Contents


Introduction

iPlanet Directory Server 5.0 Overview
Prerequisite Reading
Conventions Used in This Book
Related Information

Administering iPlanet Directory Server

Chapter 1 Introduction to iPlanet Directory Server

Overview of Directory Server Management
Using the Directory Server Console
Configuring the Directory Manager
Binding to the Directory From iPlanet Console
Starting and Stopping the Directory Server
Configuring LDAP Parameters
Starting the Server with SSL Enabled
Cloning a Directory Server
Starting the Server in Referral Mode

Chapter 2 Creating Directory Entries

Managing Entries From the Directory Console
Managing Entries From the Command Line

Providing Input From the Command Line
Adding and Modifying Entries Using ldapmodify

LDIF Update Statements

A Note on Renaming Entries
Adding Attributes to Existing Entries Using LDIF

Deleting an Entry Using LDIF

Maintaining Referential Integrity

How Referential Integrity Works
Using Referential Integrity with Replication

Configuring the Supplier Server
From the Directory Server Console
From the Directory Server Console
From the Directory Server Console
From the Directory Server Console

Chapter 3 Configuring Directory Databases

Creating and Maintaining Suffixes

Creating Suffixes
Maintaining Suffixes

Creating and Maintaining Databases

Creating Databases
Maintaining Directory Databases

Creating and Maintaining Database Links

Configuring the Chaining Policy
Creating a New Database Link
Chaining Using SSL
Maintaining Database Links
Database Links and Access Control Evaluation
Advanced Feature: Tuning Database Link Performance

Detecting Errors During Normal Processing
Managing Threaded Operations

Advanced Feature: Configuring Cascading Chaining

Overview of Cascading Chaining
Summary of Cascading Chaining Configuration Attributes
Cascading Chaining Configuration Example

Using Referrals

Setting Default Referrals
Creating Smart Referrals
Creating Suffix Referrals

Chapter 4 Populating Directory Databases

Importing Data

Importing From the Command Line

Exporting Data
Backing Up and Restoring Data

Backing Up All Databases
Backing Up the dse.ldif Configuration File
Restoring All Databases
Restoring Databases that Include Replicated Entries
Restoring the dse.ldif Configuration File

Enabling and Disabling Read-Only Mode

Chapter 5 Advanced Entry Management

Using Groups

Managing Static Groups
Managing Dynamic Groups

Using Roles

About Roles
Managing Roles Using the Console
Managing Roles Using the Command Line

Examples: Managed Role Definition
Example: Filtered Role Definition
Example: Nested Role Definition

Using Roles Securely

Assigning Class of Service

About CoS

About the CoS Definition Entry
About the CoS Template Entry
How a Pointer CoS Works
How an Indirect CoS Works
How a Classic CoS Works

Managing CoS Using the Console
Managing CoS From the Command Line

Example of a Pointer CoS
Example of an Indirect CoS
Example of a Classic CoS

Creating Role-Based Attributes
Access Control and CoS

Chapter 6 Managing Access Control

Access Control Principles

ACI Structure
ACI Placement
ACI Evaluation
ACI Limitations

Default ACIs
Creating ACIs Manually

The ACI Syntax

Example ACI
Targeting Attributes
Rights Required for LDAP Operations
Permissions Syntax

Bind Rules

Bind Rule Syntax

Anonymous Access (anyone Keyword)
General Access (all Keyword)
Self Access (self Keyword)
Parent Access (parent Keyword)
LDAP URLs
Wildcards
Examples
Examples
Examples
Examples

Creating ACIs From the Console
Access Control Usage Examples

Granting Anonymous Access
Granting Write Access to Personal Entries
Restricting Access to Key Roles
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Granting Conditional Access to a Group or Role
Denying Access
Setting a Target Using Filtering
Allowing Users to Add or Remove Themselves From a Group

Defining Permissions for DNs That Contain a Comma
Proxied Authorization ACI Example

Viewing the ACIs for an Entry
Advanced Access Control: Using Macro ACIs

Macro ACI Example
Macro ACI Syntax

Macro Matching for ($dn)
Macro Matching for [$dn]
Macro Matching for ($attr.attrName)

Access Control and Replication
Logging Access Control Information
Compatibility with Earlier Releases

Chapter 7 User Account Management

Managing the Password Policy

Configuring the Password Policy

Configuring the Password Policy Using the Console
Configuring the Password Policy Using the Command-Line

Setting User Passwords
Configuring the Account Lockout Policy

Configuring the Account Lockout Policy Using the Console
Configuring the Account Lockout Policy Using the Command Line

Managing the Password Policy in a Replicated Environment

Inactivating Users and Roles

Inactivating User and Roles Using the Console
Inactivating User and Roles Using the Command Line
Activating User and Roles Using the Console
Activating User and Roles Using the Command Line

Setting Resource Limits Based on the Bind DN

Setting Resource Limits Using the Console
Setting Resource Limits Using the Command Line

Chapter 8 Managing Replication

Replication Overview

Read-Write Replica/Read-Only Replica
Supplier/Consumer
Change Log
Unit of Replication
Replication Identity
Replication Agreement
Compatibility with Earlier Versions of Directory Server

Replication Scenarios

Single-Master Replication
Multi-Master Replication
Cascading Replication

Configuring Single-Master Replication
Configuring Multiple-Master Replication
Configuring Cascading Replication
Configuration Tips
Detailed Procedures
Removing the Change Log
Initializing Consumers

When to Initialize a Consumer

Exporting a Replica to LDIF
Importing the LDIF File to the Consumer Server

Forcing Replication Updates
Replication over SSL
Replication with Earlier Releases
Using the Retro Change Log Plug-In
Monitoring Replication Status
Solving Common Replication Conflicts

Naming Conflicts
Deleted Entries with Child Entries
Controlling Access to Conflicting Entries

Chapter 9 Extending the Directory Schema

Overview of Extending Schema
Managing Attributes
Managing Object Classes
Turning Schema Checking On and Off

Chapter 10 Managing Indexes

About Indexes

About Index Types
About Default, System, and Standard Indexes

Overview of Default Indexes
Overview of System Indexes
Overview of Standard Indexes

Overview of the Searching Algorithm
Balancing the Benefits of Indexing

Creating Indexes

Creating Indexes From the Server Console
Creating Indexes From the Command Line

Adding an Index Entry
Running the db2index.pl Script
The following table describes the db2index.pl options used in the examples:

Creating Browsing Indexes From the Server Console
Creating Browsing Indexes from the Command Line

Adding a Browsing Index Entry
Running the vlvindex Script

Deleting Indexes

Deleting Indexes From the Server Console
Deleting Indexes From the Command Line

Deleting an Index Entry
Running the db2index.pl Script

Deleting Browsing Indexes From the Server Console
Deleting Browsing Indexes From the Command Line

Deleting a Browsing Index Entry
Running the vlvindex Script

Managing Indexes

Benefits of the All IDs Mechanism
Drawbacks of the All IDs Mechanism

When All IDs Threshold is Too Low
When All IDs Threshold is Too High

All IDs Threshold Tuning Advice for Single- Enterprise Directories
All IDs Threshold Tuning Advice for Service Providers and Extranets
Default All IDs Threshold Value
Symptoms of an Inappropriate All IDs Threshold Value
Changing the All IDs Threshold Value

Attribute Name Quick Reference Table

Chapter 11 Managing SSL

Introduction to SSL in the Directory Server
Obtaining and Installing Server Certificates
Activating SSL
Setting Security Preferences
Using Certificate-Based Authentication
Configuring LDAP Clients to Use SSL

Chapter 12 Monitoring Server and Database Activity

Viewing and Configuring Log Files

Access Log
Error Log
Audit Log

Manual Log File Rotation
Monitoring Server Activity

Viewing the Server Performance Monitor
Overview of Server Performance Monitor Information
General Information (Server)
Resource Summary
Current Resource Usage
Connection Status
Global Database Cache Information

Monitoring Database Activity

Viewing Database Performance Monitors
Overview of Database Performance Monitor Information
General Information (Database)
Summary Information Table
Database Cache Information Table
Database File-Specific Table

Monitoring Database Link Activity

Chapter 13 Monitoring Directory Server Using SNMP

About SNMP

SNMP Overview

NMS-Initiated Communication
Managed Device-Initiated Communication

Overview of the Directory Server Management Information Base

About the Operations Table
The Entries Table

Setting Up SNMP

Setting Up SNMP on Windows NT
Setting Up SNMP on UNIX
Configuring the AIX SNMP Daemon

Starting and Stopping the SNMP Subagent on UNIX
Starting and Stopping the SNMP Service on Windows NT
Configuring SNMP for the Directory Server

Chapter 14 Tuning Directory Server Performance

Tuning Server Performance
Tuning Database Performance

Optimizing Search Performance
Tuning Transaction Logging
Changing the Location of the Database Transaction Log
Changing the Database Checkpoint Interval
Disabling Durable Transactions

iPlanet Plug-Ins Reference

Chapter 15 Administering Directory Server Plug-Ins

Server Plug-in Functionality Reference

7-bit Check Plug-In
ACL Plug-In
ACL Preoperation Plug-In
Binary Syntax Plug-In
Boolean Syntax Plug-In
Case Exact String Syntax Plug-In
Case Ignore String Syntax Plug-In
Chaining Database Plug-In
Class of Service Plug-In
Country String Syntax Plug-In
Distinguished Name Syntax Plug-In
Generalized Time Syntax Plug-In
Integer Syntax Plug-In
Internationalization Plug-In
ldbm Database Plug-In
Legacy Replication Plug-In
Multimaster Replication Plug-In
Octet String Syntax Plug-in
CLEAR Password Storage Plug-In
CRYPT Password Storage Plug-In
NS-MTA-MD5 Password Storage Plug-In
SHA Password Storage Plug-In
SSHA Password Storage Plug-in
Postal Address String Syntax Plug-In
PTA Plug-In
Referential Integrity Postoperation Plug-In
Retro Change Log Plug-In
Roles Plug-In
Telephone Syntax Plug-In
UID Uniqueness Plug-in
URI Plug-in

Enabling and Disabling Plug-Ins From the Server Console

Chapter 16 Using the Pass-Through Authentication Plug-In

How Directory Server 5.0 Uses PTA
PTA Plug-In Syntax
Configuring the PTA Plug-In
PTA Plug-In Syntax Examples

Chapter 17 Using the Attribute Uniqueness Plug-In

Overview of the Attribute Uniqueness Plug-In
Overview of the UID Uniqueness Plug-in
Attribute Uniqueness Plug-In Syntax
Creating an Instance of the Attribute Uniqueness Plug-In
Configuring Attribute Uniqueness Plug-Ins

Configuring Attribute Uniqueness Plug-Ins From the Directory Server Console

Attribute Uniqueness Plug-In Syntax Examples
Replication and the Attribute Uniqueness Plug-In

Simple Replication Scenario
Multi-Master Replication Scenario

Appendixes

Appendix A LDAP Data Interchange Format

LDIF File Format

Continuing Lines in LDIF
Representing Binary Data

Specifying Directory Entries Using LDIF
Defining Directories Using LDIF

LDIF File Example

Storing Information in Multiple Languages

Appendix B Finding Directory Entries

Finding Entries Using the Server Console
Using ldapsearch

Using Special Characters
ldapsearch Command-Line Format
Commonly Used ldapsearch options
ldapsearch Examples

Returning All Entries
Specifying Search Filters on the Command Line
Searching the Root DSE Entry
Searching the Schema Entry
Using LDAP_BASEDN
Displaying Subsets of Attributes
Specifying Search Filters Using a File
Specifying DNs that Contain Commas in Search Filters
Using Client Authentication When Searching

LDAP Search Filters

Search Filter Syntax
Using Attributes in Search Filters
Using Operators in Search Filters
Using Compound Search Filters
Search Filter Examples

Searching an Internationalized Directory

Matching Rule Filter Syntax

Matching Rule Formats
Using Wildcards in Matching Rule Filters

Supported Search Types
International Search Examples

Less Than Example
Less Than or Equal to Example
Equality Example
Greater Than or Equal to Example
Greater Than Example
Substring Example

Appendix C LDAP URLs

Components of an LDAP URL
Escaping Unsafe Characters
Examples of LDAP URLs

Appendix D Internationalization

About Locales
Identifying Supported Locales
Supported Language Subtypes

Glossary

Index