Sun Java logo     Copyright      Index      Next     

Sun logo
Sun Java(TM) System Directory Server 5 2004Q2 Administration Guide 


Who Should Read This Guide
How This Guide Is Organized
Using the Documentation
Resources and Tools on the Web
How to Report Problems
Sun Welcomes Your Comments

Chapter 1   Directory Server Administration Overview
Overview of Directory Server Management
Starting and Stopping Directory Server
Starting and Stopping the Server From the Command Line
Starting and Stopping the Server From the Console
Starting the Server with SSL Enabled
Using Directory Server Console
Starting Directory Server Console
Navigating Directory Server Console
Viewing the Current Bind DN From the Console
Changing Your Login Identity
Using the Online Help
The Console Clipboard
Console Settings
Configuring LDAP Parameters
Configuring the Directory Manager
Changing Directory Server Port Numbers
Setting Global Read-Only Mode
Tracking Modifications to Directory Entries
Verifying Plug-In Signatures
Configuring the Verification of Plug-In Signatures
Viewing the Status of a Plug-In
Configuring DSML
Enabling DSML Requests
Configuring DSML Security
DSML Identity Mapping

Chapter 2   Managing Directory Entries
Configuration Entries
Modifying the Configuration Using the Console
Modifying the Configuration From the Command Line
Modifying the dse.ldif File
Managing Entries Using the Console
Creating Directory Entries
Modifying Entries With a Custom Editor
Modifying Entries With the Generic Editor
Deleting Directory Entries
Bulk Operations Using the Console
Managing Entries From the Command Line
Providing LDIF Input
Adding Entries Using ldapmodify
Modifying Entries Using ldapmodify
Renaming an Entry Using ldapmodify
Deleting Entries Using ldapdelete
Deleting Entries Using ldapmodify
Setting Referrals
Setting the Default Referrals
Creating Smart Referrals
Encrypting Attribute Values
Configuring Attribute Encryption Using the Console
Configuring Attribute Encryption From the Command Line
Maintaining Referential Integrity
How Referential Integrity Works
Configuring Referential Integrity
Using Referential Integrity with Replication
Searching the Directory
Searching the Directory With ldapsearch
ldapsearch Examples
LDAP Search Filters
Search Filter Examples
Accessing the Directory Using DSMLv2
An Empty Anonymous DSML “Ping” Request
Issuing a DSML Request to Bind as a Particular User
A DSML Search Request

Chapter 3   Creating Your Directory Tree
Creating Suffixes
Creating a New Root Suffix Using the Console
Creating a New Subsuffix Using the Console
Creating Suffixes From the Command Line
Managing Suffixes
Disabling or Enabling a Suffix
Setting Access Permissions and Referrals
Deleting a Suffix
Creating Chained Suffixes
Creating a Proxy Identity
Setting Default Chaining Parameters
Creating Chained Suffixes Using the Console
Creating Chained Suffixes From the Command Line
Access Control Through Chained Suffixes
Chaining Using SSL
Managing Chained Suffixes
Configuring the Chaining Policy
Disabling or Enabling a Chained Suffix
Setting Access Permissions and Referrals
Modifying the Chaining Parameters
Optimizing Thread Usage
Deleting a Chained Suffix
Configuring Cascading Chaining
Setting the Cascading Parameters
Transmitting LDAP Controls for Cascading

Chapter 4   Backing Up and Restoring Data
Setting Suffix Read-Only Mode
Importing Data
Importing LDIF Files
Initializing a Suffix
Exporting Data
Exporting the Entire Directory to LDIF Using the Console
Exporting a Single Suffix to LDIF Using the Console
Exporting to LDIF From the Command Line
Backing Up Data
Backing Up Your Server Using the Console
Backing Up Your Server From the Command Line
Backing Up the dse.ldif Configuration File
Restoring Data from Backups
Restoring Replicated Suffixes
Restoring Your Server Using the Console
Restoring Your Server from the Command Line
Restoring the dse.ldif Configuration File

Chapter 5   Managing Identity and Roles
Managing Groups
Assigning Roles
About Roles
Assigning Roles Using the Console
Managing Roles From the Command Line
Defining Class of Service (CoS)
About CoS
CoS Limitations
Managing CoS Using the Console
Managing CoS From the Command Line
Creating Role-Based Attributes
Monitoring the CoS Plug-In

Chapter 6   Managing Access Control
Access Control Principles
ACI Structure
ACI Placement
ACI Evaluation
ACI Limitations
Default ACIs
ACI Syntax
Defining Targets
Defining Permissions
Bind Rules
Bind Rule Syntax
Defining User Access - userdn Keyword
Defining Group Access - groupdn Keyword
Defining Role Access - roledn Keyword
Defining Access Based on Value Matching
Defining Access From a Specific IP Address
Defining Access from a Specific Domain
Defining Access at a Specific Time of Day or Day of Week
Defining Access Based on Authentication Method
Using Boolean Bind Rules
Creating ACIs From the Command Line
Viewing aci Attribute Values
Creating ACIs Using the Console
Viewing the ACIs of an Entry
Creating a New ACI
Editing an ACI
Deleting an ACI
Access Control Usage Examples
Defining Permissions for DNs That Contain a Comma
Proxy Authorization ACI Example
Viewing Effective Rights
Using the Get Effective Rights Control
Understanding Effective Rights Results
Advanced Access Control: Using Macro ACIs
Macro ACI Example
Macro ACI Syntax
Access Control and Replication
Access Control and Chaining
Logging Access Control Information
Compatibility with Earlier Releases

Chapter 7   Managing User Accounts and Passwords
Overview of Password Policies
Configuring the Global Password Policy
Configuring the Password Policy Using the Console
Configuring the Password Policy From the Command Line
Managing Individual Password Policies
Defining a Policy Using the Console
Defining a Policy From the Command Line
Assigning Password Policies
Resetting User Passwords
Inactivating and Activating Users and Roles
Setting User and Role Activation Using the Console
Setting User and Role Activation From the Command Line
Setting Individual Resource Limits
Setting Resource Limits Using the Console
Setting Resource Limits From the Command Line

Chapter 8   Managing Replication
Summary of Steps for Configuring Replication
Choosing Replication Managers
Configuring a Dedicated Consumer
Creating the Suffix for the Consumer Replica
Enabling a Consumer Replica
Advanced Consumer Configuration
Configuring a Hub
Creating the Suffix for the Hub Replica
Enabling a Hub Replica
Advanced Hub Configuration
Configuring a Master Replica
Defining the Suffix for the Master Replica
Enabling a Master Replica
Advanced Multi-Master Configuration
Creating Replication Agreements
Configuring Fractional Replication
Considerations for Fractional Replication
Defining the Attribute Set
Enabling Fractional Replication
Initializing Replicas
When to Initialize
Convergence After Multi-Master Initialization
Initializing a Replica Using the Console
Initializing a Replica From the Command Line
Initializing a Replica Using Binary Copy
Enabling the Referential Integrity Plug-In
Replication Over SSL
Replication Over a WAN
Configuring Network Parameters
Scheduling Replication Activity
Data Compression
Modifying the Replication Topology
Managing Replication Agreements
Promoting or Demoting Replicas
Disabling Replicas
Moving the Change Log
Keeping Replicas in Sync
Replication With Earlier Releases
Configuring Directory Server 5.2 as a Consumer of Directory Server 4.x
Updating Directory Server 5.1 Schema
Using the Retro Change Log Plug-In
Enabling the Retro Change Log Plug-In
Trimming the Retro Change Log
Accessing the Retro Change Log
Monitoring Replication Status
Command-Line Tools
Replication Status Tab
Solving Common Replication Conflicts
Solving Naming Conflicts
Solving Orphan Entry Conflicts
Solving Potential Interoperability Problems

Chapter 9   Extending the Directory Schema
Schema Checking
Setting Schema Checking Using the Console
Setting Schema Checking From the Command Line
Overview of Extending the Schema
Modifying the Schema Files
Modifying the Schema From the Command Line
Modifying the Schema Using the Console
Managing Attribute Definitions
Viewing Attributes
Creating Attributes
Editing Attributes
Deleting Attributes
Managing Object Class Definitions
Viewing Object Classes
Creating Object Classes
Editing Object Classes
Deleting Object Classes
Replicating Schema Definitions
Modifying Replicated Schema Files
Limiting Schema Replication

Chapter 10   Indexing Directory Data
Overview of Indexing
System Indexes
Default Indexes
Attribute Name Quick Reference Table
Managing Indexes
Managing Indexes Using the Console
Managing Indexes From the Command Line
Reindexing a Suffix
Modifying the Set of Default Indexes
Managing Browsing Indexes
Browsing Indexes for the Console
Browsing Indexes for Client Searches

Chapter 11   Managing Authentication and Encryption
Introduction to SSL in Directory Server
Summary of Steps for Enabling SSL
Obtaining and Installing Server Certificates
Creating a Certificate Database
Generating a Certificate Request
Installing the Server Certificate
Trusting the Certificate Authority
Activating SSL
Choosing Encryption Ciphers
Allowing Client Authentication
Configuring Client Authentication
SASL Authentication Through DIGEST-MD5
SASL Authentication Through GSSAPI (Solaris Only)
Identity Mapping
Configuring LDAP Clients to Use Security
Configuring Server Authentication in Clients
Configuring Certificate-Based Authentication in Clients
Using SASL DIGEST-MD5 in Clients
Using Kerberos SASL GSSAPI in Clients

Chapter 12   Implementing Pass-Through Authentication
How Directory Server Uses PTA
Configuring the PTA Plug-In
Creating the Plug-In Configuration Entry
Configuring PTA to Use a Secure Connection
Setting the Optional Connection Parameters
Specifying Multiple Servers and Subtrees
Modifying the PTA Plug-In Configuration

Chapter 13   Monitoring Directory Server Using Log Files
Defining Log File Policies
Defining a Log File Rotation Policy
Defining a Log File Deletion Policy
Manual Log File Rotation
Access Log
Errors Log
Audit Log
Monitoring Server Activity
Monitoring Your Server Using the Console
Monitoring Your Server From the Command Line

Chapter 14   Monitoring Directory Server Using SNMP
SNMP in Sun Java System Servers
Overview of the Directory Server MIB
Setting Up SNMP
Configuring SNMP in Directory Server
Starting and Stopping the SNMP Subagent

Chapter 15   Enforcing Attribute Value Uniqueness
Enforcing Uniqueness of the uid Attribute
Configuring the Plug-In Using the Console
Configuring the Plug-In From the Command Line
Enforcing Uniqueness of Another Attribute
Using the Uniqueness Plug-In With Replication
Single-Master Replication Scenario
Multi-Master Replication Scenario

Chapter 16   Troubleshooting Directory Server
Troubleshooting Installation

Appendix A   Using the Sun Crypto Accelerator Board
Before You Start
Creating a Token
Generating Bindings for the Board
Importing Certificates
Configuring SSL

Appendix B   Third Party Licence Acknowledgements


Copyright      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.