| Previous Contents Index Next |
| iPlanet Web Server: FastTrack Edition Administrator's Guide |
In previous releases, Enterprise Server and other Netscape servers were administered by a single server, called the administration server. In the 4.x release, the administration server is an additional instance of iPlanet Web Server, called the Administration Server, used to administer all iPlanet Web Server instances.If you have other 4.x Netscape/iPlanet servers, you can administer them through Netscape Console, a Java application. You can also access the Administration Server through Netscape Console. The Administration Server allows you to configure iPlanet Web Server. For information on how to access the Administration Server, see Accessing the Administration Server.
The Administration Server contains the following tabs:
The Servers Tab
The Servers tab allows you to configure server preferences, control who accesses the files on your web site, and use Secure Sockets Layer (SSL) to ensure privacy when communicating with other SSL-enabled products. The Server tab contains the following pages:
The Manage Servers Page
The Manage Servers Page
The Manage Servers page allows you to set up the basic server configuration.The following elements are displayed:
Select a Server. Lists all the servers.
Note To display the Server Management tabs, choose a server from the drop-down list and click Manage.
The following information is displayed about the selected server:
Server Root. Displays the absolute path where the server's scripts, icons, and configuration files are stored.
Hostname. Displays the fully qualified host name of this server (for example, www.mozilla.com).
Port. Displays the port number servicing HTTP requests. The default is port 80.
Error Log. Displays the directory path to the server error log. The error log contains all the errors the server has encountered; it also contains informational messages about the server, such as when the server was started, and any incorrect user authentication.
User (Unix/Linux). Specifies the user name under which the server runs. The server user should have restricted access to your system resources. You can often use a user named nobody in this situation. On some systems, however, nobody is not a valid user name. You may not want to give the user nobody group access to all files. If you do not use nobody, create a new Unix/Linux user, such as adm, to be the server user.
DNS. Displays whether DNS lookup of the IP address of the resource making a CGI request is enabled. DNS lookups can be resource intensive; therefore, allowing DNS lookups can slow performance, especially on a server that uses extensive CGI.
The Add Server Page
The Add Server page allows you to install multiple server instances and creates configuration files for each server instance on your system without going through the installation program. Each server instance can run on any TCP/IP port on your system, but you cannot run two web servers on the same port at the same time unless they are configured to respond to different IP addresses.For more information, see Adding a Server: Running Multiple Servers.
The following elements are displayed:
Server Name. Specifies the fully qualified host name of this server (for example, www.mozilla.com).
Server Port. Specifies the port number servicing HTTP requests. The default is port 80.
Server Identifier. Specifies the server identification that the Administration Server will use for this server instance (for example, marketing_server).
Server User (Unix/Linux). Specifies the user name under which the server runs. The server user should have restricted access to your system resources. You can often use a user named nobody in this situation. On some systems, however, nobody is not a valid user name. You may not want to give the user nobody group access to all files. If you do not use nobody, create a new Unix/Linux user, such as adm, to be the server user.
MTA Host. Specifies the name of the mail server that this server uses to send mail.
Always Attempt to Resolve IP Addresses into Host Names. Specifies whether to match IP addresses with corresponding host names. The server has the client IP address for a given client request. Some sites may wish to log all requests with their resolved DNS name instead of the IP address. Most of the time, a server does not need the DNS name.
Attempt to Resolve IP Addresses Only for Access Control and CGI. Specifies whether to match IP addresses with corresponding host names for access control lists (ACLs) and CGI. Sometimes, a site may want to use domain names instead of IP address in ACLs and CGI. Most of the time, a server does not need the DNS name.
Never Attempt to Resolve IP Addresses into Host Names. Specifies never to match IP addresses with corresponding host names.
Document Root. Specifies the directory path to the location of the server's web documents.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Remove Server Page
The Remove Server page allows you to remove a server instance from your system. This process deletes the server's configuration files, and the directory server_root/servertype-id and its subdirectories.For more information, see Removing a Server.
The following elements are displayed:
Remove Server
Select a Server. Specifies the server you want to remove. Removing the server will delete all the server's configuration files.Yes, I Really Do Want to Remove This Server. Verifies that you want to delete the server.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Preferences Tab
The Preferences tab contains the following pages:
The Shut Down Page
The Superuser Access Control Page
The Encryption Preferences Page
The Shut Down Page
The Shut Down page allows you to stop the Administration Server. To start the server again, restart the service or use the icon in the program manager for Windows NT, or type ./start from the server_root/servertype-admserv directory for Unix/Linux.The following element is displayed:
Shut Down the Administration Server. Shuts down the Administration Server.
The Network Settings Page
The Network Settings page specifies the port on which the Administration Server serves HTTP requests.For more information, see Changing Network Settings.
The following elements are displayed:
Admin Server User (Unix/Linux). Specifies the user name under which the server runs. The server user should have restricted access to your system resources. You can often use a user named nobody in this situation. On some systems, however, nobody is not a valid user name. You may not want to give the user nobody group access to all files. If you do not use nobody, create a new Unix/Linux user, such as adm, to be the server user.
Admin server port. Specifies the port on which the Administration Server runs. This port number was originally specified during the installation process.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Superuser Access Control Page
The Superuser Access Control page allows you to configure superuser access for the Administration Server. These settings affect only the superuser account. If the Administration Server uses distributed administration, you must set up access control for the administrators.For more information, see Changing the Superuser Settings.
The following elements are displayed:
Hostnames to allow. Allows the specified host name to access the Administration Server. You can use wildcard patterns to match multiple systems in a domain. For example, *iplanet.com matches a.iplanet.com and a.corp.iplanet.com. You can list multiple hosts by separating them with commas. Using host names is flexible; if a system's IP address changes, you will not need to update the server.
IP Addresses to allow. Specifies the IP address to match any host not explicitly defined. The access control for the most complete match will be used. You can also type wildcard patterns. For example, 198.95.* matches 198.95.11.6 and 198.95.11.2. You can separate IP addresses by using commas. Using IP addresses is reliable; if a DNS lookup fails for the connected client, host name restriction cannot be used.
Authentication user name. Specifies the user name of the "superuser" server administrator. (This is the user name you entered during installation.) Only this user name can be used to log in to the Administration Server. This information is stored in the admpw file.See Changing the Superuser Settings for more information.
Authentication Password. Specifies the password of the administrator. The password can have up to 8 characters and can include any character other than control characters. If you leave the password field blank, the password remains unchanged.
Authentication Password (again). Confirms the password specified in the Authentication Password field. If what you enter is different from what you entered in the Password field, you will be prompted to try again.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Encryption On/Off Page
If you are accessing this page from the Server Manager, see The Encryption On/Off Page in the Server Manager section.The Encryption On/Off page allows you to activate or deactivate SSL for the server.
For more information, see the following sections:
About iPlanet Web Server Security
The following elements are displayed:Encryption. Specifies whether encryption is activated for the server.
Port Number. Specifies the port number that the server runs on. Port numbers can be any number from 1 to 65535; however, the standard secure server port is 443.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Encryption Preferences Page
If you are accessing this page from the Server Manager, see The Encryption Preferences Page in the Server Manager section.The Encryption Preferences page allows you to set encryption preferences for your server if SSL is activated. You can specify SSL version, whether your server will require client certificates, and which ciphers your server is able to use.
The following elements are displayed:
Allow. Specifies which SSL versions the server allows. Choose one or both of the following:
SSL version 2. An older version of SSL that clients may use.
Require client certificates (regardless of access control). Specifies whether the server should refuse any client who does not have a client certificate from a trusted CA.SSL version 3. A more recent and more secure version of SSL.
SSL 2.0 ciphers. Specifies which algorithms for the 2.0 version of SSL to use in encryption.
SSL 3.0 ciphers. Specifies which algorithms for the 3.0 version of SSL to use in encryption.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Logging Options Page
If you are accessing this page from the Server Manager, see The Log Preferences Page in the Server Manager section.The Log Preferences page allows you to specify what information is recorded in the Administration Server logs. Server log files can help you monitor the server's activity and troubleshoot problems.
For more information, see Setting Log Preferences.
The following elements are displayed:
Editing. Specifies a resource to which custom logging is applied. If you choose a directory, custom logging applies only when the server receives a URL for that directory or any file in that directory.
Browse. Allows you to browse your file system.
Wildcard. Specifies a wildcard pattern. For information on using wildcard patterns, see Wildcards Used in the Resource Picker.
Log client accesses. Specifies whether to include client accesses in your log files.
Log File. Specifies the absolute path for the access log file. As a default, the log files are kept in the logs directory in the server root. If you specify a partial path, the server assumes the path is relative to the logs directory in the server root.
Record. Specifies whether the server should record domain names or IP addresses of the systems accessing the server in the access log.
Format. Specifies which type of log file format to use in the access log. You can select from the following:
Use Common Logfile Format. Includes client's host name, authenticated user name, date and time of request, HTTP header, status code returned to the client, and content length of the document sent to the client, or
Custom format. Allows you to create a customized format for your access log. For a list of customizable format parameters, see the NSAPI Programmer's Guide for iPlanet Web Server.Only log. Allows you to choose which information will be logged. You can choose from the following items:
Client hostname. The hostname (or IP address if DNS is disabled) of the client requesting access.
Authenticate user name. The authenticated user name listed in the access log if authentication was required.
System date. The date and time of the client request.
Full request. The exact request the client made.
Status. The status code the server returned to the client.
Content length. The content length, in bytes, of the document sent to the client.
HTTP header, "referer". The referer specifies the page from which the client accessed the current page. For example, if a user was looking at the results from a text search query, the referer would be the page from which the user accessed the text search engine. Referers allow the server to create a list of backtracked links.
HTTP header, "user-agent". The user-agent information—which includes the type of browser the client is using, its version, and the operating system it's running on—comes from the User-agent field in the HTTP header information the client sends to the server.
Method. The HTTP request method used (GET, PUT, POST, etc.).
URI. The Universal Resource Identifier. The location of a resource on the server. For example, for http://www.a.com:8080/special/docs, the URI is special/docs.
Query string of the URI. The text after the question mark in a URI. For example, for
http://www.a.com:8080/special/docs?find_this, the query string of the URI is find_this.Protocol. The transport protocol and version used.
Do not log client accesses from. Specifies the hostnames and the IP addresses whose accesses will not be logged.
OK. Displays the log entries in the lower section of this page.
Hostnames. Specifies all hostnames from which your server will not log client accesses. You can use a wildcard pattern to signify which hosts to leave out of the access log. For example, use *.iplanet.com if you do not want to log accesses from the domain iplanet.com.
IP Addresses. Specifies all IP addresses from which your server will not log client accesses. You can use a wildcard pattern to signify which IP addresses to leave out of the access log. For example, use 208.12.* if you do not want to log access from IP addresses beginning with 208.12.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The View Access Log Page
If you are accessing this page from the Server Manager, see The View Access Log Page in the Server Manager section.The View Access Log page allows you to configure a customized view of the information about requests to the server and the responses from the server.
For more information, see the following sections:
About Log Files
The following elements are displayed:Number of entries. Specifies the number of entries to retrieve (starting with the most recent).
Only show entries with. Specifies a string or a character to filter the log entries. Case is important; the case of the string or character specified in this field must match the case of the entry in the access log. For example, if you want to see only access log entries that contain POST, type "POST."
OK. Displays the log entries in the lower section of this page.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Last number accesses to access. Displays the access log entries with the parameters specified in the upper section of this page.
The View Error Log Page (Administration Server)
If you are accessing this page from the Server Manager, see The View Error Log Page in the Server Manager section.The View Error Log allows you to configure a customized view of the errors the server has encountered as well as the informational messages about the server, such as when the server was started and who has tried unsuccessfully to log in to the server.
For more information, see the following sections:
About Log Files
The following elements are displayed:Number of errors to view. Specifies the number of entries to retrieve (starting with the most recent).
Only show entries with. Specifies a string or a character to filter the log entries. Case is important; the case of the string or character specified in this field must match the case of the entry in the error log. For example, if you want to see only those error messages that contain warning, type "warning."
OK. Displays the log entries in the lower section of this page
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Last number errors. Displays the error log entries with the parameters specified in the upper section of this page.
The Global Settings Tab
The Global Settings tab contains the following pages
The Configure Directory Service Page
The Configure Directory Service Page
Based on an open-systems server protocol called the Lightweight Directory Access Protocol (LDAP), Netscape Directory Server allows you to manage all your user information from a single source. You can also configure the directory server to allow your users to retrieve directory information from multiple, easily accessible network locations. The Configure Directory Service page allows you to configure basic LDAP settings for your server.The following elements are displayed:
Host Name. Specifies the name of the LDAP server. You must enter a host name even if the directory server is running on the local machine.
Port. Specifies the port on which the LDAP server runs. If you are going to use SSL with a directory server, then you should enter the port number that the directory server is using for SSL.
Use Secure Sockets Layer (SSL) for connections. Specifies whether the server should use SSL for communications with the directory server. If you click Yes, then you must also configure the Administration Server to use SSL communications.
Base DN. Specifies the distinguished name where directory lookups will occur by default, and where all the Administration Server's entries will be placed in your directory tree (for example, o=mozilla.com). A DN is the string representation for the name of an entry in a directory server.
Bind DN. Specifies the distinguished name that the Administration Server will use to initially bind (or log in) to the directory server (for example, cn=Directory Manager). Binding determines the permission level you are granted for the duration of a connection. The DN supplied in a bind request can be the DN of an alias entry.
This bind DN only requires read and search access to the directory. Because this DN and associated password (if any) is easily compromised, it is best to simply leave this field blank and then set up your directory server to allow anonymous search access. If you do not want to allow anonymous search access to your directory, specify a bind DN entry here that only has read and search access to your directory. Do not specify your directory server's unrestricted user (Root DN) in this field.
Bind Password. Specifies the password used for authentication.
Save Changes. Saves your entries.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The NS Cron Control Page (Unix/Linux)
The NS Cron Control page allows you to start and stop all the cron jobs scheduled for iPlanet Web Server in the file ns-cron.For more information, see Using Cron Controls (Unix/Linux).
The following elements are displayed:
Start. Starts ns-cron, and starts all scheduled cron jobs.
Stop. Stops all cron jobs defined in ns-cron.
Restart. Restarts all cron jobs in ns-cron.
The Configure JRE/JDK Paths Page
When you install iPlanet Web Server, you can choose to install the Java Runtime Environment (JRE) or you can specify a path to the Java Development Kit (JDK). The server can run servlets using the JRE, but it needs the JDK to run JSP.The Path Variables for Location JAR/Class Files for Servlets page allows you to switch to using either the JRE or JDK, and change the path to the JDK or JRE.
For more information, see Configuring JRE/JDK Paths.
The following elements are displayed:
Choose either JDK or JRE. Specifies whether the server will run servlets using the JDK or JRE.
JDK Path. Specifies the directory where you installed the JDK.
JDK Runtime Libpath. Specifies the runtime library path for the JDK.
JDK Runtime Classpath. Specifies the paths to the directories and JAR files needed by the JDK. You can add new values to the existing class path, but do not delete the existing value since it includes paths that are essential for servlet operation.
JRE Path. Specifies the directory where you installed the JRE.
JRE Runtime Libpath. Specifies the runtime library path for the JRE.
Note If you are not sure of the JDK runtime libpath, the JDK runtime classpath, or the JRE runtime libpath, leave these fields blank to tell the server to use default paths.
The Users & Groups Tab
The Users & Groups tab contains the following pages:
Note The second level bullets list pages you can bring up from links or buttons on the corresponding first level bullet.
The New User Page
The Edit Users Page
The Manage Users Page
The Edit Groups Page
The Manage Groups Page
The New Organizational Unit Page
The Manage Organizational Units Page
The Edit Organizational Unit Page
The Manage Preferred Language List Page
The New User Page
The New User page allows you to add users to the LDAP database of Netscape Directory Server.For more information, see Creating Users.
The following elements are displayed:
Given name. Specifies the users's given name or first name.
Surname. Specifies the user's surname or last name.
Full name. Specifies the user's given name and surname. If you entered a given name and a surname, this field is automatically filled in.
User ID. Specifies a unique user name for the user. The user ID is generated as the first initial of the user's first name followed by the user's last name. You can replace this user ID with an ID of your own choosing. If you entered a given name and a surname, this field is automatically filled in.
The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use.
Note If you use the ldapmodify command line utility to create a user, unique user IDs cannot be ensured. A user with a duplicate user ID will not be able to authenticate to the directory.
Password. Specifies the password for the user.
Password (again). Confirms the password entered in the Password field. If what you enter in this field is different from what you entered in the Password field, you will be prompted to try again.
E-Mail address.Specifies the email address of the user.
Add new user to. Specifies the organizational unit where you want the new user to be placed. The default location is your directory's root point.
Create user. Adds the user to the LDAP database.
Create and edit user. Adds the user, and then proceeds to The Edit Users Page for the user you have just added.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Edit Users Page
The Edit Users page allows you to edit a user entry in the LDAP database. If you want to change an attribute value that does not appear on this page, use the ldapmodify command line utility.For more information, see Managing Users.
There are three tabs at the top of the page that give you different sets of fields to edit:
General
The following elements are displayed:Given name (First Name). Specifies the users's given name or first name.
Surname (Last Name). Specifies the user's surname or last name.
Full names. Specifies the user's given name and surname.
Title. Specifies the job title of the user.
User ID. Specifies a unique user name for the user. The user ID generated by the gateway is the first initial of the user's first name followed by the user's last name. You can replace this user ID with an ID of your own choosing.
The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use.
Note If you use the(ldapmodify command line utility to create a user, unique user IDs cannot be ensured. A user with a duplicate user ID will not be able to authenticate to the directory.
E-Mail address. Specifies the email address of the user.
Phone number. Specifies the phone number of the user.
Save changes. Saves changes to the LDAP database.
Rename user. Renames the user entry (including the entry's distinguished name) in the LDAP database.
Delete user. Deletes the user from the LDAP database.
Password
The following elements are displayed:Password. Specifies the new password. This password is used for user entries by the various Netscape/iPlanet servers for user authentication
Password (again). Confirms the password entered in the Password field. If what you enter in this field is different from what you entered in the Password field, you will be prompted to try again.
Set password. Changes the password immediately.
Disable password. Disables the user's password by setting it to an invalid value.
License
This page is no longer used by iPlanet Web Server.
The Manage Users Page
The Manage Users page allows you to find user entries, change user attribute values, change the user's password, rename the user's entry, and delete the user's entry.For more information, see Managing Users.
The following elements are displayed:
Find user. Specifies a descriptive value for the entry that you want to edit. You can enter any of the following in the search field:
A name. Specifies a full name or a partial name. All entries that equally match the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sound like the search string are found.
Find all users whose. Allows you to build a custom search filter. Use this field to narrow down the search results returned by Find User field. You can specify the following search criteria:A user ID. If you enter only a partial user ID, any entries that contain the string will be returned.
A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number will be returned.
An email address. Any search string containing an at (@) symbol is assumed to be an email address. If an exact match cannot be found, then a search is performed to find all email addresses that begin with the search string.
An asterisk (*). Displays all the entries currently in your directory. You can achieve the same effect by simply leaving the field blank.
Any LDAP search filter. Treats any string that contains an equal sign (=) as a search filter (for example, ou=Network).
The left pull-down list allows you to specify the attribute on which the search will be based. You can choose from the following options:
Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory's root point (or topmost entry).
full name. Searches each entry's full name for a match.
In the center pull-down list, select the type of search you want to perform. You can choose from the following options:last name. Searches each entry's last name, or surname for a match.
user id. Searches each entry's user id for a match.
phone number. Searches each entry's phone number for a match.
email address. Searches each entry's email address for a match.
contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a user's name probably contains the word "Steve", use this option with the search string "Steve" to find the user's entry.
In the right text field, enter your search string. To display all the user's entries contained in the directory specified in the Look within field, enter either an asterisk (*) or leave this field blank.is. Causes an exact match to be found. This option specifies an equality search. Use this option when you know the exact value of a user's attribute. For example, if you know the exact spelling of the user's name, use this option.
isn't. Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the users in the directory whose name is not "Babs Jensen," use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a user's name is spelled "Sarret", "Sarette", or "Sarett", use this option.
starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a user's name starts with "Mike", but you do not know the rest of the name, use this option.
ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a user's name ends with "Anderson", but you do not know the rest of the name, use this option.
Format. Specifies whether the search results are formatted for display on screen or for printing to a printer.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The New Group Page
The New Group page allows you to create a group entry within the directory server.For more information, see Creating Groups.
The following elements are displayed:
Type of group. Specifies whether the group is static.
Group name. Specifies the group name.
Description. Specifies a description of the group.
Add new group to. Specifies the directory to which you are adding the group. The default location is your directory's root point.
Create group. Adds the group to the LDAP database.
Create and edit group. Adds the group, and then proceeds to The Edit Groups Page for the group you have just added.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Edit Groups Page
The Edit Groups page allows you to edit a group entry. If you want to change an attribute value that does not appear on this page, use the ldapmodify command line utility.For more information, see Managing Groups.
The following elements are displayed:
Group name. Specifies the group you want to edit.
Description. Specifies a description of the group.
Group members. Lists the members of the group. Click Edit to add, modify, or delete members in the group.
Group cert members. Specifies the members of the group certificate. Click Add to add members to the group certificate.
Owner. Specifies the owner of the group. Click Edit to add, modify, or delete the group owner.
See also. References other directory entries that may be relevant to the current group. See Also allows users to easily find entries for people and other groups that are related to the current group. Click Edit to add, modify, or delete See Also references.
Save changes. Saves the changes to the LDAP directory.
Rename group. Renames the group in the LDAP directory.
Delete group. Deletes the group from the LDAP directory.
The Edit Members Page
The Edit Members page allows you to add, edit, or delete users or groups in a group or organization. You can add or delete members individually, or by using searches.For more information on groups, see Managing Groups.
For more information or organizations, see Creating Organizational Units.
The following elements are displayed:
Find. Specifies whether you are searching for users or groups.
Matching. Specifies the string or character to search for in the user or the group name.
Find and add. Finds the user or group in the LDAP database and adds them to the group.
Find and remove. Finds the user or group in the LDAP database and deletes the user or group from the group.
Remove from list. Click the checkbox next to the name of the member user or group you want to remove from the list of members.
Save changes. Saves the changes to the LDAP directory.
Cancel. Erases your changes and returns to previous page.
The Group Cert Members Page
The Group Cert Members Page allows you to specify the information necessary to request a certificate from a commercial or an internal certificate authority (CA).The following elements are displayed:
Common name. Specifies the fully qualified hostname used in DNS lookups (for example, www.iplanet.com). This is the hostname in the URL that a browser uses to connect to your site. It's important that these two names are the same, otherwise a client is notified that the certificate name does not match the site name, which will make people doubt the authenticity of your certificate. However, some CAs might require different information, so it's important to contact them.
Email address. Specifies the business email address used for correspondence between the business and the CA.
Organization. Specifies the official, legal name of the company, educational institution, partnership, and so on. Most CAs require that you verify this information with legal documents (such as a copy of a business license).
Organization unit(s). Describes an organization within your company. This can also be used to specify a less formal company name (without the Inc., Corp., and so on).
Locality. Specifies the city, principality, or country for the organization.
State or province. Specifies the state or province in which the organization is located. Most CAs require the full name, not abbreviations.
Country. Specifies the country in which the organization is located. Most CAs require the two-letter country code (for example, US for United States of America).
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Manage Groups Page
The Manage Groups page allows you to manage group memberships. You can find groups, change group attributes, add and delete owners of the group, add and delete members of the group, rename the group, delete the group, and change the group's description.The following elements are displayed:
Find group. Specifies the name of the group that you want to find. You can enter any of the following in the search field:
A name. A full name or a partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.
Find all groups whose. Allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find Groups. You can specify the following search criteria:An asterisk (*). The groups currently residing in your directory. You can achieve the same effect by simply leaving the field blank.
Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
The left pull-down list allows you to specify the attribute on which the search is based. You can choose from the following options:
Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory's root point, or top-most entry.
name. Searches each entry's full name for a match.
In the middle pull-down list, select the type of search you want to perform. You can choose from the following options:description. Searches each group entry's description for a match.
contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a group's name probably contains the word "Administrator", use this option with the search string "Administrator" to find the group entry.
In the right text field, enter your search string. To display all the group entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this field blank.is. Causes an exact match to be found. Use this option when you know the exact value of a group's attribute. For example, if you know the exact spelling of the group's name, use this option.
isn't. Returns all the entries whose attribute value does not exactly match the search string. If you want to find all the groups in the directory whose name does not contain "administrator", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a group's name is spelled "Sarret's list", "Sarette's list", or "Sarett's list", use this option.
starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a group's name starts with "Product", but you do not know the rest of the name, use this option.
ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a group's name ends with "development", but you do not know the rest of the name, use this option.
Format. Specifies whether the output is formatted for display on screen or for printing to a printer.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The New Organizational Unit Page
Organizational units are subdivisions within your company that are use the organizationalUnit object class. The New Organizational Unit page allows you to create a new organizational unit in the directory server.For more information, see Creating Organizational Units.
The following items are displayed:
Unit name. Specifies the name of the organizational unit.
Description. Specifies a description of the organizational unit.
Add organizational unit to. Specifies the parent organizational unit under which this new organizational unit will reside.
Create organizational unit. Adds the organizational unit to the LDAP database.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Manage Organizational Units Page
The Manage Organizational Units page allows you to manage the company's organizational units.For more information, see Managing Organizational Units.
The following elements are displayed:
Find organizational unit. Specifies the name of the organizational unit that you want to find. You can enter any of the following in the search field:
A name. A full name or a partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.
Find all units whose. Allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find Organizational Unit. You can specify the following search criteria:An asterisk (*). All the groups currently residing in your directory. You can achieve the same effect by simply leaving the field blank.
Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
The left pull-down list allows you to specify the attribute on which the search is based. You can choose from the following options:
Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory's root point, or top-most entry.
full name. Searches each entry's full name for a match.
In the middle pull-down list, select the type of search you want to perform. You can choose from the following options:description. Searches each organizational unit entry's description for a match.
contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an organizational unit's name probably contains the word "Administrator", use this option with the search string "Administrator" to find the organizational unit entry.
In the right text field, enter your search string. To display all the organizational unit entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this field blank.is. Causes an exact match to be found. Use this option when you know the exact value of an organizational unit's attribute. For example, if you know the exact spelling of the organizational unit's name, use this option.
isn't. Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the organizational units in the directory whose name does not contain "administrator", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a organizational unit's name is spelled "Sarret's list", "Sarette's list", or "Sarett's list", use this option.
starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know an organizational unit's name starts with "Product", but you do not know the rest of the name, use this option.
ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know an organizational unit's name ends with "development", but you do not know the rest of the name, use this option.
Format. Specifies whether the search results are formatted for display on screen or for printing to a printer.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Edit Organizational Unit Page
The Edit Organizational Unit page allows you to add, edit, or remove an organizational unit.For more information, see Managing Organizational Units.
The following elements are displayed:
Unit name. Specifies the name of the organizational unit.
Description. Specifies a description of the unit.
Phone. Specifies the phone number of the organizational unit.
Fax. Specifies a fax number of the organizational unit.
Mailing address. Specifies the mailing address of the organizational unit.
Save changes. Saves the changes made on this page.
Rename. Renames the organizational unit in the LDAP database.
Delete. Deletes the organizational unit from the LDAP database.
OK. Saves your entries. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Manage Preferred Language List Page
The Manage Language Selection List page allows you to specify the languages supported in the LDAP server.For more information, see Managing a Preferred Language List.
The following elements are displayed:
Display language selection list. Specifies whether the languages selected in the language selection list will be displayed upon saving your changes on this page.
Languages in the selection list. Displays all the available languages. Click "Add to list" to add the language to your language selection list. Click "Default value" to designate one language as the default language.
Save changes. Saves your entries. You must restart the server in order for your changes to take effect.
The Security Tab
The Administration Server Security tab contains the following pages:
The Create a Trust Database Page
The Request a Server Certificate Page
The Install a Server Certificate Page
The Change the Key Pair File Password Page
The Manage Server Certificates Page (Administration Server)
The Install a Certificate Revocation List
The Create a Trust Database Page
If you are accessing this page from the Server Manager, see The Create a Trust Database Page in the Server Manager section.The Create a Trust Database page allows you to create a new trust database with the default CA settings and protect it with a password. The server can have only one trust database, so you can create a trust database only if one does not already exist. The trust database is created with the default CA entries which are configured so that they are not trusted CAs for client certificates. To configure the server to trust these CAs for use with client certificates, see The Manage Server Certificates Page (Administration Server).
For more information, see Creating a Certificate Trust Database.
The following elements are displayed:
Cryptographic Module. Specifies whether the certificate database is internal.
Database Password. Specifies the certificate database password.
Password (again). Confirms the password specified in the Database Password field. If what you enter is different from what you entered in the Database Password field, you will be prompted to try again.
OK. Saves your entries. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Request a Server Certificate Page
If you are accessing this page from the Server Manager, see The Request a Server Certificate Page in the Server Manager section.The Request a Server Certificate page allows you to add or renew a server certificate.
For more information, see Requesting a Certificate.
The following elements are displayed:
New Certificate. Specifies that the certificate being requested is new.
Certificate Renewal. Specifies that the certificate being requested is a renewal of an existing certificate.
List of Available Certificate Authorities. Lists the certificate authorities from which you can get server certificates.
Submit to Certificate Authority Via. Specifies the manner in which to submit the certificate request. If you wish to contact the certificate authority via email, select CA Email Address and enter the email address in the field.
Select the Mode to Use with the Certificate. Specifies one of the following:
Cryptographic Module. Specifies the module to be used with the certificate.
Requestor Name. Specifies the name under which the certificate will be issued.Key Pair File Password. Specifies the certificate database password.
Telephone Number. Specifies the telephone number of the requestor.
Common Name. Specifies the fully qualified hostname used in DNS lookups (for example, www.iplanet.com). This is the hostname in the URL that a browser uses to connect to your site. It is important that these two names are the same. Otherwise, a client is notified that the certificate name does not match the site name, which often makes uses doubt the authenticity of your certificate.
Email Address. Specifies the business email address used for correspondence between you and the CA.
Organization. Specifies the official, legal name of your company, educational institution, organization, and so on. Most CAs require that you verify this information with legal documents (such as a copy of a business license).
Organizational Unit. Specifies a description of an organizational unit within your company. This field is optional.
Locality. Specifies a description of the city, principality, or country for the organization. This field is optional.
State or Province. Specifies the state or province in which the business is located.
Country. Specifies the two-character abbreviation of your country name (in ISO format). The country code for the United States is US.
OK. Saves your entries. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Install a Server Certificate Page
If you are accessing this page from the Server Manager, see The Install a Server Certificate Page in the Server Manager section.You can install your own certificate to present to clients, or a CA's certificate for use in a certificate chain.
When you receive a certificate from the CA, it will be encrypted with your public key so that only you can decrypt it. The server will use the key-pair file password you specify to decrypt the certificate when you install it.
The Install a Server Certificate page allows you to install a certificate for a server.
The following elements are displayed:
Certificate For. Specifies where the certificate will be used. Select from the following options:
This Server. Specifies that the server will use the key-pair file password you specify to decrypt the certificate when you install it.
Database Password. Specifies the password for the certificate database.Server Certificate Chain. Allows the SSL connection to continue at the client's discretion when the client does not recognize the certificate's CA. Certificate chaining is the process of presenting your CA's certificate in addition to your own. If the client trusts the CA who issued the certificate to your CA, the transaction will continue. In this way, a chain of trust is created: the client trusts the second CA, who trusts the first CA, who trusts you. Therefore, the client trusts you.
Trusted Certificate Authority (CA). Accepts the certificate of a CA as a trusted CA for client authentication.
Certificate Name. Specifies the common name of the certificate. Enter the certificate name only if it differs from the fully qualified hostname of your server used in DNS lookups (for example, www.iplanet.com).
Message is in This File. Specifies the file that contains the CA certificate.
Message Text (with headers). Contains the content of the CA certificate. If you copy and paste the text, be sure to include the headers "Begin Certificate" and "End Certificate."
OK. Saves your entries. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Change the Key Pair File Password Page
If you are accessing this page from the Server Manager, see The Change the Key Pair File Password Page in the Server Manager section.The Change the Key Pair File Password page allows you to change the password used to access your trust database.
The following elements are displayed:
Old Password. Specifies the current key pair password.
New Password. Specifies the new key pair password.
Password (again). Confirms the password specified in the New Password field. If what you enter is different from what you entered in the New Password field, you will be prompted to try again.
OK. Saves your entries. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Manage Server Certificates Page (Administration Server)
If you are accessing this page from the Server Manager, see The Manage Server Certificates Page in the Server Manager section.The Manage Server Certificates page displays all the installed certificates associated with the server and allows you to manage the certificates.
The following elements are displayed:
Certificate Name. Specifies the name of the certificate authority.
Type. Specifies the type of certificate.
Expires (Time in UTC). Displays the date and time that the certificate expires. Once a certificate has expired, you must renew it to use it again.
The Install a Certificate Revocation List
The Install a Certificate Revocation List page displays the file locations for your CRLs/CKLs.The following elements are displayed:
File Contains. Specifies either a Certificate Revocation List (CRL) or a Compromised Key List (CKL).
The CRL/CKL is in this file: Specifies the CRL/CKL location.
OK. Saves your entries. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Manage Certificate Revocation Lists
The Manage Certificate Revocation Lists page displays your server CRLs.The following elements are displayed:
Server CRLs. Displays the server CRLs for more information and options.
Refresh. Updates the current list of CRLs.
The Install a New PKCS#11 Module Page
Public Key Cryptography Standard (PKCS) #11 defines the interface used for communication between SSL and PKCS #11 modules. The PKCS#11 modules are used for standards-based connectivity to SSL hardware accelerators. The Install a New PKCS#11 Module page allows you to import PKCS#11 modules from another location.The following elements are displayed:
Path to Jar File. Specifies the path from which to import PKCS#11 modules in the form of .jar files.
OK. Saves your entries. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Previous Contents Index Next
Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.
Last Updated July 13, 2000