Index DocHome Next |
iPlanet Directory Server Administrator's Guide |
Contents
IntroductioniPlanet Directory Server 5.0 Overview
Administering iPlanet Directory Server
Prerequisite Reading
Conventions Used in This Book
Related Information
Chapter 1 Introduction to iPlanet Directory ServerOverview of Directory Server Management
Using the Directory Server Console
Configuring the Directory Manager
Binding to the Directory From iPlanet Console
Starting and Stopping the Directory Server
Configuring LDAP Parameters
Starting the Server with SSL Enabled
Cloning a Directory Server
Starting the Server in Referral Mode
Chapter 2 Creating Directory EntriesManaging Entries From the Directory Console
Managing Entries From the Command Line
Providing Input From the Command Line
LDIF Update Statements
Adding and Modifying Entries Using ldapmodify
A Note on Renaming Entries
Adding Attributes to Existing Entries Using LDIF
Deleting an Entry Using LDIF
Maintaining Referential Integrity
How Referential Integrity Works
Using Referential Integrity with Replication
Configuring the Supplier Server
From the Directory Server Console
From the Directory Server Console
From the Directory Server Console
From the Directory Server Console
Chapter 3 Configuring Directory DatabasesCreating and Maintaining Suffixes
Creating Suffixes
Creating and Maintaining Databases
Maintaining Suffixes
Creating Databases
Creating and Maintaining Database Links
Maintaining Directory Databases
Configuring the Chaining Policy
Using Referrals
Creating a New Database Link
Chaining Using SSL
Maintaining Database Links
Database Links and Access Control Evaluation
Advanced Feature: Tuning Database Link Performance
Detecting Errors During Normal Processing
Advanced Feature: Configuring Cascading Chaining
Managing Threaded Operations
Overview of Cascading Chaining
Summary of Cascading Chaining Configuration Attributes
Cascading Chaining Configuration Example
Setting Default Referrals
Creating Smart Referrals
Creating Suffix Referrals
Chapter 4 Populating Directory DatabasesImporting Data
Importing From the Command Line
Exporting Data
Backing Up and Restoring Data
Backing Up All Databases
Enabling and Disabling Read-Only Mode
Backing Up the dse.ldif Configuration File
Restoring All Databases
Restoring Databases that Include Replicated Entries
Restoring the dse.ldif Configuration File
Chapter 5 Advanced Entry ManagementUsing Groups
Managing Static Groups
Using Roles
Managing Dynamic Groups
About Roles
Assigning Class of Service
Managing Roles Using the Console
Managing Roles Using the Command Line
Examples: Managed Role Definition
Using Roles Securely
Example: Filtered Role Definition
Example: Nested Role Definition
About CoS
About the CoS Definition Entry
Managing CoS Using the Console
About the CoS Template Entry
How a Pointer CoS Works
How an Indirect CoS Works
How a Classic CoS Works
Managing CoS From the Command Line
Example of a Pointer CoS
Creating Role-Based Attributes
Example of an Indirect CoS
Example of a Classic CoS
Access Control and CoS
Chapter 6 Managing Access ControlAccess Control Principles
ACI Structure
Default ACIs
ACI Placement
ACI Evaluation
ACI Limitations
Creating ACIs Manually
The ACI Syntax
Bind Rules
Example ACI
Targeting Attributes
Rights Required for LDAP Operations
Permissions Syntax
Bind Rule Syntax
Creating ACIs From the Console
Anonymous Access (anyone Keyword)
General Access (all Keyword)
Self Access (self Keyword)
Parent Access (parent Keyword)
LDAP URLs
Wildcards
Examples
Examples
Examples
Examples
Access Control Usage Examples
Granting Anonymous Access
Granting Write Access to Personal Entries
Restricting Access to Key Roles
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Granting Conditional Access to a Group or Role
Denying Access
Setting a Target Using Filtering
Allowing Users to Add or Remove Themselves From a Group
Defining Permissions for DNs That Contain a Comma
Viewing the ACIs for an Entry
Proxied Authorization ACI Example
Advanced Access Control: Using Macro ACIs
Macro ACI Example
Access Control and Replication
Macro ACI Syntax
Macro Matching for ($dn)
Macro Matching for [$dn]
Macro Matching for ($attr.attrName)
Logging Access Control Information
Compatibility with Earlier Releases
Chapter 7 User Account ManagementManaging the Password Policy
Configuring the Password Policy
Inactivating Users and Roles
Configuring the Password Policy Using the Console
Setting User Passwords
Configuring the Password Policy Using the Command-Line
Configuring the Account Lockout Policy
Configuring the Account Lockout Policy Using the Console
Managing the Password Policy in a Replicated Environment
Configuring the Account Lockout Policy Using the Command Line
Inactivating User and Roles Using the Console
Setting Resource Limits Based on the Bind DN
Inactivating User and Roles Using the Command Line
Activating User and Roles Using the Console
Activating User and Roles Using the Command Line
Setting Resource Limits Using the Console
Setting Resource Limits Using the Command Line
Chapter 8 Managing ReplicationReplication Overview
Read-Write Replica/Read-Only Replica
Replication Scenarios
Supplier/Consumer
Change Log
Unit of Replication
Replication Identity
Replication Agreement
Compatibility with Earlier Versions of Directory Server
Single-Master Replication
Configuring Single-Master Replication
Multi-Master Replication
Cascading Replication
Configuring Multiple-Master Replication
Configuring Cascading Replication
Configuration Tips
Detailed Procedures
Removing the Change Log
Initializing Consumers
When to Initialize a Consumer
Forcing Replication Updates
Exporting a Replica to LDIF
Importing the LDIF File to the Consumer Server
Replication over SSL
Replication with Earlier Releases
Using the Retro Change Log Plug-In
Monitoring Replication Status
Solving Common Replication Conflicts
Naming Conflicts
Deleted Entries with Child Entries
Controlling Access to Conflicting Entries
Chapter 9 Extending the Directory SchemaOverview of Extending Schema
Managing Attributes
Managing Object Classes
Turning Schema Checking On and Off
Chapter 10 Managing IndexesAbout Indexes
About Index Types
Creating Indexes
About Default, System, and Standard Indexes
Overview of Default Indexes
Overview of the Searching Algorithm
Overview of System Indexes
Overview of Standard Indexes
Balancing the Benefits of Indexing
Creating Indexes From the Server Console
Deleting Indexes
Creating Indexes From the Command Line
Adding an Index Entry
Creating Browsing Indexes From the Server Console
Running the db2index.pl Script
The following table describes the db2index.pl options used in the examples:
Creating Browsing Indexes from the Command Line
Adding a Browsing Index Entry
Running the vlvindex Script
Deleting Indexes From the Server Console
Managing Indexes
Deleting Indexes From the Command Line
Deleting an Index Entry
Deleting Browsing Indexes From the Server Console
Running the db2index.pl Script
Deleting Browsing Indexes From the Command Line
Deleting a Browsing Index Entry
Running the vlvindex Script
Benefits of the All IDs Mechanism
Attribute Name Quick Reference Table
Drawbacks of the All IDs Mechanism
When All IDs Threshold is Too Low
All IDs Threshold Tuning Advice for Single- Enterprise Directories
When All IDs Threshold is Too High
All IDs Threshold Tuning Advice for Service Providers and Extranets
Default All IDs Threshold Value
Symptoms of an Inappropriate All IDs Threshold Value
Changing the All IDs Threshold Value
Chapter 11 Managing SSLIntroduction to SSL in the Directory Server
Obtaining and Installing Server Certificates
Activating SSL
Setting Security Preferences
Using Certificate-Based Authentication
Configuring LDAP Clients to Use SSL
Chapter 12 Monitoring Server and Database ActivityViewing and Configuring Log Files
Access Log
Manual Log File Rotation
Error Log
Audit Log
Monitoring Server Activity
Monitoring Database Activity
Viewing the Server Performance Monitor
Overview of Server Performance Monitor Information
General Information (Server)
Resource Summary
Current Resource Usage
Connection Status
Global Database Cache Information
Monitoring Database Link Activity
Viewing Database Performance Monitors
Overview of Database Performance Monitor Information
General Information (Database)
Summary Information Table
Database Cache Information Table
Database File-Specific Table
Chapter 13 Monitoring Directory Server Using SNMPAbout SNMP
SNMP Overview
Overview of the Directory Server Management Information Base
NMS-Initiated Communication
Managed Device-Initiated Communication
About the Operations Table
Setting Up SNMP
The Entries Table
Setting Up SNMP on Windows NT
Starting and Stopping the SNMP Subagent on UNIX
Setting Up SNMP on UNIX
Configuring the AIX SNMP Daemon
Starting and Stopping the SNMP Service on Windows NT
Configuring SNMP for the Directory Server
Chapter 14 Tuning Directory Server PerformanceTuning Server Performance
iPlanet Plug-Ins Reference
Tuning Database Performance
Optimizing Search Performance
Tuning Transaction Logging
Changing the Location of the Database Transaction Log
Changing the Database Checkpoint Interval
Disabling Durable Transactions
Chapter 15 Administering Directory Server Plug-InsServer Plug-in Functionality Reference
Enabling and Disabling Plug-Ins From the Server Console
7-bit Check Plug-In
ACL Plug-In
ACL Preoperation Plug-In
Binary Syntax Plug-In
Boolean Syntax Plug-In
Case Exact String Syntax Plug-In
Case Ignore String Syntax Plug-In
Chaining Database Plug-In
Class of Service Plug-In
Country String Syntax Plug-In
Distinguished Name Syntax Plug-In
Generalized Time Syntax Plug-In
Integer Syntax Plug-In
Internationalization Plug-In
ldbm Database Plug-In
Legacy Replication Plug-In
Multimaster Replication Plug-In
Octet String Syntax Plug-in
CLEAR Password Storage Plug-In
CRYPT Password Storage Plug-In
NS-MTA-MD5 Password Storage Plug-In
SHA Password Storage Plug-In
SSHA Password Storage Plug-in
Postal Address String Syntax Plug-In
PTA Plug-In
Referential Integrity Postoperation Plug-In
Retro Change Log Plug-In
Roles Plug-In
Telephone Syntax Plug-In
UID Uniqueness Plug-in
URI Plug-in
Chapter 16 Using the Pass-Through Authentication Plug-InHow Directory Server 5.0 Uses PTA
PTA Plug-In Syntax
Configuring the PTA Plug-In
PTA Plug-In Syntax Examples
Chapter 17 Using the Attribute Uniqueness Plug-InOverview of the Attribute Uniqueness Plug-In
Appendixes
Overview of the UID Uniqueness Plug-in
Attribute Uniqueness Plug-In Syntax
Creating an Instance of the Attribute Uniqueness Plug-In
Configuring Attribute Uniqueness Plug-Ins
Configuring Attribute Uniqueness Plug-Ins From the Directory Server Console
Attribute Uniqueness Plug-In Syntax Examples
Replication and the Attribute Uniqueness Plug-In
Simple Replication Scenario
Multi-Master Replication Scenario
Appendix A LDAP Data Interchange FormatLDIF File Format
Continuing Lines in LDIF
Specifying Directory Entries Using LDIF
Representing Binary Data
Defining Directories Using LDIF
Storing Information in Multiple Languages
LDIF File Example
Appendix B Finding Directory EntriesFinding Entries Using the Server Console
Using ldapsearch
Using Special Characters
LDAP Search Filters
ldapsearch Command-Line Format
Commonly Used ldapsearch options
ldapsearch Examples
Returning All Entries
Specifying Search Filters on the Command Line
Searching the Root DSE Entry
Searching the Schema Entry
Using LDAP_BASEDN
Displaying Subsets of Attributes
Specifying Search Filters Using a File
Specifying DNs that Contain Commas in Search Filters
Using Client Authentication When Searching
Search Filter Syntax
Searching an Internationalized Directory
Using Attributes in Search Filters
Using Operators in Search Filters
Using Compound Search Filters
Search Filter Examples
Matching Rule Filter Syntax
Matching Rule Formats
Supported Search Types
Using Wildcards in Matching Rule Filters
International Search Examples
Less Than Example
Less Than or Equal to Example
Equality Example
Greater Than or Equal to Example
Greater Than Example
Substring Example
Appendix C LDAP URLsComponents of an LDAP URL
Escaping Unsafe Characters
Examples of LDAP URLs
Appendix D InternationalizationAbout Locales
Glossary
Identifying Supported Locales
Supported Language Subtypes
Index
Index DocHome Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated March 23, 2001