| Previous Contents Index Next |
| iPlanet Web Server, Enterprise Edition Administrator's Guide |
The Global Settings Tab
The Settings tab contains the following pages
The Configure Directory Service Page
The NS Cron Control Page (Unix/Linux)
The Configure JRE/JDK Paths Page
The Community Strings Page (Unix/Linux)
The Configure Directory Service Page
Based on an open-systems server protocol called the Lightweight Directory Access Protocol (LDAP), Netscape Directory Server allows you to manage all your user information from a single source. You can also configure the directory server to allow your users to retrieve directory information from multiple, easily accessible network locations. The Configure Directory Service page allows you to configure basic LDAP settings for your server.The following elements are displayed:
Host Name. Specifies the name of the LDAP server. You must enter a host name even if the directory server is running on the local machine.
Port. Specifies the port on which the LDAP server runs. If you are going to use SSL with a directory server, then you should enter the port number that the directory server is using for SSL.
Use Secure Sockets Layer (SSL) for connections. Specifies whether the server should use SSL for communications with the directory server. If you click Yes, then you must also configure the Administration Server to use SSL communications.
Base DN. Specifies the distinguished name where directory lookups will occur by default, and where all the Administration Server's entries will be placed in your directory tree (for example, o=mozilla.com). A DN is the string representation for the name of an entry in a directory server.
Bind DN. Specifies the distinguished name that the Administration Server will use to initially bind (or log in) to the directory server (for example, cn=Directory Manager). Binding determines the permission level you are granted for the duration of a connection. The DN supplied in a bind request can be the DN of an alias entry.
This bind DN only requires read and search access to the directory. Because this DN and associated password (if any) is easily compromised, it is best to simply leave this field blank and then set up your directory server to allow anonymous search access. If you do not want to allow anonymous search access to your directory, specify a bind DN entry here that only has read and search access to your directory. Do not specify your directory server's unrestricted user (Root DN) in this field.
Bind Password. Specifies the password used for authentication.
Save Changes. Saves your entries.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Restrict Access Page
The Restrict Access page specifies access control to the Administration Server. For more information, see Setting Access Control Globally.
Note You must set up and administration group and enable distributed administration from The Distributed Administration Page in the Preferences tab before creating access control for the Administration Server.
The following elements are displayed:
For the server: Allows you to choose a server from the drop-down list. Click Create ACL or Edit ACL.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Access Control Rules for Page
The Access Control Rules page is divided into two frames that set the access control rules. If the resource you chose already has access control, the rules will appear in the top frame. For more information, see Setting Access Control Globally.The following elements are displayed:
Upper Frame
Upper Frame
The upper frame displays access control rules representing each configurable setting as a link. When you click on a link, the page divides into two frames, and you can use the Lower Frame to set the access control rules. The ACL for the Administration Server, begins with two non-editable deny statements by default.The following elements are displayed in the upper frame:
Action
Action
Specifies whether to deny or allow access to the users, groups, or hosts. For the Administration Server, the first two lines of the access control rules are set to deny everyone except the group admin access to any portion of the Administration Server. If allow users and groups outside of the group admin access, you must click New Line and create an access control rule. For more information, see Setting Access Control Globally.
Users/Groups
Allows you to specify user and group authentication when you click "anyone." The bottom frame allows you to configure User-Group authentication. By default, no users or groups outside of the group admin can access the Administration Server resources. For more information, see Specifying Users and Groups.
From host
Allows you to specify the computers you want to include in the rule when you click "anyplace". In the bottom frame, you can enter wildcard patterns of host names or IP addresses to allow or deny. For more information, see Specifying the From Host.
Programs
Restricts access to areas in the Administration Server. For example, you can restrict access to all pages for configuring the administration server by selecting All Programs. If you want to restrict access to one or more areas, choose the name of the program group in the drop-down list. If you want to restrict access to one page in a tab, enter the name of the page in Program Items. For example, to restrict access to the Access Control List Management page, type distacl in Program Items. For more information, see Restricting Access to Programs.
Extra
Allows you to specify a customized ACL entry. This is useful if you use the access control API to customize ACLs. For more information, see Writing Customized Expressions.
Continue
Specifies that the next line in the access control rule chain is evaluated before the server determines if the user is allowed access. When creating multiple lines in an access control entry, it's best to work from the most general restrictions to the most specific ones.
Trash can icon
Deletes the corresponding line from the access control rules.
Access control is on
Specifies whether access control is enabled.
New Line
Adds a default ACL rule to the bottom row of the table. You can use the up and down arrows in the left column to move the rule.
Response when Denied
Specifies the response a user sees when denied access. You can create a different message for each access control object. By default, the user is sent the following message: "FORBIDDEN. Your client is not allowed access to the restricted object." For more information, see Responding When Access is Denied.Revert. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays the online help.
Lower Frame
The lower frame allows you to configure access control rules for the ACL in the Upper Frame.The following elements are displayed in the lower frame:
Allow/Deny
For more information, see Setting the Action.Allow. Allows the user, group, or host access.
Deny. Denies the user, group, or host access.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays the online help.
User/Group
For more information, see Specifying Users and Groups.Anyone (No Authentication). Allows everyone access to the resource. No authentication is required.
Authenticated people only. Allows only authenticated users and groups to access the resource. Choose from the following options:
All in the authentication database. Allows all users and groups in the LDAP directory.
Prompt for authentication. Allows you specify message text that appears in the authentication dialog box. You can use this text to describe what the user needs to enter. Depending on the operating system, the user will see about the first 40 characters of the prompt. Netscape Navigator and Netscape Communicator cache the username and password and associate them with the prompt text. This means that if the user accesses areas (files and directories) of the server that have the same prompt, the user will not have to retype usernames and passwords. Conversely, if you want to force users to reauthenticate for various areas, you must change the prompt for the ACL on that resource.Only the following people. Allows only the users and groups specified. You can select Groups or Users by:
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays the online help.
From Host
For more information, see Specifying the From Host.Any place. Allows any machine access to the resource.
Only from. Allows you to restrict access based on:
Enter wildcard patterns that match the machines' host names or IP addresses in these fields. For example, to allow or deny all computers in a specific domain, you would enter a wildcard pattern that matches all hosts from that domain, such as *.iplanet.com.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays the online help.
Programs
For more information, see Restricting Access to Programs.All programs. Allows users or groups access to all the tabs in the Administration Server.
Only the following. Allows users or groups you have specified access to specific areas of the server. Select the areas form the drop-down Program Groups list. You can choose multiple program groups by pressing the control key and clicking the names.
Program Items. Allows you to restrict access to one page in a program group by entering the name of the page in the Program Items field. For example, to restrict access to the Access Control List Management page, type distacl in Program Items. For more information, see Restricting Access to Programs.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays the online help.
Customized Expressions
Customize expressions. Allows you to enter custom expressions for an ACL in the text box. You can use this feature if you are familiar with the syntax and structure of ACL files. For more information on customized expressions, see Writing Customized Expressions, and ACL File Syntax.Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays the online help.
Access Denied Response
Respond with the Default File (Redirection Off). The following message is sent: "FORBIDDEN. Your client is not allowed access to the restricted object."Respond with the Following URL: (Redirection On). When selected, allows you to create a different message for each ACL. Enter the absolute path of a URL or a relative URI.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays the online help.
The NS Cron Control Page (Unix/Linux)
The NS Cron Control page allows you to start and stop all the cron jobs scheduled for iPlanet Web Server in the file ns-cron.For more information, see Using Cron-based Log Rotation (Unix/Linux).
The following elements are displayed:
Start. Starts ns-cron, and starts all scheduled cron jobs.
Stop. Stops all cron jobs defined in ns-cron.
Restart. Restarts all cron jobs in ns-cron.
The Configure JRE/JDK Paths Page
When you install iPlanet Web Server, you can choose to install the Java Runtime Environment (JRE) that is provided with iPlanet Web Server, or you can specify a path to a Java Development Kit (JDK) that you must install separately. The server can run servlets or precompiled JSPs using the JRE, but it needs the JDK to run uncompiled JSPs.The Path Variables for Location JAR/Class Files for Servlets page allows you to switch to using either the JRE or JDK, and change the path to the JDK or JRE.
The following elements are displayed:
Choose either JDK or JRE. Specifies whether the server will run servlets using the JDK or JRE.
JDK Path. Specifies the directory where you installed the JDK.
JDK Runtime Libpath. Specifies the runtime library path for the JDK. If you don't know what this path should be, leave it blank to use the default path.
JDK Runtime Classpath. Specifies the paths to the directories and JAR files needed by the JDK. You can add new values to the existing class path, but do not delete the existing value since it includes paths that are essential for servlet operation. If you don't know what this path should be, leave it blank to use the default path.
JRE Path. Specifies the directory where you installed the JRE.
JRE Runtime Libpath. Specifies the runtime library path for the JRE. If you don't know what this path should be, leave it blank to use the default path.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Note If you are not sure of the JDK runtime libpath, the JDK runtime classpath, or the JRE runtime libpath, leave these fields blank to tell the server to use default paths.
The Community Strings Page (Unix/Linux)
A community string is a password that an SNMP agent uses for authentication, which means that a network management station would have to send the special password with each message it sent to the agent. The agent can then verify whether the network management station is authorized to get information. Community strings are not concealed when sent in SNMP packets; strings are sent in ASCII text. Therefore, you should consider changing the community string on a regular basis. The master agent uses the community string for authentication.The Community Strings page allows you to create, edit, and remove communities.
For more information, see Configuring the Community String.
The following elements are displayed:
Community. Specifies the name of the community you want to create.
Operation. Specifies the permissions for the new community. Choose from the following:
Allow all operations. Allows this community string to request data or reply to messages, and set variable values.
Current communities. Lists all communities currently defined for the server. To modify a community, click Edit in the community row. To delete a community, click Remove in the community row.Allow GET operations. Allow this community string to only request messages or reply to messages, and not set variables.
Allow ALL operations. Allows this community string to only set variable values.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Manager Entries Page (Unix/Linux)
The Manager Entries page allows you to create, edit, and remove SNMP trap destinations. An SNMP trap is a message the SNMP agent sends to a network management station. For example, an SNMP agent would send a trap when an interface's status has changed from up to down. The SNMP agent must know the address of the network management station so it knows where to send traps; you can configure this trap destination for the SNMP master agent from the Server Manager.For more information, see Configuring Trap Destinations.
The following elements are displayed:
Manager station. Specifies the name of the system that is running your network management software.
Trap port. Specifies the port number on which your network management system listens for traps (the well-known port is 162).
With community. Specifies the community string you want to use in the trap.
Current manager entries. Lists all manager stations defined for the server. To modify a manager entry, click Edit in the manager entry row. To delete a manager entry, click Remove in the manager entry row.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The SNMP Master Agent Control Page (Unix/Linux)
The master SNMP agent exchanges information between the subagent and the network management station. A master agent runs on the same host machine as the subagents it talks to. You can have multiple subagents installed on a host machine. All subagents can communicate with the master agent. The SNMP Master Agent Control page allows you to start, stop, or restart the SNMP master agent after installing the SNMP master agent.For more information, see the following sections:
Installing the SNMP Master Agent
The following elements are displayed:Start. Starts the SNMP master agent.
Stop. Stops the SNMP master agent.
Restart. Restarts the SNMP master agent.
Previous Contents Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated May 09, 2002