Index Next |
iPlanet Directory Server 5.1 Administrator's Guide |
Contents
List of Tables
About This Guide
Prerequisite Reading
Conventions Used in This Book
Related Information
Chapter 1 Introduction to iPlanet Directory ServerOverview of Directory Server Management
Using the Directory Server Console
Starting Directory Server Console
Starting and Stopping the Directory Server
Navigating the Directory Server Console
Tasks Tab
Viewing the Current Bind DN From the Console
Configration Tab
Directory Tab
Status Tab
Changing Login Identity
Configuring the Directory Manager
Launching the Help System
The Console Clipboard
Starting/Stopping the Server From the Console
Configuring LDAP Parameters
Starting/Stopping the Server From the Command Line
Changing Directory Server Port Numbers
Starting the Server with SSL Enabled
Placing the Entire Directory Server in Read-Only Mode
Tracking Modifications to Directory Entries
Starting the Server in Referral Mode
Using the refer Command
Chapter 2 Creating Directory EntriesManaging Entries From the Directory Console
Creating a Root Entry
Managing Entries From the Command Line
Creating Directory Entries
Creating an Entry Using a Predefined Template
Modifying Directory Entries
Creating Other Types of Entries
Displaying the Property Editor
Deleting Directory Entries
Adding an Object Class to an Entry
Removing an Object Class
Adding an Attribute to an Entry
Adding Attribute Values
Removing an Attribute Value
Adding an Attribute Subtype
Providing Input From the Command Line
LDIF Update Statements
Creating a Root Entry From the Command Line
Adding Entries Using LDIF
Adding and Modifying Entries Using ldapmodify
Adding Entries Using ldapmodify
Deleting Entries Using ldapdelete
Modifying Entries Using ldapmodify
Using Special Characters
Adding an Entry Using LDIF
Maintaining Referential Integrity
Renaming an Entry Using LDIF
A Note on Renaming Entries
Modifying an Entry Using LDIF
Adding Attributes to Existing Entries Using LDIF
Deleting an Entry Using LDIF
Changing an Attribute Value Using LDIF
Deleting All Values of an Attribute Using LDIF
Deleting a Specific Attribute Value Using LDIF
Modifying an Entry in an Internationalized Directory
How Referential Integrity Works
Using Referential Integrity with Replication
Configuring the Supplier Server
Enabling/Disabling Referential Integrity
From the Directory Server Console
Recording Updates in the Change Log
From the Directory Server Console
Modifying the Update Interval
From the Directory Server Console
Modifying the Attribute List
From the Directory Server Console
Chapter 3 Configuring Directory DatabasesCreating and Maintaining Suffixes
Creating Suffixes
Creating and Maintaining Databases
Creating a New Root Suffix Using the Console
Maintaining Suffixes
Creating a New Sub-Suffix Using the Console
Creating Root and Sub Suffixes From the Command Line
Using Referrals in a Suffix
Enabling Referrals Only During Update Operations
Disabling a Suffix
Deleting a Suffix
Creating Databases
Creating and Maintaining Database Links
Creating a New Database for an Existing Suffix Using the Console
Maintaining Directory Databases
Creating a New Database for a Single Suffix From the Command Line
Adding Multiple Databases for a Single Suffix
Adding the Custom Distribution Function to a Suffix
Placing a Database in Read-Only Mode
Deleting a Database
Configuring the Chaining Policy
Using Referrals
Chaining Component Operations
Creating a New Database Link
Chaining LDAP Controls
Creating a New Database Link Using the Console
Chaining Using SSL
Creating a Database Link From the Command Line
Maintaining Database Links
Updating Remote Server Authentication Information
Database Links and Access Control Evaluation
Deleting Database Links
Advanced Feature: Tuning Database Link Performance
Managing Connections to the Remote Server
Advanced Feature: Configuring Cascading Chaining
Detecting Errors During Normal Processing
Managing Threaded Operations
Overview of Cascading Chaining
Configuring Cascading Chaining Defaults Using the Console
Configuring Cascading Chaining Using the Console
Configuring Cascading Chaining From the Command Line
Summary of Cascading Chaining Configuration Attributes
Cascading Chaining Configuration Example
Configuring Server One
Configuring Server Two
Configuring Server Three
Setting Default Referrals
Setting a Default Referral Using the Console
Creating Smart Referrals
Setting a Default Referral From the Command Line
Creating Smart Referrals Using the Directory Server Console
Creating Suffix Referrals
Creating Smart Referrals From the Command Line
Creating Suffix Referrals Using the Console
Creating Suffix Referrals From the Command Line
Chapter 4 Populating Directory DatabasesEnabling and Disabling Read-Only Mode
Enabling Read-Only Mode
Importing Data
Disabling Read-Only Mode
Performing an Import From the Console
Exporting Data
Initializing a Database From the Console
Importing From the Command Line
Importing Using the ldif2db Command
Importing Using the ldif2db.pl Perl Script
Importing Using the ldif2ldap Command
Exporting Directory Data to LDIF Using the Console
Backing Up and Restoring Data
Exporting a Single Database to LDIF Using the Console
Exporting to LDIF From the Command Line
Backing Up All Databases
Backing Up All Databases From the Server Console
Backing Up a Single Database
Backing Up All Databases From the Command Line
Backing Up the dse.ldif Configuration File
Restoring All Databases
Restoring All Databases from the Console
Restoring a Single Database
Restoring Your Database From the Command Line
Restoring Databases that Include Replicated Entries
Restoring a Supplier Replica
Restoring the dse.ldif Configuration File
Restoring a Consumer Replica
Chapter 5 Advanced Entry ManagementManaging Groups
Assigning Roles
Adding a New Static Group
Adding a New Dynamic Group
Modifying a Group Definition
Removing a Group Definition
About Roles
Defining Class of Service (CoS)
Role Limitations
Managing Roles Using the Console
Creating a Managed Role
Managing Roles Using the Command Line
Creating a Filtered Role
Creating a Nested Role
Viewing and Editing an Entry's Roles
Modifying a Role Entry
Making a Role Inactive
Reactivating a Role
Deleting a Role
Example of a Managed Role Definition
Using Roles Securely
Example of a Filtered Role Definition
Example of a Nested Role Definition
About CoS
The CoS Definition and Template Entries
CoS Limitations
Pointer CoS Example
Indirect CoS Example
Classic CoS Example
Managing CoS Using the Console
Creating a New CoS
Managing CoS From the Command Line
Editing an Existing CoS
Deleting a CoS
Creating the CoS Definition Entry From the Command Line
Creating Role-Based Attributes
Creating the CoS Template Entry From the Command Line
Example of a Pointer CoS
Example of an Indirect CoS
Example of a Classic CoS
Making CoS Secure
Protecting the CoS Definition Entry
Protecting the CoS Template Entries
Protecting the Target Entries of a CoS
Protecting Other Dependencies
Chapter 6 Managing Access ControlAccess Control Principles
ACI Structure
Default ACIs
ACI Placement
ACI Evaluation
ACI Limitations
Creating ACIs Manually
The ACI Syntax
Bind Rules
Example ACI
Defining Targets
Targeting a Directory Entry
Defining Permissions
Targeting Attributes
Targeting Both an Entry and Attributes
Targeting Entries or Attributes Using LDAP Filters
Targeting Attribute Values Using LDAP Filters
Targeting a Single Directory Entry
Allowing or Denying Access
Assigning Rights
Rights Required for LDAP Operations
Permissions Syntax
Bind Rule Syntax
Creating ACIs From the Console
Defining User Access - userdn Keyword
Anonymous Access (anyone Keyword)
Defining Group Access - groupdn Keyword
General Access (all Keyword)
Self Access (self Keyword)
Parent Access (parent Keyword)
LDAP URLs
Wildcards
Examples
Examples
Defining Role Access - roledn Keyword
Defining Access Based on Value Matching
Using the userattr Keyword
Defining Access From a Specific IP Address
Using the userattr Keyword With Inheritance
Granting Add Permission Using the userattr Keyword
Defining Access from a Specific Domain
Defining Access at a Specific Time of Day or Day of Week
Examples
Defining Access Based on Authentication Method
Examples
Using Boolean Bind Rules
Displaying the Access Control Editor
Access Control Usage Examples
Viewing Current ACIs
Creating a New ACI
Editing an ACI
Deleting an ACI
Granting Anonymous Access
Granting Write Access to Personal Entries
Restricting Access to Key Roles
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Granting Conditional Access to a Group or Role
Denying Access
Setting a Target Using Filtering
Allowing Users to Add or Remove Themselves From a Group
Defining Permissions for DNs That Contain a Comma
Viewing the ACIs for an Entry
Proxy Authorization ACI Example
Advanced Access Control: Using Macro ACIs
Macro ACI Example
Access Control and Replication
Macro ACI Syntax
Macro Matching for ($dn)
Macro Matching for [$dn]
Macro Matching for ($attr.attrName)
Logging Access Control Information
Compatibility with Earlier Releases
Chapter 7 User Account ManagementManaging the Password Policy
Configuring the Password Policy
Inactivating Users and Roles
Configuring the Password Policy Using the Console
Setting User Passwords
Configuring the Password Policy Using the Command-Line
Configuring the Account Lockout Policy
Configuring the Account Lockout Policy Using the Console
Managing the Password Policy in a Replicated Environment
Configuring the Account Lockout Policy Using the Command Line
Inactivating User and Roles Using the Console
Setting Resource Limits Based on the Bind DN
Inactivating User and Roles Using the Command Line
Activating User and Roles Using the Console
Activating User and Roles Using the Command Line
Setting Resource Limits Using the Console
Setting Resource Limits Using the Command Line
Chapter 8 Managing ReplicationReplication Overview
Replica
Replication Scenarios
Supplier/Consumer
Change Log
Unit of Replication
Replication Identity
Replication Agreement
Compatibility with Earlier Versions of Directory Server
Single-Master Replication
Summary of Steps for Complex Replication Configurations
Multi-Master Replication
Cascading Replication
Detailed Replication Tasks
Creating the Supplier Bind DN Entry
Configuring Single-Master Replication
Configuring Supplier Settings
Configuring a Supplier Replica
Configuring a Consumer Replica
Configuring a Hub Replica
Creating a Replication Agreement
Configuring the Consumer Server and Replica
Configuring Multi-Master Replication
Configuring the Supplier Server and Replica
Initializing Replicas in Single-Master Replication
Configuring the Consumer Servers and Replicas
Configuring Cascading Replication
Configuring the Supplier Servers and Replicas
Initializing Replicas in Multi-Master Replication
Configuring the Consumer Server and Replica
Deleting the Change Log
Configuring the Hub Supplier and Replica
Configuring the Supplier Server and Replica
Configuring Replication Agreements
Initializing Replicas in Cascading Replication
Removing the Change Log
Initializing Consumers
Moving the Change Log to a New Location
When to Initialize a Consumer
Keeping Replicas in Sync
Online Consumer Initialization Using the Console
Performing Online Consumer Initialization
Manual Consumer Initialization Using the Command Line
Manual Consumer Initialization Overview
Exporting a Replica to LDIF
Importing the LDIF File to the Consumer Server
Replication Retry Algorithm
Replication over SSL
Forcing Replication Updates from the Console
Forcing Replication Updates from the Command Line
Configuring Replication Over SSL Using the Replication Wizard
Replication with Earlier Releases
Configuring Replication Over SSL Using the Console
Configuring Directory Server 5.1 as a Consumer of a Legacy Directory Server
Using the Retro Change Log Plug-In
Enabling the Retro Change Log Plug-In
Monitoring Replication Status
Trimming the Retro Change Log
Searching and Modifying the Retro Change Log
Retro Change Log and the Access Control Policy
Solving Common Replication Conflicts
Solving Naming Conflicts
Renaming an Entry with a Multi-Valued Naming Attribute
Solving Orphan Entry Conflicts
Renaming an Entry with a Single-Valued Naming Attribute
Solving Potential Interoperability Problems
Chapter 9 Extending the Directory SchemaOverview of Extending Schema
Managing Attributes
Viewing Attributes
Managing Object Classes
Creating Attributes
Editing Attributes
Deleting Attributes
Viewing Object Classes
Turning Schema Checking On and Off
Creating Object Classes
Editing Object Classes
Deleting Object Classes
Chapter 10 Managing IndexesAbout Indexes
About Index Types
Creating Indexes
About Default, System, and Standard Indexes
Overview of Default Indexes
Overview of the Searching Algorithm
Overview of System Indexes
Overview of Standard Indexes
Balancing the Benefits of Indexing
Creating Indexes From the Server Console
Deleting Indexes
Creating Indexes From the Command Line
Adding an Index Entry
Creating Browsing Indexes From the Server Console
Running the db2index.pl Script
Creating Browsing Indexes from the Command Line
Adding a Browsing Index Entry
Running the vlvindex Command
Deleting Indexes From the Server Console
Managing Indexes
Deleting Indexes From the Command Line
Deleting an Index Entry
Deleting Browsing Indexes From the Server Console
Regenerating the Remaining Indexes
Deleting Browsing Indexes From the Command Line
Deleting a Browsing Index Entry
Regenerating the Remaining Indexes
Benefits of the All IDs Mechanism
Attribute Name Quick Reference Table
Drawbacks of the All IDs Mechanism
When All IDs Threshold is Too Low
All IDs Threshold Tuning Advice for Single- Enterprise Directories
When All IDs Threshold is Too High
All IDs Threshold Tuning Advice for Service Providers and Extranets
Default All IDs Threshold Value
Symptoms of an Inappropriate All IDs Threshold Value
Changing the All IDs Threshold Value
Chapter 11 Managing SSLIntroduction to SSL in the Directory Server
Enabling SSL: Summary of Steps
Obtaining and Installing Server Certificates
Step 1: Generate a Certificate Request
Activating SSL
Step 2: Send the Certificate Request
Step 3: Install the Certificate
Step 4: Trust the Certificate Authority
Step 5: Confirm That Your New Certificates Are Installed
Setting Security Preferences
Using Certificate-Based Authentication
Setting up Certificate-Based Authentication
Configuring LDAP Clients to Use SSL
Allowing/Requiring Client Authentication
Chapter 12 Monitoring Server and Database ActivityViewing and Configuring Log Files
Defining a Log File Rotation Policy
Manual Log File Rotation
Defining a Log File Deletion Policy
Access Log
Viewing the Access Log
Error Log
Configuring the Access Log
Viewing the Error Log
Audit Log
Configuring the Error Log
Viewing the Audit Log
Configuring the Audit Log
Monitoring Server Activity
Monitoring Your Server From the Directory Server Console
Monitoring Database Activity
Viewing the Server Performance Monitor
Monitoring Your Server From the Command Line
Overview of Server Performance Monitor Information
General Information (Server)
Resource Summary
Current Resource Usage
Connection Status
Global Database Cache Information
Monitoring Database Activity From the Server Console
Monitoring Database Link Activity
Viewing Database Performance Monitors
Monitoring Databases From the Command Line
Overview of Database Performance Monitor Information
General Information (Database)
Summary Information Table
Database Cache Information Table
Database File-Specific Table
Chapter 13 Monitoring Directory Server Using SNMPAbout SNMP
SNMP Overview
Overview of the Directory Server Management Information Base
NMS-Initiated Communication
Managed Device-Initiated Communication
About the Operations Table
Setting Up SNMP
The Entries Table
Setting Up SNMP on Windows NT
Starting and Stopping the SNMP Subagent on UNIX
Setting Up SNMP on UNIX
Configuring the AIX SNMP Daemon
Starting and Stopping the SNMP Service on Windows NT
Configuring SNMP for the Directory Server
Chapter 14 Tuning Directory Server PerformanceTuning Server Performance
Tuning Database Performance
Optimizing Search Performance
Miscellaneous Tuning Tips
Tuning Transaction Logging
Changing the Location of the Database Transaction Log
Changing the Database Checkpoint Interval
Disabling Durable Transactions
Specifying Transaction Batching
Creating Entries Under cn=config
Chapter 15 Administering Directory Server Plug-InsServer Plug-in Functionality Reference
Enabling and Disabling Plug-Ins From the Server Console
7-bit Check Plug-In
ACL Plug-In
ACL Preoperation Plug-In
Binary Syntax Plug-In
Boolean Syntax Plug-In
Case Exact String Syntax Plug-In
Case Ignore String Syntax Plug-In
Chaining Database Plug-In
Class of Service Plug-In
Country String Syntax Plug-In
Distinguished Name Syntax Plug-In
Generalized Time Syntax Plug-In
Integer Syntax Plug-In
Internationalization Plug-In
ldbm Database Plug-In
Legacy Replication Plug-In
Multimaster Replication Plug-In
Octet String Syntax Plug-in
CLEAR Password Storage Plug-In
CRYPT Password Storage Plug-In
NS-MTA-MD5 Password Storage Plug-In
SHA Password Storage Plug-In
SSHA Password Storage Plug-in
Postal Address String Syntax Plug-In
PTA Plug-In
Referential Integrity Postoperation Plug-In
Retro Change Log Plug-In
Roles Plug-In
Telephone Syntax Plug-In
UID Uniqueness Plug-in
URI Plug-in
Chapter 16 Using the Pass-Through Authentication Plug-InHow Directory Server 5.1 Uses PTA
PTA Plug-In Syntax
Configuring the PTA Plug-In
Turning the Plug-in On or Off
PTA Plug-In Syntax Examples
Configuring the Servers to Use a Secure Connection
Specifying the Authenticating Directory Server
Specifying the Pass-Through Subtree
Configuring the Optional Parameters
Chapter 17 Using the Attribute Uniqueness Plug-InOverview of the Attribute Uniqueness Plug-In
Overview of the UID Uniqueness Plug-in
Attribute Uniqueness Plug-In Syntax
Creating an Instance of the Attribute Uniqueness Plug-In
Configuring Attribute Uniqueness Plug-Ins
Viewing Plug-In Configuration Information
Attribute Uniqueness Plug-In Syntax Examples
Configuring Attribute Uniqueness Plug-Ins From the Directory Server Console
Configuring Attribute Uniqueness Plug-Ins from the Command Line
Turning the Plug-in On or Off
Specifying a Suffix or Subtree
Using the markerObjectClass and requiredObjectClass Keywords
Replication and the Attribute Uniqueness Plug-In
Simple Replication Scenario
Multi-Master Replication Scenario
Appendix A LDAP Data Interchange FormatLDIF File Format
Continuing Lines in LDIF
Specifying Directory Entries Using LDIF
Representing Binary Data
Using Standard LDIF Notation
Using ldapmodify -b
Using Base 64 Encoding
Specifying Organization Entries
Defining Directories Using LDIF
Specifying Organizational Unit Entries
Specifying Organizational Person Entries
Storing Information in Multiple Languages
LDIF File Example
Appendix B Finding Directory EntriesFinding Entries Using the Server Console
Using ldapsearch
Using Special Characters
LDAP Search Filters
ldapsearch Command-Line Format
Commonly Used ldapsearch options
ldapsearch Examples
Returning All Entries
Specifying Search Filters on the Command Line
Searching the Root DSE Entry
Searching the Schema Entry
Using LDAP_BASEDN
Displaying Subsets of Attributes
Specifying Search Filters Using a File
Specifying DNs that Contain Commas in Search Filters
Using Client Authentication When Searching
Search Filter Syntax
Searching an Internationalized Directory
Using Attributes in Search Filters
Using Operators in Search Filters
Using Compound Search Filters
Search Filter Examples
Matching Rule Filter Syntax
Matching Rule Formats
Supported Search Types
Using Wildcards in Matching Rule Filters
International Search Examples
Less Than Example
Less Than or Equal to Example
Equality Example
Greater Than or Equal to Example
Greater Than Example
Substring Example
Appendix C LDAP URLsComponents of an LDAP URL
Escaping Unsafe Characters
Examples of LDAP URLs
Appendix D InternationalizationAbout Locales
Glossary
Identifying Supported Locales
Supported Language Subtypes
Index
Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated October 29, 2001