1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Server
  5. DIRECTORY SERVER 7.1
  6. Installation manual

Red Hat DIRECTORY SERVER 7.1 Installation Manual

Hide thumbs Also See for DIRECTORY SERVER 7.1:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual, Reference
Red Hat Directory Server 7.1
Red Hat Directory Server
Installation Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the DIRECTORY SERVER 7.1 and is the answer not in the manual?

Questions and answers

Related Manuals for Red Hat DIRECTORY SERVER 7.1

Summary of Contents for Red Hat DIRECTORY SERVER 7.1

  • Page 1 Red Hat Directory Server 7.1 Red Hat Directory Server Installation Guide...
  • Page 2 All other trademarks referenced herein are the property of their respective owners. The GPG fingerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E...

  • Page 3: Table Of Contents

    Table of Contents About This Guide..........................i 1. Prerequisite Reading ......................i 2. Directory Server Overview ....................i 3. Related Information ....................... i 1. Preparing for a Directory Server Installation ................1 1.1. Installation Components ....................1 1.2. Configuration Decisions..................... 1 1.2.1.
  • Page 4 6. Migrating from Previous Versions....................45 6.1. Migration Overview ......................45 6.2. Migration Prerequisites ....................46 6.3. Migration Procedure ......................46 6.3.1. Migrating a Standalone Server................47 6.3.2. Migrating a 6.x Replicated Site ................ 53 6.3.3. Migrating a 6.x Multi-Master Deployment ............54 6.3.4.

  • Page 5: About This Guide

    About This Guide Welcome to Red Hat Directory Server (Directory Server). This manual provides a high-level overview of design and planning decisions you need to make before installing the Directory Server and describes the different installation methods that you can use. This preface contains the following sections: Section 1 Prerequisite Reading •...
  • Page 6 Gateway function and explains how to customize it for use as an independent gateway. For a list of documentation installed with Directory Server, open this file: ServerRoot/manual/en/slapd/index.htm For the latest information about Directory Server, including current release notes, complete product documentation, technical notes, and deployment information, refer to http://www.redhat.com/docs/manuals/dir-server...

  • Page 7: Preparing For A Directory Server Installation

    Chapter 1. Preparing for a Directory Server Installation Before you begin installing Red Hat Directory Server (Directory Server), you should have an under- standing of the various Directory Server components and the design and configuration decisions you need to make. To help you prepare for your Directory Server installation, you should be familiar with the concepts contained in the following sections: Section 1.1 Installation Components...

  • Page 8: Choosing Unique Port Numbers

    Your server root is the directory where you install your Directory Server. The default server root for Directory Server on Linux is ; on other UNIX servers the directory is /opt/redhat-ds/ /opt/redhat-ds/servers/ The server root must meet the following requirements: The server root must be a directory on a local disk drive;...

  • Page 9: Deciding The User And Group For Your Servers

    • are running the setup program. By default, the server root directory is /opt/redhat-ds/servers. 1.2.3. Deciding the User and Group for Your Servers For security reasons, it is always best to run production servers with normal user privileges. That is, you do not want to run Directory Server with root privileges.

  • Page 10: Determining Your Directory Suffix

    Chapter 1. Preparing for a Directory Server Installation Directory Manager DN and password. The Directory Manager DN is the special directory entry to which access control does not apply. Think of the directory manager as your directory’s superuser. (In former releases of Directory Server, the Directory Manager DN was known as the root DN).

  • Page 11: Determining The Location Of The User Directory

    Chapter 1. Preparing for a Directory Server Installation must decide which one will host the configuration directory tree, . You must make o=NetscapeRoot this decision before you install any compatible server applications, including Directory Server. For ease of upgrades, you should use a Directory Server instance that is dedicated to supporting the o=NetscapeRoot tree;...

  • Page 12: Installation Process Overview

    Chapter 1. Preparing for a Directory Server Installation want control of their individual servers. However, you may still want some centralized control of all the servers in your enterprise. Administration domains allow you to meet these conflicting goals. Administration domains have the following qualities: All servers share the same configuration directory, regardless of the domain to which they belong.

  • Page 13: Migration Process

    Before you install Directory Server, ensure that the host system is brought up to date with the latest patches recommended for Red Hat Enterprise Linux. Because the list of recommended patches changes with time, you must always use http://rhn.redhat.com to keep entitled systems current with the latest recommended patches.

  • Page 14: Starting The Ns-Slapd Process

    Chapter 1. Preparing for a Directory Server Installation 1.3.3.2. For tarballs... If you have obtained Directory Server tarball from the website, you will need to unpack it before beginning installation. 1. Create a new directory for the installation: mkdir ds cd ds 2.

  • Page 15: Computer System Requirements

    Chapter 2. Computer System Requirements Before you can install Red Hat Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements. Directory Server is compiled as a 64-bit application for some platforms, meaning Directory Server supports deployments with memory cache sizes larger than 4 GB and limited only by available mem- ory.

  • Page 16: 64-Bit Process

    Chapter 2. Computer System Requirements Other Requirements You must install as root in order to use well-known port numbers (such as 389) that are less than 1024. If you do not plan to use port numbers less than 1024, you do not need to install as root. If you plan to run as root, you should also install as root and specify nobody as the default run-as user and group.

  • Page 17: Hardware Requirements

    Chapter 2. Computer System Requirements Other Requirements You must install as root in order to use well-known port numbers (such as 389) that are less than 1024. If you do not plan to use port numbers less than 1024, you do not need to install as root. If you plan to run as root, you should also install as root and specify nobody as the default run-as user and group.

  • Page 18: Operating System Requirements

    Chapter 2. Computer System Requirements Number of Entries Disk Space and Memory Required 250,000 - 1,000,000 Free disk space: 4 GB Free memory: 512 MB entries Over 1,000,000 entries Free disk space: 8 GB Free memory: 1 GB 2.3. Operating System Requirements This section contains information on operating-system versions and patches required for installing Directory Server: Utility...

  • Page 19: Verifying Disk Space Requirements

    • In addition to these recommendations, be sure to check the Red Hat website for the latest information pertaining to your Linux version: http://www.redhat.com/apps/support/ 2.3.2.1. Verifying Disk Space Requirements Ensure that you have sufficient disk space before downloading the software: Download drive: 120 MB •...

  • Page 20: Installing System Patches

    Chapter 2. Computer System Requirements Red Hat Enterprise Linux is distributed with two RPM packages for glibc, one for 386 processors and higher, the other for 486 or Pentium processors and higher. The 386 package has no NPTL support. If the 386 package is installed on a machine, you lose NPTL support. Once this has happened, it is very hard to detect because reports the package name and version without the architecture rpm -q...

  • Page 21: Hp-Ux 11I Operating System

    Chapter 2. Computer System Requirements Lastly, edit the file to include this line if it does not already exist: • /etc/pam.d/system-auth session required /lib/security/$ISA/pam_limits.so You must log out and then log back in for changes in the file to take effect. limits.conf 2.3.2.5.

  • Page 22: Tuning The System

    Chapter 2. Computer System Requirements For HP-UX 11i, install the latest HP-UX 11i Quality Pack (GOLDQPK11i) patch from June 2004 • or later. For details, refer to http://www.software.hp.com/SUPPORT_PLUS/qpk.html. The PHSS_30966: ld(1) and linker tools cumulative patch is critical before installation of Directory •...

  • Page 23: Sun Solaris 9 Operating System

    Ensure that you have sufficient disk space before downloading the Directory Server software. Download drive: 120 MB • Partition containing /opt/redhat-ds: 2 GB • 2.3.4.2. Verifying Required System Modules Directory Server requires the use of an UltraSPARC (SPARC v9) processor, as this processor in- cludes support for high-performance and multiprocessor systems.

  • Page 24: Installing Patches

    Chapter 2. Computer System Requirements 2.3.4.3. Installing Patches You must use Solaris 9 with the Sun recommended patches. The Sun recommended patch clusters can be obtained from your Solaris support representative or from the http://sunsolve.sun.com site. Solaris patches are identified by two numbers; for example, 112233-04. The first number (112233) identifies the patch itself.

  • Page 25: Setting File Descriptors

    Chapter 2. Computer System Requirements 112785-43: X11 6.6.1: Xsun Patch 112970-07: SunOS 5.9: patch libresolv 112951-09: SunOS 5.9: patchadd and patchrm Patch 113277-24: SunOS 5.9: st, sd, and ssd Patch 113579-06: SunOS 5.9: ypserv/ypxfrd Patch 112908-14: SunOS 5.9: krb5 shared object Patch 113073-14: SunOS 5.9: ufs and fsck Patch Table 2-5.

  • Page 26: Dns And Nis Requirements

    Sun was tested with j2re1.4.2_04. Use the Solaris 9 32-bit package for both 32-bit and 64-bit Sun installations. Obtain OS-appropriate Java libraries from either http://www.java.com http://www.hp.com/products1/unix/java/ Extract these files in a separate directory from your Directory Server installation, such as /export/redhat/jre.
  • Page 27 This extracts a new JRE directory called j2re.1.4.2_05. When you first run setup, you are asked for the JRE path. Fill in the absolute path as follows: /export/redhat/jre/j2re1.4.2_04 If you are doing a silent installation, set the JRE path as an environment variable before running setup:...
  • Page 28 Chapter 2. Computer System Requirements...

  • Page 29: Using Express And Typical Installation

    Chapter 3. Using Express and Typical Installation This chapter describes how to perform basic installation activities. This chapter contains the following sections: Section 3.1 Installing on Solaris and HP-UX using an Express Installation • Section 3.2 Installing on Solaris and HP-UX using a Typical Installation •...

  • Page 30: Installing On Solaris And Hp-Ux Using A Typical Installation

    Chapter 3. Using Express and Typical Installation contain any space characters. If the directory that you specify does not exist, the setup program creates it for you. 13. Choose All to install all components. 14. For the user and group to run the servers, enter the identity as whom you want this server to run. For more information on the user and groups that you should use when running your servers, see Section 1.2.3 Deciding the User and Group for Your Servers.
  • Page 31 If the directory that you specify does not exist, setup creates it for you. By default, the setup program provides the following path: /opt/redhat/servers If you want to install the software into this directory tree, press [Enter]; otherwise, supply your own path.

  • Page 32: Installing On Red Hat Enterprise Linux Using An Express Installation

    Chapter 3. Using Express and Typical Installation Caution The Directory Server identifier must not contain a period. For example, example.server.com is not a valid server identifier name. 21. For configuration directory administrator ID and password, enter the name and password as whom you will log in when you want to authenticate to the Console with full privileges.

  • Page 33: Installing On Red Hat Enterprise Linux Using A Typical Installation

    The server components are then installed in the default location: /opt/redhat-ds/ 4. Next, you need to create an instance of the Directory Server by running the setup program: cd /opt/redhat-ds/ ./setup/setup 5. Type y to accept the licensing agreement, then y again to continue with setup.
  • Page 34 The server components are then installed in the default location: /opt/redhat-ds/ 4. Next, you need to create an instance of the Directory Server by running the setup program: cd /opt/redhat-ds/ ./setup/setup 5. Type y to accept the licensing agreement, then y again to continue with setup.
  • Page 35 Chapter 3. Using Express and Typical Installation Caution The Directory Server identifier must not contain a period. For example, example.server.com is not a valid server identifier name. 13. For the configuration directory administrator ID and password, enter the name and password as whom you will log in when you want to authenticate to the Console with full privileges.
  • Page 36 Chapter 3. Using Express and Typical Installation...

  • Page 37: Silent Installation And Instance Creation

    Chapter 4. Silent Installation and Instance Creation Silent installation allows you to use a file to predefine all the answers that you would normally supply to the setup program interactively; this provides you with the ability to script the installation of multi- ple instances of Red Hat Directory Server (Directory Server).

  • Page 38: Preparing Silent Installation Files

    Directory Server. 7. When you run the setup program, specify the .inf file you have created, as follows: /opt/redhat-ds/servers/setup/silent.inf 4.1.2. Preparing Silent Installation Files The best way to create a file for use with silent installation is to use the setup program to create interactively a server instance of the type that you want to duplicate.

  • Page 39: Sample File For Typical Installation

    4.1.2.1. Sample File for Typical Installation The following is an example of the file that is generated for a typical installation: install.inf [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody ServerRoot= /opt/redhat-ds/servers AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot UserDirectoryAdminID= admin UserDirectoryAdminPwd= admin UserDirectoryLdapURL= ldap://dir.example.com:389/dc=example,dc=com...
  • Page 40 file that is generated when you perform a typical install.inf installation and you choose to use an existing Directory Server as the configuration directory: [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody ServerRoot= /opt/redhat-ds/servers AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:25389/o=NetscapeRoot UserDirectoryLdapURL= ldap://dir.example.com:18257/dc=example,dc=com UserDirectoryAdminID= cn=Directory Manager...

  • Page 41: Specifying Silent Installation Directives

    The following is an example of the install.inf file that is generated when you install just Red Hat Console: [General] FullMachineName= dir.example.com ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot SuiteSpotUserID= nobody SuiteSpotGroup= nobody ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ServerRoot= /opt/redhat-ds/servers Components= svrcore,base,slapd,admin [base] Components= base-client [slapd] Components= slapd-client [admin] Components= admin-client,base-jre 4.1.3. Specifying Silent Installation Directives This section describes the basic format of the file used for silent installation.
  • Page 42 Chapter 4. Silent Installation and Instance Creation Installation Directives Section 4.1.3.6 • [nsperl] Installation Directives. Section 4.1.3.7 • [perldap] 4.1.3.1. Silent Installation File Format When you use silent installation, you provide all the installation information in a file. This file is formatted as follows: [General] directive=value...
  • Page 43 Chapter 4. Silent Installation and Instance Creation Directive Description Specifies components to be installed. The list of available components Components differs depending on the servers available on your installation media. For stand-alone directory installation, the list of components is: svrcore - Uninstallation binaries base - The base installation package admin - The Administration Server binaries slapd - The Directory Server binaries...
  • Page 44 Chapter 4. Silent Installation and Instance Creation Required Installation Directives [slapd] You must provide these directives when you use silent installation with Directory Server. Optional Installation Directives [slapd] You may provide these directives when you use silent installation with Directory Server. Table 4-2 and Table 4-3 list the directives.
  • Page 45 Chapter 4. Silent Installation and Instance Creation Optional Directive Description Causes the contents of the LDIF file to be used to populate your InstallLdifFile directory. Table 4-3. Optional Installation Directives [slapd] 4.1.3.4. [admin] Installation Directives installation directives specify information of interest only to your Directory Server’s Ad- [admin] ministration Server.
  • Page 46 Chapter 4. Silent Installation and Instance Creation 4.1.3.5. [Base] Installation Directive There is only one [Base] installation directive, and it allows you to determine whether Red Hat Con- sole is installed. Table 4-5 the directive. Directive Description Specifies the base components to be installed. The base components Components are: base - Install the shared libraries used by all Server Consoles.

  • Page 47: Using Silent Instance Creation

    Here’s a sample file for instance creation. The is inserted to break the line for printing purposes. You need to remove the and make that one single line. [General] FullMachineName= testDir.example.com ServerRoot= /opt/redhat-ds/servers AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= secretPwd01 ConfigDirectoryLdapURL= ldap://testDir.example.com:389/o=NetscapeRoot UserDirectoryAdminID= admin UserDirectoryAdminPwd= secretPwd02 UserDirectoryLdapURL= ldap://testDir.example.com:389/dc=europe,dc=example,\...
  • Page 48 Chapter 4. Silent Installation and Instance Creation DisableSchemaChecking= No...

  • Page 49: Post Installation

    Chapter 5. Post Installation This chapter describes the post-installation procedures for launching the online help and populating the directory tree. This chapter has the following sections: Section 5.1 Launching the Help System • Section 5.2 Populating the Directory Tree • 5.1.

  • Page 50: Populating The Directory Tree

    Chapter 5. Post Installation 5.2. Populating the Directory Tree During installation, a simple directory database was created for you. In addition, a simple directory structure was placed in the database for you to use. This directory structure contained basic access control and the major branch points for the recommended directory structure.

  • Page 51: Migrating From Previous Versions

    Chapter 6. Migrating from Previous Versions If you have a previous installation of Directory Server, depending on its version, you can migrate to Red Hat Directory Server 7.x. Migration refers to the process of moving Directory Server 6.x files to Directory Server 7.x.

  • Page 52: Migration Prerequisites

    If you are migrating from Directory Server 6.x, all of the configuration files in the • directory will be backed up to a /opt/redhat-ds/servers/slapd-serverID/config directory named serverRoot/slapd-serverID/config_backup If your configuration files are stored in non-default locations, before you migrate your server, •...

  • Page 53: Migrating A Standalone Server

    The following is an example of a command you would use to migrate an instance of Directory Server 6.21 to Directory Server 7.1: migrateInstance7 -D cn=Directory Manager -w secret -p 389 \ -o /opt/redhat-ds/server621/slapd-phonebook \ -n /opt/redhat-ds/servers/slapd-phonebook \ This command appears on one line in usage. The slashes are used to wrap the line for printing, and should be removed when using the command.
  • Page 54 Chapter 6. Migrating from Previous Versions the legacy server as well as in the new server instances. To demonstrate the various options, for each backend a different option was chosen: for , the choice was to continue with the migration backend1 and export processes;...
  • Page 55 Chapter 6. Migrating from Previous Versions Parse the old DSE ldif file: /export/server621/slapd-marmot/ config/dse.ldif ***** This may take a while ... Migrate DSE entries... SECURITY - Update successfull: cn=encryption,cn=config SNMP - Update successfull: cn=snmp,cn=config ----------------------------------------------------------------- Migrate LDBM backend instances... *** LDBM_BACKEND_INSTANCE - cn=backend1,cn=ldbm database,\ cn=plugins,cn=config already exists *** Migration will overwrite existing database...
  • Page 56 Chapter 6. Migrating from Previous Versions *** LDBM_BACKEND_INSTANCE - cn=backend2,cn=ldbm database,\ cn=plugins,cn=config already exists *** Migration will overwrite existing database Do you want to continue Yes/No [No] ? y Do you want to export the existing data Yes/No [Yes] ? n *** INFORMATION - NetscapeRoot is NOT migrated *** LDBM_BACKEND_INSTANCE - cn=userroot,cn=ldbm database,\ cn=plugins,cn=config...
  • Page 57 Chapter 6. Migrating from Previous Versions [/export/server71/shared/config/certmap.conf_backup] ? ***** Close the LDAP connection to the new Directory Server instance ***** Shutting down server slapd-marmot ..----------------------------------------------------------------- Data processing... ldiffile: /export/server621/slapd-marmot/config/ldif/backend1.ldif [14/Apr/2005:17:56:46 -0600] - Waiting for 4 database threads to stop [14/Apr/2005:17:56:47 -0600] - All database threads now stopped ldiffile: /export/server621/slapd-marmot/config/ldif/backend2.ldif [14/Apr/2005:17:57:22 -0600] - Waiting for 4 database threads to stop...
  • Page 58 Chapter 6. Migrating from Previous Versions "/export/server621/slapd-marmot/config/ldif/backend1.ldif" (1230 entries) [14/Apr/2005:17:57:27 -0600] - import backend1: Workers finished; cleaning up... [14/Apr/2005:17:57:28 -0600] - import backend1: Workers cleaned up. [14/Apr/2005:17:57:28 -0600] - import backend1: Cleaning up producer thread... [14/Apr/2005:17:57:28 -0600] - import backend1: Indexing complete. Post-processing...
  • Page 59 Chapter 6. Migrating from Previous Versions "/export/server621/slapd-marmot/config/ldif/backend2.ldif" (0 entries) [14/Apr/2005:17:57:31 -0600] - import backend2: Workers finished; cleaning up... [14/Apr/2005:17:57:31 -0600] - import backend2: Workers cleaned up. [14/Apr/2005:17:57:31 -0600] - import backend2: Cleaning up producer thread... [14/Apr/2005:17:57:31 -0600] - import backend2: Indexing complete. Post-processing...

  • Page 60: Migrating A 6.X Replicated Site

    Chapter 6. Migrating from Previous Versions 6.3.2. Migrating a 6.x Replicated Site If you are upgrading from Directory Server 6.x to Directory Server 7.x, your replication configuration is automatically migrated when you run the migrateInstance7 script. To migrate a 6.x replicated site: 1.

  • Page 61: Master Migration

    Chapter 6. Migrating from Previous Versions 7. Migrate the hubs (if any); refer to Section 6.3.3.2 Hub Migration. 8. Verify that writes and changes are being replicated through the servers. 9. Migrate the replicas; refer to Section 6.3.3.3 Replica Migration. 10.

  • Page 62: Managing Console Failover

    Chapter 6. Migrating from Previous Versions 6.3.4. Managing Console Failover If you have a multi-master installation with replicated between your two masters, o=NetscapeRoot , you can modify the Console on the second server ( ) so that it uses server1 server2 server2 ’s Console would be...

  • Page 63: Upgrading

    Directory Server 7.0 is installed. By default, the setup program provides the following path: /opt/redhat-ds/servers If your 7.0 Directory Server is installed in a different path, be sure to select that path. Once you supply the correct path, press [Enter].
  • Page 64 Chapter 6. Migrating from Previous Versions...

  • Page 65: Troubleshooting

    To run dsktune 1. Change to the installation directory for your Directory Server. By default, this directory is /opt/redhat-ds/servers. 2. Change to the bin/slapd/server subdirectory. 3. As root, enter the following command: ./dsktune The following is an example of output that generates.
  • Page 66 Chapter 7. Troubleshooting TRANSPORT_NAME[10]=tcp NDD_NAME[10]=tcp_keepalive_interval NDD_VALUE[10]=600000 NOTICE : The NDD tcp_rexmit_interval_initial is currently set to 3000 milliseconds (3 seconds). This may cause packet loss for clients on Solaris 2.5.1 due to a bug in that version of Solaris. If the clients are not using Solaris 2.5.1, no problems should occur.

  • Page 67: Common Installation Problems

    Chapter 7. Troubleshooting TRANSPORT_NAME[10]=tcp NDD_NAME[10]=tcp_smallest_anon_port NDD_VALUE[10]=8192 WARNING: tcp_deferred_ack_interval is currently 50 milliseconds. This will cause the operating system to insert artificial delays in the LDAP protocol. It should be reduced during load testing. An entry similar to the following can be added to the /etc/rc.config.d/nddconf file: TRANSPORT_NAME[10]=tcp NDD_NAME[10]=tcp_deferred_ack_interval...
  • Page 68 Chapter 7. Troubleshooting user id admin (151:Unknown error.) Fatal Slapd Did not add Directory Server information to Configuration Server. ERROR. Failure installing Red Hat Directory Server. Do you want to continue [y/n]? This error occurs when a machine is not correctly configured to use DNS naming. The default fully qualified host and domain name presented during installation is not correct.
  • Page 69 Chapter 7. Troubleshooting then your Directory Manager DN password is now my_password 3. Restart your Directory Server. 4. Once your server has restarted, login as the Directory Manager and change the password. Make sure you select an encryption scheme when you do so. For information on changing a Directory Manager password, refer to the Red Hat Directory Server Administration Guide.
  • Page 70 Chapter 7. Troubleshooting...

  • Page 71: Glossary

    Glossary access control instruction See ACI. Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list See ACL. Access Control List. The mechanism for controlling access to your directory. access rights In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory.

  • Page 72: Anonymous Access

    Glossary anonymous access When granted, allows anyone to access directory information without providing credentials, and regardless of the conditions of the bind. approximate index Allows for efficient approximate or "sounds-like" searches. attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value.

  • Page 73: Cascading Replication

    Glossary base distinguished name See base DN. bind DN Distinguished name used to authenticate to Directory Server when performing an operation. bind distinguished name See bind DN. bind rule In the context of access control, the bind rule specifies the credentials and conditions that a particular user or client must satisfy in order to get access to directory information.
  • Page 74 Glossary certificate A collection of data that associates the public keys of a network user with their DN in the direc- tory. The certificate is stored in the directory as user object attributes. Certificate Authority Company or organization that sells and issues authentication certificates. You may purchase an authentication certificate from a Certification Auth Common Gateway Interface.
  • Page 75 Glossary class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes. client See LDAP client. code page An internal table used by a locale in the context of the internationalization plug-in that the oper- ating system uses to relate keyboard keys to character font screen displays.

  • Page 76: Directory Tree

    Glossary CoS template entry Contains a list of the shared attribute values. Also template entry. daemon A background process on a UNIX machine that is responsible for a particular system task. Dae- mon processes do not need human intervention to continue functioning. Directory Access Protocol.

  • Page 77: Directory Manager

    Glossary Directory Manager The privileged database administrator, comparable to the root user in UNIX. Access control does not apply to the Directory Manager. Directory Server Gateway Also DSGW. A collection of CGI forms that allows a browser to perform LDAP client functions, such as querying and accessing a Directory Server, from a web browser.
  • Page 78 Glossary DSGW See Directory Server Gateway. entry A group of lines in the LDIF file that contains information about an object. entry distribution Method of distributing directory entries across more than one server in order to scale to support large numbers of entries. entry ID list Each index that the directory uses is composed of a table of index keys and matching entry ID lists.
  • Page 79 Glossary filtered role Allows you to assign entries to the role depending upon the attribute contained by each entry. You do this by specifying an LDAP filter. Entries that match the filter are said to possess the role. gateway See Directory Server Gateway. general access When granted, indicates that all authenticated users can access directory information.
  • Page 80 Glossary HTTP-NG The next generation of Hypertext Transfer Protocol. HTTPS A secure version of HTTP, implemented using the Secure Sockets Layer, SSL. hub supplier In the context of replication, a server that holds a replica that is copied from a different server, and, in turn, replicates it to a third server.
  • Page 81 Glossary LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms. LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format. LDAP client Software used to request and view LDAP entries from an LDAP Directory Server. See also browser.

  • Page 82: Management Information Base

    Glossary locale Identifies the collation order, character type, monetary format and time / date format used to present data for users of a specific region, culture, and/or custom. This includes information on how data of a given language is interpreted, stored, or collated. The locale also indicates which code page should be used to represent a given language.
  • Page 83 Glossary A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short di- gest of data that is unique with high probability and is mathematically extremely hard to produce; a piece of data that will produce the same message digest. MD5 signature A message digest produced by the MD5 algorithm.

  • Page 84: Object Class

    Glossary name collisions Multiple entries with the same distinguished name. nested role Allows the creation of roles that contain other roles. network management application Network Management Station component that graphically displays information about SNMP managed devices (which device is up or down, which and how many error messages were re- ceived, etc.).

  • Page 85: Password Policy

    Glossary object identifier Also OID. A string, usually of decimal numbers, that uniquely identifies a schema element, such as an object class or an attribute, in an object-oriented system. Object identifiers are assigned by ANSI, IETF or similar organizations. See object identifier. operational attribute Contains information used internally by the directory to keep track of modifications and sub- tree properties.

  • Page 86: Proxy Authentication

    Glossary permission In the context of access control, permission states whether access to the directory information is granted or denied and the level of access that is granted or denied. See access rights. Also Protocol Data Unit. Encoded messages which form the basis of data exchanges between SNMP devices.
  • Page 87 Glossary PTA LDAP URL In pass-through authentication, the URL that defines the authenticating directory server, pass- through subtree(s), and optional parameters. Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down. rc.local A file on UNIX machines that describes programs that are run when the machine starts.

  • Page 88: Replication Agreement

    Glossary read-write replica A replica that contains a master copy of directory information and can be updated. A server can hold any number of read-write replicas. relative distinguished name See RDN. replication Act of copying directory trees or subtrees from supplier servers to consumer servers. replication agreement Set of configuration parameters that are stored on the supplier server and identify the databases to replicate, the consumer servers to which the data is pushed, the times during which replication...

  • Page 89: Schema Checking

    Glossary SASL Also Simple Authentication and Security Layer. An authentication framework for clients as they attempt to bind to a directory. schema Definitions describing what types of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results.
  • Page 90 Glossary service A background process on a Windows machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning. Server Instance Entry. The ID assigned to an instance of Directory Server during installation. Simple Authentication and Security Layer See SASL.
  • Page 91 Glossary Also Secure Sockets Layer. A software library establishing a secure connection between two parties (client and server) used to implement HTTPS, the secure version of HTTP. standard index index maintained by default. sub suffix A branch underneath a root suffix. subagent See SNMP subagent.
  • Page 92 Glossary symmetric encryption Encryption that uses the same key for both encrypting and decrypting. DES is an example of a symmetric encryption algorithm. system index Cannot be deleted or modified as it is essential to Directory Server operations. target In the context of access control, the target identifies the directory information to which a partic- ular ACI applies.
  • Page 93 Glossary Transport Layer Security See TLS. A unique number associated with each user on a UNIX system. Uniform Resource Locator. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is protocol://machine:port/document.
  • Page 94 Glossary...

  • Page 95: Index

    Index help launching, 43 Symbols 32-bit OS requirements, 9 32-bit process, 9 64-bit OS requirements, 10 64-bit process, 10 install.inf, 32 installation components, 1 configuration decisions, 1 preparing for, 1 administration domain, defined, 5 process overview administration port number, setting, 26, 29 administration server, 1 new installations, 7 administration server user, 4...
  • Page 96 nsperl, 40 perldap, 40 new server root slapd, 37 creating, 2 typical install example, 33 nobody user account, 3 using, 31 ns-slapd process supported platforms, 9 write an rc script for, 8 system tuning, Red Hat Enterprise Linux, 14 operating systems, supported, 9 third-party utilities installing, Red Hat Enterprise Linux, 15 typical install...

Table of Contents