Netscape DIRECTORY SERVER 6.0 Installation Manual

Hide thumbs Also See for NETSCAPE DIRECTORY SERVER 6.0:
Table of Contents

Advertisement

Installation Guide

Netscape Directory Server
Version 6.0
December 2001

Advertisement

Table of Contents
loading

Summary of Contents for Netscape NETSCAPE DIRECTORY SERVER 6.0

  • Page 1: Installation Guide

    Installation Guide Netscape Directory Server Version 6.0 December 2001...
  • Page 2 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
  • Page 3: Table Of Contents

    Contents About This Guide ............. . . 7 Prerequisite Reading .
  • Page 4 Required System Modules ............23 Patches .
  • Page 5 Using Typical Installation on UNIX ........... . 43 Using Typical Installation on Windows NT and Windows 2000 .
  • Page 6 Netscape Directory Server Installation Guide • December 2001...
  • Page 7: About This Guide

    About This Guide Welcome to Netscape Directory Server (Directory Server). This manual provides a high-level overview of design and planning decisions you need to make before installing the Directory Server, and describes the different installation methods that you can use. This preface contains the following sections: •...
  • Page 8: Conventions Used In This Guide

    Conventions Used In This Guide • Directory Server Console—An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Netscape Console, the common management framework for Netscape servers. •...
  • Page 9: Related Information

    Related Information Related Information The document set for Directory Server also contains the following guides: • Netscape Directory Server Administrator’s Guide. Contains procedures for the day-to-day maintenance of your directory service. Includes information on configuring server-side plug-ins. • Netscape Directory Server Deployment Guide. Contains procedures for the day-to-day maintenance of your directory service.
  • Page 10 Related Information Netscape Directory Server Installation Guide • December 2001...
  • Page 11: Chapter 1 Preparing For A Directory Server Installation

    Chapter 1 Preparing for a Directory Server Installation Before you begin installing Netscape Directory Server (Directory Server), you should have an understanding of the various Directory Server components and the design and configuration decisions you need to make. To help you prepare for your Directory Server installation, you should be familiar with the concepts contained in the following sections: •...
  • Page 12: Configuration Decisions

    Configuration Decisions • Netscape Administration Server—Administration Server is a common front-end to all Netscape servers. It receives communications from Netscape Console and passes those communications on to the appropriate Netscape server. Your site will have at least one Administration Server for each server root in which you have installed an Netscape server.
  • Page 13: Choosing Unique Port Numbers

    Configuration Decisions Choosing Unique Port Numbers Port numbers can be any number from 1 to 65535. Keep the following in mind when choosing a port number for your Directory Server: • The standard Directory Server (LDAP) port number is 389. •...
  • Page 14: Deciding The User And Group For Your Netscape Servers (Unix Only)

    Configuration Decisions By default, the server root directory is one of the following: • (on UNIX systems) /usr/netscape/servers • (on Windows NT and Windows 2000 systems) c:\netscape\servers Deciding the User and Group for Your Netscape Servers (UNIX only) For security reasons, it is always best to run UNIX-based production servers with normal user privileges.
  • Page 15: Defining Authentication Entities

    Configuration Decisions Defining Authentication Entities As you install Directory Server and Administration Server, you will be asked for various user names, distinguished names (DN), and passwords. This list of login and bind entities will differ depending on the type of installation that you are performing: •...
  • Page 16: Determining Your Directory Suffix

    Configuration Decisions Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password. Determining Your Directory Suffix A directory suffix is the directory entry that represents the first entry in a directory tree. You will need at least one directory suffix for the tree that will contain your enterprise’s data.
  • Page 17: Determining The Location Of The User Directory

    Configuration Decisions configuration directory so as to not hurt the performance of your other production servers. Netscape server installations result in write activities to the configuration directory. For large enough sites, this write activity could result in a short-term performance hit to your other directory activities. Also, as with any directory installation, consider replicating the configuration directory to increase availability and reliability.
  • Page 18: Determining The Administration Domain

    Configuration Decisions Also, you should use the default directory ports (389 and 636) for the user directory. If your configuration directory is managed by a server instance dedicated to that purpose, you should use some non-standard port for the configuration directory. You cannot install a user directory until you have installed a configuration directory somewhere on your network.
  • Page 19: Installation Process Overview

    Installation Process Overview Installation Process Overview You can use one of several installation processes to install Directory Server. Each one guides you through the installation process and ensures that you install the various components in the correct order. The following sections outline the installation processes available, how to upgrade from an earlier release of Directory Server, and how to unpack the software to prepare for installation.
  • Page 20: Upgrade Process

    Installation Privileges Create the directory suffixes and databases. You do not have to populate your directory now; however, you should create the basic structure for your tree, including all major roots and branch points. For information about the different methods of creating a directory entry, refer to the Netscape Directory Server Administrator’s Guide.
  • Page 21: Chapter 2 Computer System Requirements

    Chapter 2 Computer System Requirements Before you can install Netscape Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements. These requirements are described in detail for each platform in the following sections: •...
  • Page 22: Hardware Requirements

    Hardware Requirements Hardware Requirements On all platforms, you will need: • Roughly 200 MB of disk space for a minimal installation. For production systems, you should plan at least 2GB to support the product binaries, databases, and log files (log files require 1 GB by default); 4GB and greater may be required for very large directories.
  • Page 23: Solaris 8 Operating System

    Operating System Requirements NOTE Before you install Directory Server, you must check that DNS is properly configured on your system, and that the system has a static IP address. Solaris 8 Operating System If you run Directory Server on a Solaris operating system, you must ensure that the recommended patch cluster is installed.
  • Page 24 Operating System Requirements In addition to the patches listed here, you may want to install the latest patch cluster for your version of Solaris, which includes additional recommended and security patches. The Sun recommended patch clusters can be obtained from your Solaris support representative, or from http://sunsolve.sun.com Table 2-1...
  • Page 25 Operating System Requirements Solaris 8 Patch List (Continued) Table 2-1 109587-03: SunOS 5.8: libspmistore patch 109742-04: SunOS 5.8: /kernel/drv/icmp patch 109783-01: SunOS 5.8: /usr/lib/nfs/nfsd patch 109805-03: SunOS 5.8: pam_krb5.so.1 patch 109898-02: SunOS 5.8: /kernel/drv/arp patch 109951-01: SunOS 5.8: jserver buffer overflow 110075-01: SunOS 5.8: /kernel/drv/devinfo and /kernel/drv/sparcv9/devinfo patch 110283-03:...
  • Page 26: Verify System Tuning

    Operating System Requirements Solaris 8 Patch List (Continued) Table 2-1 111363-01: SunOS 5.8: /usr/sbin/installf patch 111548-01: SunOS 5.8: catman, man, whatis, apropos and makewhatis patch 111570-01: SunOS 5.8: uucp patch This release of Directory Server is not supported on Solaris 2.6 or earlier or Solaris This release of Directory Server may be used on a 64 bit Solaris 8 environment, but will run as a 32 bit process, and is limited to 3.7 GB of process memory.
  • Page 27: Windows Nt 4.0 Server

    Operating System Requirements in Solaris 8 specifies the number of milliseconds tcp_time_wait_interval that a TCP connection will be held in the kernel's table after it has been closed. If its value is above 30000 (30 seconds) and the directory is being used in a LAN, MAN or under a single network administration, it should be reduced by adding a line similar to the following to the file:...
  • Page 28: Required System Modules

    Operating System Requirements No other network functions should be provided by this computer. The computer should not be dual-booting or run other operating systems. At a minimum, the computer system should have at least 256 MB of RAM, 2 GB of disk, a Pentium II or later processor, and a 100MBps Ethernet connection.
  • Page 29: Installing Third-Party Utilities

    Operating System Requirements • On Windows NT 4.0, the maximum address space that an application can use is 2 GB. Because Directory Server cannot use more than 2 GB of virtual memory, the sum of all caches configured for the server must be strictly less than 2 GBs.
  • Page 30: Ensure That The System Clock Is Correct And Kept Accurate

    Operating System Requirements At this point you will need to install Service Pack 4 or later, if not already installed. This is needed for the installation of Microsoft Internet Explorer 5. Service packs can be obtained from http://www.microsoft.com/windows/servicepacks/ You will need to install Microsoft Internet Explorer 5 or later, as this is needed by the Security Configuration Manager.
  • Page 31: Install Tcp Isn Patch

    Operating System Requirements Install TCP ISN Patch If you will be authenticating users to the directory, then TCP connection hijacking is a vulnerability. Microsoft has released a patch to improve the serial numbers, . For more information please see q243835i.exe http://www.microsoft.com/security/bulletins/ms99-046.asp Additional Post-Installation System Configuration The Windows environment will require tuning to provide optimum performance...
  • Page 32: Remove Netbios

    Operating System Requirements Remove NETBIOS The server uses only TCP/IP and does not require any Microsoft network services. On the Bindings tab of the Network window, select All Protocols. Disable the WINS Client. This unbinds NETBIOS from TCP/IP. Enable Port Filtering The RPC services are not removed, as it may be necessary for Microsoft software to make RPC connections on the loopback interface.
  • Page 33: Disable Ip Routing

    Operating System Requirements Note that after this change has been made, the Microsoft command-line FTP client will no longer operate. This is because the Microsoft client requires the FTP server to establish a connection in the reverse direction, and all non-LDAP ports are blocked.
  • Page 34: Remove The Os/2 Dlls

    Operating System Requirements Delete the Posix and OS/2values from the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems Remove the OS/2 DLLs Delete all files in the directory and all %SystemRoot%\system32\os2 subdirectories. Stop Unneeded Services Open the Control Panel, and the Services panel. Stop and disable any running services except for the following: EventLog, Netscape Directory Server, Netscape Administration Server, NT LM Security Support Provider, Plug and Play, Protected Storage, Remote Procedure Call (RPC) Service, and SNMP.
  • Page 35 Operating System Requirements Next, under Policies, choose User Rights. Select “Access this computer from the network,” remove Everyone, and add Authenticated Users. Next, under Policies, choose Audit, select Audit These Events, and check the boxes for both Success and Failure for the Logon and Logoff Events. Chapter 2 Computer System Requirements...
  • Page 36: Encrypt Account Database

    Operating System Requirements You may wish also to rename the administrator account to something else, making it harder to guess. If you have copied the passprop utility from the NT Server Resource Kit, it can be used to allow lockout of the administrator’s account by running it on the command line as passprop/adminlockout Encrypt Account Database...
  • Page 37: Set Tuning Parameters

    Operating System Requirements Set Tuning Parameters The transmission control blocks (TCBs) store data for each TCP connection. A control block is attached to the TCB hash table for each active connection. If there are not enough control blocks available when an LDAP connection arrives at the server via TCP/IP, there is added delay while it waits for additional control blocks to be created.
  • Page 38: Windows 2000 Server And Advanced Server

    Operating System Requirements This forces the CPU that handled the interrupt to also handle any associated DPCs. This also insures that the network interface card or cards are not to associated with a specific CPU. This improves the CPUs servicing of interrupts and DPCs generated by the network interface card(s).
  • Page 39: Installing Windows 2000 Server

    Operating System Requirements Installing Windows 2000 Server During the installation of Windows 2000, please observe the following: • If there is already an operating system present on the computer, choose to perform a fresh install rather than an upgrade. • Format the drives with NTFS rather than FAT, as NTFS allows access controls to be set on files and directories.
  • Page 40: Ensure That The System Clock Is Correct And Kept Accurate

    Operating System Requirements Before downloading the font, read the files. READMEfirst.txt ReadMe.htm Ensure That the System Clock is Correct and Kept Accurate To facilitate the correlation of date and time stamps in log files with those of other computer systems, keep your system clock reasonably in sync. As the NET TIME command requires NetBIOS, which will be disabled during post-installation system configuration, either a TCP/IP based NTP client should be installed (such as the shareware program Tardis), or a time radio receiver attached.
  • Page 41: Chapter 3 Using Express And Typical Installation

    Chapter 3 Using Express and Typical Installation This chapter describes how to perform basic installation activities. This chapter contains the following sections: • Using Express Installation (page 41) • Using Typical Installation (page 43) Using Express Installation Use express installation if you are installing Directory Server to evaluate or test the product.
  • Page 42 Using Express Installation where file_name corresponds to the product binaries you want to unpack. On Windows NT and Windows 2000, unzip the product binaries. Run the setup program. You can find it in the directory in which you untarred or unzipped the binary files. On a UNIX system, issue the following command: ./setup Select “yes”...
  • Page 43: Using Typical Installation

    Using Typical Installation Do not modify the contents of the directory under the suffix. o=NetscapeRoot Either create data under the first suffix, or create a new suffix to be used for this purpose. For details on how to create new suffixes for your Directory Server, see the Netscape Directory Server Administrator’s Guide.
  • Page 44 Using Typical Installation When you are asked what you would like to install, press Enter to select the default, Netscape Servers (this is item 1). When you are asked what type of installation you would like to perform, press Enter to select the default, Typical Installation. For server root, enter a full path to the location where you want to install your server.
  • Page 45 Using Typical Installation The setup program then asks you for the System User and the System Group names. Enter the identity under which you want the servers to run. For more information on the user and group names that you should use when running Netscape servers, see “Deciding the User and Group for Your Netscape Servers (UNIX only),”...
  • Page 46 Using Typical Installation For a directory suffix, enter a distinguished name meaningful to your enterprise. This string is used to form the name of all your organization’s directory entries. Therefore, pick a name that is representative of your organization. It is recommended that you pick a suffix that corresponds to your internet DNS name.
  • Page 47: Using Typical Installation On Windows Nt And Windows 2000

    Using Typical Installation The server is then unpackaged, minimally configured, and started. You are told what host and port number Administration Server is listening on. The server is configured to use the following suffixes: • The suffix that you configured. •...
  • Page 48 Using Typical Installation For the directory to store data in, you must decide if this Directory Server instance will store your enterprise’s data. For most cases, you can select the default, “Store data in this Directory Server.” However, if this Directory Server instance is intended to be a configuration directory only, then you should select “Store data in an existing Directory Server.”...
  • Page 49 Using Typical Installation NOTE Any Distinguished Names must be entered in the UTF-8 character set encoding. Older encodings such as ISO-8859-1 are not supported. In former releases of Directory Server, the Directory Manager was known as the root DN. This is the entry that you bind to the directory as when you want access control to be ignored.
  • Page 50 Using Typical Installation Netscape Directory Server Installation Guide • December 2001...
  • Page 51: Chapter 4 Silent Installation

    Chapter 4 Silent Installation Silent installation allows you to use a file to predefine all the answers that you would normally supply to the setup program interactively. This provides you with the ability to script the installation of your Netscape Directory Servers (Directory Servers).
  • Page 52: Preparing Silent Installation Files

    Preparing Silent Installation Files On Windows NT and Windows 2000, unzip the product binaries. Prepare the file that will contain your installation directives. Run the setup program with the command line options: setup -s -f file_name where file_name is the name of the file that contains your installation directives. The next section in this chapter provides some examples of the silent install files.
  • Page 53 Preparing Silent Installation Files To do this run setup with the flag. The setup program will create the following file: /<ServerRoot>/setup/install.inf This file contains all the directives that you would use with silent installation to create the server instance. You can then use this file to create other server instances of that type.
  • Page 54: A Typical Installation

    Preparing Silent Installation Files A Typical Installation The following is the file that is generated for a typical installation: install.inf [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody ServerRoot= /usr/netscape/servers AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot UserDirectoryAdminID= admin UserDirectoryAdminPwd= admin UserDirectoryLdapURL= ldap://dir.example.com:389/o=example.com Components=...
  • Page 55: Using An Existing Configuration Directory

    Preparing Silent Installation Files Using an Existing Configuration Directory The following is the file that is generated when you perform a typical install.inf installation and you choose to use an existing Directory Server as the configuration directory: [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup=...
  • Page 56: Installing The Stand-Alone Netscape Console

    Installation Directives Components= admin,admin-client,base-jre [base] Components= base,base-client, base-jre [nsperl] Components= nsperl553 [perldap] Components= perldap14 Installing the Stand-Alone Netscape Console The following is the file that is generated when you install just install.inf Netscape Console: [General] FullMachineName= dir.example.com ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot SuiteSpotUserID= nobody SuiteSpotGroup= nobody...
  • Page 57: Silent Installation File Format

    Installation Directives • [General] Installation Directives • [Base] Installation Directives • [slapd] Installation Directives • [admin] Installation Directives Silent Installation File Format When you use silent installation, you provide all the installation information in a file. This file is formatted as follows: [General] directive=value directive=value...
  • Page 58: [General] Installation Directives

    Installation Directives [General] Installation Directives [General] installation directives specify information of global interest to the Netscape servers installed at your site. That is, the information you provide here will be common to all your Netscape servers. The [General] installation directives are: Table 4-1 [General] Installation Directives Directive...
  • Page 59: [Base] Installation Directives

    Installation Directives [General] Installation Directives (Continued) Table 4-1 Directive Description ConfigDirectoryLdapURL Specifies the LDAP URL that is used to connect to your configuration directory. LDAP URLs are described in the Netscape Directory Server Administrator’s Guide. This directive is required. AdminDomain Specifies the administration domain under which this server will be registered.
  • Page 60: [Slapd] Installation Directives

    Installation Directives Table 4-2 [Base] Installation Directive Directive Description Components Specifies the base components to be installed. The base components are: • base—install the shared libraries used by all Server Consoles. You must install this package if you are also installing some other Netscape server. •...
  • Page 61: Optional [Slapd] Installation Directives

    Installation Directives Table 4-3 Required [slapd] Installation Directives Directive Description Components Specifies the slapd components to be installed. The slapd components are: • slapd—install the Directory Server. • slapd-client—install the Directory Server Console. This directive is required. It is recommended that you always install both components any time you install the Directory Server.
  • Page 62: [Admin] Installation Directives

    Installation Directives Table 4-4 Optional [slapd] Installation Directives Directive Description AddSampleEntries If set to Yes, this directive causes the example.ldif sample directory to be loaded. Use this directive if you are installing the Directory Server for evaluation purposes and you do not already have an LDIF file to populate your directory with.
  • Page 63 Installation Directives [admin] Installation Directives (Continued) Table 4-5 Directive Description SysUser UNIX only. Specifies the user that the Administration Server will run as. For default installations that use the default Netscape port numbers, this user must be root. Root is the default. For information on what users your servers should run as, see “Deciding the User and Group for Your Netscape Servers (UNIX only),”...
  • Page 64 Installation Directives Netscape Directory Server Installation Guide • December 2001...
  • Page 65: Chapter 5 Post Installation

    Chapter 5 Post Installation This chapter describes the post-installation procedures for launching the online help and populating the directory tree. This chapter has the following sections: • Launching the Help System (page 65) • Populating the Directory Tree (page 66) Launching the Help System The help system for Directory Server is dependent upon Netscape Administration Server.
  • Page 66: Populating The Directory Tree

    Populating the Directory Tree Proxy authorized on Administration Server. If you use proxies for your HTTP connections on the client machine running Directory Server Console, you need to do one of the following: • Remove proxies on the machine running Directory Server Console. This allows the client machine to access Administration Server directly.
  • Page 67 Populating the Directory Tree • Start your Directory Server with an empty database and import data over LDAP—This method requires you to populate your directory using an LDAP client such as Directory Server Gateway or the command-line ldapmodify utility. Use this method if you have just a few entries to add at a time. For information on setting up the Directory Server Gateway, check the Netscape Directory Server Gateway Customization Guide.
  • Page 68 Populating the Directory Tree Netscape Directory Server Installation Guide • December 2001...
  • Page 69: Chapter 6 Migrating From Previous Versions

    Chapter 6 Migrating From Previous Versions You can upgrade to Netscape Directory Server 6.0 from Directory Server 4.0, 4.1, 4.11, 4.12, 4.13, or 5.0. This chapter describes how in the following sections: • Migration Overview (page 69) • Migration Prerequisites (page 70) •...
  • Page 70: Migration Prerequisites

    Migration Prerequisites • Creates a database for each suffix stored in the legacy Directory Server. (In Directory Server 5.0 and 6.0 you can have multiple databases, but just one suffix per database). • Migrates the server parameters and database parameters. (In Directory Server 5.0 and 6.0, these are stored as LDAP entries in the file.) dse.ldif...
  • Page 71: Identifying Custom Schema

    Identifying Custom Schema If you will not be running your legacy Directory Server, use the same port numbers to ensure that any directory clients that have static configuration information (including directory server port numbers) will continue to work. • Your Directory Server 6.0 must be running when you execute the migration script.
  • Page 72: Migration Procedure

    Migration Procedure To separate your custom schema from your standard schema: Examine your old files to discover all the slapd.at.conf slapd.oc.conf schema additions that you made there. To ensure that you have properly identified all your changes to standard files, you can compare them with the standard files provided in the directory.
  • Page 73 Migration Procedure • If you are upgrading from Directory Server 5.0, all of the configuration files in will be backed up to a /usr/netscape/servers/slapd-serverID/config directory named /usr/netscape/servers/slapd-serverID/config_backup • If your configuration files are stored in non-default locations, before you migrate your server, copy them to a safe place. Once you have backed up your critical configuration information, do the following to migrate a server to 6.0: Stop your legacy Directory Server.
  • Page 74 Migration Procedure newServerPath is the path to the Directory Server 6.0 directory (for example, /usr/netscape/servers/slapd-serverID The following is an example of a command you would use on a UNIX machine to migrate a 4.11 Directory Server to Directory Server 6.0: "...
  • Page 75: Migrating A Replicated Site

    Migrating a Replicated Site Migrating a Replicated Site If you are upgrading from Directory Server 5.0 to Directory Server 6.0, your replication configuration is automatically migrated when you run the script. migrateInstance5 The manual procedure described in this section explains the migration path that you can follow to migrate a replication topology of 4.x servers to a replication topology of 6.0 Directory Servers.
  • Page 76: Example: Detail Of Steps

    Migrating a Replicated Site Upgrade 4.x consumer servers to Directory Server 6.0, and change their supplier server to be the Directory Server 6.0 that you configured in Step 1. This Directory Server now acts as a hub supplier. Retire the 4.x supplier. The Directory Server 6.0 that you configured in Step 1 is now the only supplier in the topology.
  • Page 77 Migrating a Replicated Site Make Server B a read-only replica of Server D. This means that Server D is now a hub supplier: it receives updates from Server A, and in turn updates Server B. Upgrade Server C to Directory Server 6.0, and make it a read-only replica of Server D.
  • Page 78 Migrating a Replicated Site Netscape Directory Server Installation Guide • December 2001...
  • Page 79: Chapter 7 Troubleshooting

    Chapter 7 Troubleshooting This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system. This chapter has the following sections: • Running dsktune (page 79) •...
  • Page 80 Running dsktune Netscape Directory Server system tuning analysis version 25-SEP-2001. Copyright 2001 Sun Microsystems, Inc. Portions copyright 1999, 2001 Netscape Communications Corporation. All rights reserved. NOTICE : System is usparc-sun-solaris5.8 (SUNW,Ultra-5_10) (1 processor). NOTICE : Patch 109320-01 is not installed. NOTICE : Patch 108875-04 is present, but 108875-07 is a more recent version.
  • Page 81: Common Installation Problems

    Common Installation Problems ndd -set /dev/tcp tcp_smallest_anon_port 8192 WARNING: tcp_deferred_ack_interval is currently 100 milliseconds. This will cause Solaris to insert artificial delays in the LDAP protocol. It should be reduced during load testing. This line can be added to the /etc/init.d/inetinit file: ndd -set /dev/tcp tcp_deferred_ack_interval 5 WARNING: There are only 1024 file descriptors available, which limit the number of simultaneous connections.
  • Page 82 Common Installation Problems This error occurs when a machine is not correctly configured to use DNS naming. The default fully qualified host and domain name presented during installation is not correct. If you accept the defaults, you receive the LDAP authentication error. To successfully install, you need to provide a fully qualified domain name that consists of a local host name along with its domain name.
  • Page 83: Glossary

    Glossary access control instruction See ACI. ACI Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list See ACL. ACL Access control list. The mechanism for controlling access to your directory. access rights In the context of access control, specify the level of access granted or denied.
  • Page 84 attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list A list of required and optional attributes for a given entry type or object class.
  • Page 85 browser Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. browsing index Otherwise known as the virtual view index, speeds up the display of entries in the Directory Server Console.
  • Page 86 CIR See consumer-initiated replication. class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory. class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes.
  • Page 87 DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. Data Master The server that is the master source of a particular piece of data. database link An implementation of chaining. The database link behaves like a database but has no persistent storage.
  • Page 88 DNS alias A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as might point to a real machine called www.[yourdomain].[domain] where the server currently exists.
  • Page 89 HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Netscape Navigator how to display text, position graphics and form items, and display links to other pages. HTTP Hypertext Transfer Protocol.
  • Page 90 LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format LDAP client Software used to request and view LDAP entries from an LDAP Directory Server. See also browser. LDAP Data Interchange Format See LDAP Data Interchange Format. LDAP URL Provides the means of locating directory servers using DNS and then completing the query via LDAP.
  • Page 91 matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. MD5 A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data, that is unique with high probability, and is mathematically extremely hard to produce a piece of data that will produce the same message digest.
  • Page 92 network management station See NMS. NIS Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, file systems, and network parameters throughout a network of computers. NMS Network Management Station.
  • Page 93 permission In the context of access control, the permission states whether access to the directory information is granted or denied, and the level of access that is granted or denied. See access rights. PDU Protocol Data Unit. Encoded messages which form the basis of data exchanges between SNMP devices.
  • Page 94 RDN Relative distinguished name. The name of the actual entry itself, before the entry’s ancestors have been appended to the string to form the full distinguished name. referential integrity Mechanism that ensures that relationships between related entries are maintained within the directory. referral (1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
  • Page 95 root The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine. root suffix The parent of one or more sub suffixes. A directory tree can contain more than one root suffix. schema Definitions describing what types of information can be stored as entries in the directory.
  • Page 96 single-master replication The most basic replication scenario in which two servers each hold a copy of the same read-write replicas to consumer servers. In a single-master replication scenario, the supplier server maintains a change log. SIR See supplier-initiated replication. slapd LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication.
  • Page 97 supplier server In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica. supplier-initiated replication Replication configuration where supplier servers replicate directory data to consumer servers. symmetric encryption Encryption that uses the same key for both encrypting and decrypting.
  • Page 98 virtual list view index Otherwise known as a browsing index, speeds up the display of entries in the Directory Server Console. Virtual list view indexes can be created on any branchpoint in the directory tree to improve display performance. X.500 standard The set of ISO/ITU-T documents outlining the recommended information model, object classes and attributes used by directory server implementations.
  • Page 99: Index

    Index administration domain, defined 18 express install defined 19 administration port number 32, 46 using 41 administration server 12 administration server user 15 authentication entities 15 fonts, in this book 8 configuration decisions 12 configuration directory administrator 15 configuration directory, defined 16 conventions, in this book 8 glossary of terms 83–98 creating silent install files 52...
  • Page 100 preparing for 11 process overview 19 replicated site new installations 19 migration 75 requirements 21 required system modules installation directory, default 14 Solaris 23 requirements computer system 21 root DN (directory manager) 15 running server, users and groups 14 LDAP Data Interchange Format (LDIF) creating databases using 66 LDIF, See LDAP Data Interchange Format schema, migrating 71...
  • Page 101 upgrading prerequisites for 70 upgrading schema 71 upgrading the directory server 69 user and groups to run servers as 14 user directory, defined 17 Index...
  • Page 102 Netscape Directory Server Installation Guide • December 2001...

Table of Contents