ServerRoot is the location of the Sun ONE Directory Server product. This path contains the shared binary files of Directory Server, Sun ONE Administration Server, and command line tools.
The actual ServerRoot path depends on your platform, your installation, and your configuration. The default path depends on the product platform and packaging as shown in Table 1.
ServerRoot/slapd-serverID/...- The serverID is the name of the Directory Server instance that you defined during installation or configuration. This path contains database and configuration files that are specific to the given instance.
Paths specified in this manual use the forward slash format of UNIX and commands are specified without file extensions. If you are using a Windows version of Sun ONE Directory Server, use the equivalent backslash format. Executable files on Windows systems generally have the same names with the .exe or .bat extension.
Table 1    Default ServerRoot Paths
/var/mps/serverroot - After configuration, this directory contains links to the following locations:
Compressed Archive Installation on Solaris and Other Unix Systems
Zip Installation on Windows Systems
If you are working on the Solaris Operating Environment and are unsure which version of the Sun ONE Directory Server software is installed, check for the existence a key package such as
pkginfocommand. For example:
pkginfo | grep SUNWdsvu.
Directory Server instances are located under
ServerRoot/slapd-serverID/, where serverID represents the server identifier given to the instance on creation. For example, if you gave the name dirserv to your Directory Server, then the actual path would appear as shown in Table 2. If you have created a Directory Server instance in a different location, adapt the path accordingly.
Table 2    Default Example dirserv Instance Locations
Compressed Archive Installation on Solaris and Other Unix Systems
Zip Installation on Windows Systems
Downloading Directory Server Tools
Some supported platforms provide native tools for accessing Directory Server. More tools for testing and maintaining LDAP directory servers, download the Sun ONE Directory Server Resource Kit (DSRK). This software is available at the following location:
Installation instructions and reference documentation for the DSRK tools is available in the Sun ONE Directory Server Resource Kit Tools Reference.
For developing directory client applications, you may also download the Sun ONE LDAP SDK for C and the Sun ONE LDAP SDK for Java from the same location.
Additionally, Java Naming and Directory Interface (JNDI) technology supports accessing the Directory Server using LDAP and DSML v2 from Java applications. Information about JNDI is available from:
The JNDI Tutorial contains detailed descriptions and examples of how to use JNDI. It is available at:
Sun ONE Directory Server product documentation includes the following documents delivered in both HTML and PDF:
- Sun ONE Directory Server Getting Started Guide - Provides a quick look at many key features of Directory Server 5.2.
- Sun ONE Directory Server Deployment Guide - Explains how to plan directory topology, data structure, security, and monitoring, and discusses example deployments.
- Sun ONE Directory Server Installation and Tuning Guide - Covers installation and upgrade procedures, and provides tips for optimizing Directory Server performance.
- Sun ONE Directory Server Administration Guide - Gives the procedures for using the console and command-line to manage your directory contents and configure every feature of Directory Server.
- Sun ONE Directory Server Reference Manual - Details the Directory Server configuration parameters, commands, files, error messages, and schema.
- Sun ONE Directory Server Plug-In API Programming Guide - Demonstrates how to develop Directory Server plug-ins.
- Sun ONE Directory Server Plug-In API Reference - Details the data structures and functions of the Directory Server plug-in API.
- Sun ONE Server Console Server Management Guide - Discusses how to manage servers using the Sun ONE Administration Server and Java based console.
- Sun ONE Directory Server Resource Kit Tools Reference - Covers installation and features of the Sun ONE Directory Server Resource Kit, including many useful tools.
Other useful information can be found on the following Web sites:
- Product documentation online: http://docs.sun.com/coll/S1_DirectoryServer_52
- Sun software: http://wwws.sun.com/software/
- Sun ONE Services: http://www.sun.com/service/sunps/sunone/
- Sun Support Services: http://www.sun.com/service/support/
- Sun ONE for Developers: http://sunonedev.sun.com/
- Training: http://suned.sun.com/