Previous     Contents     Index     Next     
iPlanet Meta-Directory Configuration and Administration Guide

Chapter 17   Managing Servers and Permissions

In order to access Directory Server or an Oracle database through the Meta-Directory interface, it needs to be configured as part of Meta-Directory's navigation tree. As well, access permissions need to be set or modified. This chapter contains the following sections:

Configuring Data Servers

Meta-Directory has the ability to connect to a number of servers for a number of functions. These servers can be added as external data sources or to hold LDAP-configured connector views or meta views. Installing a Directory Server or an Oracle database as an addition to the Meta-Directory navigation tree is accomplished from the Data Servers panel. Typically, you would choose the server type and then configure it.

Accessing the Data Servers Window

  1. From the Meta-Directory console, choose the Configuration tab.

  2. Select Meta-Directory in the navigation tree.

  3. Click the Data Servers tab.

    The Data Servers window appears.

To Add a New Data Server

  1. In the Data Servers window, click New.

    The Data Server Type dialog box appears.

  2. Select the type of server (Directory Server or Oracle) you want to add and click OK.

    The server appears in the list box and, by default, it is selected. Depending on the type of server being added, either four (Directory Server) or five (Oracle) additional tabs appear at the bottom of the panel. These tabs enable you to name and configure the new server.

    Note If you choose Oracle in Step 2, go to Chapter 12 "Configuring the Database Connector" to continue configuring your server. If you choose Netscape Directory Server in Step 2, continue with Step 3.

  3. On the General tab, provide values or change the defaults as needed for the following fields:

    Host Name

    Enter the fully-qualified name of the machine where the data source is stored, such as This is a required field.


    Enter the port on which the join engine connects to the host machine (normally port 389). This is a required field.

    Authentication DN

    Enter the DN of a user that has full administrator access to the Directory Server, such as cn=directory manager. This is a required field.


    Enter the administrator password. This is a required field.


    Enter a brief description to inform other users of the purpose of this data server. This is an optional field.

  4. Click Save.

    The name of the new server appears under the Name column in the top window of the panel.

  5. Select the new server, and click Test to test the connection.

    A Test Connect Succeeded message appears if the connection was successful. If the test was unsuccessful, make sure the connection information is correct.

  6. From the Tuning tab, provide values or change the defaults as needed for the following operational fields:

    Maximum Operation Result Time

    Enter the maximum amount of time allowed before timing-out an LDAP search with no LDAP results. The suggested minimum value is 3600.

    Maximum Number of Retries

    Enter the maximum number of times you want the server to attempt to connect after an inital failure. A value of 0 indicates an infinite number of times. This field is associated with the Retry Intervals field.

    Retry Intervals

    Enter a comma-separated list of numbers, each representing the number of seconds to wait before the next retry should begin. For example, if you provided a value of 10 for Maximum Number of Retries, and 30,300,600,3600 for Retry Intervals, the system would respond as follows:

    "If the LDAP server or database becomes unavailable, retry at most 10 times, beginning 30 seconds after the loss of connection is noted, then 5 minutes later, then 10 minutes later, then hourly. If the 10th retry fails, report an error."

    Idle Timeout

    Enter the time, in seconds, that should pass before retries are abandoned if the server is idle.

  7. Click the Data Change Notification System (DCNS) Schedule tab. This option allows you to schedule when the join engine will look for changes in the change log. Provide values or change the defaults for the following fields:

    Field Name


    Second Specifier

    Enter a value from 0 to 59.

    Minute Specifier

    Enter a value from 0 to 59.

    Hour Specifier

    Enter a value from 0 to 23.

    Day Specifier

    Enter a value from 1 to 31.

    Month Specifier

    Enter a value from 1 to 12.

    Day of the Week Specifier

    Enter a value from 0 to 6, where 0 is Sunday and 6 is Saturday.

    Maximum Entries

    Enter the maximum number of records to be read from the changelog for each cycle.

    You can use either a single number as just described or an expression as follows:




    Matches any value.


    Matches any value in steps. For example, */2 matches 0,2,4,6... up to the maximum allowed value for values that start with zero, or it matches 1,3,5,7... up to the maximum value allowed.


    Specifies a range where:

    • Both x and y are greater than or equal to the minimum allowed value.

    • y is less than or equal to the maximum allowed value.

    • x is less than y.

    The expression matches any value in the range.


    Specifies a range as above, but with a step value that is not necessarily 1.


    Specifies a single number within the allowed range.


    Matches any value starting at x and then at x + step, x + 2*step, and so forth.


    Specifies a comma-separated list of values.


    Specifies a comma-separated list of ranges.

    • Lists can also contain both single values and ranges such as 1,2,5-7,10/5.

    • The scheduler operates once every second, so the finest granularity occurs every second.

  8. On the Binary Attribute window, check the binary list and, if necessary, make changes to specify which binaries you want the join engine to recognize. These are the changes you can make:

    • To create a new attribute, click New. A blank field appears at the bottom of the drop-down list. Type in the name of the attribute in this field.

    • To edit an attribute, select the attribute from the drop-down list and type over the name.

    • To delete an attribute, select the attribute from the drop-down list and click Delete.

  9. Click Save to save the configuration.

To Test a Data Server Connection

  1. In the Data Servers window, select the data server whose connection you want to test.

  2. Click Test.

    If the connection was successful, a message confirming this appears. If the connection was unsuccessful, check your server's host information and re-test.

To Delete a Data Server

  1. In the Data Servers window, select the data server you want to delete.

  2. Click Delete.

    The data server and its associated configuration disappear from the list box.

Setting Access Permissions

From iPlanet Console, access permissions can be set for individual servers.

To Set Access Permissions

  1. From iPlanet Console, select a Meta-Directory component or server, and right-click.

    A context menu appears.

  2. Choose Set Access Permissions.

    The Set Permission Dialog appears with a list of the names of users and groups who currently have access permissions for the selected object. By default, the Configuration Administrators group has unrestricted access to all servers (but not to user data), although its name does not appear on this list.

  3. Edit access permission as needed:

    • To allow access permission to additional users or groups, select the user or group name, then click Add User.

    • To deny access permission to a user or group in the list, select the user or group name, then click Delete User.

  4. When you have finished adding and deleting users, click OK.

Previous     Contents     Index     Next     
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated April 08, 2002