Index Next |
iPlanet Directory Access Router Administrator's Guide |
Contents
About This GuideAudience for This Guide
What's in This Guide
Conventions Used In This Guide
Related Information
Support
Part 1 Introduction to iPlanet Directory Access RouterIntroduction
iDAR Feature Set
High Availability
Load Balancing
Failover
Security
Client-Server Compatibility
Chapter 2 iDAR Deployment ScenariosAn Internal High Availability Configuration
A Distributed LDAP Directory Infrastructure
Customer Scenario
A Centralized LDAP Directory Infrastructure
Customer Deployment
LDAP Request Flow
Customer Scenario
Deploying iDAR with a Single Firewall
Customer Deployment
LDAP Request Flow
Deploying iDAR with Two Firewalls
Part 2 Console Based Administration
Chapter 3 Introducing iDAR ConsolesGetting Started with iPlanet Console
Servers and Applications Tab
Accessing the iDAR Consoles
Users and Groups Tab
iPlanet Administration Server
Starting Administration Server
Stopping Administration Server
Step 1. Log In to the iPlanet Console
Step 2. Open the Appropriate iDAR Console
Opening the iDAR Server Console
Opening the iDAR Configuration Editor Console
Chapter 4 Starting, Restarting, and Stopping iDARStarting and Stopping iDAR
Starting and Stopping iDAR From iPlanet Console
Restarting iDAR
Starting and Stopping iDAR From Command Line
Starting and Stopping iDAR From Windows NT Services Panel
Restarting iDAR From iPlanet Console
Checking iDAR System Status
Restarting iDAR From Command Line
Checking iDAR Status From iPlanet Console
Checking iDAR Status From Command Line
Chapter 5 Configuring System ParametersConfiguring System Settings
Creating System Configuration Objects
Configuring iDAR for TLS/SSL-Enabled Communication
Step 1. Install a Server Certificate for iDAR
Step A. Generate a Key Pair and a Certificate Request
Step 2. Set Up SSL Connections Between iDAR and Clients
Step B. Verify the iDAR Key File and Certificate Request Files
Step C. Submit the Certificate Request to a CA
Step D. Copy the Certificate to a Text File
Step E. Copy the CA Certificate Chain to a Text File
Step A. Create a File with CA Certificates in PEM Format
Step 3. Set Up SSL Connections Between iDAR and LDAP Servers
Step B. Add iDAR CA Certificate to Clients' Trust Databases
Step C. Make Changes to the iDAR System Configuration
Step D. Make Changes to the iDAR Network Groups
Step A. Create a File With CA Certificates in PEM Format
Step B. Add iDAR CA Certificate to the LDAP Servers' Trust Databases
Step C. Make Changes to the LDAP Server Properties
Chapter 6 Creating and Managing GroupsOverview of Groups
Creating Groups
Modifying Groups
Deleting Groups
Chapter 7 Defining and Managing Property ObjectsAttribute Renaming Property
Creating Attribute Renaming Property Objects
Forbidden Entry Property
Creating Forbidden Entry Property Objects
LDAP Server Property
Creating LDAP Server Property Objects
Load Balancing Property
Creating Load Balancing Property Objects
Logging Property
Search Size Limit Property
Creating Search Size Limit Property Objects
Modifying Property Objects
Deleting Property Objects
Chapter 8 Creating and Managing Event ObjectsOverview of Events
Creating Event Objects
Creating OnBindSuccess Event Objects
Modifying Event Objects
Creating OnSSLEstablished Event Objects
Deleting Event Objects
Chapter 9 Creating and Managing Action ObjectsOverview of Actions
Creating Action Objects
Modifying Action Objects
Deleting Action Objects
Chapter 10 Configuring and Monitoring LogsOverview of Logging
System Log
Configuring Logs
Audit Log
Step 1. Define a Logging Property
Monitoring Logs From iDAR Server Console
Step 2. Specify the Logging Property to Use
Part 3 Command-Line Configuration
Chapter 11 Configuration OverviewIntroduction
iDAR Configuration File Format
Building a Configuration File
Define Global Entries
iDAR Decision Functions
Define Property Entries
Define Action Entries
Define Rule Entries
Define Group Entries
Configuration File Build Tool
Establishing Group on Connection
Change Group on Bind
Change Group on Establishment of TLS
High Availability Setup
Following Referrals
Chapter 12 Configuring SecurityConfiguring TLS/SSL in iDAR
Steps to Configure TLS/SSL Support
Generating a TLS Key Pair
Generating Files With certreq
Supported SASL Mechanisms
Key File
Certificate Request File
Chapter 13 Configuration Generation ToolIntroduction
Configuration Assistance
Configuration Tool's Parameters
Tailor Options
Configuration Examples
Straight Through Configuration
Startup Configuration File
Load Balancing Configuration
Binding Based Operation Filtering
Load Balancing and Binding Based Operation Filtering
Startup Configuration's Keywords
configuration_url
configuration_bind_dn
configuration_bind_pw
configuration_username
sasl_bind_mechanism
Chapter 14 Starting, Stopping, and Restarting iDARStarting and Stopping iDAR
Supported Flags
Restarting iDAR
Chapter 15 Global Configurationids-proxy-sch-LDAPProxy Object Class
ids-proxy-con-Server-Name
ids-proxy-sch-GlobalConfiguration Object Class
Locating Group, Property, Rule, and Action Objects
ids-proxy-sch-Group-Base, ids-proxy-sch-Property-Base, ids-proxy-sch-Rule-Base, ids-proxy-sch-Action-Base
ids-proxy-con-Config-Name
ids-proxy-con-listen-port
ids-proxy-con-listen-host
ids-proxy-con-max-conns
ids-proxy-con-listen-backlog
ids-proxy-con-ldaps-port
ids-proxy-con-userid
ids-proxy-con-working-dir
ids-proxy-con-include-logproperty
TLS/SSL Configuration Attributes
ids-proxy-con-ssl-key
Connection Pool Configuration Attributes
ids-proxy-con-ssl-cert
ids-proxy-con-send-cert-as-client
ids-proxy-con-server-ssl-version, ids-proxy-con-client-ssl-version
ids-proxy-con-ssl-cert-required
ids-proxy-con-ssl-cafile
ids-proxy-con-connection-pool
Debugging
ids-proxy-con-connection-pool-interval
ids-proxy-con-connection-pool-timeout
ids-proxy-con-foreground
Chapter 16 Groups Configurationids-proxy-sch-Group Object Class
ids-proxy-con-Name
ids-proxy-sch-NetworkGroup Object Class
ids-proxy-con-Priority
ids-proxy-sch-Enable
ids-proxy-sch-belongs-to
ids-proxy-con-Client
Forwarding Binds
ids-proxy-con-include-property
ids-proxy-con-include-rule
ids-proxy-con-ssl-policy
ids-proxy-con-tcp-no-delay
ids-proxy-con-allow-multi-ldapv2-bind
ids-proxy-con-reverse-dns-lookup
ids-proxy-con-timeout
ids-proxy-con-bind-name
Controlling Which Operations Are Forwarded
ids-proxy-con-permit-auth-none
ids-proxy-con-permit-auth-simple
ids-proxy-con-permit-auth-sasl
ids-proxy-con-permit-op-search
Hiding a Subtree of Entries With ids-proxy-con-forbidden-subtree
ids-proxy-con-permit-op-compare
ids-proxy-con-permit-op-add, ids-proxy-con-permit-op-delete, ids-proxy-con-permit-op-modify, ids-proxy-con-permit-op-modrdn, ids-proxy-con-permit-op-extended
Attributes Controlling Search Requests
ids-proxy-con-filter-inequality
Controlling Search and Compare Requests
ids-proxy-con-min-substring-size
ids-proxy-con-forbidden-compare
Attributes Modifying Search Requests
ids-proxy-con-permitted-compare
ids-proxy-con-minimum-base
Attributes Restricting Search Responses
ids-proxy-con-max-scope
ids-proxy-con-max-timelimit
ids-proxy-con-max-result-size
Controlling the Return of Referrals
ids-proxy-con-forbidden-return
ids-proxy-con-permitted-return
ids-proxy-con-search-reference
ids-proxy-con-reference
Controlling Server Load
ids-proxy-con-referral-ssl-policy
ids-proxy-con-referral-bind-policy
ids-proxy-con-max-refcount
ids-proxy-con-max-simultaneous-operations-per-connection
ids-proxy-con-max-operations-per-connection
ids-proxy-con-max-conns
ids-proxy-con-max-simultaneous-conns-from-ip
Chapter 17 Properties Configurationids-proxy-sch-Property Object Class
ids-proxy-con-Name
ids-proxy-sch-LoadBalanceProperty Object Class
ids-proxy-con-Priority
ids-proxy-sch-Enable
ids-proxy-sch-belongs-to
ids-proxy-con-Server
ids-proxy-sch-SizeLimitProperty Object Class
ids-proxy-con-Size-Limit
ids-proxy-sch-RenameAttributeProperty Object Class
ids-proxy-con-Dn-One
ids-proxy-con-Dn-Sub
ids-proxy-con-server-attr-name
ids-proxy-sch-ForbiddenEntryProperty Object Class
ids-proxy-con-client-attr-name
ids-proxy-con-dn-exact
ids-proxy-sch-LDAPServer Object Class
ids-proxy-con-dn-regexp
ids-proxy-con-ava
ids-proxy-con-forbidden-return
ids-proxy-con-permitted-return
ids-proxy-con-host
ids-proxy-sch-LogProperty Object Class
ids-proxy-con-port
ids-proxy-con-sport
ids-proxy-con-supported-version
ids-proxy-con-use-version
ids-proxy-con-tcp-no-delay
ids-proxy-con-link-security-policy
ids-proxy-con-x509cert-subject
ids-proxy-con-keepalive-interval
Chapter 18 Events Configurationids-proxy-sch-Rule Object Class
ids-proxy-con-Name
ids-proxy-sch-OnBindSuccessRule Object Class
ids-proxy-con-Priority
ids-proxy-sch-Enable
ids-proxy-sch-belongs-to
ids-proxy-con-execute
ids-proxy-con-ssl-required
ids-proxy-sch-OnSSLEstablishedRule Object Class
ids-proxy-con-bind-anonymous
ids-proxy-con-bind-simple
ids-proxy-con-bind-sasl
Chapter 19 Actions Configurationids-proxy-sch-Action Object Class
ids-proxy-con-Name
ids-proxy-sch-ChangeGroupAction Object Class
ids-proxy-con-Priority
ids-proxy-sch-Enable
ids-proxy-sch-belongs-to
ids-proxy-con-to-group
Chapter 20 Loggingids-proxy-sch-LogProperty Object Class
ids-proxy-con-stat-level
ids-proxy-con-log-syslog
ids-proxy-con-log-file
ids-proxy-con-audit-syslog
ids-proxy-con-audit-file
Part 4 Appendixes
Appendix A Sample Configuration FilesStraight Through Configuration
Load Balancing Configuration
Binding Based Operation Filtering Configuration
Load Balancing With Binding Based Operation Filtering Configuration
Appendix B iDAR Error GuideUnnumbered Errors
Numbered Errors
Appendix C iDAR FAQ, Features, and TroubleshootingiDAR FAQ
Index
iDAR Features
Troubleshooting
Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated July 26, 2001