Sun ONE Directory Server 5.2 Reference Manual |
ContentsPurpose of This Reference Manual
Contents of This Reference Manual
Part 1 - Command-Line Utilities and Scripts
Prerequisite Reading
Command-Line Utilities
Part 2 - Server Configuration
Command-Line Scripts
Core Server Configuration
Part 3 - File Reference
Core Server Configuration Attributes
Plug-in Implemented Server Functionality Reference
Migration From Earlier Versions
Server Instance File Reference
Part 4 - Directory Server Schema
Access Log and Connection Code Reference
About Schema
Appendices
Object Class Reference
Attribute Reference
Operational Attributes, Special Attributes, and Special Object Classes
Error Codes
Using the ns-slapd and slapd.exe Command-Line Utilities
Directory Internationalization
LDAP URLs
LDAP Data Interchange Format
Typographical Conventions
Default Paths and Filenames
Downloading Directory Server Tools
Suggested Reading
Part 1 Command-Line Utilities and Scripts
Chapter 1 Command-Line UtilitiesFinding and Executing Command-Line Utilities
Command-Line Utilities Quick Reference
LDIF Command-Line Utilities
ldif
Replication Monitoring Tools
fildif
Common Replication Monitoring Tool Options
Other Tools
insync
entrycmp
repldisc
pwdhash
Chapter 2 Command-Line ScriptsCommand-Line Scripts Quick Reference
Shell and Batch Scripts
bak2db (Restore Database From Backup)
Perl Scripts
db2bak (Create Backup of Database)
db2ldif (Export Database Contents to LDIF)
getpwenc (Print Encrypted Password)
ldif2db (Import)
ldif2ldap (Perform Import Operation Over LDAP)
monitor (Retrieve Monitoring Information)
restart-slapd (Restart Directory Server)
restoreconfig (Restore Administration Server Configuration)
saveconfig (Save Administration Server Configuration)
start-slapd (Start Directory Server)
stop-slapd (Stop Directory Server)
suffix2instance (Map Suffix to Backend Name)
vlvindex (Create Virtual List View (VLV) Indexes)
admin_ip.pl (Change IP Address)
bak2db.pl (Restore Database From Backup)
db2bak.pl (Create Backup of Database)
db2index.pl (Create and Generate Indexes)
db2ldif.pl (Export Database Contents to LDIF)
ldif2db.pl (Import)
migrateInstance5 (Migrate to Directory Server 5.x)
ns-accountstatus.pl (Establish Account Status)
ns-activate.pl (Activate an Entry or Group of Entries)
ns-inactivate.pl (Inactivate an Entry or Group of Entries)
schema_push.pl
Chapter 3 Core Server ConfigurationServer Configuration Overview
LDIF Configuration Files - Location
Accessing and Modifying Server Configuration
Schema Configuration Files - Location
How the Server Configuration is Organized
Configuration Attributes
Migration of Pre-Directory Server 5.x Configuration Files to LDIF Format
Configuration of Plug-in Functionality
Configuration of Databases
Configuration of Indexes
Access Control for Configuration Entries
Changing Configuration Attributes
Modifying Configuration Entries Using LDAP
Restrictions to Modifying Configuration Entries
Restrictions to Modifying Configuration Attributes
Configuration Changes Requiring Server Restart
Chapter 4 Core Server Configuration AttributesCore Server Configuration Attributes Reference
cn=config
Monitoring Attributes
ds-start-tls-enabled (Enable startTLS)
cn=changelog5
nsslapd-accesscontrol (Enable Access Control)
nsslapd-accesslog (Access Log)
nsslapd-accesslog-level
nsslapd-accesslog-list
nsslapd-accesslog-logbuffering (Log Buffering)
nsslapd-accesslog-logexpirationtime (Access Log Expiration Time)
nsslapd-accesslog-logexpirationtimeunit (Access Log Expiration Time Unit)
nsslapd-accesslog-logging-enabled (Access Log Enable Logging)
nsslapd-accesslog-logmaxdiskspace (Access Log Maximum Disk Space)
nsslapd-accesslog-logminfreediskspace (Access Log Minimum Free Disk Space)
nsslapd-accesslog-logrotationtime (Access Log Rotation Time)
nsslapd-accesslog-logrotationtimeunit (Access Log Rotation Time Unit)
nsslapd-accesslog-maxlogsize (Access Log Maximum Log Size)
nsslapd-accesslog-maxlogsperdir (Access Log Maximum Number of Log Files)
nsslapd-attribute-name-exceptions
nsslapd-auditlog (Audit Log)
nsslapd-auditlog-list
nsslapd-auditlog-logexpirationtime (Audit Log Expiration Time)
nsslapd-auditlog-logexpirationtimeunit (Audit Log Expiration Time Unit)
nsslapd-auditlog-logging-enabled (Audit Log Enable Logging)
nsslapd-auditlog-logmaxdiskspace (Audit Log Maximum Disk Space)
nsslapd-auditlog-logminfreediskspace (Audit Log Minimum Free Disk Space)
nsslapd-auditlog-logrotationtime (Audit Log Rotation Time)
nsslapd-auditlog-logrotationtimeunit (Audit Log Rotation Time Unit)
nsslapd-auditlog-maxlogsize (Audit Log Maximum Log Size)
nsslapd-auditlog-maxlogsperdir (Audit Log Maximum Number of Log Files)
nsslapd-certmap-basedn (Certificate Map Search Base)
nsslapd-config
nsslapd-ds4-compatible-schema
nsslapd-enquote-sup-oc (Enable Superior Object Class Enquoting)
nsslapd-errorlog (Error Log)
nsslapd-errorlog-level (Error Log Level)
nsslapd-errorlog-list (Error Log List)
nsslapd-errorlog-logexpirationtime (Error Log Expiration Time)
nsslapd-errorlog-logexpirationtimeunit (Error Log Expiration Time Unit)
nsslapd-errorlog-logging-enabled (Enable Error Logging)
nsslapd-errorlog-logmaxdiskspace (Error Log Maximum Disk Space)
nsslapd-errorlog-logminfreediskspace (Error Log Minimum Free Disk Space)
nsslapd-errorlog-logrotationtime (Error Log Rotation Time)
nsslapd-errorlog-logrotationtimeunit (Error Log Rotation Time Unit)
nsslapd-errorlog-maxlogsize (Maximum Error Log Size)
nsslapd-errorlog-maxlogsperdir (Maximum Number of Error Log Files)
nsslapd-groupevalnestlevel
nsslapd-hash-filters
nsslapd-idletimeout (Idle Timeout)
nsslapd-infolog-area (Information Log Area)
nsslapd-infolog-level (Information Log Level)
nsslapd-instancedir (Instance Directory)
nsslapd-ioblocktimeout (IO Block Time Out)
nsslapd-lastmod (Track Modification Time)
nsslapd-listenhost (Listen to IP Address)
nsslapd-localhost (Local Host)
nsslapd-localuser (Local User)
nsslapd-maxbersize (Maximum Message Size)
nsslapd-maxconnections (Maximum Number of Connections)
nsslapd-maxdescriptors (Maximum File Descriptors)
nsslapd-maxpsearch (Maximum Persistent Searches)
nsslapd-maxthreadsperconn (Maximum Threads Per Connection)
nsslapd-nagle
nsslapd-plugin
nsslapd-port (Port Number)
nsslapd-privatenamespaces
nsslapd-readonly (Read Only)
nsslapd-referral (Referral)
nsslapd-referralmode (Referral Mode)
nsslapd-reservedescriptors (Reserved File Descriptors)
nsslapd-return-exact-case (Return Exact Case)
nsslapd-rootdn (Manager DN)
nsslapd-rootpw (Root Password)
nsslapd-rootpwstoragescheme (Root Password Storage Scheme)
nsslapd-schema-repl-useronly
nsslapd-schemacheck (Schema Checking)
nsslapd-securelistenhost
nsslapd-securePort (Encrypted Port Number)
nsslapd-security (Security)
nsslapd-sizelimit (Size Limit)
nsslapd-threadnumber (Thread Number)
nsslapd-timelimit (Time Limit)
nsslapd-versionstring (Version String)
nsslapd-cachesize (Cache Size)
cn=encryption
nsslapd-cachememsize (Cache Memory Size)
nsslapd-changelogdir (Changelog Directory)
nsslapd-changelogmaxage (Max Changelog Age)
nsslapd-changelogmaxentries (Max Changelog Records)
nsSSLSessionTimeout
cn=features
nsSSLClientAuth
nsSSLServerAuth
nsSSL2 (SSL 2)
nsSSL3 (SSL 3)
nsSSL3ciphers
cn=mapping tree
Suffix Configuration Attributes Under cn="suffixName"
nsslapd-backend
Replication Attributes Under cn=replica, cn="suffixName",cn=mapping tree,cn=config
nsslapd-distribution-plugin
nsslapd-distribution-funct
nsslapd-referral
nsslapd-state
cn
Replication Attributes Under cn=ReplicationAgreementName,cn=replica, cn="suffixName", cn=mapping tree,cn=config
nsDS5Flags
nsDS5ReplicaBindDN
nsDS5ReplicaChangeCount (Replica Change Count)
nsDS5ReplicaId (Replica ID)
nsDS5ReplicaLegacyConsumer
nsDS5ReplicaName
nsDS5ReplicaPurgeDelay
nsDS5ReplicaReferral
nsDS5ReplicaRoot
nsDS5ReplicaTombstonePurgeInterval
nsDS5ReplicaType
cn
cn=Password Policy
description
ds5AgreementEnable
ds5BeginReplicaAcceptUpdates
ds5ReferralDelayAfterInit
ds5ReplicaAutomaticInit
ds5ReplicaChangesSentDuringLastUpdate
ds5ReplicaPendingChanges
ds5ReplicaPendingChangesCount
ds5ReplicaTransportCompressionLevel
ds5ReplicaTransportGroupSize
ds5ReplicaTransportWindowSize
filterSPConfChecksum
filterSPConfDefinition
filterSPConfEnabled
filterSPFrcAttr
filterSPType
nsDS5BeginReplicaRefresh
nsDS5ReplicaBindDN
nsDS5ReplicaBindMethod
nsDS5ReplicaChangesSentSinceStartup
nsDS5ReplicaCredentials
nsDS5ReplicaHost
nsDS5ReplicaLastInitEnd
nsDS5ReplicaLastInitStart
nsDS5ReplicaLastInitStatus
nsDS5ReplicaLastUpdateEnd
nsDS5ReplicaLastUpdateStart
nsDS5ReplicaLastUpdateStatus
nsDS5ReplicaPort
nsDS5ReplicaRoot
nsDS5ReplicaTimeout
nsDS5ReplicaTransportInfo
nsDS5ReplicaUpdateInProgress
nsDS5ReplicaUpdateSchedule
nsDS50ruv
partialReplConfiguration
Password Policy Attributes
cn=replication
Account Lockout Attributes
cn=SNMP
nssnmpenabled
cn=tasks
nssnmporganization
nssnmplocation
nssnmpcontact
nssnmpdescription
nssnmpmasterhost
nssnmpmasterport
cn=uniqueid generator
nsState
cn=monitor
Configuration Quick Reference Tables
backendMonitorDN
cn=disk,cn=monitor
bytesSent
connection
connectionPeak
currentConnections
currentTime
dTableSize
entriesSent
nbackEnds
opsCompleted
opsInitiated
request-que-backlog
readWaiters
startTime
threads
totalConnections
version
disk-dir
cn=counters,cn=monitor
disk-free
disk-state
cn=snmp,cn=monitor
addentryops
anonymousbinds
bindsecurityerrors
bytesrecv
bytessent
cacheentries
cachehits
chainings
compareops
connections
connectionseq
copyentries
entriesreturned
errors
inops
listops
masterentries
modifyentryops
modifyrdnops
onelevelsearchops
readops
referrals
referralsreturned
removeentryops
searchops
securityerrors
simpleauthbinds
slavehits
strongauthbinds
unauthbinds
wholesubtreesearchops
LDIF Configuration Files
Configuration Changes Requiring Server Restart
Chapter 5 Plug-In Implemented Server FunctionalityPlug-In Overview
Object Classes for Plug-In Configuration
Server Plug-In Functionality Reference
Attributes Common to All Plug-Ins
7-Bit Check Plug-In
ACL Plug-In
ACL Preoperation Plug-In
Binary Syntax Plug-In
Boolean Syntax Plug-In
Case Exact String Syntax Plug-In
Case Ignore String Syntax Plug-In
Chaining Database Plug-In
Class of Service Plug-In
Country String Syntax Plug-In
Distinguished Name Syntax Plug-In
DSML Frontend Syntax Plug-In
Generalized Time Syntax Plug-In
Integer Syntax Plug-In
Internationalization Plug-In
ldbm Database Plug-In
Legacy Replication Plug-In
Multimaster Replication Plug-In
Octet String Syntax Plug-In
CLEAR Password Storage Plug-In
CRYPT Password Storage Plug-In
NS-MTA-MD5 Password Storage Scheme Plug-In
SHA Password Storage Scheme Plug-In
SSHA Password Storage Scheme Plug-In
Postal Address String Syntax Plug-In
PTA Plug-In
Referential Integrity Postoperation Plug-In
Retro Changelog Plug-In
Roles Plug-In
State Change Plug-In
Subtree Entry Counter Plug-Ins
Telephone Syntax Plug-In
UID Uniqueness Plug-In
URI Plug-In
Attributes Allowed by Certain Plug-Ins
nsslapd-pluginPath
nsslapd-pluginInitfunc
nsslapd-pluginType
nsslapd-pluginEnabled
nsslapd-pluginId
nsslapd-pluginVersion
nsslapd-pluginVendor
nsslapd-pluginDescription
Database Plug-In Attributes
nsslapd-plugin-depends-on-type
nsslapd-plugin-depends-on-named
Database Configuration Attributes
Chained Suffix Plug-In Attributes
nsLookthroughLimit
Database Monitoring Attributes
nsslapd-allidsthreshold
nsslapd-cache-autosize
nsslapd-cache-autosize-split
nsslapd-dbcachesize
nsslapd-db-checkpoint-interval
nsslapd-db-circular-logging
nsslapd-db-durable-transactions
nsslapd-db-home-directory
nsslapd-db-idl-divisor
nsslapd-db-locks
nsslapd-db-logbuf-size
nsslapd-db-logdirectory
nsslapd-db-logfile-size
nsslapd-db-page-size
nsslapd-db-transaction-batch-val
nsslapd-db-tx-max
nsslapd-dbncache
nsslapd-import-cachesize
nsslapd-mode
nsslapd-exclude-from-export
nsslapd-disk-low-threshold
nsslapd-disk-full-threshold
Database Configuration Attributes Under cn=NetscapeRoot and cn=UserRoot
nsslapd-cachesize
Database Performance Attributes
nsslapd-cachememsize
nsslapd-directory
nsslapd-readonly
nsslapd-require-index
nsslapd-suffix
Default Index Attributes
nsSystemIndex
Database Monitoring Attributes Under cn=NetscapeRoot
nsIndexType
nsMatchingRule
cn
description
Database Index Attributes Under cn=NetscapeRoot and cn=UserRoot
VLV Index Object Classes
vlvIndex
VLV Index Attributes
vlvSearch
vlvBase
vlvEnabled
vlvFilter
vlvScope
vlvSort
vlvUses
Chained Suffix Attributes
Frontend Plug-In Attributes
nsActiveChainingComponents
Default Instance Chained Suffix Attributes
nsMaxResponseDelay
nsMaxTestResponseDelay
nsTransmittedControls
nsAbandonedSearchCheckInterval
Instance-Specific Chained Suffix Attributes
nsBindConnectionsLimit
nsBindRetryLimit
nsBindTimeout
nsCheckLocalACI
nsConcurrentBindLimit
nsConcurrentOperationsLimit
nsConnectionLife
nsOperationConnectionsLimit
nsProxiedAuthorization
nsReferralOnScopedSearch
nsslapd-sizelimit
nsslapd-timelimit
nsFarmServerURL
Chained Suffix Monitoring Attributes
nsMultiplexorBindDN
nsMultiplexorCredentials
nshoplimit
ds-hdsml-clientauthmethod
ds-hdsml-dsmlschemalocation
ds-hdsml-iobuffersize
ds-hdsml-poolmaxsize
ds-hdsml-poolsize
ds-hdsml-port
ds-hdsml-requestmaxsize
ds-hdsml-responsemsgsize
ds-hdsml-rooturl
ds-hdsml-secureport
ds-hdsml-soapschemalocation
Implementation of the DSMLv2 Standard
Retro Changelog Plug-In Attributes
Content of the HTTP Header
Subtree Entry Counter Plug-In Attributes
nsslapd-changelogdir
nsslapd-changelogmaxage (Max Changelog Age)
nsslapd-changelogmaxentries (Max Changelog Entries)
Chapter 6 Migration From Earlier VersionsMigrating From Directory Server 4.x to 5.2
Server Attributes
Upgrading From Directory Server 5.0 or 5.1 to 5.2
Database Attributes
General Server Configuration Attributes
Password Policy Attributes
Database Attributes
Chained Suffix Attributes
SNMP Attributes
Chapter 7 Server Instance FilesOverview of Directory Server Files
Backup Files
Configuration Files
Database Files
ldif Files
Lock Files
Log Files
Chapter 8 Access Logs and Connection CodesAccess Log Content
Access Logging Levels
Common Connection Codes
Default Access Logging Content
Connection Number
Access Log Content for Additional Access Logging Levels
File Descriptor
Slot Number
Operation Number
Method Type
Version Number
Error Number
Tag Number
Number of Entries
Elapsed Time
LDAP Request Type
LDAP Response Type
Unindexed Search Indicator
Extended Operation OID
Change Sequence Number
Abandon Message
Message ID
SASL Multi-Stage Bind Logging
Connection Description
Options Description
LDAP Result Codes
Part 4 Directory Server Schema
Chapter 9 About SchemaSchema Definition
Object Classes
Schema Supported by Directory Server 5.2
Required and Allowed Attributes
Attributes
Object Class Inheritance
Attribute Syntax
Single-Valued and Multi-Valued Attributes
Object Identifiers (OIDs)
Extending Server Schema
Schema Checking
Chapter 10 Object Class Reference
Chapter 11 Attribute Reference
Chapter 12 Operational Attributes
Appendix A Error CodesCommon Error Codes
Appendix B ns-slapd and slapd.exe Command-Line UtilitiesOverview of ns-slapd and slapd.exe
ns-slapd (UNIX)
Finding and Executing the ns-slapd and slapd.exe Command-Line Utilities
slapd.exe (Windows)
Exporting Databases
db2ldif
Restoring and Backing up Databases
ldif2db
Creating and Regenerating Indexes
archive2db
db2archive
db2index
Appendix C Directory InternationalizationAbout Locales
Identifying Supported Locales
Supported Language Subtypes
Appendix D LDAP URLsComponents of an LDAP URL
Escaping Unsafe Characters
Examples of LDAP URLs
Appendix E LDAP Data Interchange FormatLDIF File Format
Continuing Lines in LDIF
Specifying Directory Entries Using LDIF
Representing Binary Data
Using Standard LDIF Notation
Using ldapmodify -b
Using Base 64 Encoding
Specifying Organization Entries
Defining Directories Using LDIF
Specifying Organizational Unit Entries
Specifying Organizational Person Entries
Storing Information in Multiple Languages
LDIF File Example