Previous Contents Index DocHome Next |
Directory Server 5.0 Configuration, Command, and File Reference |
Chapter 3 Plug-in Implemented Server Functionality Reference
Introduction
This chapter serves as a plug-in implemented server functionality reference and is divided into the following sections:
Overview
Server Plug-in Functionality Reference
List of Attributes Common to all Plug-ins
Attributes Allowed by Certain Plug-ins
Overview
The configuration for each part of Directory Server plug-in functionality has its own separate entry and set of attributes under the subtree cn=plugins,cn=config. A second look at Code Example 2-2 (configuration entry for the Telephone Syntax Plug-in) which we saw in Chapter 2 "Core Server Configuration Reference":
shows us some of the plug-in configuration attributes. Some of these attributes are common to all plug-ins while others may be particular to a specific plug-in. You can check which attributes are currently being used by a given plug-in by performing an ldapsearch on the cn=config subtree.
Object Classes for Plug-in Configuration
All plug-ins are instances of the nsSlapdPlugin object class which in turn inherits from the extensibleObject object class. For plug-in configuration attributes to be taken into account by the server both of these object classes (in addition to the top object class) must be present in the entry as shown in the following example:
dn:cn=ACL Plugin,cn=plugins,cn=config
objectclass:top
objectclass:nsSlapdPlugin
objectclass:extensibleObject
Server Plug-in Functionality Reference
The following tables provide you with a quick overview of the plug-ins provided with iPlanet Directory Server 5.0, along with their configurable options, configurable arguments, default setting, dependencies, general performance related information and further reading. These tables will allow you to weigh up plug-in performance gains and costs and choose the optimal settings for your deployment. The Further Information heading cross references further reading where this is available.
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Further Information
Chapter 6, "Managing Access Control" in the iPlanet Directory Server Administrator's Guide.
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Further Information
Chapter 6, "Managing Access Control" in the iPlanet Directory Server Administrator's Guide.
Case Exact String Syntax Plug-in
Case Ignore String Syntax Plug-in
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Do not modify the configuration of this plug-in. iPlanet recommends that you leave this plug-in running at all times.
Further Information
Chapter 2, "Configuring Directory Databases" in the iPlanet Directory Server Administrator's Guide
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Do not modify the configuration of this plug-in. iPlanet recommends that you leave this plug-in running at all times.
Further Information
Chapter 5, "Advanced Entry Management" in the iPlanet Directory Server Administrator's Guide
Distinguished Name Syntax Plug-in
Generalized Time Syntax Plug-in
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
The Internationalization has one argument which must not be modified: /usr/iplanet/servers/slapd-serverID/config/slapd-collations.conf
This directory stores the collation orders and locales used by the internationalization plug-in.
Dependencies
Performance Related Information
Do not modify the configuration of this plug-in. iPlanet recommends that you leave this plug-in running at all times.
Further Information
See Appendix D, "Internationalization" in the iPlanet Directory Server Administrator's Guide.
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
See "Database Plug-in Attributes" on page 141 for further information on database configuration.
Further Information
Chapter 2, "Configuring Directory Databases" in the iPlanet Directory Server Administrator's Guide
Plug-in Name
DN of Configuration Entry
Description
Enables iPlanet Directory Server 5.0 to be a consumer of a 4.1 supplier
Configurable Options
Default Setting
Configurable Arguments
None. This plug-in can be disabled if the server is not (and never will be) a consumer of a 4.x server.
Dependencies
Performance Related Information
Further Information
Chapter 8, "Managing Replication" in the iPlanet Directory Server Administrator's Guide
Multimaster Replication Plug-in
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Further Information
You can turn this plug-in off if you only have one server which will never replicate. See also Chapter 8, "Managing Replication" in the iPlanet Directory Server Administrator's Guide
CLEAR Password Storage Plug-in
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Do not modify the configuration of this plug-in. iPlanet recommends that you leave this plug-in running at all times.
Further Information
Chapter 7, "User Account Management" in the iPlanet Directory Server Administrator's Guide
CRYPT Password Storage Plug-in
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Do not modify the configuration of this plug-in. iPlanet recommends that you leave this plug-in running at all times.
Further Information
Chapter 7, "User Account Management" in the iPlanet Directory Server Administrator's Guide
NS-MTA-MD5 Password Storage Scheme Plug-in
Plug-in Name
DN of Configuration Entry
cn=NS-MTA-MD5,cn=Password Storage Schemes,cn=plugins,cn=config
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Do not modify the configuration of this plug-in. iPlanet recommends that you leave this plug-in running at all times.
Further Information
You can no longer choose to encrypt passwords using the NS-MTA-MD5 password storage scheme. The storage scheme is still present but only for reasons of backward compatibility, i.e. if the data in your directory still contains passwords encrypted with the NS-MTA-MD5 password storage scheme. See Chapter 7, "User Account Management" in the iPlanet Directory Server Administrator's Guide
SHA Password Storage Scheme Plug-in
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
If there are not passwords encrypted using the SHA password storage scheme, you may turn this plug-in off. If you want to encrypt your password with the SHA password storage scheme, we recommend that you choose SSHA instead, as SSHA is a far more secure option.
Further Information
Chapter 7, "User Account Management" in the iPlanet Directory Server Administrator's Guide
SSHA Password Storage Scheme Plug-in
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Do not modify the configuration of this plug-in. iPlanet recommends that you leave this plug-in running at all times.
Further Information
Chapter 7, "User Account Management" in the iPlanet Directory Server Administrator's Guide
Postal Address String Syntax Plug-in
Plug-in Name
DN of Configuration Entry
Description
Enables pass-through authentication, the mechanism which allows one directory to consult another to authenticate bind requests.
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Chapter 16, "Using the Pass-Through Authentication Plug-in" in the iPlanet Directory Server Administrator's Guide.
Further Information
Chapter 16, "Using the Pass-Through Authentication Plug-in" in the iPlanet Directory Server Administrator's Guide.
Referential Integrity Postoperation Plug-in
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
When enabled the post operation Referential Integrity plug-in performs integrity updates on the member, uniquemember, owner and seeAlso attributes immediately after a delete or rename operation. You can reconfigure the plug-in to perform integrity checks on all other attributes.
Configurable arguments are as follows:
(1) Check for referential integrity
-1 = no check for referential integrity
0 = check for referential integrity is performed immediately
positive integer = request for referential integrity is queued and processed at a later stage. This positive integer serves as a wake-up call for the thread to process the request, at intervals corresponding to the integer specified.
(2) Log file for storing the change, for example /usr/iplanet/logs/referint
(3) All the additional attribute names you want to be checked for referential integrity.
Dependencies
Performance Related Information
You should enable the Referential Integrity plug-in on only one master in a multi-master replication environment to avoid conflict resolution loops. When enabling the plug-in on chained servers you must be sure to analyze your performance resource and time needs as well as your integrity needs.
Further Information
See Chapter 2, "Configuring Directory Databases" in the iPlanet Directory Server Administrator's Guide.
Plug-in Name
DN of Configuration Entry
Description
Used by LDAP clients for maintaining application compatibility with Directory Server 4.x versions. Maintains a log of all changes occurring in the Directory Server. The Retro Changelog offers the same functionality as the changelog in the 4.x versions of Directory Server.
Configurable Options
Default Setting
Configurable Arguments
See "Retro Changelog Plug-in Attributes" for further information on the two configuration attributes for this plug-in.
Dependencies
Performance Related Information
Further Information
Chapter 8, "Managing Replication" in the iPlanet Directory Server Administrator's Guide.
Plug-in Name
DN of Configuration Entry
Description
Configurable Options
Default Setting
Configurable Arguments
Dependencies
Performance Related Information
Do not modify the configuration of this plug-in. iPlanet recommends that you leave this plug-in running at all times.
Further Information
Chapter 5, "Advanced Entry Management" in the iPlanet Directory Server Administrator's Guide.
Plug-in Name
DN of Configuration Entry
Description
Checks that the values of specified attributes are unique each time a modification occurs on an entry.
Configurable Options
Default Setting
Configurable Arguments
Enter the following arguments:
if you want to check for UID attribute uniqueness in all listed subtrees.
However, enter the following arguments:
MarkerObjectclass = "ObjectClassName"
requiredObjectClass = "ObjectClassName"
if you want to check for UID attribute uniqueness when adding or updating entries with the requiredObjectClass, starting from the parent entry containing the ObjectClass as defined by the MarkerObjectClass attribute.
Dependencies
Performance Related Information
iPlanet Directory Server 5.0 provides the UID Uniqueness plug-in default. If you want to ensure unique values for other attributes, you can create instances of the UID Uniqueness plug-in for those attributes. See Chapter 17, "Using the Attribute Uniqueness Plug-in" in the iPlanet Directory Server Administrator's Guide for more information about the Attribute Uniquenss plug-in.
The UID Uniqueness plug-in may slow down Directory Server performance.
Further Information
Chapter 17, "Using the Attribute Uniqueness Plug-in" in the iPlanet Directory Server Administrator's Guide.
List of Attributes Common to all Plug-ins
This list provides a brief attribute description, the Entry DN, valid range, default value, syntax and an example for each attribute.
nsslapd-pluginPath
Specifies the full path to the plug-in.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-pluginInitfunc
Specifies the plug-in function to be initiated.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-pluginType
Specifies the plug-in type. See "nsslapd-plugin-depends-on-type" on page 140 for further information.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-pluginEnabled
Specifies whether or not the plug-in is enabled. This attribute can be changed over protocol, but will only take effect when the server is next restarted.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-pluginId
Specifies the plug-in ID.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-pluginVersion
Specifies the plug-in version.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-pluginVendor
Specifies the vendor of the plug-in.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-pluginDescription
Provides a description of the plug-in.
Entry DN
Valid Range
Default Value
Syntax
Example
Attributes Allowed by Certain Plug-ins
nsslapd-plugin-depends-on-type
Multi-valued attribute, used to ensure that plug-ins are called by the server in the correct order. Takes a value which corresponds to the type number of a plug-in, contained in the attribute nsslapd-pluginType.See "nsslapd-pluginType" on page 138 for further information. All plug-ins whose type value matches one of the values in the following valid range will be started by the server prior to this plug-in. The following post operation Referential Integrity Plug-in example shows that the database plug-in will be started prior to the postoperation Referential Integrity Plug-in.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-plugin-depends-on-named
Multi-valued attribute, used to ensure that plug-ins are called by the server in the correct order. Takes a value which corresponds to the cn value of a plug-in. The plug-in whose cn value matches one of the following values will be started by the server prior to this plug-in. If the plug-in does not exist, the server will fail to start. The following post operation Referential Integrity Plug-in example shows that the Class of Service plug-in will be started prior to the postoperation Referential Integrity Plug-in. If the Class of Service plug-in does not exist then the server will fail to start.
Entry DN
Valid Range
Default Value
Syntax
Example
Database Plug-in Attributes
The database plug-in is also organized in an information tree as shown below:All plug-in technology used by the database instances is stored in the cn=ldbm database plug-in node. This section presents the additional attribute information for each of the nodes in bold in the cn=ldbm database,cn=plugins,cn=config information tree.
Database Attributes Under cn=config,cn=ldbm database,cn=plugins,cn=config
Global configuration attributes common to all instances are stored in the cn=config,cn=ldbm database,cn=plugins,cn=config tree node.
nsslapd-allidsthreshold
This performance related attribute that is present by default, specifies the number of entry IDs that can be maintained for an index key before the server sets the All IDs token and stops maintaining a list of IDs for that specific key. However, as tuning this attribute is a complex task and can severely degrade performance, it is advisable to keep the default value. For a more detailed explanation of the All IDs Threshold see Chapter 10, "Managing Indexes" in the iPlanet Directory Server Administrator's Guide.
Entry DN
Valid Range
100 to the maximum 32 bit integer value (2147483647) entry IDs
Default Value
Syntax
Example
nsslapd-cache-autosize
This performance tuning related attribute which is turned off by default, specifies the percentage of free memory to use for all the combined caches. For example, if the value is set to 80, then 80 percent of the remaining free memory would be claimed for the cache. If you plan to run other servers on the machine, then the value will be lower. Setting the value to 0 turns off the cache autosizing and uses the normal nsslapd-cachememsize and nsslapd-dbcachesize attributes.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-cache-autosize-split
This performance tuning related attribute specifies the percentage of cache space to allocate to the database cache. For example, setting this to "60" would give the database cache 60 percent of the cache space and split the remaining 40 percent between the backend entry caches i.e. if there were 2 databases each of them would receive 20 percent. This attribute only applies when the nsslapd-cache-autosize attribute has a value of 0.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-dbcachesize
This performance tuning related attribute specifies database cache size. Note that this is neither the index cache nor the entry cache. If you activate automatic cache resizing, you override this attribute, by replacing these values with its own guessed values at a later stage of the server startup.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-db-checkpoint-interval
The amount of time in seconds after which the Directory Server sends a checkpoint entry to the database transaction log. The database transaction log contains a sequential listing of all recent database operations and is used for database recovery only. A checkpoint entry indicates which database operations have been physically written to the directory database. The checkpoint entries are used to determine where in the database transaction log to begin recovery after a system failure. The nsslapd db-checkpoint-interval attribute is absent from dse.ldif. To change the checkpoint interval, you add the attribute to dse.ldif.This attribute is provided only for system modification/diagnostics and should be changed only with the guidance of iPlanet engineering staff and iPlanet Professional Services. Inconsistent settings of this attribute and other configuration attributes may cause the Directory Server to be unstable.
For more information on database transaction logging, see Chapter 13, "Monitoring Logging and Statistics" in the iPlanet Directory Server Administrator's Guide.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-db-durable-transactions
Indicates whether database transactions log entries are immediately written to the disk. The database transaction log contains a sequential listing of all recent database operations and is used for database recovery only. With durable transactions enabled, every directory change will always be physically recorded in the log file and therefore be able to be recovered in the event of a system failure. However, the durable transactions feature may also slow the performance of the Directory Server. When durable transactions is disabled, all transactions are logically written to the database transaction log but may not be physically written to disk immediately. If there was a system failure before a directory change was physically written to disk, that change would not be recoverable. The nsslapd-db-durable-transactions attribute is absent from dse.ldif. To disable durable transactions, you add the attribute to dse.ldif.This attribute is provided only for system modification/diagnostics and should be changed only with the guidance of iPlanet engineering staff and iPlanet Professional Services. Inconsistent settings of this attribute and other configuration attributes may cause the Directory Server to be unstable.
For more information on database transaction logging, see Chapter 13, "Monitoring Logging and Statistics" in the iPlanet Directory Server Administrator's Guide.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-db-home-directory
Solaris only. Used to fix a situation in Solaris where the operating system endlessly flushes pages. This flushing can be so excessive that performance of the entire system is severely degraded.This situation will occur only for certain combinations of the database cache size, the size of physical memory, and kernel tuning attributes. In particular, this situation should not occur if the database cache size is less than 100mb.
If your Solaris host seems excessively slow and your database cache size is around 100mb or more, then you can use the iostat utility to diagnose the problem. Use iostat to monitor the activity of the disk where the Directory Server's database files are stored. If all of the following conditions are true:
The disk is heavily used (more than 1mb per second of data transfer)
then you should use the nsslapd-db-home-directory attribute to specify a subdirectory of a tempfs type file system.
Entry DN
Valid Range
Any valid directory name in a tempfs file system, such as /tmp.
Default Value
Syntax
Example
nsslapd-db-logdirectory
Specifies the path and directory name of the directory containing the database transaction log. The database transaction log contains a sequential listing of all recent database operations and is used for database recovery only. By default, the database transaction log is stored in the same directory as the directory entries themselves,/usr/iplanet/servers/slapd-serverID/db. For fault-tolerance and performance reasons you may want to move this log file to another physical disk. The nsslapd-db-logdirectory attribute is absent from dse.ldif. To change the location of the database transaction log, you add the attribute to dse.ldif.For more information on database transaction logging, see Chapter 13, "Monitoring Logging and Statistics" in the iPlanet Directory Server Administrator's Guide.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-db-transaction-logging
Specifies whether transaction logging is on or off. Turning transaction logging off can considerably improve Directory Server performance but at the risk of data loss and/or database corruption in the event of a system crash. If turned off it would be necessary to set up other database recovery procedures.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-dbncache
This attribute allows you to split the ldbm cache into equally sized separate pieces of memory. It is possible to specify caches that are large enough so that they cannot be allocated contiguously on some architectures, e.g., some releases of Solaris limit the amount of memory that may be allocated contiguously by a process. If nsslapd-dbncache is 0 or 1, the cache will be allocated contiguously in memory. If it is greater than 1, the cache will be broken up into ncache equally sized separate pieces of memory.This attribute is provided only for system modification/diagnostics and should be changed only with the guidance of iPlanet engineering staff and iPlanet Professional Services. Inconsistent settings of this attribute and other configuration attributes may cause the Directory Server to be unstable.
nsslapd-import-cachesize
This performance tuning related attribute determines the size of the database cache used in the bulk import process. By setting this attribute value so that the maximum available system physical memory is used for the database cache during bulk importing, you can optimize bulk import speed.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-lookthroughlimit
This performance related attribute specifies the maximum number of entries that the Directory Server will check when examining candidate entries in response to a search request. If you bind as the directory manager DN, however, unlimited is set by default and overrides any other settings you may specify here. It is worth noting that binder based resource limits work for this limit, which means that if a value for the operational attribute nsLookThroughlimit is present in the entry you bind as, the default limit will be overridden.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-mode
Specifies the permissions used for newly created index files. This attribute is not available from the server console.
Database Attributes Under cn=monitor,cn=ldbm database, cn=plugins,cn=config
Global read-only attributes containing database statistics for monitoring activity on your databases are stored in the cn=monitor,cn=ldbm database, cn=plugins,cn=config tree node. For more information on these monitoring read-only entries see Chapter 13, "Monitoring Logging and Statistics" in the iPlanet Directory Server Administrator's Guide.
dbcachehits
Requested pages found in the database.
dbcachetries
Total requested pages found in the database cache.
dbcachehitratio
Percentage of requested pages found in the database cache (hits/tries)
dbcachepagein
Pages read into the database cache.
dbcachepageout
Pages written from the database cache to the backing file.
dbcacheroevict
Clean pages forced from the cache.
dbcacherwevict
Dirty pages forced from the cache.
Database Attributes Under cn=NetscapeRoot,cn=ldbm database, cn=plugins,cn=config and cn=UserRoot,cn=ldbm database, cn=plugins,cn=config
The cn=NetscapeRoot and cn=UserRoot subtrees contain configuration data for, or if we prefer, the definition of, the databases containing the o=NetscapeRoot and o=France.Sun suffixes respectively. The cn=NetscapeRoot subtree contains the configuration data used by the iPlanet Administration Server for authentication and all actions that cannot be performed through LDAP (such as start/stop) and the cn=UserRoot subtree contains all the configuration data for the user-defined database. The cn=UserRoot subtree is called UserRoot by default. However, this is not hard-coded and, given the fact that there will be multiple database instances, this name will be changed and defined by the user as and when new databases are added. The following attributes are common to both the cn=NetscapeRoot, cn=ldbm database,cn=plugins,cn=config and cn=UserRoot, cn=ldbm database,cn=plugins,cn=config subtrees.
nsslapd-cachesize
This performance tuning related attribute specifies the cache size in terms of the entries it can hold. However, it is worth noting that it is simpler to limit by memory size only (see nsslapd-cachememsize attribute).
Entry DN
cn=Netscaperoot,cn=ldbm database,cn=plugins,cn=config or cn=UserRoot,cn=ldbm database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsslapd-cachememsize
This performance tuning related attribute specifies the cache size in terms of available memory space. Limiting cachesize in terms of memory occupied is the simplest method. By activating automatic cache resizing you override this attribute, replacing these values with its own guessed values at a later stage of the server startup.
Entry DN
cn=Netscaperoot,cn=ldbm database,cn=plugins,cn=config or cn=UserRoot,cn=ldbm database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsslapd-directory
Specifies absolute path to database instance. If your database instance is manually created then this attribute must be included, something which is set by default (and modifiable) in the iPlanet Console. Once your database instance is created, do not modify this path as any changes risk preventing the server from accessing data. This attribute is related to server5.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-readonly
Specifies Read Only permission rights. If this attribute has a value of off, then the user has all read, write, and execute permissions.
Entry DN
cn=Netscaperoot,cn=ldbm database,cn=plugins,cn=config or cn=UserRoot,cn=ldbm database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsslapd-require-index
When switched to on this attribute allows you to refuse non-indexed or allids searches. This performance related attribute avoids saturating the server with erroneous searches.
Entry DN
cn=Netscaperoot,cn=ldbm database,cn=plugins,cn=config or cn=UserRoot,cn=ldbm database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsslapd-suffix
Specifies the suffix of the database link. This is a mono-valued attribute as each database instance can have only one suffix. Previously it was possible to have more than one suffix on a single database instance but this is no longer the case. As a result this attribute is mono-valued to enforce the fact that each database instance can only have one suffix entry. Any changes made to this attribute after the entry has been created take effect only after you restart the server containing the database link.
Entry DN
cn=Netscaperoot,cn=ldbm database,cn=plugins,cn=config or cn=UserRoot,cn=ldbm database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
Database Attributes Under cn=database,cn=monitor,cn=ldbm database, cn=plugins,cn=config
The attributes in this tree node entry are all read-only, database performance counters. All of the values for these attributes are 32-bit integers.
nsslapd-db-abort-rate
Number of transactions that have been aborted.
nsslapd-db-active-txns
Number of transactions that are currently active.
nsslapd-db-cache-hit
Requested pages found in the cache.
nsslapd-db-cache-try
Total cache lookups.
nsslapd-db-cache-region-wait-rate
Number of times that a thread of control was forced to wait before obtaining the region lock.
nsslapd-db-cache-size-bytes
Total cache size in bytes.
nsslapd-db-clean-pages
Clean pages currently in the cache.
nsslapd-db-commit-rate
Number of transactions that have been committed.
nsslapd-db-deadlock-rate
Number of deadlocks detected.
nsslapd-db-dirty-pages
Dirty pages currently in the cache.
nsslapd-db-hash-buckets
Number of hash buckets in buffer hash table.
nsslapd-db-hash-elements-examine-rate
Total number of hash elements traversed during hash table lookups.
nsslapd-db-hash-search-rate
Total number of buffer hash table lookups.
nsslapd-db-lock-conflicts
Total number of locks not immediately available due to conflicts.
nsslapd-db-lock-region-wait-rate
Number of times that a thread of control was forced to wait before obtaining the region lock.
nsslapd-db-lock-request-rate
Total number of locks requested.
nsslapd-db-lockers
Number of current lockers.
nsslapd-db-log-bytes-since-checkpoint
Number of bytes written to this log since the last checkpoint.
nsslapd-db-log-region-wait-rate
Number of times that a thread of control was forced to wait before obtaining the region lock.
nsslapd-db-log-write-rate
Number of megabytes and bytes written to this log.
nsslapd-db-longest-chain-length
Longest chain ever encountered in buffer hash table lookups.
nsslapd-db-page-create-rate
Pages created in the cache.
nsslapd-db-page-read-rate
Pages read into the cache.
nsslapd-db-page-ro-evict-rate
Clean pages forced from the cache.
nsslapd-db-page-rw-evict-rate
Dirty pages forced from the cache.
nsslapd-db-page-trickle-rate
Dirty pages written using the memp_trickle interface.
nsslapd-db-page-write-rate
Pages read into the cache.
nsslapd-db-pages-in-use
All pages, clean or dirty, currently in use.
nsslapd-db-txn-region-wait-rate
Number of times that a thread of control was force to wait before obtaining the region lock.
Database Attributes Under cn=default indexes,cn=config,cn=ldbm database, cn=plugins,cn=config
The set of default indexes is stored here. Default indexes are configured per backend in order to optimize Directory Server functionality for the majority of set up scenarios. All indexes, except system essential ones, can be removed, but care should be taken so as not to cause unnecessary disruptions. This section presents four required indexing attributes and one optional indexing attribute. For further information on indexes see Chapter 10, "Managing Indexes" in the iPlanet Directory Server Administrator's Guide.
nsSystemIndex
This mandatory attribute specifies whether or not the index is a system index, that is, an index which is vital for iPlanet Directory Server 5.0 operations. If this attribute has a value of true then it is system essential. System indexes should not be removed as this will seriously disrupt server functionality.
Entry DN
cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsIndexType
This optional multi valued, attribute specifies the type of index for iPlanet Directory Server 5.0 operations and takes the values of the attributes to be indexed. Each desired index type has to be entered on a separate line.
Entry DN
cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
Valid Range
pres = presence index
eq = equality index
approx = approximate index
sub = substring index
matching rule = international index
index browse = browsing index
Default Value
Syntax
Example
nsMatchingRule
This optional, multivalued attribute specifies the collation order object identifier (OID) required for the Directory Server to operate international indexing.
Entry DN
cn=default indexes,cn=monitor,cn=ldbm database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
cn
Provides the name of the attribute you want to index
Entry DN
cn=default indexes,cn=monitor,cn=ldbm database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
description
This non-mandatory attribute provides a free-hand text description of what the index actually performs.
Entry DN
cn=default indexes,cn=monitor,cn=ldbm database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
Database Attributes Under cn=monitor,cn=Netscaperoot,cn=ldbm database,cn=plugins,cn=config
Global, read-only entries for monitoring activity on the NetscapeRoot database. These attributes containing database statistics are given for each file that makes up your database. For further information see Chapter 13, "Monitoring Logging and Statistics" in the iPlanet Directory Server Administrator's Guide.
dbfilenamenumber
This attribute indicates the name of the file and provides a sequential integer identifier (starting at 0) for the file. All associated statistics for the file are given this same numerical identifier.
dbfilecachehit
Number of times that a search requiring data from this file was performed and that the data was successfully obtained from the cache.
dbfilecachemiss
Number of times that a search requiring data from this file was performed and that the data could not be obtained from the cache.
dbfilepagein
Number of pages brought to the cache from this file.
dbfilepageout
Number of pages for this file written from cache to disk.
Database Attributes Under cn=index,cn=Netscaperoot,cn=ldbm database, cn=plugins,cn=config and cn=index,cn=UserRoot,cn=ldbm database, cn=plugins,cn=config
In addition to the set of default indexes that are stored under cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config, custom indexes can be created for o=Netscaperoot and o=UserRoot and are stored under the cn=index,cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config, and cn=index,cn=UserRoot,cn=ldbm database,cn=plugins,cn=config, respectively. Each indexed attribute represents a subentry entry under the above cn=config information tree nodes, as shown below:
For example, the index file for the aci attribute under o=UserRoot will appear in the Directory Server as follows:
dn:cn=aci,cn=index,cn=UserRoot,cn=ldbm database,cn=plugins,cn=confi
objectclass:top
objectclass:nsIndex
cn=aci
nssystemindex:true
nsindextype:presFor details regarding the five possible indexing attributes see the section "Database Attributes Under cn=default indexes,cn=config,cn=ldbm database, cn=plugins,cn=config".For further information about indexes see Chapter 10, "Managing Indexes" in the iPlanet Directory Server Administrator's Guide.
Database Link Plug-in Attributes (chaining attributes)
The database link plug-in is also organized in an information tree as shown below:All plug-in technology used by the database link instances is stored in the cn=chaining database plug-in node. This section presents the additional attribute information for the three nodes marked in bold in the cn=chaining database,cn=plugins,cn=config information tree.
Database Link Attributes Under cn=config,cn=chaining database, cn=plugins,cn=config
Global configuration attributes common to all instances are stored in the cn=config,cn=chaining database,cn=plugins,cn=config tree node.
nsActiveChainingComponents
Lists the components using chaining. A component is any functional unit in the server. The value of this attribute overrides the value in the global configuration attribute. To disable chaining on a particular database instance, use the value None. This attribute also allows you to alter the components used to chain. By default no components are allowed to chain, which explains why this attribute will probably not appear in a list of cn=config,cn=chaining database,cn=config attributes, as LDAP considers empty attributes to be non-existent.
Entry DN
Valid Range
Default Value
Syntax
Example
nsActiveChainingComponents: cn=uid uniqueness,cn=plugins,cn=config
nsTransmittedControls
This attribute, which can be both a global (and thus dynamic) configuration or an instance (i.e. cn=database link instance,cn=chaining database,cn=plugins,cn=config) configuration attribute, allows you to alter the controls the database link forwards. The following controls are forwarded by default by the database link:
Managed DSA, object identifier: 2.16.840.1.113730.3.4.2.
Virtual list view (VLV), object identifier:2.16.840.1.113730.3.4.9
Server side sorting, object identifier: 1.2.840.113556.1.4.473
Entry DN
Valid Range
Any valid OID or the above listed controls forwarded by the database link.
Default Value
Syntax
Example
Database Link Attributes Under cn=default instance config,cn=chaining database,cn=plugins,cn=config
Default instance configuration attributes for instances are housed in the cn=default instance config,cn=chaining database,cn=plugins,cn=config tree node.
nsAbandonedSearchCheckInterval
Number of seconds that pass before the server checks for abandoned operations.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsBindConnectionsLimit
Maximum number of TCP connections the database link establishes with the remote server.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
Contrary to what the name suggests, this attribute does not specify the number of times a database link retries to bind with the remote server, but the number of times it tries to bind with the remote server. A value of 0 here indicates that the database link will only attempt to bind once.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsBindTimeout
Amount of time, before the bind attempt times out. There is no real Valid Range for this attribute, except reasonable patience limits.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsCheckLocalACI
Reserved for advanced use only. Controls whether ACIs are evaluated on the database link as well as the remote data server. Changes to this attribute only take effect once the server has been restarted.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsConcurrentBindLimit
Maximum number of concurrent bind operations per TCP connection.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsConcurrentOperationsLimit
Specifies the maximum number of concurrent operations allowed.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsConnectionLife
Specifies connection lifetime. You can keep connections between the database link and the remote server open for an unspecified time, or you can close them after a specific period of time. It is faster to keep the connections open, but is uses more resources. When the value is 0 and you provide a list of failover servers in the nsFarmServerURL attribute, the "main" server is never contacted after failover to the alternate server.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsOperationConnectionsLimit
Maximum number of LDAP connections the database link establishes with the remote server.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsProxiedAuthorization
Reserved for advanced use only. Allows you to disable proxied authorization, where a value of off means proxied authorization is disabled.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsReferralOnScopedSearch
Controls whether or not referrals are returned by scoped searches. This attribute allows you to optimize your directory, because returning referrals in response to scoped searches is more efficient.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsslapd-sizelimit
Specifies the default size limit for the database link in bytes.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsslapd-timelimit
Specifies the default search time limit for the database link.
Entry DN
cn=default instance config,cn=chaining database, cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
Database Link Attributes Under cn=database link instance name,cn=chaining database, cn=plugins,cn=config
This information node stores the attributes concerning the server containing the data. A farm server is a server which contains data on databases. This attribute can contain optional servers for failover, separated by spaces. For cascading chaining, this URL can point to another database link.
nsFarmServerURL
Gives the LDAP URL of the remote server. A farm server is a server containing data in one or more databases. This attribute can contain optional servers for failover, separated by spaces. If using cascading changing, this URL can point to another database link.
Entry DN
cn=database link instance name,cn=chaining database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsFarmServerURL: ldap://epdiote.siroe.com:alternate_server:3333
nsMultiplexorBindDN
Gives the DN of the administrative entry used to communicate with the remote server. The multiplexor is the server that contains the database link and communicates with the farm server. This bind DN cannot be the Directory Manager and if this attribute is not specified, the database link binds as anonymous.
Entry DN
cn=database link instance name,cn=chaining database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
nsMultiplexorCredentials
Password for the administrative user, given in plain text. If no password is provided, it means that users can bind as anonymous.The password is encrypted in the configuration file. Please note that the example below is what you view, not what you type.
nshoplimit
Specifies the maximum number of times a database is allowed to chain, that is the number of times a request can be forwarded from one database link to another.
Entry DN
cn=database link instance name,cn=chaining database,cn=plugins,cn=config
Valid Range
Default Value
Syntax
Example
Database Link Attributes Under cn=monitor,cn=database instance name,cn=chaining database, cn=plugins,cn=config
Attributes used for monitoring activity on your instances are stored in the cn=monitor,cn=database instance name,cn=chaining database,cn=plugins,cn=config information tree.
nsAddCount
Number of add operations received.
nsDeleteCount
Number of delete operations received.
nsModifyCount
Number of modify operations received.
nsRenameCount
Number of rename operations received.
nsSearchBaseCount
Number of base level searches received.
nsSearchOneLevelCount
Number of one-level searches received.
nsSearchSubtreeCount
Number of subtree searches received.
nsAbandonCount
Number of abandon operations received.
nsBindCount
Number of bind requests received.
nsUnbindCount
Number of unbinds received.
nsCompareCount
Number of compare operations received.
nsOperationConnectionCount
Number of open connections for normal operations.
nsBindConnectionCount
Number of open connections for bind operations.
Retro Changelog Plug-in Attributes
Two different types of changelogs are maintained by iPlanet Directory Server 5.0. The first type, referred to as changelog, is used by multi-master replication and the second changelog, which is in fact a plug-in referred to as retro changelog, is intended for use by LDAP clients for maintaining application compatibility with Directory Server 4.x versions.This Retro Changelog plug-in is used to record modifications made to a supplier server. When the supplier server's directory is modified, an entry is written to the Retro Changelog that contains:
A number that uniquely identifies the modification. This number is sequential with respect to other entries in the change log.
It is through the Retro Changelog plug-in that you access the changes performed to the DS using searches to "cn=changelog,cn=config" file.The modification action; that is, exactly how the directory was modified.
nsslapd-changelogdir
This attribute specifies the name of the directory in which the changelog database is created the first time the plug-in is run. By default the database is stored with all the other databases under:/usr/iplanet/servers/slapd-serverID/db/changelog
Note For performance reasons you will probably want to store this database on a different physical disk.
Entry DN
Valid Range
Default Value
Syntax
Example
nsslapd-changelogmaxage (Max Changelog Age)
Specifies the maximum age of any entry in the change log. The change log contains a record for each directory modification and is used when synchronizing consumer servers. Each record contains a timestamp. Any record with a timestamp that is older than the value specified in this attribute will be removed. If this attribute is absent, there is no age limit on change log records, which is the default behavior as this attribute is not present by default.
Previous Contents Index DocHome Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated March 23, 2001