Installation Guide Netscape Directory Server Version 6.01 March 2002...
Page 2
Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
About This Guide Welcome to Netscape Directory Server (Directory Server). This manual provides a high-level overview of design and planning decisions you need to make before installing the Directory Server, and describes the different installation methods that you can use. This preface contains the following sections: •...
Conventions Used In This Guide • Directory Server Console—An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. The directory console is part of Netscape Console, the common management framework for Netscape servers. •...
Related Information Related Information The document set for Directory Server also contains the following guides: • Netscape Directory Server Administrator’s Guide. Contains procedures for the day-to-day maintenance of your directory service. Includes information on configuring server-side plug-ins. • Netscape Directory Server Deployment Guide. Contains procedures for the day-to-day maintenance of your directory service.
Page 10
Related Information Netscape Directory Server Installation Guide • March 2002...
Chapter 1 Preparing for a Directory Server Installation Before you begin installing Netscape Directory Server (Directory Server), you should have an understanding of the various Directory Server components and the design and configuration decisions you need to make. To help you prepare for your Directory Server installation, you should be familiar with the concepts contained in the following sections: •...
Configuration Decisions • Netscape Administration Server—Administration Server is a common front-end to all Netscape servers. It receives communications from Netscape Console and passes those communications on to the appropriate Netscape server. Your site will have at least one Administration Server for each server root in which you have installed an Netscape server.
Configuration Decisions Choosing Unique Port Numbers Port numbers can be any number from 1 to 65535. Keep the following in mind when choosing a port number for your Directory Server: • The standard Directory Server (LDAP) port number is 389. •...
Configuration Decisions By default, the server root directory is one of the following: • (on UNIX systems) /usr/netscape/servers • (on Windows NT and Windows 2000 systems) c:\netscape\servers Deciding the User and Group for Your Netscape Servers (UNIX only) For security reasons, it is always best to run UNIX-based production servers with normal user privileges.
Configuration Decisions Defining Authentication Entities As you install Directory Server and Administration Server, you will be asked for various user names, distinguished names (DN), and passwords. This list of login and bind entities will differ depending on the type of installation that you are performing: •...
Configuration Decisions Normally, Administration Server user and password should be identical to the configuration directory administrator ID and password. Determining Your Directory Suffix A directory suffix is the directory entry that represents the first entry in a directory tree. You will need at least one directory suffix for the tree that will contain your enterprise’s data.
Configuration Decisions configuration directory so as to not hurt the performance of your other production servers. Netscape server installations result in write activities to the configuration directory. For large enough sites, this write activity could result in a short-term performance hit to your other directory activities. Also, as with any directory installation, consider replicating the configuration directory to increase availability and reliability.
Configuration Decisions Also, you should use the default directory ports (389 and 636) for the user directory. If your configuration directory is managed by a server instance dedicated to that purpose, you should use some non-standard port for the configuration directory. You cannot install a user directory until you have installed a configuration directory somewhere on your network.
Installation Process Overview Installation Process Overview You can use one of several installation processes to install Directory Server. Each one guides you through the installation process and ensures that you install the various components in the correct order. The following sections outline the installation processes available, how to upgrade from an earlier release of Directory Server, and how to unpack the software to prepare for installation.
Installation Privileges Create the directory suffixes and databases. You do not have to populate your directory now; however, you should create the basic structure for your tree, including all major roots and branch points. For information about the different methods of creating a directory entry, refer to the Netscape Directory Server Administrator’s Guide.
Chapter 2 Computer System Requirements Before you can install Netscape Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements. These requirements are described in detail for each platform in the following sections: •...
Hardware Requirements Hardware Requirements On all platforms, you will need: • Roughly 200 MB of disk space for a minimal installation. For production systems, you should plan at least 2GB to support the product binaries, databases, and log files (log files require 1 GB by default); 4GB and greater may be required for very large directories.
Operating System Requirements dsktune Utility For UNIX platforms, Directory Server provides a utility that can help you check that you have the appropriate patches installed on your system. It also provides useful information and advice on how to tune your kernel parameters for best performance.
Operating System Requirements Verifying Disk Space Ensure that you have sufficient disk space before downloading the software. Current working directory: 120 MB Partition containing : 2 GB /usr/netscape Verifying Required System Modules Directory Server is optimized for the UltraSPARC chipsets and will not run on SPARCv8 or earlier chipsets Installing Patches You must use Solaris 8 with the Sun recommended patches.
Operating System Requirements Setting File Descriptors The system-wide maximum file descriptor table size setting will limit the number of concurrent connections that can be established to Directory Server. The governing parameter, , is set in the file. By default if this rlim_fd_max /etc/system parameter is not present the maximum is 1024.
Operating System Requirements controls the number of simultaneous connections tcp_smallest_anon_port that can be made to the server. When has been increased to above rlim_fd_max 4096, this value should be decreased, by adding a line similar to the following to file: /etc/init.d/inetinit ndd -set /dev/tcp tcp_smallest_anon_port 8192 parameter should be inspected if clients will...
Operating System Requirements Verifying Required System Modules Directory Server is not supported on Windows NT 3.5.1 or earlier releases, or Windows NT for the Alpha architecture. Neither is it supported on Windows NT Workstation, because this form of the operating system is not suitable for scalable Internet or Intranet server deployments.
Operating System Requirements Installing Third-Party Utilities You need an UNZIP utility to unpack the directory server software. There are many commercially licensed, free and shareware tools available, such as PKZIP or Winzip. Note that shareware unregistered versions of PKZIP 2.70 maintain a TCP/IP connection to an Internet advertising service, and so may not be suitable for installation on this system.
Operating System Requirements The Microsoft Security Configuration Manager is located on the Service Pack 6a CD-ROM, or can be downloaded from . This ftp://ftp.microsoft.com/bussys/winnt/winnt-public/tools/scm/ tool is described in Microsoft Knowledge Base article Q195227. Ensuring System Clock Accuracy So that date and time stamps in log files can be correlated with those of other computer systems, the system clock should be kept reasonably in sync.
Operating System Requirements Configuring the System Post Installation The Windows environment will require tuning to provide optimum performance for Directory Server in an operational environment. Consult the Windows system administrator's documentation or support channel for information on NT tuning for multi-threaded internet services. The sections that follow provide some guidelines.
Page 33
Operating System Requirements • Enabling Port Filtering—The RPC services are not removed, as it may be necessary for Microsoft software to make RPC connections on the loopback interface. However, the RPC ports must not be accessible to other systems. Open the Network window; select the Protocols tab, then select TCP/IP and click Properties...;...
Page 34
Operating System Requirements Note that after this change has been made, the Microsoft command-line FTP client will no longer operate. This is because the Microsoft client requires the FTP server to establish a connection in the reverse direction, and all non-LDAP ports are blocked.
Page 35
Operating System Requirements • Stopping Unwanted Services—Open the Control Panel, and the Services panel. Stop and disable any running services except for the following: EventLog, Netscape Directory Server, Netscape Administration Server, NT LM Security Support Provider, Plug and Play, Protected Storage, Remote Procedure Call (RPC) Service, and SNMP.
Page 36
Operating System Requirements Next, under Policies, choose User Rights. Select “Access this computer from the network,” remove Everyone, and add Authenticated Users. Netscape Directory Server Installation Guide • March 2002...
Page 37
Operating System Requirements Next, under Policies, choose Audit, select Audit These Events, and check the boxes for both Success and Failure for the Logon and Logoff Events. You may wish also to rename the administrator account to something else, making it harder to guess. If you have copied the passprop utility from the NT Server Resource Kit, it can be used to allow lockout of the administrator’s account by running it on the command line as...
Page 38
Operating System Requirements while it waits for additional control blocks to be created. By increasing the TCB timewait table size, you reduce latency overhead by allowing more client connections to be serviced faster. To adjust this value, add to the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param eters...
Operating System Requirements Windows NT ships with a variety of transport drivers such as TCP/IP, NBF (NetBEUI), and NWLink. All of these transports export a TDI interface on top and an NDIS (Network Driver Interface Specification) on the bottom. (Windows NT also ships with AppleTalk and DLC, however, these do not have a TDI interface.) If the TCP/IP protocol is first in the bindings list, average connection setup time decreases.
Operating System Requirements Ensure that you have sufficient disk space before downloading the software. Download drive: 120 MB Installation drive: 200 MB Verifying Required System Modules Directory Server is not supported on Windows 2000 Pro or Windows 2000 DataCenter Server. Installing Windows 2000 Server During the installation of Windows 2000, please observe the following: •...
Operating System Requirements To edit the server configuration file, you will need a text editor that is capable of handling large text files (Notepad and Wordpad are not suitable). If you are already familiar with Emacs text editor on UNIX, a port to Windows can be downloaded from .
Operating System Requirements HP-UX 11.0 Operating System This section contains the following information: • Verifying Disk Space Requirements • Verifying Required System Modules • Installing Patches • Tuning the System • Installing Third-Party Utilities Verifying Disk Space Requirements Ensure that you have sufficient disk space before downloading the software. Download drive: 120 MB Installation drive: 2 GB Verifying Required System Modules...
Operating System Requirements Install the patches listed in Table 2-2. To get a list of the patches, run the utility; it helps you to verify whether you have the appropriate dsktune patches installed on your system and provides useful information and advice on how to tune your kernel parameters for best performance.
Operating System Requirements You also need to turn on large file support in order for Directory Server to work properly. To change an existing file system (from one that has no large files to one that accepts large files): Unmount the system using the command.
Chapter 3 Using Express and Typical Installation This chapter describes how to perform basic installation activities. This chapter contains the following sections: • Using Express Installation (page 45) • Using Typical Installation (page 47) Using Express Installation Use express installation if you are installing Directory Server to evaluate or test the product.
Page 46
Using Express Installation where file_name corresponds to the product binaries you want to unpack. On Windows NT and Windows 2000, unzip the product binaries. Run the setup program. You can find it in the directory in which you untarred or unzipped the binary files. On a UNIX system, issue the following command: ./setup Select “yes”...
Using Typical Installation Do not modify the contents of the directory under the suffix. o=NetscapeRoot Either create data under the first suffix, or create a new suffix to be used for this purpose. For details on how to create new suffixes for your Directory Server, see the Netscape Directory Server Administrator’s Guide.
Page 48
Using Typical Installation When you are asked what you would like to install, press Enter to select the default, Netscape Servers (this is item 1). When you are asked what type of installation you would like to perform, press Enter to select the default, Typical Installation. For server root, enter a full path to the location where you want to install your server.
Page 49
Using Typical Installation The setup program then asks you for the System User and the System Group names. Enter the identity under which you want the servers to run. For more information on the user and group names that you should use when running Netscape servers, see “Deciding the User and Group for Your Netscape Servers (UNIX only),”...
Page 50
Using Typical Installation For a directory suffix, enter a distinguished name meaningful to your enterprise. This string is used to form the name of all your organization’s directory entries. Therefore, pick a name that is representative of your organization. It is recommended that you pick a suffix that corresponds to your internet DNS name.
Using Typical Installation The server is then unpackaged, minimally configured, and started. You are told what host and port number Administration Server is listening on. The server is configured to use the following suffixes: • The suffix that you configured. •...
Page 52
Using Typical Installation For the directory to store data in, you must decide if this Directory Server instance will store your enterprise’s data. For most cases, you can select the default, “Store data in this Directory Server.” However, if this Directory Server instance is intended to be a configuration directory only, then you should select “Store data in an existing Directory Server.”...
Page 53
Using Typical Installation NOTE Any Distinguished Names must be entered in the UTF-8 character set encoding. Older encodings such as ISO-8859-1 are not supported. In former releases of Directory Server, the Directory Manager was known as the root DN. This is the entry that you bind to the directory as when you want access control to be ignored.
Page 54
Using Typical Installation Netscape Directory Server Installation Guide • March 2002...
Chapter 4 Silent Installation Silent installation allows you to use a file to predefine all the answers that you would normally supply to the setup program interactively. This provides you with the ability to script the installation of your Netscape Directory Servers (Directory Servers).
Preparing Silent Installation Files On Windows NT and Windows 2000, unzip the product binaries. Prepare the file that will contain your installation directives. Run the setup program with the command line options: setup -s -f file_name where file_name is the name of the file that contains your installation directives. The next section in this chapter provides some examples of the silent install files.
Page 57
Preparing Silent Installation Files To do this run setup with the flag. The setup program will create the following file: /<ServerRoot>/setup/install.inf This file contains all the directives that you would use with silent installation to create the server instance. You can then use this file to create other server instances of that type.
Preparing Silent Installation Files A Typical Installation The following is the file that is generated for a typical installation: install.inf [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup= nobody ServerRoot= /usr/netscape/servers AdminDomain= example.com ConfigDirectoryAdminID= admin ConfigDirectoryAdminPwd= admin ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot UserDirectoryAdminID= admin UserDirectoryAdminPwd= admin UserDirectoryLdapURL= ldap://dir.example.com:389/o=example.com Components=...
Preparing Silent Installation Files Using an Existing Configuration Directory The following is the file that is generated when you perform a typical install.inf installation and you choose to use an existing Directory Server as the configuration directory: [General] FullMachineName= dir.example.com SuiteSpotUserID= nobody SuiteSpotGroup=...
Installation Directives Components= admin,admin-client,base-jre [base] Components= base,base-client, base-jre [nsperl] Components= nsperl553 [perldap] Components= perldap14 Installing the Stand-Alone Netscape Console The following is the file that is generated when you install just install.inf Netscape Console: [General] FullMachineName= dir.example.com ConfigDirectoryLdapURL= ldap://dir.example.com:389/o=NetscapeRoot SuiteSpotUserID= nobody SuiteSpotGroup= nobody...
Installation Directives • [General] Installation Directives • [Base] Installation Directives • [slapd] Installation Directives • [admin] Installation Directives Silent Installation File Format When you use silent installation, you provide all the installation information in a file. This file is formatted as follows: [General] directive=value directive=value...
Installation Directives [General] Installation Directives [General] installation directives specify information of global interest to the Netscape servers installed at your site. That is, the information you provide here will be common to all your Netscape servers. The [General] installation directives are: Table 4-1 [General] Installation Directives Directive...
Installation Directives [General] Installation Directives (Continued) Table 4-1 Directive Description ConfigDirectoryLdapURL Specifies the LDAP URL that is used to connect to your configuration directory. LDAP URLs are described in the Netscape Directory Server Administrator’s Guide. This directive is required. AdminDomain Specifies the administration domain under which this server will be registered.
Installation Directives Table 4-2 [Base] Installation Directive Directive Description Components Specifies the base components to be installed. The base components are: • base—install the shared libraries used by all Server Consoles. You must install this package if you are also installing some other Netscape server. •...
Installation Directives Table 4-3 Required [slapd] Installation Directives Directive Description Components Specifies the slapd components to be installed. The slapd components are: • slapd—install the Directory Server. • slapd-client—install the Directory Server Console. This directive is required. It is recommended that you always install both components any time you install the Directory Server.
Installation Directives Table 4-4 Optional [slapd] Installation Directives Directive Description AddSampleEntries If set to Yes, this directive causes the example.ldif sample directory to be loaded. Use this directive if you are installing the Directory Server for evaluation purposes and you do not already have an LDIF file to populate your directory with.
Page 67
Installation Directives [admin] Installation Directives (Continued) Table 4-5 Directive Description SysUser UNIX only. Specifies the user that the Administration Server will run as. For default installations that use the default Netscape port numbers, this user must be root. Root is the default. For information on what users your servers should run as, see “Deciding the User and Group for Your Netscape Servers (UNIX only),”...
Page 68
Installation Directives Netscape Directory Server Installation Guide • March 2002...
Chapter 5 Post Installation This chapter describes the post-installation procedures for launching the online help and populating the directory tree. This chapter has the following sections: • Launching the Help System (page 69) • Populating the Directory Tree (page 70) Launching the Help System The help system for Directory Server is dependent upon Netscape Administration Server.
Populating the Directory Tree Proxy authorized on Administration Server. If you use proxies for your HTTP connections on the client machine running Directory Server Console, you need to do one of the following: • Remove proxies on the machine running Directory Server Console. This allows the client machine to access Administration Server directly.
Page 71
Populating the Directory Tree • Start your Directory Server with an empty database and import data over LDAP—This method requires you to populate your directory using an LDAP client such as Directory Server Gateway or the command-line ldapmodify utility. Use this method if you have just a few entries to add at a time. For information on setting up the Directory Server Gateway, check the Netscape Directory Server Gateway Customization Guide.
Page 72
Populating the Directory Tree Netscape Directory Server Installation Guide • March 2002...
Chapter 6 Migrating From Previous Versions You can upgrade to Netscape Directory Server 6.0 from Directory Server 4.0, 4.1, 4.11, 4.12, 4.13, or 5.0. This chapter describes the upgrade process in the following sections: • Migration Overview (page 73) • Migration Prerequisites (page 74) •...
Migration Prerequisites The migration script performs the following tasks in sequence: • Checks the schema configuration files, and notifies you of any changes between the standard configuration files and the ones present on your system. • Creates a database for each suffix stored in the legacy Directory Server. (In Directory Server 5.0 and 6.0 you can have multiple databases, but just one suffix per database).
Page 75
Migration Prerequisites • If you want to continue to run your legacy Directory Server, when you install Directory Server 6.0 choose different ports for LDAP traffic and for secured connections from the ones used by your legacy Directory Server. If you will not be running your legacy Directory Server, use the same port numbers to ensure that any directory clients that have static configuration information (including directory server port numbers) will continue to work.
Identifying Custom Schema Identifying Custom Schema If you customized the schema in your legacy Directory Server by modifying directly, then the server migration process slapd.at.conf slapd.oc.conf cannot migrate your custom schema for you. Instead, you are notified during migration that you have modified the standard schema and that you need to manually fix the problem.
Migration Procedure Then, if you added custom attributes to standard object classes in slapd.oc.conf you must do the following: In the file (or your equivalent), create a new object class slapd.user_oc.conf that includes your custom attributes. Add this new object class to every entry in your directory that uses the custom attributes.
Page 78
Migration Procedure Run the migration script. As root user (UNIX), or administrator (on NT), change directory to . Then /usr/netscape/servers/bin/slapd/admin/bin enter the following command: On UNIX: migrateInstance6 -D rootDN -w passwd -p port -o oldServerPath -n newServerPath ON NT: perl migrateInstance6 -D rootDN -w passwd -p port -o oldServerPath -n newServerPath where: rootDN is the DN for Directory Manager in Directory Server 6.0 passwd is the password for Directory Manager in Directory Server 6.0...
Migrating a Replicated Site Update successfully passwordHistory Update global LDBM parameters... Update successfully nsslapd-mode Update specific backend parameters... Migrate DSE entries... Migrate attributes... Migrate objectclasses... Migrate indexes... Migrate plugin’s... Your legacy Directory Server is then migrated. As a result of this migration, a new Directory Server 6.0 instance is installed using the configuration information obtained from your legacy Directory Server.
Migrating a Replicated Site • The 6.0 Directory Server must be configured as a legacy consumer. • The replication agreement between the 4.x supplier server and the 6.0 consumer server must be a 4.x supplier-initiated replication agreement. Approach Given the constraints, the approach to migrating a replication topology of 4.x servers is to: Install the 6.0 Directory Server, configure it both: As a read-write replica that logs changes (the role the server will fulfill...
Page 81
Migrating a Replicated Site NOTE You can migrate a topology where Server B and Server C have CIR replication agreements with Server A. However, you cannot have CIR agreements in the new replication environment because Directory Server 6.0 does not support consumer-initiated replication.
Page 82
Migrating a Replicated Site Netscape Directory Server Installation Guide • March 2002...
Chapter 7 Troubleshooting This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system. This chapter has the following sections: • Running dsktune (page 83) •...
Page 84
Running dsktune Netscape Directory Server system tuning analysis version 25-SEP-2001. Copyright 2001 Sun Microsystems, Inc. Portions copyright 1999, 2001 Netscape Communications Corporation. All rights reserved. NOTICE : System is usparc-sun-solaris5.8 (SUNW,Ultra-5_10) (1 processor). NOTICE : Patch 109320-01 is not installed. NOTICE : Patch 108875-04 is present, but 108875-07 is a more recent version.
Common Installation Problems ndd -set /dev/tcp tcp_smallest_anon_port 8192 WARNING: tcp_deferred_ack_interval is currently 100 milliseconds. This will cause Solaris to insert artificial delays in the LDAP protocol. It should be reduced during load testing. This line can be added to the /etc/init.d/inetinit file: ndd -set /dev/tcp tcp_deferred_ack_interval 5 WARNING: There are only 1024 file descriptors available, which limit the number of simultaneous connections.
Page 86
Common Installation Problems This error occurs when a machine is not correctly configured to use DNS naming. The default fully qualified host and domain name presented during installation is not correct. If you accept the defaults, you receive the LDAP authentication error. To successfully install, you need to provide a fully qualified domain name that consists of a local host name along with its domain name.
Glossary access control instruction See ACI. ACI Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list See ACL. ACL Access control list. The mechanism for controlling access to your directory. access rights In the context of access control, specify the level of access granted or denied.
Page 88
attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list A list of required and optional attributes for a given entry type or object class.
Page 89
browser Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. browsing index Otherwise known as the virtual view index, speeds up the display of entries in the Directory Server Console.
Page 90
CIR See consumer-initiated replication. class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory. class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes.
Page 91
DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. Data Master The server that is the master source of a particular piece of data. database link An implementation of chaining. The database link behaves like a database but has no persistent storage.
Page 92
DNS alias A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as might point to a real machine called www.[yourdomain].[domain] where the server currently exists.
Page 93
HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Netscape Navigator how to display text, position graphics and form items, and display links to other pages. HTTP Hypertext Transfer Protocol.
Page 94
LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format LDAP client Software used to request and view LDAP entries from an LDAP Directory Server. See also browser. LDAP Data Interchange Format See LDAP Data Interchange Format. LDAP URL Provides the means of locating directory servers using DNS and then completing the query via LDAP.
Page 95
matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. MD5 A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data, that is unique with high probability, and is mathematically extremely hard to produce a piece of data that will produce the same message digest.
Page 96
network management station See NMS. NIS Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, file systems, and network parameters throughout a network of computers. NMS Network Management Station.
Page 97
permission In the context of access control, the permission states whether access to the directory information is granted or denied, and the level of access that is granted or denied. See access rights. PDU Protocol Data Unit. Encoded messages which form the basis of data exchanges between SNMP devices.
Page 98
RDN Relative distinguished name. The name of the actual entry itself, before the entry’s ancestors have been appended to the string to form the full distinguished name. referential integrity Mechanism that ensures that relationships between related entries are maintained within the directory. referral (1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
Page 99
root The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine. root suffix The parent of one or more sub suffixes. A directory tree can contain more than one root suffix. schema Definitions describing what types of information can be stored as entries in the directory.
Page 100
single-master replication The most basic replication scenario in which two servers each hold a copy of the same read-write replicas to consumer servers. In a single-master replication scenario, the supplier server maintains a change log. SIR See supplier-initiated replication. slapd LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication.
Page 101
supplier server In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica. supplier-initiated replication Replication configuration where supplier servers replicate directory data to consumer servers. symmetric encryption Encryption that uses the same key for both encrypting and decrypting.
Page 102
virtual list view index Otherwise known as a browsing index, speeds up the display of entries in the Directory Server Console. Virtual list view indexes can be created on any branchpoint in the directory tree to improve display performance. X.500 standard The set of ISO/ITU-T documents outlining the recommended information model, object classes and attributes used by directory server implementations.
Index administration domain, defined 18 express install defined 19 administration port number 33, 50 using 45 administration server 12 administration server user 15 authentication entities 15 fonts, in this book 8 configuration decisions 12 configuration directory administrator 15 configuration directory, defined 16 conventions, in this book 8 glossary of terms 87–102 creating silent install files 56...
Page 104
preparing for 11 process overview 19 replicated site new installations 19 migration 79 requirements 21 requirements installation directory, default 14 computer system 21 root DN (directory manager) 15 running server, users and groups 14 LDAP Data Interchange Format (LDIF) creating databases using 70 LDIF, See LDAP Data Interchange Format schema, migrating 76 server root 13...
Page 105
upgrading prerequisites for 74 upgrading schema 76 upgrading the directory server 73 user and groups to run servers as 14 user directory, defined 17 Index...
Page 106
Netscape Directory Server Installation Guide • March 2002...