Chapter 4
Server Instance File Reference
This chapter provides an overview of the files stored under /usr/iplanet/servers/slapd-serverID. Having an overview of the files and configuration information stored in each instance of Directory Server will help you understand the file changes or absence of file changes which occur in the course of directory activity. It will also help you to detect errors and intrusion, by indicating what kind of changes to expect, and as a result, what changes are considered abnormal.
Overview of Directory Server Files
Directory Server files and command-line scripts are stored under installDir/slapd-serverID, where serverID is the server identifier. The only exception is the migrateInstance5 script, which is stored under installDir/bin/slapd/admin/bin.
The following listing shows the contents of installDir/slapd-serverID on a UNIX platform, where directories are marked with a slash (/) and scripts are marked with an asterisk (*). See Chapter 8 "Command-Line Scripts" for further information on command-line Scripts.
|
Note
|
On the Solaris 9 platform, all scripts are also available through the /usr/sbin/directoryserver name command.
On Windows platforms, all scripts have the .bat extension.
|
Code Example 4-1 Contents of the installDir/slapd-serverID Directory
./ db2ldif* ns-inactivate.pl*
../ db2ldif.pl* restart-slapd*
bak/ getpwenc* restoreconfig*
bak2db* ldif/ saveconfig*
bak2db.pl* ldif2db* start-slapd*
conf_bk/ ldif2db.pl* stop-slapd*
confbak/ ldif2ldap* suffix2instance*
config/ locks/ tmp/
db/ logs/ vlvindex*
db2bak* monitor*
db2bak.pl* ns-accountstatus.pl*
db2index.pl* ns-activate.pl*
|
|
To reflect the directory structure under installDir/slapd-serverID, this chapter is divided into the following sections:
Each section describes the file type and contents.
Backup Files
Each Directory Server instance contains the following three directories for storing backup related files:
bak - contains a directory dated with the time and date of your database backup, for example 2001_02_13_174524/, which in turn holds your database backup copy.
confbak - is the default directory used by the restoreconfig script and the saveconfig scripts. See Chapter 8 "Command-Line Scripts" for further information on Command-line Scripts.
conf_bk - contains a backup copy of the dse.ldif configuration file from the time of installation.
Configuration Files
Each Directory Server instance contains the following directory for storing configuration files:
Database Files
Each Directory Server instance contains the db directory for storing all the database files. The following listing shows the sample contents of the db directory.
Code Example 4-2 Sample Contents of the db Directory
./ __db.002 __db.005 NetscapeRoot/
../ __db.003 DBVERSION userRoot/
__db.001 __db.004 log.0000000017
|
|
db.00x files - used internally by the database. Should not be moved, deleted, or modified in any way
log.xxxxxxxxxx files - used to store the transaction logs per database
DBVERSION - used for storing the version of the database.
NetscapeRoot - this directory stores the o=NetscapeRoot database created by default at Typical installation.
userRoot - this directory stores the user-defined suffix (user-defined databases) created at Typical installation time, for example dc=siroe,dc=com.
The following listing shows the sample contents of the NetscapeRoot directory.
Code Example 4-3 Sample Contents of the NetscapeRoot Subdirectory
./ entrydn.db3 parentid.db3
../ givenName.db3 sn.db3
aci.db3 id2entry.db3 uid.db3
cn.db3 nsUniqueId.db3 uniquemember.db3
DBVERSION numsubordinates.db3
dncomp.db3 objectclass.db3
|
|
The NetscapeRoot subdirectories contain an index_name.db3 file for every index currently defined in the database, where index_name is the name of the index. In addition to these index_name.db3 files, the Netscape and userRoot subdirectories contain the following files:
dncomp.db3 - contains a list of partial DNs enabling you to find IDs.
entrydn.db3 - contains a list of full DNs enabling you to find IDs.
id2entry.db3 - contains the actual directory database entries. All other database files can be recreated from this one, if necessary.
nsuniqueid.db3 - contains a list of Netscape unique IDs enabling you to find IDs.
objectclass.db3 - contains a list of IDs which have a particular objectclass.
parentid.db3 - contains a list of IDs allowing you to find ID of parent.
ldif Files
Each Directory Server instance contains the ldif directory for storing ldif related files. The following listing shows the sample contents of the ldif directory.
Code Example 4-4 Sample Contents of the ldif Directory
./ European.ldif Siroe-roles.ldif
../ Siroe.ldif
|
|
The following list describes the content of each of the ldif files:
European.ldif - contains European character samples.
Siroe.ldif - is a sample ldif file.
Siroe-roles.ldif - is a sample ldif file similar to Siroe.ldif except that it uses roles and class of service instead of groups for setting access control and resource limits for Directory Administrators.
Lock Files
Each Directory Server instance contains a locks directory for storing lock related files. The following listing shows the sample contents of the locks directory.
Code Example 4-5 Sample Contents of the locks Directory
./ exports/ server/
../ imports/
|
|
The lock mechanisms stored under the locks subdirectories exports, imports, and server prevent simultaneous operations from conflicting with each other. The lock mechanisms allow for one server instance to run at a time, with possible multiple export jobs. They also permit one ldif2db import operation (or one directoryserver ldif2db operation on Solaris 9 platforms) at a time to the exclusion of all export and slapd server operations.
This restriction does not apply to the ldif2db.pl script (directoryserver ldif2db-task on Solaris 9 platforms), since you can run multiple ldif2db.pl operations at any time.
Log Files
Each Directory Server instance contains a logs directory for storing log related files. Code Example 4-6 shows a sample listing of the logs directory contents.
Code Example 4-6 Contents of a sample logs directory
|
./ access.20010126-120123 audit
errors.rotationinfo
../ access.20010130-140221
audit.rotationinfo pid
access access.20010201-100122 errors
slapd.stats
access.20010124-180611 access.rotationinfo
errors.20010124-180607
|
|
The following list describes the content of the log related files:
The content of the access, audit and error log files is dependent on the log configuration.
The slapd.stats file is a memory-mapped file which cannot be read by an editor. It contains data collected by the Directory Server SNMP data collection component. This data is read by the SNMP subagent in response to SNMP attribute queries and is communicated to the SNMP master agent responsible for handling Directory Server SNMP requests.
The pid is the slapd process identifier.