Page 1 Configuration, Command, and File Reference Netscape Directory Server Version 7.0 October 2004...
Page 2 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law.
Page 3: Table Of Contents
Contents About This Reference Guide ........... . . 19 Directory Server Overview .
Page 4 Modifying Configuration Entries Using LDAP ........33 Restrictions to Modifying Configuration Entries and Attributes .
Page 5 nsslapd-ds4-compatible-schema ........... . 55 nsslapd-enquote-sup-oc (Enable Superior Object Class Enquoting) .
Page 6 nsslapd-rootpwstoragescheme (Root Password Storage Scheme) ......78 nsslapd-schema-ignore-trailing-spaces (Ignore Trailing Spaces in Object Class Names) ..79 nsslapd-schemacheck (Schema Checking) .
Page 7 Replication Attributes under cn=replica, cn=“suffixName”, cn=mapping tree,cn=config ..100 cn ................100 nsDS5Flags .
Page 8 dTableSize ..............116 readWaiters .
Page 9 Integer Syntax Plug-in ............. . 133 Internationalization Plug-in .
Page 10 nsslapd-db-debug ..............156 nsslapd-db-durable-transactions .
Page 11 nsslapd-db-deadlock-rate ............172 nsslapd-db-dirty-pages .
Page 12 nsMaxResponseDelay ............181 nsMaxTestResponseDelay .
Page 13 Chapter 4 Server Instance File Reference ........193 Overview of Directory Server Files .
Page 14 Database Link Attributes ............223 SNMP Attributes .
Page 15 Options ............... . . 253 db2dsml (Export database contents to DSML) .
Page 16 Options ............... . . 263 vlvindex (Create virtual list view indexes) .
Page 17 Options ............... . . 281 Configuration File Format .
Page 18 Netscape Directory Server Configuration, Command, and File Reference • October 2004...
Page 19: About This Reference Guide
Directory Server Overview About This Reference Guide Netscape Directory Server (Directory Server) is a powerful and scalable distributed directory server based on the industry-standard Lightweight Directory Access Protocol (LDAP). Directory Server is the cornerstone for building a centralized and distributed data repository that can be used in your intranet, over your extranet with your trading partners, or over the public Internet to reach your customers.
Page 20: Prerequisite Reading
Prerequisite Reading • Directory Server Console — An improved management console that dramatically reduces the effort of setting up and maintaining your directory service. Directory Server Console is part of Netscape Console, the common management framework for Netscape servers. • SNMP Agent —...
Page 21: Conventions Used In This Reference Guide
Conventions Used in This Reference Guide Conventions Used in This Reference Guide This section explains the conventions used in this book. • — This typeface is used for any text that appears on the Monospaced font computer screen or text that you should type. It is also used for filenames, functions, and examples.
Page 22 Related Information • Netscape Directory Server Installation Guide. Procedures for installing Directory Server as well as procedures for migrating your Directory Server. • Netscape Directory Server Administrator’s Guide. Procedures for the day-to-day maintenance of your directory service. Includes information on configuring server-side plug-ins.
Page 23: Chapter 1 Introduction
Overview of Directory Server Management Chapter 1 Introduction This chapter provides a brief overview of the configuration and administration utilities provided to manage the Netscape Directory Server (Directory Server). This chapter is divided into the following sections: • Overview of Directory Server Management (page 23) •...
Page 24: Directory Server Configuration
Directory Server Configuration You can perform most Directory Server administrative tasks through Netscape Console, the graphical user interface provided with the Directory Server. For information on the general use of the Netscape Console, see Managing Servers with Netscape Console, and, for details on how to use the console to manage the Directory Server in particular, see Netscape Directory Server Administrator’s Guide.
Page 25: Using Directory Server Command-Line Utilities
Using Directory Server Command-Line Utilities Using Directory Server Command-Line Utilities Directory Server comes with a set of configurable command-line utilities that you can use to search and modify entries in the directory and administer the server. Chapter 7, “Command-Line Utilities,”describes these command-line utilities and contains information on where the utilities are stored and how to access them.
Page 26 Using Directory Server Command-Line Scripts Netscape Directory Server Configuration, Command, and File Reference • October 2004...
Page 27: Chapter 2 Core Server Configuration Reference
Server Configuration - Overview Chapter 2 Core Server Configuration Reference The configuration information for Netscape Directory Server (Directory Server) is stored as LDAP entries within the directory itself. Therefore, changes to the server configuration must be implemented through the use of the server itself rather than by simply editing configuration files.
Page 28 Server Configuration - Overview configuration information. Note that the latest version of this file is called , the version prior to the last modification is called , and dse.ldif dse.ldif.bak the latest file with which the server successfully started is called dse.ldif.startOK Many of the features of the Directory Server are designed as discrete modules that plug into the core server.
Page 29: Ldif Configuration Files - Location
Server Configuration - Overview LDIF Configuration Files - Location The Directory Server configuration data is automatically output to files in LDIF format that are located in the following directory: serverRoot/slapd-serverID/config Thus, if you specified a server identifier of , then, in a default phonebook installation, your configuration LDIF files are all stored under: /usr/netscape/servers/slapd-phonebook/config...
Page 30: Configuration Of Plug-In Functionality
Server Configuration - Overview dn: cn=config objectclass: top objectclass: extensibleObject objectclass: nsslapdConfig nsslapd-accesslog-logging-enabled: on nsslapd-enquote-sup-oc: on nsslapd-localhost: phonebook.example.com nsslapd-errorlog: /usr/netscape/servers/slapd-phonebook/logs/errors nsslapd-schemacheck: on nsslapd-store-state-info: on nsslapd-port: 389 nsslapd-localuser: nobody Configuration of Plug-in Functionality The configuration for each part of Directory Server plug-in functionality has its own separate entry and set of attributes under the subtree .
Page 31: Configuration Of Databases
Server Configuration - Overview For a list of plug-ins supported by Directory Server, general plug-in configuration information, the plug-in configuration attribute reference, and a list of plug-ins requiring restart, see chapter 3, “Plug-in Implemented Server Functionality Reference.” Configuration of Databases subtrees contain configuration data for cn=NetscapeRoot cn=UserRoot...
Page 32: Accessing And Modifying Server Configuration
Accessing and Modifying Server Configuration Accessing and Modifying Server Configuration This section discusses access control for configuration entries and describes the various ways in which the server configuration can be viewed and modified. It also covers restrictions to the kinds of modification that can be made and discusses attributes that require the server to be restarted for changes to take effect.
Page 33: Changing Configuration Attributes
Accessing and Modifying Server Configuration • The user acting as the Administrator, who has the UID that can be admin configured at installation time. • Members of local Directory Administrators Group. • The local Directory Administrator (root DN). • The SIE (Server Instance Entry) Group, usually assigned using the Set Access Permissions from the main topology view in the main console.
Page 34: Restrictions To Modifying Configuration Entries And Attributes
Accessing and Modifying Server Configuration NOTE As with any set of configuration files, care should be taken when changing or deleting nodes in the subtree as this risks cn=config affecting Directory Server functionality. The entire configuration, including attributes that always take default values, can be viewed by performing an operation on the subtree:...
Page 35: Configuration Changes Requiring Server Restart
Core Server Configuration Attributes Reference Configuration Changes Requiring Server Restart Some configuration attributes cannot be altered dynamically while the server is running. In these cases, for the changes to take effect, the server needs to be shut down and restarted. The modifications should be made either through the Directory Server Console or by manually editing the file.
Page 36: Cn=Config
Core Server Configuration Attributes Reference • cn=changelog5 • cn=encryption • cn=features • cn=mapping tree • cn=monitor • cn=replication • cn=SNMP • cn=tasks • cn=uniqueid generator node is covered in the chapter 3, “Plug-in Implemented Server cn=plugins Functionality Reference.” The description of each attribute contains details such as the DN of its directory entry, its default value, the valid range of values, and an example of its use.
Page 37: Nsslapd-Accesslog (Access Log)
Core Server Configuration Attributes Reference Syntax: DirectoryString Example: nsslapd-accesscontrol: off nsslapd-accesslog (Access Log) Specifies the path and filename of the log used to record each database access. The following information is recorded by default in the log file: • IP address of the client machine that accessed the database. •...
Page 38: Nsslapd-Accesslog-Level
Core Server Configuration Attributes Reference Valid Values: Any valid filename. Default Value: serverRoot/slapd-serverID/logs/access Syntax: DirectoryString Example: nsslapd-accesslog: /usr/netscape/servers/slapd-phonebook/logs/access nsslapd-accesslog-level Controls what is logged to the access log. Entry DN: cn=config Valid Values: 0 — No access logging 4 — Logging for internal access operations 256 —...
Page 39: Nsslapd-Accesslog-Logbuffering (Log Buffering)
Core Server Configuration Attributes Reference nsslapd-accesslog-logbuffering (Log Buffering) When set to , the server writes all access log entries directly to disk. Entry DN: cn=config Valid Values: on | off Default Value: Syntax: DirectoryString Example: nsslapd-accesslog-logbuffering: off nsslapd-accesslog-logexpirationtime (Access Log Expiration Time) Specifies the maximum age that a log file is allowed to reach before it is deleted.
Page 40: Nsslapd-Accesslog-Logging-Enabled (Access Log Enable Logging)
Core Server Configuration Attributes Reference nsslapd-accesslog-logging-enabled (Access Log Enable Logging) Disables and enables accesslog logging but only in conjunction with the attribute that specifies the path and filename of the log used nsslapd-accesslog to record each database access. For access logging to be enabled, this attribute must be switched to and the configuration attribute must have a valid path and filename.
Page 41: Nsslapd-Accesslog-Logminfreediskspace (Access Log Minimum Free Disk Space)
Core Server Configuration Attributes Reference When setting a maximum disk space, consider the total number of log files that can be created due to log file rotation. Also, remember that there are three different log files (access log, audit log, and error log) maintained by the Directory Server, each of which will consume disk space.
Page 42: Nsslapd-Accesslog-Logrotationsynchour (Access Log Rotation Sync Hour)
Core Server Configuration Attributes Reference For access log rotation to be synchronized with time-of-day, this attribute must be enabled with the nsslapd-accesslog-logrotationsynchour attribute values set to the hour and nsslapd-accesslog-logrotationsyncmin minute of the day for rotating log files. For example, to rotate access log files everyday at midnight, enable this attribute by setting its value to and then set the values of the nsslapd-accesslog-logrotationsynchour...
Page 43: Nsslapd-Accesslog-Logrotationtime (Access Log Rotation Time)
Core Server Configuration Attributes Reference Entry DN: cn=config Valid Range: 0 through 59 Default Value: Syntax: Integer Example: nsslapd-accesslog-logrotationsyncmin: 30 nsslapd-accesslog-logrotationtime (Access Log Rotation Time) Specifies the time between access log file rotations. The access log will be rotated when this time interval is up, regardless of the current size of the access log. This attribute supplies only the number of units.
Page 44: Nsslapd-Accesslog-Maxlogsize (Access Log Maximum Log Size)
Core Server Configuration Attributes Reference Valid Values: month | week | day | hour | minute Default Value: Syntax: DirectoryString Example: nsslapd-accesslog-logrotationtimeunit: week nsslapd-accesslog-maxlogsize (Access Log Maximum Log Size) Specifies the maximum access log size in megabytes. When this value is reached, the access log is rotated.
Page 45: Nsslapd-Accesslog-Mode (Access Log File Permission)
Core Server Configuration Attributes Reference If the value for this attribute is higher than , then you need to check the attribute to establish whether or not log nsslapd-accesslog-logrotationtime rotation is specified. If the attribute has a nsslapd-accesslog-logrotationtime value of , then there is no log rotation.
Page 46: Nsslapd-Attribute-Name-Exceptions
Core Server Configuration Attributes Reference Syntax: Integer Example: nsslapd-accesslog-mode: 600 nsslapd-attribute-name-exceptions Allows non-standard characters in attribute names to be used for backwards compatibility with older servers. Entry DN: cn=config Valid Values: on | off Default Value: Syntax: DirectoryString Example: nsslapd-attribute-name-exceptions: on nsslapd-auditlog (Audit Log) Specifies the pathname and filename of the log used to record changes made to each database.
Page 47: Nsslapd-Auditlog-List
Core Server Configuration Attributes Reference Attributes in dse.ldif Value Logging enabled or disabled Disabled nsslapd-auditlog-logging-enabled empty string nsslapd-auditlog Enabled nsslapd-auditlog-logging-enabled filename nsslapd-auditlog Disabled nsslapd-auditlog-logging-enabled empty string nsslapd-auditlog Disabled nsslapd-auditlog-logging-enabled filename nsslapd-auditlog nsslapd-auditlog-list Provides a list of audit log files. Entry DN: cn=config Valid Values: Default Value:...
Page 48: Nsslapd-Auditlog-Logexpirationtimeunit (Audit Log Expiration Time Unit)
Core Server Configuration Attributes Reference nsslapd-auditlog-logexpirationtimeunit (Audit Log Expiration Time Unit) Specifies the units for the attribute. If nsslapd-auditlog-logexpirationtime the unit is unknown by the server, then the log will never expire. Entry DN: cn=config Valid Values: month | week | day Default Value: week Syntax:...
Page 49: Nsslapd-Auditlog-Logmaxdiskspace (Audit Log Maximum Disk Space)
Core Server Configuration Attributes Reference Attributes in dse.ldif Value Logging enabled or disabled Disabled nsslapd-auditlog-logging-enabled nsslapd-auditlog empty string Disabled nsslapd-auditlog-logging-enabled nsslapd-auditlog filename nsslapd-auditlog-logmaxdiskspace (Audit Log Maximum Disk Space) Specifies the maximum amount of disk space in megabytes that the audit logs are allowed to consume.
Page 50: Nsslapd-Auditlog-Logrotationsync-Enabled (Audit Log Rotation Sync Enabled)
Core Server Configuration Attributes Reference Example: nsslapd-auditlog-logminfreediskspace: 3 nsslapd-auditlog-logrotationsync-enabled (Audit Log Rotation Sync Enabled) Specifies whether audit log rotation is to be synchronized with a particular time of the day. Synchronizing log rotation this way enables you to generate log files at a specified time during a day, such as midnight to midnight everyday.
Page 51: Nsslapd-Auditlog-Logrotationsyncmin (Audit Log Rotation Sync Minute)
Core Server Configuration Attributes Reference Syntax: Integer Example: nsslapd-auditlog-logrotationsynchour: 23 nsslapd-auditlog-logrotationsyncmin (Audit Log Rotation Sync Minute) Specifies the minute of the day for rotating audit logs. This attribute must be used in conjunction with nsslapd-auditlog-logrotationsync-enabled attributes. nsslapd-auditlog-logrotationsynchour Entry DN: cn=config Valid Range: 0 through 59 Default Value:...
Page 52: Nsslapd-Auditlog-Logrotationtimeunit (Audit Log Rotation Time Unit)
Core Server Configuration Attributes Reference Valid Range: -1 | 1 to the maximum 32 bit integer value (2147483647), where a value of -1 means that the time between audit log file rotation is unlimited. Default Value: Syntax: Integer Example: nsslapd-auditlog-logrotationtime: 100 nsslapd-auditlog-logrotationtimeunit (Audit Log Rotation Time Unit) Specifies the units for the attribute.
Page 53: Nsslapd-Auditlog-Maxlogsperdir (Audit Log Maximum Number Of Log Files)
Core Server Configuration Attributes Reference nsslapd-auditlog-maxlogsperdir (Audit Log Maximum Number of Log Files) Specifies the total number of audit logs that can be contained in the directory where the audit log is stored. If you are using log file rotation, then each time the audit log is rotated, a new log file is created.
Page 54: Nsslapd-Certmap-Basedn (Certificate Map Search Base)
Core Server Configuration Attributes Reference In the 3-digit number, the first digit represents the owner’s permissions, the second digit represents the group’s permissions, and the third digit represents everyone’s permissions. When changing the default value, keep in mind that will not allow access to the logs and that allowing write permissions to everyone can result in the logs being overwritten or deleted by anyone.
Page 55: Nsslapd-Conntablesize
Core Server Configuration Attributes Reference nsslapd-conntablesize Specifies the connection table size, which determines the total number of connections supported by the server. Entry DN: cn=config Valid Values: Operating-system dependant Default Value: On Windows 2000, the default value is 4093, a prime number, to hash into the table.
Page 56: Nsslapd-Enquote-Sup-Oc (Enable Superior Object Class Enquoting)
Core Server Configuration Attributes Reference Entry DN: cn=config Valid Values: on | off Default Value: Syntax: DirectoryString Example: nsslapd-ds4-compatible-schema: off nsslapd-enquote-sup-oc (Enable Superior Object Class Enquoting) Controls whether quoting in the attributes contained in the objectclasses entry will conform to the quoting specified by internet draft RFC 2252. cn=schema By default, the Directory Server places single quotes around the superior object class identified on the...
Page 57: Nsslapd-Errorlog (Error Log)
Core Server Configuration Attributes Reference Default Value: Syntax: DirectoryString Example: nsslapd-enquote-sup-oc: off nsslapd-errorlog (Error Log) Specifies the pathname and filename of the log used to record error messages generated by the Directory Server. These messages can describe error conditions, but more often they will contain informative conditions such as these: •...
Page 58: Nsslapd-Errorlog-Level (Error Log Level)
Core Server Configuration Attributes Reference Attributes in dse.ldif Value Logging enabled or disabled Disabled nsslapd-errorlog-logging-enabled empty string nsslapd-errorlog Disabled nsslapd-errorlog-logging-enabled filename nsslapd-errorlog nsslapd-errorlog-level (Error Log Level) Specifies the level of logging to be used by the Directory Server. The log level is additive;...
Page 59: Nsslapd-Errorlog-List
Core Server Configuration Attributes Reference Default Value: Logging is turned off (the nsslapd-errorlog-level attribute is not included in the dse.ldif file). Syntax: Integer Example: nsslapd-errorlog-level: 8192 nsslapd-errorlog-list This read-only attribute provides a list of error log files. Entry DN: cn=config Valid Values: Default Value: None...
Page 60: Nsslapd-Errorlog-Logging-Enabled (Enable Error Logging)
Core Server Configuration Attributes Reference Valid Values: month | week | day Default Value: month Syntax: DirectoryString Example: nsslapd-errorlog-logexpirationtimeunit: week nsslapd-errorlog-logging-enabled (Enable Error Logging) Turns error logging on and off. Entry DN: cn=config Valid Values: on | off Default Value: Syntax: DirectoryString Example:...
Page 61: Nsslapd-Errorlog-Logminfreediskspace (Error Log Minimum Free Disk Space)
Core Server Configuration Attributes Reference nsslapd-errorlog-logminfreediskspace (Error Log Minimum Free Disk Space) Specifies the minimum allowed free disk space in megabytes. When the amount of free disk space falls below the value specified on this attribute, the oldest error log is deleted until enough disk space is freed to satisfy this attribute.
Page 62: Nsslapd-Errorlog-Logrotationsynchour (Error Log Rotation Sync Hour)
Core Server Configuration Attributes Reference nsslapd-errorlog-logrotationsynchour (Error Log Rotation Sync Hour) Specifies the hour of the day for rotating error logs. This attribute must be used in conjunction with nsslapd-errorlog-logrotationsync-enabled attributes. nsslapd-errorlog-logrotationsyncmin Entry DN: cn=config Valid Range: 0 through 23 Default Value: Syntax: Integer...
Page 63: Nsslapd-Errorlog-Logrotationtime (Error Log Rotation Time)
Core Server Configuration Attributes Reference Although it is not recommended for performance reasons to specify no log rotation, as the log will grow indefinitely, you have two ways of specifying this. Either you set the attribute value to or the nsslapd-errorlog-maxlogsperdir attribute to .
Page 64: Nsslapd-Errorlog-Logrotationtimeunit (Error Log Rotation Time Unit)
Core Server Configuration Attributes Reference Syntax: Integer Example: nsslapd-errorlog-logrotationtime: 100 nsslapd-errorlog-logrotationtimeunit (Error Log Rotation Time Unit) Specifies the units for (Error Log Rotation nsslapd-errorlog-logrotationtime Time). If the unit is unknown by the server, then the log will never expire. Entry DN: cn=config Valid Values: month | week | day | hour | minute...
Page 65: Nsslapd-Errorlog-Maxlogsperdir (Maximum Number Of Error Log Files)
Core Server Configuration Attributes Reference nsslapd-errorlog-maxlogsperdir (Maximum Number of Error Log Files) Specifies the total number of error logs that can be contained in the directory where the error log is stored. If you are using log file rotation, then each time the error log is rotated, a new log file is created.
Page 66: Nsslapd-Groupevalnestlevel
Core Server Configuration Attributes Reference In the 3-digit number, the first digit represents the owner’s permissions, the second digit represents the group’s permissions, and the third digit represents everyone’s permissions. When changing the default value, keep in mind that will not allow access to the logs and that allowing write permissions to everyone can result in the logs being overwritten or deleted by anyone.
Page 67: Nsslapd-Idletimeout (Default Idle Timeout)
Core Server Configuration Attributes Reference nsslapd-idletimeout (Default Idle Timeout) Specifies the amount of time in seconds after which an idle LDAP client connection is closed by the server. A value of indicates that the server will never close idle connections. You can use the operational attribute, which can be nsIdleTimeout added to user entries, to override the value assigned to this attribute.
Page 68: Nsslapd-Lastmod (Track Modification Time)
Core Server Configuration Attributes Reference Syntax: Integer Example: nsslapd-ioblocktimeout: 1800000 nsslapd-lastmod (Track Modification Time) Specifies whether the Directory Server maintains the modification attributes for Directory Server entries. These attributes include: • — The distinguished name of the person who last modified modifiersname the entry.
Page 69: Nsslapd-Localhost (Local Host)
Core Server Configuration Attributes Reference Example: nsslapd-listenhost: host_name nsslapd-localhost (Local Host) This read-only attribute specifies the host machine on which the Directory Server runs. Entry DN: cn=config Valid Values: Any fully qualified hostname. Default Value: Hostname of installed machine. Syntax: DirectoryString Example: nsslapd-localhost:phonebook.example.com...
Page 70: Nsslapd-Maxdescriptors (Maximum File Descriptors)
Core Server Configuration Attributes Reference The limit applies to the total size of the LDAP request. For example, if the request is to add an entry and if the entry in the request is larger than two megabytes, then the add request is denied. Care should be taken when changing this attribute, and we recommend contacting Netscape Professional Services before doing so.
Page 71: Nsslapd-Maxthreadsperconn (Maximum Threads Per Connection)
Core Server Configuration Attributes Reference NOTE UNIX shells usually have configurable limits on the number of file descriptors. See your operating-system documentation for further information regarding , as these limits can often limit ulimit cause problems. Entry DN: cn=config Valid Range: 1 to 65535 Default Value: 1024...
Page 72: Nsslapd-Outbound-Ldap-Io-Timeout
Core Server Configuration Attributes Reference Entry DN: cn=config Valid Values: on | off Default Value: Syntax: DirectoryString Example: nsslapd-nagle: off nsslapd-outbound-ldap-io-timeout This attribute limits the I/O wait time for all outbound LDAP connections. The default is milliseconds (5 minutes). A value of indicates that the server 300000 will impose no limit on I/O wait time.
Page 73: Nsslapd-Privatenamespaces
Core Server Configuration Attributes Reference Entry DN: cn=config Valid Range: 1 to 65535 Default Value: Syntax: Integer Example: nsslapd-port: 389 nsslapd-privatenamespaces Contains the list of the private naming contexts , and cn=config cn=schema cn=monitor Entry DN: cn=config Valid Values: cn=config, cn=schema and cn=monitor Default Value: Syntax: DirectoryString...
Page 74: Nsslapd-Readonly (Read Only)
Core Server Configuration Attributes Reference nsslapd-readonly (Read Only) Specifies whether the whole server is in read-only mode, meaning that neither data in the database(s) nor configuration information can be modified. Any attempt to modify a database in read-only mode returns an error indicating that the server is unwilling to perform the operation.
Page 75: Nsslapd-Referralmode (Referral Mode)
Core Server Configuration Attributes Reference Valid Values: Valid LDAP URL in the following format: ldap://server-location Default Value: Syntax: DirectoryString Example: nsslapd-referral: ldap://ldap.example.com nsslapd-referralmode (Referral Mode) When set, this attribute will send back the referral for any request on any suffix. Entry DN: cn=config Valid Values:...
Page 76 Core Server Configuration Attributes Reference Increasing the value on this attribute may result in more LDAP clients being unable to access your directory. Therefore, when you increase the value on this attribute, you should also increase the value on the nsslapd-maxdescriptors attribute.
Page 77: Nsslapd-Return-Exact-Case (Return Exact Case)
Core Server Configuration Attributes Reference Valid Range: 1 to 65535 Default Value: Syntax: Integer Example: nsslapd-reservedescriptors: 64 nsslapd-return-exact-case (Return Exact Case) Returns the exact case of attribute type names as requested by the client. Some client applications require attribute names to match exactly the case of the attribute as it is listed in the schema when the attribute is returned by the Directory Server as the result of a search or modify operation.
Page 78: Nsslapd-Rootpw (Root Password)
Core Server Configuration Attributes Reference Example: nsslapd-rootdn: cn=Directory Manager nsslapd-rootpw (Root Password) Allows you to specify the password associated with the Manager DN. When you provide the root password, it will be encrypted according to the encryption method you selected for “nsslapd-rootpwstoragescheme (Root Password Storage Scheme),”...
Page 79: Nsslapd-Schema-Ignore-Trailing-Spaces (Ignore Trailing Spaces In Object Class Names)
Core Server Configuration Attributes Reference Default Value: CLEAR Syntax: DirectoryString Example: nsslapd-rootpwstoragescheme: SSHA nsslapd-schema-ignore-trailing-spaces (Ignore Trailing Spaces in Object Class Names) Ignores trailing spaces in object class names. By default, the attribute is turned off. If your directory contains entries with object class values that end in one or more spaces, you should turn this attribute on.
Page 80: Nsslapd-Schemacheck (Schema Checking)
Core Server Configuration Attributes Reference nsslapd-schemacheck (Schema Checking) Specifies whether the database schema will be enforced during entry insertion or modification. When this attribute has a value of on, Directory Server will not check the schema of existing entries until they are modified. The database schema defines the type of information allowed in the database.
Page 81: Nsslapd-Securelistenhost
Core Server Configuration Attributes Reference Syntax: DirectoryString Example: nsslapd-schemareplace: replication-only nsslapd-securelistenhost Allows multiple Directory Server instances to run, using secure SSL/TLS connections, on a multihomed machine or makes it possible to limit listening to one interface of a multihomed machine. Provide the hostname that corresponds to the IP interface you want to specify as a value for this attribute.
Page 82: Nsslapd-Security (Security)
Core Server Configuration Attributes Reference nsslapd-security (Security) Specifies whether the Directory Server is to accept SSL/TLS communications on its encrypted port. This attribute should be set to , if you want secure connections. Entry DN: cn=config Valid Values: on | off Default Value: Syntax: DirectoryString...
Page 83: Nsslapd-Ssl-Check-Hostname (Verify Hostname For Outbound Connections)
Core Server Configuration Attributes Reference nsslapd-ssl-check-hostname (Verify Hostname for Outbound Connections) Specifies whether an SSL-enabled Directory Server (with certificate based client authentication turned on) should verify authenticity of a request by matching the hostname against the value assigned to the common name ( ) attribute of the subject name in the certificate being presented.
Page 84: Nsslapd-Timelimit (Time Limit)
Core Server Configuration Attributes Reference Valid Range: 1 to the maximum number of threads supported by your system Default Value: Syntax: Integer Example: nsslapd-threadnumber: 60 nsslapd-timelimit (Time Limit) Specifies the maximum number of seconds allocated for a search request. If this limit is reached, Directory Server returns any entries it has located that match the search request, as well as an exceeded time limit error.
Page 85: Passwordchange (Password Change)
Core Server Configuration Attributes Reference Default Value: Syntax: DirectoryString Example: nsslapd-versionstring: Netscape-Directory/7.0 passwordChange (Password Change) Indicates whether users may change their passwords. For more information on password policies, see chapter 7, “User Account Management,” in the Netscape Directory Server Administrator’s Guide. Entry DN: cn=config Valid Values:...
Page 86: Passwordexp (Password Expiration)
Core Server Configuration Attributes Reference passwordExp (Password Expiration) Indicates whether user passwords will expire after a given number of seconds. By default, user passwords do not expire. Once password expiration is enabled, you can set the number of seconds after which the password will expire using the attribute.
Page 87: Passwordinhistory (Number Of Passwords To Remember)
Core Server Configuration Attributes Reference passwordInHistory (Number of Passwords to Remember) Indicates the number of passwords the Directory Server stores in history. Passwords that are stored in history cannot be reused by users. By default, the password history feature is disabled, meaning that the Directory Server does not store any old passwords, and, so, users can reuse passwords.
Page 88: Passwordlockoutduration (Lockout Duration)
Core Server Configuration Attributes Reference passwordLockoutDuration (Lockout Duration) Indicates the amount of time in seconds during which users will be locked out of the directory after an account lockout. The account lockout feature protects against hackers who try to break into the directory by repeatedly trying to guess a user’s password.
Page 89: Passwordminage (Password Minimum Age)
Core Server Configuration Attributes Reference For more information on password policies, see chapter 7, “User Account Management,” in the Netscape Directory Server Administrator’s Guide. Entry DN: cn=config Valid Range: 1 to maximum integer bind failures Default Value: Syntax: Integer Example: passwordMaxFailure: 3 passwordMinAge (Password Minimum Age) Indicates the number of seconds that must pass before a user can change their...
Page 90: Passwordmustchange (Password Must Change)
Core Server Configuration Attributes Reference Entry DN: cn=config Valid Range: 2 to 512 characters Default Value: Syntax: Integer Example: passwordMinLength: 6 passwordMustChange (Password Must Change) Indicates whether users must change their passwords when they first bind to the Directory Server or when the password has been reset by the Manager DN. For more information on password policies, see chapter 7, “User Account Management,”...
Page 91: Passwordstoragescheme (Password Storage Scheme)
Core Server Configuration Attributes Reference Default Value: Syntax: Integer Example: passwordResetFailureCount: 600 passwordStorageScheme (Password Storage Scheme) Specifies the type of encryption used to store Directory Server passwords. Enter the password in for this attribute, which indicates that the password will CLEAR appear in plain text.
Page 92: Passwordwarning (Send Warning)
Core Server Configuration Attributes Reference Valid Values: on | off Default Value: Syntax: DirectoryString Example: passwordUnlock: off passwordWarning (Send Warning) Indicates the number of seconds before a user’s password is due to expire that the user will receive a password expiration warning control on their next LDAP operation.
Page 93: Nsslapd-Changelogdir
Core Server Configuration Attributes Reference • “nsslapd-db-page-size,” on page 160 • “nsslapd-db-spin-count,” on page 161 • “nsslapd-db-trickle-percentage,” on page 162 • “nsslapd-db-verbose,” on page 163 • “nsslapd-cachesize,” on page 168 • “nsslapd-cachememsize,” on page 169 The default values for the cache-related memory parameters (tuned for a single backend replicated to a single consumer) are as follows: (3000 entries) nsslapd-cachesize : 3000...
Page 94: Nsslapd-Changelogmaxage (Max Changelog Age)
Core Server Configuration Attributes Reference serverRoot/slapd-serverID/changelogdb NOTE For performance reasons, you will probably want to store this database on a different physical disk. Entry DN: cn=changelog5,cn=config Valid Values: Any valid path to the directory storing the changelog Default Value: None Syntax: DirectoryString Example:...
Page 95: Nsslapd-Changelogmaxentries (Max Changelog Records)
Core Server Configuration Attributes Reference nsslapd-changelogmaxentries (Max Changelog Records) Specifies the maximum number of records the change log may contain. If this attribute is absent, there is no maximum number of records the change log can contain. For information on the change log, see “nsslapd-changelogdir,” on page 93.
Page 96: Nssslclientauth
Core Server Configuration Attributes Reference nssslclientauth Specifies, or not as the case may be, client authentication using SSL. Entry DN: cn=encryption,cn=config Valid Values: off | allowed | required Default Value: allowed Syntax: DirectoryString Example: nssslclientauth: allowed nsssl2 Supports SSL version 2. Entry DN: cn=encryption,cn=config Valid Values:...
Page 97: Nsssl3Ciphers
Core Server Configuration Attributes Reference nsssl3ciphers This multi-valued attribute specifies the set of encryption ciphers the Directory Server will use during SSL communications. For more information on the ciphers supported by the Directory Server, refer to chapter 11, “Managing SSL and SASL,” in the Netscape Directory Server Administrator’s Guide.
Page 98: Cn=Features
Core Server Configuration Attributes Reference Table 2-1 SSLv3 Ciphers Cipher in Console Corresponding SSLv3 Cipher None rsa_null_md5 rsa_rc4_128_md5 RC4 (Export) rsa_rc4_40_md5 RC2(Export) rsa_rc2_40_md5 rsa_des_sha DES (FIPS) rsa_fips_des_sha Triple-DES rsa_3des_sha Triple-DES (FIPS) rsa_fips_3des_sha If you are using the Directory Server Console to set the cipher preferences, the values on the TLS tab of the Cipher Preference dialog box correspond to the following: Table 2-2...
Page 99: Suffix Configuration Attributes Under Cn="Suffixname
Core Server Configuration Attributes Reference Replication configuration attributes are stored under cn=replica,cn="suffixName",cn=mapping tree,cn=config with the replication agreement attributes under cn=replicationAgreementName,cn=replica,cn="suffixName",cn=mapping tree,cn=config Suffix Configuration Attributes under cn="suffixName" Suffix configuration attributes are stored under the entry. The cn="suffixName" entry is an instance of the object class which cn="suffixName"...
Page 100: Nsslapd-Backend
Core Server Configuration Attributes Reference nsslapd-backend Gives the name of the database or database link used to process requests. This attribute can be multi-valued, with one database or database link per value. This attribute is required when the value of the attribute is set to nsslapd-state backend...
Page 101: Nsds5Flags
Core Server Configuration Attributes Reference nsDS5Flags This attribute allows you to specify replica properties you will have previously defined in flags. At present only one flag exists, which allows you to specify whether your log changes or not. Entry DN: cn=replica,cn="suffixName",cn=mapping tree,cn=config Valid Values: 0 | 1...
Page 102: Nsds5Replicachangecount
Core Server Configuration Attributes Reference nsDS5ReplicaChangeCount This read-only attribute informs you of the total number of entries in the change log, whether they still remain to be replicated or not. When the change log is purged, only the entries that are still to be replicated will be left. See “nsDS5ReplicaPurgeDelay,”...
Page 103: Nsds5Replicaname
Core Server Configuration Attributes Reference nsDS5ReplicaName This read-only attribute specifies the name of the replica with a unique identifier for internal operations. This unique identifier is allocated by the server when the replica is created. This attribute is destined for internal use only. Entry DN: cn=replica,cn="suffixName",cn=mapping tree,cn=config Valid Values:...
Page 104: Nsds5Replicaroot
Core Server Configuration Attributes Reference Syntax: DirectoryString Example: nsDS5ReplicaReferral: ldap://ldap.netscape.com nsDS5ReplicaRoot Specifies the DN at the root of a replicated area. This attribute must have the same value as the suffix of the database being replicated and cannot be modified. Entry DN: cn=replica,cn="suffixName",cn=mapping tree,cn=config Valid Values:...
Page 105: Nsstate
Core Server Configuration Attributes Reference Valid Values: 0 | 1 | 2 | 3 0 = unknown 1 = primary (not yet used) 2 = consumer (read-only) 3 = consumer/supplier (updateable) Default Value: Syntax: Integer Example: nsDS5ReplicaType: 2 nsState This attribute stores information on the state of the clock. It is designed only for internal use to ensure that the server cannot generate a change sequence number ) inferior to existing ones required for detecting backward clock errors.
Page 106: Nsds5Replicabinddn
Core Server Configuration Attributes Reference Valid Values: Any string Default Value: Syntax: DirectoryString Example: description: Replication Agreement between Server A and Server B. nsDS5ReplicaBindDN Specifies the DN to use when binding. The value of this attribute must be the same as the one in on the consumer replica.
Page 107: Nsds5Replicabusywaittime
Core Server Configuration Attributes Reference nsDS5ReplicaBusyWaitTime Specifies the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access. The default value is 3 seconds. If you set the attribute to a negative value, Directory Server sends the client a message and an error code.
Page 108: Nsds5Replicacredentials
Core Server Configuration Attributes Reference nsDS5ReplicaCredentials Specifies the credentials for the bind DN (specified in the nsDS5ReplicaBindDN attribute) on the remote server containing the consumer replica. The value for this attribute can be modified. Please note that when certificate-based authentication is used, this attribute may not have a value.
Page 109: Nsds5Replicalastinitstart
Core Server Configuration Attributes Reference Default Value: Syntax: GeneralizedTime Example: nsDS5ReplicaLastInitEnd: YYYYMMDDhhmmssZ (19711223113229) nsDS5ReplicaLastInitStart This optional, read-only attribute states when the initialization of the consumer replica started. Entry DN: cn=ReplicationAgreementName,cn="suffixName",cn=mapping tree,cn=config Valid Values: Default Value: Syntax: GeneralizedTime Example: nsDS5ReplicaLastInitStart: YYYYMMDDhhmmssZ (20000902160000) nsDS5ReplicaLastInitStatus This optional, read-only attribute provides status for the initialization of the...
Page 110: Nsds5Replicalastupdateend
Core Server Configuration Attributes Reference nsDS5ReplicaLastUpdateEnd This read-only attribute states when the most recent replication schedule update ended. Entry DN: cn=ReplicationAgreementName,cn="suffixName",cn=mapping tree,cn=config Valid Values: 0, meaning that the Consumer Initialization has succeeded Default Value: Syntax: GeneralizedTime Example: nsDS5ReplicaLastUpdateEnd: YYYYMMDDhhmmssZ (20000902160000) nsDS5ReplicaLastUpdateStart This read-only attribute states when the most recent replication schedule update started.
Page 111: Nsds5Replicaport
Core Server Configuration Attributes Reference Syntax: DirectoryString Example: nsDS5ReplicaLastUpdateStatus: 0 replica acquired successfully nsDS5ReplicaPort Specifies the port number for the remote server containing the replica. Once this attribute has been set, it cannot be modified. Entry DN: cn=ReplicationAgreementName,cn="suffixName",cn=mapping tree,cn=config Valid Values: Port number for the remote server containing the replica Default Value: Syntax:...
Page 112: Nsds5Replicaroot
Core Server Configuration Attributes Reference Entry DN: cn=ReplicationAgreementName,cn="suffixName",cn=mapping tree,cn=config Valid Values: stop | start Default Value: Syntax: DirectoryString Example: nsDS5ReplicaRefresh: start nsDS5ReplicaRoot Specifies the DN at the root of a replicated area. This attribute must have the same value as the suffix of the database being replicated and cannot be modified. Entry DN: cn=ReplicationAgreementName,cn="suffixName",cn=mapping tree,cn=config...
Page 113: Nsds5Replicatimeout
Core Server Configuration Attributes Reference • If both attributes are specified, but is less nsDS5ReplicaSessionPauseTime than or equal to nsDS5ReplicaBusyWaitTime is set automatically to 1 second more than nsDS5ReplicaSessionPauseTime nsDS5ReplicaBusyWaitTime When setting the values, ensure that the interval nsDS5ReplicaSessionPauseTime is at least 1 second longer than the interval specified for .
Page 114: Nsds5Replicatransportinfo
Core Server Configuration Attributes Reference Default Value: Syntax: Integer Example: nsDS5ReplicaTimeout: 600 seconds nsDS5ReplicaTransportInfo Specifies the type of transport used for transporting data to and from the replica. The attribute values can either be SSL, which means that the connection is established over SSL, or LDAP, which means that regular LDAP connections are used.
Page 115: Nsds5Replicaupdateschedule
Core Server Configuration Attributes Reference nsDS5ReplicaUpdateSchedule This multi-valued attribute specifies the replication schedule and can be modified. Entry DN: cn=ReplicationAgreementName,cn="suffixName",cn=mapping tree,cn=config Valid Range: Time schedule presented as XXXX-YYYY 012345, where XXXX is the starting hour, YYYY is the finishing hour, and the numbers 0123456 are the days of the week starting with Sunday.
Page 116: Totalconnections
Core Server Configuration Attributes Reference totalConnections Total number of Directory Server connections. dTableSize Size of the Directory Server descriptor table. readWaiters Number of connections where some requests are pending and not currently being serviced by a thread in Directory Server. opsInitiated Number of Directory Server operations initiated.
Page 117: Cn=Replication
Core Server Configuration Attributes Reference • Database Attributes under cn=attributeName, cn=encrypted attributes, cn=database_name, cn=ldbm database, cn=plugins, cn=config (on page 178) • Database Attributes under cn=database,cn=monitor,cn=ldbm database, cn=plugins,cn=config (on page 171) • Database Attributes under cn=monitor,cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config (on page 176) • Database Link Attributes under cn=monitor,cn=database instance name,cn=chaining database, cn=plugins,cn=config (on page 189) cn=replication...
Page 118: Nssnmplocation
Core Server Configuration Attributes Reference Entry DN: cn=SNMP,cn=config Valid Values: Organization name Default Value: Syntax: DirectoryString Example: nssnmporganization: netscape nssnmplocation Specifies the location within the company or organization where the Directory Server resides. Entry DN: cn=SNMP,cn=config Valid Values: Location Default Value: Syntax: DirectoryString Example:...
Page 119: Nssnmpmasterhost
Core Server Configuration Attributes Reference Entry DN: cn=SNMP,cn=config Valid Values: Description Default Value: Syntax: DirectoryString Example: nssnmpdescription: Employee directory instance nssnmpmasterhost This mandatory attribute specifies the hostname of the machine on which the master agent is installed. For UNIX only. Entry DN: cn=SNMP,cn=config Valid Values:...
Page 120: Cn=Uniqueid Generator
Configuration Quick Reference Tables cn=uniqueid generator The uniqueid generator configuration attributes are stored under cn=uniqueid . The entry is an instance of the generator,cn=config cn=uniqueid generator object class. For configuration extensibleObject uniqueid generator attributes to be taken into account by the server, this object class (in addition to object class) must be present in the entry.
Page 121 Configuration Quick Reference Tables Table 2-3 Directory Server Configuration LDIF Files Configuration Filename Purpose Contains front-end Directory Specific Entries dse.ldif created by the directory at server startup. These include the Root DSE ("") and the contents of cn=config and cn=monitor. Contains LDAPv3 standard operational schema, 00core.ldif such as “subschemaSubentry,”...
Page 122 Configuration Quick Reference Tables Table 2-3 Directory Server Configuration LDIF Files (Continued) Configuration Filename Purpose Schema used by Netscape Calendar Server. 51ns-calendar.ldif Schema for Netscape Certificate Management 50ns-certificate.ldif System. Schema used by Netscape Compass Server to define 50ns-compass.ldif personal interest profiles. Schema used by Netscape Delegated 50ns-delegated-admin.ldif Administrator.
Page 123: Configuration Changes Requiring Server Restart
Configuration Quick Reference Tables Table 2-3 Directory Server Configuration LDIF Files (Continued) Configuration Filename Purpose Schema for Netscape Web Calendaring. 50ns-wcal.ldif Schema for Netscape Web Server. 50ns-web.ldif User-defined schema maintained by Directory 99user.ldif Server replication consumers which contains the attributes and object classes from the suppliers. Configuration Changes Requiring Server Restart Table 2-4 lists the configuration attributes that cannot be altered dynamically, while the server is still running.
Page 124 Configuration Quick Reference Tables Table 2-4 Configuration Changes Requiring Server Restart (Continued) Configuration Attribute Action Requiring Restart Changing the lifetime of an SSL session. cn=encryption,cn=config:nssslsessiontimeout Netscape Directory Server Configuration, Command, and File Reference • October 2004...
Page 125: Chapter 3 Plug-In Implemented Server Functionality Reference
Overview Chapter 3 Plug-in Implemented Server Functionality Reference This chapter contains reference information on Netscape Directory Server (Directory Server) server plug-ins. The chapter is divided into the following sections: • Overview (page 125) • Server Plug-in Functionality Reference (page 126) •...
Page 126: Object Classes For Plug-In Configuration
Server Plug-in Functionality Reference dn: cn=Telephone Syntax,cn=plugins,cn=config objectclass: top objectclass: nsSlapdPlugin objectclass: extensibleObject cn: Telephone Syntax nsslapd-pluginPath: /usr/netscape/servers/lib/syntax-plugin.so nsslapd-pluginInitfunc: tel_init nsslapd-pluginType: syntax nsslapd-pluginEnabled: on Some of these attributes are common to all plug-ins while others may be particular to a specific plug-in. You can check which attributes are currently being used by a given plug-in by performing an on the subtree.
Page 127: 7-Bit Check Plug-In
Server Plug-in Functionality Reference 7-bit Check Plug-in 7-bit check (NS7bitAtt) Plug-in Name DN of Configuration cn=7-bit check,cn=plugins,cn=config Entry Checks certain attributes are 7-bit clean Description Configurable on | off Options Default Setting Configurable list of attributes (uid mail userpassword) followed by "," and Arguments then suffix(es) on which the check is to occur None...
Page 128: Acl Preoperation Plug-In
Server Plug-in Functionality Reference ACL Preoperation Plug-in ACL preoperation Plug-in Name DN of Configuration cn=ACL preoperation,cn=plugins,cn=config Entry ACL access check plug-in Description Configurable on | off Options Default Setting Configurable None Arguments database Dependencies Performance None Related Information Chapter 6, “Managing Access Control,” in the Netscape Directory Further Information Server Administrator’s Guide.
Page 129: Boolean Syntax Plug-In
Server Plug-in Functionality Reference Boolean Syntax Plug-in Boolean Syntax Plug-in Name DN of Configuration cn=Boolean Syntax,cn=plugins,cn=config Entry Syntax for handling booleans. Description Configurable on | off Options Default Setting Configurable None Arguments None Dependencies Performance Do not modify the configuration of this plug-in. It is recommended Related Information that you leave this plug-in running at all times.
Page 130: Case Ignore String Syntax Plug-In
Server Plug-in Functionality Reference Case Ignore String Syntax Plug-in Case Ignore String Syntax Plug-in Name DN of Configuration cn=Case Ignore String Syntax,cn=plugins,cn=config Entry Syntax for handling case-insensitive strings Description Configurable on | off Options Default Setting Configurable None Arguments None Dependencies Performance Do not modify the configuration of this plug-in.
Page 131: Class Of Service Plug-In
Server Plug-in Functionality Reference Class of Service Plug-in Class of Service Plug-in Name DN of Configuration cn=Class of Service,cn=plugins,cn=config Entry Allows for sharing of attributes between entries Description Configurable on | off Options Default Setting Configurable None Arguments None Dependencies Performance Do not modify the configuration of this plug-in.
Page 132: Distinguished Name Syntax Plug-In
Server Plug-in Functionality Reference Distinguished Name Syntax Plug-in Distinguished Name Syntax Plug-in Name DN of Configuration cn=Distinguished Name Syntax,cn=plugins,cn=config Entry Syntax for handling DNs Description Configurable on | off Options Default Setting Configurable None Arguments None Dependencies Performance Do not modify the configuration of this plug-in. It is recommended Related Information that you leave this plug-in running at all times.
Page 133: Http Client Plug-In
Server Plug-in Functionality Reference Further Information The Generalized Time String consists of a four digit year, two digit month (for example, 01 for January), two digit day, two digit hour, two digit minute, two digit second, an optional decimal part of a second, and a time zone indication.
Page 134: Internationalization Plug-In
Server Plug-in Functionality Reference Configurable None Arguments Dependencies None Performance Do not modify the configuration of this plug-in. It is recommended Related Information that you leave this plug-in running at all times. Further Information Internationalization Plug-in Plug-in Name Internationalization Plugin DN of Configuration cn=Internationalization Entry...
Page 135: Legacy Replication Plug-In
Server Plug-in Functionality Reference Description Implements local databases Configurable Options Default Setting None Configurable Arguments Dependencies None See “Database Plug-in Attributes,” on page 151, for further Performance Related Information information on database configuration. Further Information Chapter 3, “Configuring Directory Databases,” in the Netscape Directory Server Administrator’s Guide.
Page 136: Multimaster Replication Plug-In
Server Plug-in Functionality Reference Multimaster Replication Plug-in Multimaster Replication Plugin Plug-in Name DN of Configuration cn=Multimaster Replication Entry plugin,cn=plugins,cn=config Enables replication between two current Directory Servers Description Configurable on | off Options Default Setting Configurable None Arguments database Dependencies Performance Related Information You can turn this plug-in off if you only have one server which will Further Information...
Page 137: Clear Password Storage Plug-In
Server Plug-in Functionality Reference CLEAR Password Storage Plug-in CLEAR Plug-in Name DN of Configuration cn=CLEAR,cn=Password Storage Entry Schemes,cn=plugins,cn=config CLEAR password storage scheme used for password encryption Description Configurable on | off Options Default Setting Configurable None Arguments None Dependencies Performance Do not modify the configuration of this plug-in.
Page 138: Ns-Mta-Md5 Password Storage Scheme Plug-In
Server Plug-in Functionality Reference NS-MTA-MD5 Password Storage Scheme Plug-in NS-MTA-MD5 Plug-in Name DN of Configuration cn=NS-MTA-MD5,cn=Password Storage Entry Schemes,cn=plugins,cn=config NS-MTA-MD5 password storage scheme for password encryption Description Configurable on | off Options Default Setting Configurable None Arguments None Dependencies Performance Do not modify the configuration of this plug-in.
Page 139: Ssha Password Storage Scheme Plug-In
Server Plug-in Functionality Reference Dependencies None Performance If there are not passwords encrypted using the SHA password Related Information storage scheme, you may turn this plug-in off. If you want to encrypt your password with the SHA password storage scheme, we recommend that you choose SSHA instead, as SSHA is a far more secure option.
Page 140: Presence Plug-In
Server Plug-in Functionality Reference Configurable on | off Options Default Setting Configurable None Arguments Dependencies None Performance Do not modify the configuration of this plug-in. It is recommended Related Information that you leave this plug-in running at all times. Further Information Presence Plug-in Plug-in Name Presence...
Page 141: Referential Integrity Postoperation Plug-In
Server Plug-in Functionality Reference Description Enables pass-through authentication, the mechanism which allows one directory to consult another to authenticate bind requests. Configurable on | off Options Default Setting Configurable ldap://example.com:389/o=example Arguments Dependencies None Performance Check the reference provided in Further Information. Related Information Further Information Chapter 16, “Using the Pass-through Authentication Plug-in,”...
Page 142: Retro Changelog Plug-In
Server Plug-in Functionality Reference Configurable When enabled, the post operation Referential Integrity plug-in Arguments performs integrity updates on the member, uniquemember, owner, and seeAlso attributes immediately after a delete or rename operation. You can reconfigure the plug-in to perform integrity checks on all other attributes. Configurable arguments are as follows: 1.
Page 143: Roles Plug-In
Server Plug-in Functionality Reference Configurable on | off Options Default Setting Configurable See “Retro Changelog Plug-in Attributes,” on page 191, for further Arguments information on the two configuration attributes for this plug-in. Dependencies None Performance May slow down Directory Server performance. Related Information Further Information Chapter 8, “Managing Replication,”...
Page 144: State Change Plug-In
Server Plug-in Functionality Reference DN of Configuration cn=Space Insensitive String Entry Syntax,cn=plugins,cn=config Description Syntax for handling space-insensitive values Configurable on | off Options Default Setting Configurable None Arguments Dependencies None Performance Do not modify the configuration of this plug-in. It is recommended Related Information that you leave this plug-in running at all times.
Page 145: Telephone Syntax Plug-In
Server Plug-in Functionality Reference Configurable None Arguments Dependencies None Performance Related Information Further Information Telephone Syntax Plug-in Telephone Syntax Plug-in Name DN of Configuration cn=Telephone Syntax,cn=plugins,cn=config Entry Description Syntax for handling telephone numbers Configurable on | off Options Default Setting None Configurable Arguments...
Page 146: Uri Syntax Plug-In
Server Plug-in Functionality Reference Default Setting Configurable Enter the following arguments: Arguments "DN" "DN"... if you want to check for UID attribute uniqueness in all listed subtrees. However, enter the following arguments: attribute="uid" MarkerObjectclass = "ObjectClassName" and optionally requiredObjectClass = "ObjectClassName" if you want to check for UID attribute uniqueness when adding or updating entries with the requiredObjectClass, starting from the parent entry containing the ObjectClass as defined by the...
Page 147: List Of Attributes Common To All Plug-Ins
List of Attributes Common to All Plug-ins DN of Configuration cn=URI Syntax,cn=plugins,cn=config Entry Description Syntax for handling URIs (Unique Resource Identifiers) including URLs (Unique Resource Locators) Configurable on | off Options Default Setting Configurable None Arguments None Dependencies Performance Do not modify the configuration of this plug-in. It is recommended Related Information that you leave this plug-in running at all times.
Page 148: Nsslapd-Plugintype
List of Attributes Common to All Plug-ins Entry DN: cn=plug-in name,cn=plugins,cn=config Valid Values: Any valid plug-in function Default Value: None Syntax: DirectoryString Example: nsslapd-pluginInitfunc:NS7bitAttr_Init nsslapd-pluginType Specifies the plug-in type. See “nsslapd-plugin-depends-on-type,” on page 150 for further information. Entry DN: cn=plug-in name,cn=plugins,cn=config Valid Values: Any valid plug-in type Default Value:...
Page 149: Nsslapd-Pluginid
List of Attributes Common to All Plug-ins nsslapd-pluginId Specifies the plug-in ID. Entry DN: cn=plug-in name,cn=plugins,cn=config Valid Values: Any valid plug-in ID Default Value: None Syntax: DirectoryString Example: nsslapd-pluginId: chaining database nsslapd-pluginVersion Specifies the plug-in version. Entry DN: cn=plug-in name,cn=plugins,cn=config Valid Values: Any valid plug-in version Default Value:...
Page 150: Nsslapd-Plugindescription
Attributes Allowed by Certain Plug-ins nsslapd-pluginDescription Provides a description of the plug-in. Entry DN: cn=plug-in name,cn=plugins,cn=config Valid Values: Default Value: None Syntax: DirectoryString Example: nsslapd-pluginDescription: acl access check plug-in Attributes Allowed by Certain Plug-ins nsslapd-plugin-depends-on-type Multi-valued attribute used to ensure that plug-ins are called by the server in the correct order.
Page 151: Nsslapd-Plugin-Depends-On-Named
Database Plug-in Attributes nsslapd-plugin-depends-on-named Multi-valued attribute used to ensure that plug-ins are called by the server in the correct order. Takes a value which corresponds to the value of a plug-in. The plug-in whose value matches one of the following values will be started by the server prior to this plug-in.
Page 152: Database Attributes Under Cn=Config,Cn=Ldbm Database,Cn=Plugins,Cn=Config
Database Plug-in Attributes All plug-in technology used by the database instances is stored in the cn=ldbm plug-in node. This section presents the additional attribute information database for each of the nodes in bold in the cn=ldbm database,cn=plugins,cn=config information tree. Database Attributes under cn=config,cn=ldbm database,cn=plugins,cn=config Global configuration attributes common to all instances are stored in the tree node.
Page 153: Nsslapd-Cache-Autosize
Database Plug-in Attributes It is advisable to keep the default value to improve performance. For a search more detailed explanation of the effect of ID lists on performance, see search chapter 10, “Managing Indexes,” in the Netscape Directory Server Administrator’s Guide.
Page 154: Nsslapd-Dbcachesize
Database Plug-in Attributes Valid Range: Default Value: 66 (This will not necessarily optimize your operations.) Syntax: Integer Example: nsslapd-cache-autosize-split: 66 nsslapd-dbcachesize This performance tuning-related attribute specifies database cache size. This is neither the index cache nor the entry cache. If you activate automatic cache resizing, you override this attribute, by replacing these values with its own guessed values at a later stage of the server startup.
Page 155: Nsslapd-Db-Circular-Logging
Database Plug-in Attributes . To change the checkpoint interval, you add the attribute to dse.ldif dse.ldif This attribute can be dynamically modified using . For further ldapmodify information on modifying this attribute, see chapter 14, “Tuning Directory Server Performance,” in the Netscape Directory Server Administrator’s Guide. This attribute is provided only for system modification/diagnostics and should be changed only with the guidance of Netscape Technical Support or Netscape Professional Services.
Page 156: Nsslapd-Db-Debug
Database Plug-in Attributes nsslapd-db-debug Specifies whether additional error information is to be reported to Directory Server. To report error information, set the parameter to . This parameter is meant for troubleshooting; enabling the parameter may slow down the Directory Server. Entry DN: cn=config,cn=ldbm database,cn=plugins,cn=config Valid Values:...
Page 157: Nsslapd-Db-Home-Directory
Database Plug-in Attributes Syntax: DirectoryString Example: nsslapd-db-durable_transactions: on nsslapd-db-home-directory Applicable to Solaris only. Used to fix a situation in Solaris where the operating system endlessly flushes pages. This flushing can be so excessive that performance of the entire system is severely degraded. This situation will occur only for certain combinations of the database cache size, the size of physical memory, and kernel tuning attributes.
Page 158: Nsslapd-Db-Idl-Divisor
Database Plug-in Attributes NOTE The directory referenced by the nsslapd-db-home-directory attribute must be a subdirectory of a file system of type tempfs (such as ). However, Directory Server does not create the /tmp subdirectory referenced by this attribute. You must create the directory either manually or by using a script.
Page 159: Nsslapd-Db-Logbuf-Size
Database Plug-in Attributes Entry DN: cn=config,cn=ldbm database,cn=plugins,cn=config Valid Range: 0 to 8 Default Value: Syntax: Integer Example: nsslapd-db-idl-divisor: 2 nsslapd-db-logbuf-size Specifies the log information buffer size. Log information is stored in memory until the buffer fills up or the transaction commit forces the buffer to be written to disk. Larger buffer sizes can signficantly increase throughput in the presence of long running transactions, highly concurrent applications, or transactions producing large amounts of data.
Page 160: Nsslapd-Db-Logfile-Size
Database Plug-in Attributes For more information on database transaction logging, see chapter 12, “Monitoring Server and Database Activity,” in the Netscape Directory Server Administrator’s Guide. Entry DN: cn=config,cn=ldbm database,cn=plugins,cn=config Valid Values: Any valid path and directory name Default Value: Syntax: DirectoryString Example: nsslapd-db-logdirectory: /logs/txnlog...
Page 161: Nsslapd-Db-Spin-Count
Database Plug-in Attributes Entry DN: cn=config,cn=ldbm database,cn=plugins,cn=config Valid Range: 512 bytes to 64Kbytes Default Value: 8Kbytes Syntax: Integer Example: nsslapd-db-page-size: 8Kbytes nsslapd-db-spin-count Specifies the number of times that test-and-set mutexes should spin without blocking. Entry DN: cn=config,cn=ldbm database,cn=plugins,cn=config Valid Range: 0 to 2^31-1 Default Value: Syntax:...
Page 162: Nsslapd-Db-Transaction-Logging
Database Plug-in Attributes durability while also allowing transaction batching to be turned on and off remotely when desired. Remember that the value you choose for this attribute may require you to modify the attribute to ensure nsslapd-db-logbuf-size sufficient log buffer size for accommodating your batched transactions. Also, the attribute is only valid if the nsslapd-db-transaction-batch-val...
Page 163: Nsslapd-Db-Verbose
Database Plug-in Attributes Entry DN: cn=config,cn=ldbm database,cn=plugins,cn=config Valid Range: Default Value: Syntax: Integer Example: nsslapd-db-trickle-percentage: 40 nsslapd-db-verbose Specifies whether to record additional informational and debugging messagses when searching the log for checkpoints, doing deadlock detection, and performing recovery. This parameter is meant for troubleshooting and that enabling the parameter may slow down the Directory Server.
Page 164: Nsslapd-Import-Cachesize
Database Plug-in Attributes This attribute is provided only for system modification/diagnostics and should be changed only with the guidance of Netscape Technical Support or Netscape Professional Services. Inconsistent settings of this attribute and other configuration attributes may cause the Directory Server to be unstable. Entry DN: cn=config,cn=ldbm database,cn=plugins,cn=config Valid Values:...
Page 165: Nsslapd-Import-Cache-Autosize
Database Plug-in Attributes nsslapd-import-cache-autosize This performance tuning-related attribute automatically sets the size of the import cache ( ) to be used during the command-line-based import process of importCache LDIF files to the database (the operation). ldif2db In Directory Server, the import operation can be run as a server task or exclusively on the command-line.
Page 166: Nsslapd-Mode
Database Plug-in Attributes While running Directory Server with both the autosizing attributes, , enabled, nsslapd-cache-autosize nsslapd-import-cache-autosize ensure that their sum is less than 100. NOTE If Directory Server is installed on a machine running Windows 2000 Server, be sure to set the registry key to 0 to LargeSystemCache limit the growth of system cache.
Page 167: Database Attributes Under Cn=Monitor,Cn=Ldbm Database, Cn=Plugins,Cn=Config
Database Plug-in Attributes Database Attributes under cn=monitor,cn=ldbm database, cn=plugins,cn=config Global read-only attributes containing database statistics for monitoring activity on your databases are stored in the cn=monitor,cn=ldbm database, tree node. For more information on these monitoring cn=plugins,cn=config read-only entries, see chapter 12, “Monitoring Server and Database Activity,” in the Netscape Directory Server Administrator’s Guide.
Page 168: Cn=Userroot,Cn=Ldbm Database, Cn=Plugins,Cn=Config
Database Plug-in Attributes Database Attributes under cn=NetscapeRoot,cn=ldbm database, cn=plugins,cn=config and cn=UserRoot,cn=ldbm database, cn=plugins,cn=config subtrees contain configuration data for, cn=NetscapeRoot cn=UserRoot or the definition of, the databases containing the o=NetscapeRoot suffixes, respectively. The subtree contains the o=France.Sun cn=NetscapeRoot configuration data used by the Netscape Administration Server for authentication and all actions that cannot be performed through LDAP (such as start/stop), and subtree contains all the configuration data for the user-defined cn=UserRoot...
Page 169: Nsslapd-Cachememsize
Database Plug-in Attributes nsslapd-cachememsize This performance tuning-related attribute specifies the cache size in terms of available memory space. Limiting cachesize in terms of memory occupied is the simplest method. By activating automatic cache resizing you override this attribute, replacing these values with its own guessed values at a later stage of the server startup.
Page 170: Nsslapd-Require-Index
Database Plug-in Attributes Entry DN: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config or cn=UserRoot,cn=ldbm database,cn=plugins,cn=config Valid Values: on | off Default Value: Syntax: DirectoryString Example: nsslapd-readonly: off nsslapd-require-index When switched to , this attribute allows you to refuse unindexed searches. This performance related attribute avoids saturating the server with erroneous searches.
Page 171: Nsslapd-Db-Abort-Rate
Database Plug-in Attributes Syntax: DirectoryString Example: nsslapd-suffix: o=NetscapeRoot Database Attributes under cn=database,cn=monitor,cn=ldbm database, cn=plugins,cn=config The attributes in this tree node entry are all read-only, database performance counters. All of the values for these attributes are 32-bit integers. nsslapd-db-abort-rate Number of transactions that have been aborted. nsslapd-db-active-txns Number of transactions that are currently active.
Page 172: Nsslapd-Db-Deadlock-Rate
Database Plug-in Attributes nsslapd-db-deadlock-rate Number of deadlocks detected. nsslapd-db-dirty-pages Dirty pages currently in the cache. nsslapd-db-hash-buckets Number of hash buckets in buffer hash table. nsslapd-db-hash-elements-examine-rate Total number of hash elements traversed during hash table lookups. nsslapd-db-hash-search-rate Total number of buffer hash table lookups. nsslapd-db-lock-conflicts Total number of locks not immediately available due to conflicts.
Page 173: Nsslapd-Db-Log-Write-Rate
Database Plug-in Attributes nsslapd-db-log-write-rate Number of megabytes and bytes written to this log. nsslapd-db-longest-chain-length Longest chain ever encountered in buffer hash table lookups. nsslapd-db-page-create-rate Pages created in the cache. nsslapd-db-page-read-rate Pages read into the cache. nsslapd-db-page-ro-evict-rate Clean pages forced from the cache. nsslapd-db-page-rw-evict-rate Dirty pages forced from the cache.
Page 174: Database Attributes Under Cn=Default Indexes,Cn=Config,Cn=Ldbm Database, Cn=Plugins,Cn=Config
Database Plug-in Attributes Database Attributes under cn=default indexes,cn=config,cn=ldbm database, cn=plugins,cn=config The set of default indexes is stored here. Default indexes are configured per backend in order to optimize Directory Server functionality for the majority of setup scenarios. All indexes, except system-essential ones, can be removed, but care should be taken so as not to cause unnecessary disruptions.
Page 175: Nsmatchingrule
Database Plug-in Attributes Valid Values: pres = presence index eq = equality index approx = approximate index sub = substring index matching rule = international index index browse = browsing index Default Value: Syntax: DirectoryString Example: nsindextype: eq nsMatchingRule This optional, multivalued attribute specifies the collation order object identifier (OID) required for the Directory Server to operate international indexing.
Page 176: Description
Database Plug-in Attributes description This non-mandatory attribute provides a free-hand text description of what the index actually performs. Entry DN: cn=default indexes,cn=monitor,cn=ldbm database,cn=plugins,cn=config Valid Values: Default Value: None Syntax: DirectoryString Example: description:substring index Database Attributes under cn=monitor,cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config Global, read-only entries for monitoring activity on the database.
Page 177: Dbfilepageout
Database Plug-in Attributes dbfilepageout Number of pages for this file written from cache to disk. Database Attributes under cn=index,cn=NetscapeRoot,cn=ldbm database, cn=plugins,cn=config and cn=index,cn=UserRoot,cn=ldbm database, cn=plugins,cn=config In addition to the set of default indexes that are stored under cn=default , custom indexes,cn=config,cn=ldbm database,cn=plugins,cn=config indexes can be created for and are stored under...
Page 178: Database Attributes Under Cn=Attributename, Cn=Encrypted Attributes, Cn=Database_Name
Database Plug-in Attributes dn:cn=aci,cn=index,cn=UserRoot,cn=ldbm database,cn=plugins,cn=confi objectclass:top objectclass:nsIndex cn=aci nssystemindex:true nsindextype:pres For details regarding the five possible indexing attributes, see the section “Database Attributes under cn=default indexes,cn=config,cn=ldbm database, cn=plugins,cn=config,” on page 174. For further information about indexes, see chapter 10, “Managing Indexes,” in the Netscape Directory Server Administrator’s Guide.
Page 179: Nsencryptionalgorithm
Database Plug-in Attributes Figure 3-3 Encrypted Attributes under the cn=config Node For example, the database encryption file for the attribute under userPassword would appear in the Directory Server as follows: o=UserRoot dn:cn=userPassword,cn=encrypted attributes,o=UserRoot,cn=ldbm database,cn=plugins,cn=config objectclass:top objectclass:nsAttributeEncryption cn=userPassword nsEncryptionAlgorithm:AES To configure database encryption, see “Database Encryption,” in chapter 3, “Configuring Directory Databases,”...
Page 180: Database Link Plug-In Attributes (Chaining Attributes)
Database Link Plug-in Attributes (chaining attributes) Default Value: Syntax: DirectoryString Example: nsEncryptionAlgorithm: AES Database Link Plug-in Attributes (chaining attributes) The Database Link Plug-in is also organized in an information tree, as shown in Figure 3-4. Database Link Plug-in Figure 3-4 All plug-in technology used by the database link instances is stored in the plug-in node.
Page 181: Nsactivechainingcomponents
Database Link Plug-in Attributes (chaining attributes) nsActiveChainingComponents Lists the components using chaining. A component is any functional unit in the server. The value of this attribute overrides the value in the global configuration attribute. To disable chaining on a particular database instance, use the value This attribute also allows you to alter the components used to chain.
Page 182: Nstransmittedcontrols
Database Link Plug-in Attributes (chaining attributes) Entry DN: cn=config,cn=chaining database,cn=plugins,cn=config Valid Values: Any valid delay period in seconds Default Value: 15 seconds Syntax: Integer Example: nsMaxTestResponseDelay: 15 nsTransmittedControls This attribute, which can be both a global (and thus dynamic) configuration or an instance (i.e., cn=database link instance,cn=chaining ) configuration attribute, allows you to alter...
Page 183: Nsabandonedsearchcheckinterval
Database Link Plug-in Attributes (chaining attributes) nsAbandonedSearchCheckInterval Number of seconds that pass before the server checks for abandoned operations. Entry DN: cn=default instance config,cn=chaining database, cn=plugins,cn=config Valid Range: 0 to maximum 32-bit integer (2147483647) seconds Default Value: Syntax: Integer Example: nsabandonedsearchcheckinterval: 10 nsBindConnectionsLimit Maximum number of TCP connections the database link establishes with the...
Page 184: Nsbindtimeout
Database Link Plug-in Attributes (chaining attributes) Example: nsbindretrylimit: 3 nsBindTimeout Amount of time before the bind attempt times out. There is no real Valid Range for this attribute, except reasonable patience limits. Entry DN: cn=default instance config,cn=chaining database, cn=plugins,cn=config Valid Range: 0 to 60 seconds Default Value: Syntax:...
Page 185: Nsconcurrentoperationslimit
Database Link Plug-in Attributes (chaining attributes) Default Value: Syntax: Integer Example: nsconcurrentbindlimit:10 nsConcurrentOperationsLimit Specifies the maximum number of concurrent operations allowed. Entry DN: cn=default instance config,cn=chaining database, cn=plugins,cn=config Valid Range: 1 to 50 operations Default Value: Syntax: Integer Example: nsconcurrentoperationslimit: 50 nsConnectionLife Specifies connection lifetime.
Page 186: Nsoperationconnectionslimit
Database Link Plug-in Attributes (chaining attributes) nsOperationConnectionsLimit Maximum number of LDAP connections the database link establishes with the remote server. Entry DN: cn=default instance config,cn=chaining database, cn=plugins,cn=config Valid Range: 1 to 20 connections Default Value: Syntax: Integer Example: nsoperationconnectionslimit:10 nsProxiedAuthorization Reserved for advanced use only.
Page 187: Nssizelimit
Database Link Plug-in Attributes (chaining attributes) Example: nsreferralonscopedsearch: off nsSizeLimit Specifies the default size limit for the database link in bytes. Entry DN: cn=default instance config,cn=chaining database, cn=plugins,cn=config Valid Range: -1 (no limit) to maxmum 32-bit integer (2147483647) entries Default Value: 2000 Syntax: Integer...
Page 188: Nsfarmserverurl
Database Link Plug-in Attributes (chaining attributes) nsFarmServerURL Gives the LDAP URL of the remote server. A farm server is a server containing data in one or more databases. This attribute can contain optional servers for failover, separated by spaces. If using cascading changing, this URL can point to another database link.
Page 189: Nshoplimit
Database Link Plug-in Attributes (chaining attributes) Entry DN: cn=database link instance name,cn=chaining database,cn=plugins,cn=config Valid Values: Any valid password, which will then by encrypted using the DES reversible password encryption schema. Default Value: Syntax: DirectoryString Example: nsMultiplexerCredentials: {DES} 9Eko69APCJfF nshoplimit Specifies the maximum number of times a database is allowed to chain; that is, the number of times a request can be forwarded from one database link to another.
Page 190: Nsdeletecount
Database Link Plug-in Attributes (chaining attributes) nsDeleteCount Number of delete operations received. nsModifyCount Number of modify operations received. nsRenameCount Number of rename operations received. nsSearchBaseCount Number of base level searches received. nsSearchOneLevelCount Number of one-level searches received. nsSearchSubtreeCount Number of subtree searches received. nsAbandonCount Number of abandon operations received.
Page 191: Retro Changelog Plug-In Attributes
Retro Changelog Plug-in Attributes Retro Changelog Plug-in Attributes Two different types of changelogs are maintained by Directory Server. The first type, referred to as changelog, is used by multi-master replication, and the second changelog, which is in fact a plug-in referred to as retro changelog, is intended for use by LDAP clients for maintaining application compatibility with Directory Server 4.x versions.
Page 192: Nsslapd-Changelogmaxage (Max Changelog Age)
Retro Changelog Plug-in Attributes nsslapd-changelogmaxage (Max Changelog Age) Specifies the maximum age of any entry in the change log. The change log contains a record for each directory modification and is used when synchronizing consumer servers. Each record contains a timestamp. Any record with a timestamp that is older than the value specified in this attribute will be removed.
Page 193: Chapter 4 Server Instance File Reference
Overview of Directory Server Files Chapter 4 Server Instance File Reference This chapter provides an overview of the files that are specific to an instance of Netscape Directory Server (Directory Server) — the files stored under the directory. Having an overview of the files and serverRoot/slapd-serverID configuration information stored in each instance of Directory Server should help you understand the file changes or absence of file changes which occur in the...
Page 194 Overview of Directory Server Files The only exception is the script, which is stored under this migrateInstance7 directory: serverRoot/bin/slapd/admin/bin Code Example 4-1 shows the contents of the directory, serverRoot/slapd-serverID where directories are marked with a and scripts are marked with an .
Page 195: Backup Files
Backup Files Backup Files Each Directory Server instance contains the following three directories for storing backup-related files: • — Contains a directory dated with the time and date of your database backup, such as , which in turn holds your database 2001_02_13_174524/ backup copy.
Page 196 Database Files • — Used for storing the version of the database. DBVERSION • — Stores the database created by default at NetscapeRoot o=NetscapeRoot Typical installation. • — Stores the user-defined suffix (user-defined databases) created userRoot at Typical installation time; for example, dc=example,dc=com Code Example 4-3 shows a sample listing of the directory contents.
Page 197: Ldif Files
ldif Files ldif Files Each Directory Server instance contains the ld directory for storing -related ldif files. Code Example 4-4 shows a sample listing of the directory contents. ldif Code Example 4-4 Contents of a sample ldif directory ../ European.ldif Example.ldif Example-roles.ldif The following list describes the content of each of the...
Page 198: Log Files
Log Files If you get error messages indicating that the lock table is out of available locks [26/Oct/2001:17:44:25 0200] - libdb: Lock table is out of available ), set the value of the attribute in the locks nsslapd-db-locks entry to twice its cn=config,cn=ldbm database,cn=plugins,cn=config current number.
Page 199 Log Files • file is a memory-mapped file which cannot be read by an slapd.stats editor. It contains data collected by the Directory Server SNMP data collection component. This data is read by the SNMP subagent in response to SNMP attribute queries and is communicated to the SNMP master agent responsible for handling Directory Server SNMP requests.
Page 200 Log Files Netscape Directory Server Configuration, Command, and File Reference • October 2004...
Page 201: Chapter 5 Access Log And Connection Code Reference
Access Log Content Chapter 5 Access Log and Connection Code Reference Netscape Directory Server (Directory Server) provides you with logs to help you monitor directory activity. Monitoring allows you to quickly detect and remedy failures and, where done proactively, anticipate and resolve potential problems before they result in failure or poor performance.
Page 202: Access Logging Levels
Access Log Content • Bind result record. • Sequence of operation request/operation result pairs of records (or individual records in the case of connection, closed, and abandon records). • Unbind record. • Closed record. Every line begins with a timestamp — —...
Page 203: Default Access Logging Content
Access Log Content = Logging for access to an entry and referrals. = Precise timing of operation duration. This gives microsecond resolution 131072 for the Elapsed Time item in the access log. For example, if you want to log internal access operations, entry access, and referrals, you would insert a value of (512+4) in the configuration attribute.
Page 204: Connection Number
Access Log Content Code Example 5-1 Access Log Extract with Default Access Logging Level (level 256) [21/Apr/2001:11:39:53 -0700] conn=13 op=1 EXT oid="2.16.840.1.113730.3.5.3" [21/Apr/2001:11:39:53 -0700] conn=13 op=1 RESULT err=0 tag=120 nentries=0 etime=0 21/Apr/2001:11:39:53 -0700] conn=13 op=2 ADD dn="cn=Sat Apr 21 11:39:51 MET DST 2001, dc=example,dc=com" [21/Apr/2001:11:39:53 -0700] conn=13 op=2 RESULT err=0 tag=105 nentries=0 etime=0 csn=3b4c8cfb000000030000 [21/Apr/2001:11:39:53 -0700] conn=13 op=3 EXT...
Page 205: Slot Number
Access Log Content Slot Number The slot number, in this case , is a legacy part of the access log which has slot=608 the same meaning as file descriptor. Ignore this part of the access log. Operation Number To process a given LDAP request, Directory Server will perform the required series of operations.
Page 206: Number Of Entries
Access Log Content • indicates the actual entry for which you were searching. tag=100 • for a result from a search operation. tag=101 • for a result from a modify operation. tag=103 • for a result from an add operation. tag=105 •...
Page 207: Ldap Response Type
Access Log Content • = moddn MODDN • = extended operation • = abandon operation ABANDON If the LDAP request resulted in sorting of entries, then you will see SORT serialno followed by the number of candidate entries that were sorted. See the bold text in this example: [04/May/2002:15:51:46 -0700] conn=114 op=68 SORT serialno (1) The number enclosed in parentheses specifies the number of candidate entries that...
Page 208: Search Scope
Access Log Content beforeCount:afterCount:index:contentCount and ResponseInformation is of the form: targetPosition:contentCount (resultCode) If the client uses a position-by-value VLV request, the format for the first part, the request information would be beforeCount:afterCount:value. The example below shows VLV-specific entries in bold: [07/May/2002:11:43:29 -0700] conn=877 op=8530 SRCH base="(ou=People)"...
Page 209: Extended Operation Oid
Access Log Content Extended Operation OID An extended operation OID, in this case either oid="2.16.840.1.113730.3.5.3" EXT oid="2.16.840.1.113730.3.5.5" provides the OID of the extended operation being performed. Table 5-1 provides the list of LDAPv3 extended operations and their OIDs supported in Directory Server.
Page 210: Abandon Message
Access Log Content Abandon Message The abandon message, in this case, [ 21/Apr/2001:11:39:52 -0700 conn=12 , indicates that an op=2 ABANDON targetop=1 msgid=2 nentries=0 etime=0 operation has been aborted, where indicates the number of entries sent before the operation was nentries=0 aborted, value indicates how much time (in seconds) had elapsed, and...
Page 211: Access Log Content For Additional Access Logging Levels
Access Log Content In logging a SASL bind, the method is followed by the LDAP version number sasl (see “Version Number”) and the SASL mechanism used, as shown below with the GSS-API mechanism. [05/Aug/2004:12:57:14 -0700] conn=32 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI NOTE The authenticated DN (the DN used for access control decisions) is...
Page 212 Access Log Content Code Example 5-2 Access Log Extract with Internal Access Operations Level (Level 4) 12/Jul/2001:16:45:46 +0200] conn=Internal op=-1 RESULT err=0 tag=48 nentries=1etime=0 [12/Jul/2001:16:45:46 +0200] conn=Internal op=-1 SRCH base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config" scope=0 filter="objectclass=nsMappingTree" attrs="nsslapd-state" [12/Jul/2001:16:45:46 +0200] conn=Internal op=-1 RESULT err=0 tag=48 nentries=1etime=0 Access log level enables logging for internal operations, which log the following...
Page 213: Connection Description
Common Connection Codes Connection Description The connection description, in this case indicates that the conn=Internal, connection is an internal connection. The operation number also indicates op=-1 that the operation was initiated internally. Options Description The options description, in this case , indicates that a options=persistent persistent search is being performed.
Page 214: Ldap Result Codes
LDAP Result Codes • = Server failed to flush data response back to client. • = Closed or corrupt connection has been detected. • = Client does not receive a result within the specified idletimeout period. • = Server closed connection after ioblocktimeout period was exceeded. •...
Page 215 LDAP Result Codes Table 5-2 LDAP Result Codes (Continued) Result Code Defined Value CONSTRAINT_VIOLATION ATTRIBUTE_OR_VALUE_EXISTS INVALID_ATTRIBUTE_SYNTAX NO_SUCH_OBJECT ALIAS_PROBLEM INVALID_DN_SYNTAX IS_LEAF ALIAS_DEREFERENCING_PROBLEM INAPPROPRIATE_AUTHENTICATION INVALID_CREDENTIALS INSUFFICIENT_ACCESS_RIGHTS BUSY UNAVAILABLE UNWILLING_TO_PERFORM LOOP_DEFECT NAMING_VIOLATION OBJECT_CLASS_VIOLATION NOT_ALLOWED_ON_NONLEAF NOT_ALLOWED_ON_RDN ENTRY_ALREADY_EXISTS OBJECT_CLASS_MODS_PROHIBITED AFFECTS_MULTIPLE_DSAS (LDAP v3) OTHER SERVER_DOWN LDAP_TIMEOUT PARAM_ERROR CONNECT_ERROR LDAP_NOT_SUPPORTED...
Page 216 LDAP Result Codes Table 5-2 LDAP Result Codes (Continued) Result Code Defined Value NO_RESULTS_RETURNED MORE_RESULTS_TO_RETURN CLIENT_LOOP REFERRAL_LIMIT_EXCEEDED Netscape Directory Server Configuration, Command, and File Reference • October 2004...
Page 217: Chapter 6 Migration From Earlier Versions
Migrated Configuration Attributes Chapter 6 Migration from Earlier Versions This chapter is intended to provide a reference of the information migrated by the script in the case of migration from a 6.x Netscape Directory migrateInstance7 Server (Directory Server) to a 7.x Directory Server. Migration and upgrade from versions 6.1 and previous are not supported in Directory Server 7.0.
Page 218 Migrated Configuration Attributes Table 6-2 lists the configuration attributes store in the entry that are cn=config not automatically migrated when you run the script. migrateInstance7 Attributes that are not automatically migrated are either configured during the installation process for the new Directory Server or need to be configured manually.
Page 219 Migrated Configuration Attributes Table 6-1 Attributes in cn=config Automatically Migrated (Continued) nsslapd-enquote_sup_oc nsslapd-errorlog-level nsslapd-errorlog-logexpirationtime nsslapd-errorlog-logexpirationtimeunit nsslapd-errorlog-logmaxdiskspace nsslapd-errorlog-logminfreediskspace nsslapd-errorlog-logrotationtime nsslapd-errorlog-logrotationtimeunit nsslapd-errorlog-maxlogsize nsslapd-errorlog-maxlogsperdir nsslapd-groupevalnestlevel nsslapd-idletimeout nsslapd-ioblocktimeout nsslapd-lastmod nsslapd-listenhost nsslapd-maxdescriptors (Not applicable on NT and AIX platforms) nsslapd-nagle nsslapd-readonly nsslapd-referralmode nsslapd-plugin-depends-on-name nsslapd-plugin-depends-on-type nsslapd-referral nsslapd-reservedescriptors (Not applicable on NT and AIX platforms) nsslapd-rootpwstoragescheme nsslapd-schemacheck...
Page 220 Migrated Configuration Attributes Table 6-1 Attributes in cn=config Automatically Migrated (Continued) passwordChange passwordCheckSyntax passwordExp passwordExpirationTime passwordHistory passwordInHistory passwordLockout passwordLockoutDuration passwordMaxAge passwordMaxFailure passwordMinAge passwordMinLength passwordMustChange passwordResetFailureCount passwordStorageScheme passwordUnlock passwordWarning Table 6-2 Attributes in cn=config Not Automatically Migrated Attribute Name Reason for not Migrating Automatically Already set up.
Page 221: Database Attributes
Migrated Configuration Attributes Table 6-2 Attributes in cn=config Not Automatically Migrated (Continued) Attribute Name Reason for not Migrating Automatically Pathname to the log that records changes made to the nsslapd-auditlog directory database. It is set up during installation. Read-only attribute. nsslapd-accesslog-level Pathname to the log that records error messages nsslapd-errorlog...
Page 222 Migrated Configuration Attributes Table 6-3 General Database Attributes Automatically Migrated (Continued) nsslapd-mode nsslapd-dbcachesize nsslapd-cache-autosize nsslapd-cache-autosize-split nsslapd-db-transaction-logging Table 6-4 Database-Specific Attributes Automatically Migrated nsslapd-cachesize nsslapd-cachememsize nsslapd-readonly nsslapd-require-index Database-Specific Attributes Not Migrated Table 6-5 Attribute Name Reason for not Migrating Automatically Set up automatically during installation. nsslapd-directory Set up automatically during installation.
Page 223: Database Link Attributes
Migrated Configuration Attributes Database Link Attributes All database link configuration attributes are automatically migrated. Table 6-6 lists the configuration attributes that are common to all database links. These attributes are stored in the entry cn=config, cn=chaining database, cn=plugins, cn=config Table 6-7 lists the configuration attributes for a default instance of a database link. These attributes are stored in the entry cn=default instance config, cn=chaining database, cn=plugins, cn=config...
Page 224: Snmp Attributes
Migrated Configuration Attributes SNMP Attributes All SNMP configuration attributes are automatically migrated. These attributes are stored in the entry , and are listed in Table 6-8. cn=SNMP,cn=config Table 6-8 SNMP Attributes Automatically Migrated nssnmpenabled nssnmporganization nssnmplocation nssnmpcontact nssnmpdescription nssnmpmasterhost nssnmpmasterport Netscape Directory Server Configuration, Command, and File Reference •...
Page 225: Chapter 7 Command-Line Utilities
Finding and Executing Command-Line Utilities Chapter 7 Command-Line Utilities This chapter contains reference information on command-line utilities provided by Netscape Directory Server (Directory Server). These command-line utilities make it easy to perform administration tasks on the Directory Server. This chapter is divided into the following sections: •...
Page 226: Command-Line Utilities Quick Reference
Command-Line Utilities Quick Reference NOTE In order to execute the command-line utilities, you must change to the directory where the command-line utilities are stored. Although it is possible to set command-path and library-path variables to execute the utilities, it is not recommended because you run the risk, particularly when you have more than one server version installed, of disrupting the correct execution of other utilities.
Page 227: Using Special Characters
Using Special Characters Table 7-1 Commonly Used Command-Line Utilities (Continued) Command-Line Utility Description Automatically formats LDIF files for you and creates base ldif 64-encoded attribute values. For details on this tool, see Appendix A in the Netscape Directory Server Administrator’s Guide.
Page 228: Ldapsearch
ldapsearch • optional_list_of_attributes are space-separated attributes that reduce the scope of the attributes returned in the search results. This list of attributes must appear after the search filter. For a usage example, see the Netscape Directory Server Administrator’s Guide. If you do not specify a list of attributes, the search returns values for all attributes permitted by the access control set in the directory with the exception of operational attributes.
Page 229 ldapsearch Option Description Specifies the starting point for the search. The value specified here must be a distinguished name that currently exists in the database. This option is optional if the LDAP_BASEDN environment variable has been set to a base DN. The value specified in this option should be provided in double quotation marks.
Page 230: Ssl Options
ldapsearch Option Description Specifies the TCP port number that the Directory Server uses. For example, -p 1049. The default is 389. If -Z is used, the default is 636. Specifies the scope of the search. The scope can be one of the following: base —...
Page 231 ldapsearch • to specify Directory Server’s encrypted port. • to specify SSL. • to specify your certificate database’s filename and path. • to specify your certificate name. • to specify your private key database’s filename and path. • to specify the password for your private key database. •...
Page 232: Additional Ldapsearch Options
ldapsearch Option Description Specifies the path, including the filename, of the certificate database of the client. You may specify the absolute or relative (to the server root) path. This option is used only with the -Z option. When used on a machine where an SSL-enabled version of Netscape Communicator is configured, the path specified on this option can be that of the certificate database for Communicator.
Page 233 ldapsearch Option Description Specify a different separator. This option can only be used with -o. This option allows you to specify a separator other than a colon “:” to separate an attribute name from the corresponding value. For example, -F + Specifies the file containing the search filter(s) to be used in the search.
Page 234 ldapsearch Option Description Manage smart referrals. Causes the server not to return the smart referral contained on the entry but, instead, to return the actual entry containing the referral. Use this option if you are attempting to search for entries that contain smart referrals.
Page 235: Ldapmodify
ldapmodify ldapmodify enables you to make changes to directory entries via LDAP. ldapmodify Syntax ldapmodify [optional_options] ldapmodify -D binddn [-w passwd] [-acmnrvFR] [-d debug_level] [-h host] [-p port] [-M auth_mechanism] [-Z] [-V version] [ -f file | [-l number_of_ldap_connections] < entryfile ] ldapmodify Options The following three sections list the options that can be specified with ldapmodify...
Page 236 ldapmodify Option Description Specifies the distinguished name with which to authenticate to the server. The value must be a DN recognized by the Directory Server, and it must also have the authority to modify the entries. For example, -D "uid=bjensen, dc=example,dc=com".
Page 237: Ssl Options
ldapmodify Option Description Specifies the proxy DN to use for the delete operation. This argument is provided for testing purposes. For more information about proxied authorization, see chapter 6, “Managing Access Control,” in the Netscape Directory Server Administrator’s Guide. SSL Options You can use the following command-line options to specify that is to ldapmodify...
Page 238: Additional Ldapmodify Options
ldapmodify Option Description Specifies the path, including the filename, of the certificate database of the client. You may specify the absolute or relative (to the server root) path. This option is used only with the -Z option. When used on a machine where an SSL-enabled web browser is configured, the path specified on this option can be pointed to the certificate database for the web browser.
Page 239 ldapmodify Option Description Causes the utility to check every attribute value to determine whether the value is a valid file reference. If the value is a valid file reference, then the content of the referenced file is used as the attribute value. This is often used for specifying a path to a file containing binary data, such as JPEG.
Page 240: Ldapdelete
ldapdelete Option Description Specifies the LDAP version number to be used on the operation. For example, -V 2. LDAP v3 is the default. You can not perform an LDAP v3 operation against a Directory Server that only supports LDAP v2. Specifies the proxy DN to use for the modify operation.
Page 241: Ssl Options
ldapdelete Option Description Specifies that the password policy request control not be sent with the bind request. For details, see Netscape Directory Server Deployment Guide. By default, the new LDAP password policy request control is sent with bind requests. The ldapdelete tool can parse and display information from the response control if it is returned by a server;...
Page 242: Additional Ldapdelete Options
ldapdelete Option Description Specifies the path, including the filename, of the private key database of the client. You may specify the absolute or relative (to the server root) path. You must specify the -K option when the key database has a different name than key3.db or when the key database is not under the same directory as the certificate database, the cert8.db file (the path for which is specified with the -P option).
Page 243: Ldif
ldif Option Description Specifies that the utility must run in continuous operation mode. Errors are reported, but the utility continues with deletions. The default is to quit after reporting an error. Specifies the file containing the distinguished names of entries to be deleted. For example, -f modify_statements.
Page 244: Syntax
dbscan In addition to binary data, other values that must be base-64 encoded include: • Any value that begins with a semicolon (;) or a space. • Any value that contains non-ASCII data, including newlines. command-line utility will take any input and format it with the correct ldif line continuation and appropriate attribute information.
Page 245: Options
dbscan Options Option Parameter Description filename Specifies the name of the database file, the contents of which are to be analyzed and extracted. Specifies that the output is to be generated as an index file. Specifies that the output is to be generated as an entry (id2entry) file.
Page 246 dbscan Netscape Directory Server Configuration, Command, and File Reference • October 2004...
Page 247: Chapter 8 Command-Line Scripts
Finding and Executing Command-Line Scripts Chapter 8 Command-Line Scripts This chapter provides information on the scripts you can use to manage your directory, such as backing-up and restoring your database. Scripts are a shortcut way of executing the interface commands that are documented in ns-slapd Appendix A, “Using the ns-slapd and slapd.exe Command-Line Utilities.”...
Page 248: Command-Line Scripts Quick Reference
Command-Line Scripts Quick Reference NOTE In order to execute the Perl scripts, you must change to the directory where the scripts are stored. Although it is possible to set command-path and library-path variables to execute the scripts, it is not recommended because you run the risk, particularly when you have more than one server version installed, of disrupting the correct execution of other utilities.
Page 249 Command-Line Scripts Quick Reference Table 8-1 Commonly Used Command-Line Shell and Batch Scripts (Continued) Command-Line Script Description Location Imports LDIF files to the database. serverRoot/slapd-serverID ldif2db Runs the slapd (Windows) or ns-slapd (Unix) command-line utility with the ldif2db keyword. By default, the script first saves and then merges any existing configuration tree (o=NetscapeRoot) with any files to be imported.
Page 250: Shell And Batch Scripts
Shell and Batch Scripts Table 8-2 Commonly Used Command-Line Perl Scripts (Continued) Command-Line Perl Script Description Location Imports LDIF files to database. serverRoot/slapd-serverID ldif2db.pl Runs the slapd (Windows) or ns-slapd (Unix) command-line utility with the ldif2db keyword. By default, the script first saves and then merges any existing configuration tree (o=NetscapeRoot), with any files to be imported.
Page 251: Bak2Db (Restore Database From Backup)
Shell and Batch Scripts • getpwenc (Print encrypted password) • ldif2db (Import) • ldif2ldap (Perform import operation over LDAP) • monitor (Retrieve monitoring information) • restart-slapd (Restart the Directory Server) • restoreconfig (Restore Administration Server Configuration) • saveconfig (Save Administration Server Configuration) •...
Page 252: Db2Bak (Create Backup Of Database)
Shell and Batch Scripts For information on the equivalent Perl script, see “bak2db.pl (Restore database from backup),” on page 265. For more information on restoring databases, see chapter 4, “Populating Directory Databases,” in the Netscape Directory Server Administrator’s Guide. db2bak (Create backup of database) Creates a backup of the current database contents.
Page 253: Db2Dsml (Export Database Contents To Dsml)
Shell and Batch Scripts Options You must specify either the or the option. By default, the output LDIF will be stored in one file. Should you want to specify the use of several files, then use the option Option Parameter Description outputFile Name of the output LDIF file.
Page 254: Db2Index (Reindex Database Index Files)
Shell and Batch Scripts Syntax Shell script (UNIX): db2dsml {-n backendInstance}* | {-s includeSuffix}* [{-x excludeSuffix}*] [-u] [-a outputFile] Batch file (Windows): db2dsml {-n backendInstance}* | {-s includeSuffix}* [{-x excludeSuffix}*] [-u] [-a outputFile] Options You must specify either the option. Option Parameter Description...
Page 255: Usage
Shell and Batch Scripts Usage Here are a few sample commands: • To reindex all the database index files: $ db2index • To reindex in the database instance givenname userRoot $ db2index -n userRoot -t cn -t givenname • To reindex in the database where the root suffix is dc=example,dc=com $ db2index -s "dc=example,dc=com"...
Page 256: Getpwenc (Print Encrypted Password)
Shell and Batch Scripts Options Option Parameter Description backendInstance Instance to be exported. includeSuffix Suffix(es) to be included or to specify the subtree(s) to be included if -n has been used. excludeSuffix Suffix(es) to be excluded. dsmlFile Name of the input DSML file. getpwenc (Print encrypted password) Prints the encrypted form of a password using one of the server’s encryption algorithms.
Page 257: Syntax
Shell and Batch Scripts NOTE Note that supports LDIF version 1 specifications. You can ldif2db load an attribute using the URL specifier notation; for example: :< jpegphoto:< file:///tmp/myphoto.jpg Although the official notation requires three , the use of one tolerated. For further information on the LDIF format, see chapter 4, “Managing Directory Entries,”...
Page 258: Ldif2Ldap (Perform Import Operation Over Ldap)
Shell and Batch Scripts Option Parameter Description string Generation of a unique ID. Type none for no unique ID to be generated and deterministic for the generated unique ID to be name-based. By default, a time based unique ID is generated.
Page 259: Monitor (Retrieve Monitoring Information)
Shell and Batch Scripts Options Option Parameter Description rootdn User DN with root permissions, such as Directory Manager. password Password associated with the user DN. filename Name of the file to be imported. When you import multiple files, they are imported in the order in which you specify them on the command-line.
Page 260: Exit Status
Shell and Batch Scripts Options There are no options for this script. Exit Status Server restarted successfully. Server could not be started. Server restarted successfully but was already stopped. Server could not be stopped. restoreconfig (Restore Administration Server Configuration) Restores, by default, the most recently saved Administration Server configuration information to the partition under the following directory: NetscapeRoot...
Page 261: Saveconfig (Save Administration Server Configuration)
Shell and Batch Scripts saveconfig (Save Administration Server Configuration) Saves Administration Server configuration information to the following directory: serverRoot slapd-serverID /confbak This script will only run if the server is running. Syntax Shell script (UNIX): saveconfig Batch file (Windows): saveconfig Options There are no options for this script.
Page 262: Stop-Slapd (Stop The Directory Server)
Shell and Batch Scripts Server could not be started. Server was already started. stop-slapd (Stop the Directory Server) Stops the Directory Server. It might be a good idea to check whether the server has been effectively stopped using the command because it could sometimes be that the script returned while the shutdown process was still on-going, resulting in a confusing message.
Page 263: Vlvindex (Create Virtual List View Indexes)
Shell and Batch Scripts Options Suffix to be mapped to the backend. vlvindex (Create virtual list view indexes) To run the script, the server must be stopped. The script vlvindex vlvindex creates virtual list view (VLV) indexes, known in the Directory Server Console as browsing indexes.
Page 264: Perl Scripts
Perl Scripts Option Parameter Description vlvTag VLV index identifier to use to create VLV indexes. You can use the console to specify VLV index identifier for each database supporting your directory tree, as described in the Netscape Directory Server Administrator’s Guide. You can define additional VLV tags by creating them in LDIF and adding them to Directory Server’s configuration, as described in the Netscape Directory Server Administrator’s...
Page 265: Bak2Db.pl (Restore Database From Backup)
Perl Scripts NOTE The Perl scripts that are bundled with Directory Server require the use of , which is included in the nsPerl directory. Be sure to change to this serverRoot/bin/slapd/admin/bin directory before you run any of the Perl scripts: cd serverRoot/bin/slapd/admin/bin ./perl PerlScriptName Arguments bak2db.pl (Restore database from backup)
Page 266: Db2Bak.pl (Create Backup Of Database)
Perl Scripts db2bak.pl (Create backup of database) Creates a backup of the database. Syntax Perl script (UNIX and db2bak.pl [-v] -D rootdn -w password [-a dirName] Windows): Options The script creates an entry in the directory that launches this dynamic db2bak.pl task.
Page 267: Db2Ldif.pl (Export Database Contents To Ldif)
Perl Scripts Syntax Perl script (UNIX and db2index.pl [-v] -D rootdn { -w password | -j filename Windows): } [-n backendInstance] [-t attributeName] Options The script creates an entry in the directory that launches this db2index.pl dynamic task. The entry is generated based upon the values you provide for each option.
Page 268: Options
Perl Scripts Options To run this script, the server must be running, and either backend_instance or includesuffix is required. This Perl script creates an entry in the directory that launches this db2ldif.pl dynamic task. The entry is generated based upon the values you provide for each option.
Page 269: Ldif2Db.pl (Import)
Perl Scripts ldif2db.pl (Import) To run this script, the server must be running. The script creates an entry in the directory that launches this dynamic task. The entry is generated based upon the values you provide for each option. Syntax Perl script (UNIX and ldif2db.pl [-v] -D rootdn -w password -n Windows):...
Page 270: Logconv.pl (Log Converter)
Perl Scripts Option Parameter Description string Generates a unique ID. Type none for no unique ID to be generated and deterministic for the generated unique ID to be name-based. By default, a time-based unique ID is generated. If you use the deterministic generation to have a name-based unique ID, you can also specify the namespace you want the server to use as follows: -g deterministic namespaceId...
Page 271 Perl Scripts Number of restarts FDs (file descriptors) taken FDs returned Total number of connections Highest FD taken Total operations requested Total results returned Disruptions: Results to requests ratio Broken pipes Connections reset by peer Number of searches Unavailable resources (and detail) Number of modifications Number of adds Total binds and types of binds...
Page 272: Syntax
Perl Scripts Some information that is extracted by the script is available only in logconv.pl logs from current releases of Directory Server; the corresponding values will be zero when analyzing logs from older versions. In addition, some information will only be present in the logs if verbose logging is enabled in your Directory Server. For more information, see “nsslapd-accesslog-level,”...
Page 273: Options
Perl Scripts Options command-line options are described in the following table. logconv.pl The parameters without a preceding dash ( ) at the end of the table will enable the optional lists of occurrences. Specify only those you need to limit the output and improve execution speed.
Page 274 Perl Scripts Opti Parameter Description Enables the most verbose output. With this option, logconv.pl will compute and display all of the optional lists described below. Lists connection latency details (gives you an idea about the overall connection latency). Lists open connection ID statistics (gives you an idea about the FDs that are not yet closed).
Page 275: Migrateinstance7 (Migrate To Directory Server 7.X)
Perl Scripts migrateInstance7 (Migrate to Directory Server 7.x) script (this is a Perl script despite the fact that it does not migrateInstance7 have the extension) migrates an instance of a previous release of Directory Server to Directory Server 7.x. When you run this script, it migrates the configuration files or configuration entries, database instances, and schema with minimum manual intervention.
Page 276: Ns-Accountstatus.pl (Establish Account Status)
Perl Scripts Option Parameter Description oldInstancePath Specifies the path to the legacy Directory Server instance. For example: /usr/netscape/server6/slapd-phonebook. newInstancePath Specifies the path to the new (7.x) Directory Server instance. For example: /usr/netscape/servers/slapd-phonebook. Specifies the trace level. The trace level is set to 0 by default, with a valid range of 0 to 3.
Page 277: Ns-Activate.pl (Activate An Entry Or Group Of Entries)
Perl Scripts Option Parameter Description host Specifies the host name of the Directory Server. The default value is the full host name of the machine where Directory Server is installed. Specifies the entry DN or role DN whose status is required. ns-activate.pl (Activate an entry or group of entries) Activates an entry or group of entries.
Page 278: Ns-Newpwpolicy.pl (Add Attributes For Fine-Grained Password Policy)
Perl Scripts Syntax Perl script (UNIX and ns-inactivate.pl [-D rootdn] -w password [-p port] Windows): [-h host] -I DN Options Option Parameter Description rootdn Specifies the Directory Server user DN with root permissions, such as Directory Manager. password Specifies the password associated with the user DN. port Specifies the Directory Server’s port.
Page 279: Template-Cl-Dump.pl (Dump And Decode Changelog)
Perl Scripts Options Option Parameter Description rootdn Specifies the Directory Server user DN with root permissions, such as Directory Manager. The default value is cn=directory manager. password Specifies the password associated with the user DN. Prompts for the password associated with the user DN. filename Specifies the path, including the file name, to the file that contains the password associated with the user DN.
Page 280: Options
Perl Scripts Options In the absence of the option, the script must be run when the Directory Server is running and from a location from which the server’s change-log directory is accessible. Option Parameter Description host Specifies the Directory Server’s host. Defaults to the server where the script is running.
Page 281: Configuration File Format
Perl Scripts Options Option Parameter Description host Specifies the initial replication supplier’s host. The default value is the current hostname. port Specifies the initial replication supplier’s port. The default value is 389. configFile Specifies the absolute path to the configuration file, which defines the connection parameters used to connect to LDAP servers to get replication information.
Page 282 Perl Scripts • The color thresholds for time lags; specifying this information is optional. The format for the configuration file is shown below. [connection] host:port:binddn:bindpwd:bindcert host:port:binddn:bindpwd:bindcert [alias] alias = host:port alias = host:port [color] lowmark = color lowmark = color In the connection section, you specify how this tool may connect to each LDAP server in your replication topology to get the replication-agreement information.
Page 283 Perl Scripts Because of the connection parameters, the replication-monitoring tool does not need to do DES decryption of the credentials stored in the Directory Server. Each line in this file could either be a comment started with the character or a connection entry of the format: host:port:binddn:bindpwd:bindcert where...
Page 284 Perl Scripts Netscape Directory Server Configuration, Command, and File Reference • October 2004...
Page 285: Overview Of Ns-Slapd And Slapd.exe Commands
Overview of ns-slapd and slapd.exe Commands Appendix A Using the ns-slapd and slapd.exe Command-Line Utilities In chapter 8, “Command-Line Scripts,” we looked at the scripts for performing routine administration tasks on the Netscape Directory Server (Directory Server). In this appendix, we will look at the command-line utilities ns-slapd slapd...
Page 286: Ns-Slapd (Unix)
Finding and Executing the ns-slapd and slapd.exe Command-Line Utilities ns-slapd (UNIX) is used on a Unix operating system to start the Directory Server ns-slapd process, to build a directory database from an LDIF file, or to convert an existing database to an LDIF file. For more information on starting and stopping the Directory Server, importing from LDIF using the command-line, and exporting to LDIF using the command-line, see chapter 4, “Populating Directory Databases,”...
Page 287: Ns-Slapd And Slapd.exe Command-Line Utilities For Exporting Databases
ns-slapd and slapd.exe Command-Line Utilities for Exporting Databases ns-slapd and slapd.exe Command-Line Utilities for Exporting Databases db2ldif Exports the contents of the database to LDIF. Syntax Shell script (UNIX): ns-slapd db2ldif -D configDir -a outputFile [-d debugLevel] [-n backendInstance] [ -r] [-s includeSuffix] [-x excludeSuffix] [-N] [-u] -[U] Batch file (Windows): slapd.exe db2ldif -D configDir -a outputFile...
Page 288 ns-slapd and slapd.exe Command-Line Utilities for Exporting Databases Option Parameter Description Causes the server to include the copiedFrom attribute and its contents in the LDIF output when importing the LDIF file to a consumer server. This information is required by the server by the replication process.
Page 289: Ns-Slapd And Slapd.exe Command-Line Utilities For Restoring And Backing Up Databases
ns-slapd and slapd.exe Command-Line Utilities for Restoring and Backing up Databases ns-slapd and slapd.exe Command-Line Utilities for Restoring and Backing up Databases ldif2db Imports LDIF files to the database. Syntax Shell script (UNIX): ns-slapd ldif2db -D configDir -i ldifFile [-d debugLevel] [-g string] [-n backendInstance] -O [-s includeSuffix] [-x excludeSuffix] Batch file (Windows): slapd ldif2db -D configDir -i ldifFile [-d debugLevel]...
Page 290 ns-slapd and slapd.exe Command-Line Utilities for Restoring and Backing up Databases Option Parameter Description string Generation of a unique ID. Type none for no unique ID to be generated and deterministic for the generated unique ID to be name-based. By default, a time-based unique ID is generated.
Page 291: Archive2Db
ns-slapd and slapd.exe Command-Line Utilities for Restoring and Backing up Databases Option Parameter Description excludeSuffix Allows you to specify suffixes within the LDIF file to exclude during the import. You can use multiple -x arguments. This option lets you selectively import portions of the LDIF file. If you use both -x and -s with the same suffix, -x takes precedence.
Page 292: Db2Archive
ns-slapd and slapd.exe Command-Line Utilities for Restoring and Backing up Databases Options Option Parameter Description configDir Specifies the location of the server configuration directory that contains the configuration information for the index creation process. You must specify the full path to the slapd-serverID directory.
Page 293 ns-slapd and slapd.exe Command-Line Utilities for Creating and Regenerating Indexes ns-slapd and slapd.exe Command-Line Utilities for Creating and Regenerating Indexes db2index Creates and regenerates indexes. Syntax Shell script (UNIX): slapd db2index -D configDir [-d debugLevel] -n backendName -t attributeName[:indexTypes[:matchingRules]] | [-T vlvTag] Batch file (Windows): slapd db2index -D configDir [-d debugLevel]...
Page 294 ns-slapd and slapd.exe Command-Line Utilities for Creating and Regenerating Indexes Option Parameter Description attributeName Specifies the attribute to be indexed as well as the types of indexes to create and matching rules to apply (if any). If you want to specify a matching rule, you must specify an index type. You cannot use this option with option -T.
Page 295 Glossary access control instruction See ACI. ACI Also Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list See ACL. ACL Also Access Control List. The mechanism for controlling access to your directory.
Page 296 approximate index Allows for efficient approximate or “sounds-like” searches. attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list A list of required and optional attributes for a given entry type or object class.
Page 297 browser Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. browsing index Also virtual view index. Speeds up the display of entries in the Directory Server Console.
Page 298 CIR See consumer-initiated replication. class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory. class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes.
Page 299 DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. data master The server that is the master source of a particular piece of data. database link An implementation of chaining. The database link behaves like a database but has no persistent storage.
Page 300 DNS alias A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as might point to a real machine called www.yourdomain.domain where the server currently exists.
Page 301 hostname A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, is the machine www.example.com in the subdomain domain. example HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Netscape Navigator how to display text, position graphics, and form items and to display links to other pages.
Page 302 knowledge reference Pointers to directory information stored in different databases. LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms. LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format.
Page 303 mapping tree A data structure that associates the names of suffixes (subtrees) with databases. master agent See SNMP master agent. matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use.
Page 304 nested role Allows the creation of roles that contain other roles. network management application Network Management Station component that graphically displays information about SNMP managed devices (which device is up or down, which and how many error messages were received, etc.). network management station See NMS.
Page 305 password file A file on Unix machines that stores Unix user login names, passwords, and user ID numbers. It is also known as because of /etc/passwd where it is kept. password policy A set of rules that governs how passwords are used in a given directory.
Page 306 RAM Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down. rc.local A file on Unix machines that describes programs that are run when the machine starts. It is also called because of its location.
Page 307 role An entry grouping mechanism. Each role has members, which are the entries that possess the role. role-based attributes Attributes that appear on an entry because it possesses a particular role within an associated CoS template. root The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine.
Page 308 service A background process on a Windows machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning. SIE Server Instance Entry. The ID assigned to an instance of Directory Server during installation. Simple Authentication and Security Layer See SASL.
Page 309 suffix The name of the entry at the top of the directory tree, below which data is stored. Multiple suffixes are possible within the same directory. Each database only has one suffix. superuser The most privileged user available on Unix machines. The superuser has complete access privileges to all files on the machine.
Page 310 uid A unique number associated with each user on a Unix system. URL Uniform Resource Locator. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is .
Page 311 Index SYMBOLS ::, in LDIF statements 243 NUMERICS 00core.ldif ldif files 121 05rfc2247.ldif ldif files 121 05rfc2927.ldif ldif files 121 10rfc2307.ldif ldif files 121 20subscriber.ldif ldif files 121 25java-object.ldif ldif files 121 28pilot.ldif ldif files 121 30ns-common.ldif ldif files 121 50ns-admin.ldif ldif files 121 50ns-calendar.ldif...
Page 312 ldif files 122 50ns-compass.ldif ldif files 122 50ns-delegated-admin.ldif ldif files 122 50ns-directory.ldif ldif files 122 50ns-legacy.ldif ldif files 122 50ns-mail.ldif ldif files 122 50ns-mcd-browser.ldif ldif files 122 50ns-mcd-config.ldif ldif files 122 50ns-mcd-li.ldif ldif files 122 50ns-mcd-mail.ldif ldif files 122 50ns-media.ldif ldif files 122 50ns-mlm.ldif ldif files 122...
Page 313 access log connection code 213 A1 213 B1 213 B2 213 B3 213 B4 214 P2 214 T1 214 T2 214 U1 214 contents 201 abandon message (ABANDON) 210 change sequence number (csn) 209 connection description (conn) 213 connection number (conn) 204 elapsed time (etime) 206 error number (err) 205 extended operation OID (oid) 209...
Page 314 backendMonitorDN attribute 116 backup files 195 bak2db command-line shell and batch script 251 quick reference 248 bak2db.pl command-line perl script 265 quick reference 249 base 243 base 64 encoding 243 binary data, LDIF and 243 Browsing Indexes 263 bytessentattribute 116 changelog multi-master replication changelog 92 changelog configuration attributes...
Page 315 object classes 95 cn=mapping tree object classes 98 suffix and replication configuration entries 98 cn=monitor object classes 115 read-only monitoring configuration entries 115 cn=NetscapeRoot configuration 31 cn=SNMP object classes 117 SNMP configuration entries 117 cn=uniqueid generator object classes 120 uniqueid generator configuration entries 120 cn=UserRoot configuration 31 command-line scripts 247...
Page 316 start-slapd 261 stop-slapd 262 suffix2instance 262 template-cl-dump.pl 279 template-repl-monitor.pl 280 vlvindex 263 command-line utilities dbscan 244–245 finding and executing 225 ldapdelete 240–243 ldapmodify 235–240 ldapsearch 228–234 ldif 243–244 Configuration plug-in functionality 30 configuration access control 32 accessing and modifying 32 changing attributes 33 cn=NetscapeRoot 31 cn=UserRoot 31...
Page 317 modifying using LDAP 33 restrictions to modifying 34 configuration files 195 location of 32 configuration information tree dse.ldif file 35 connection attribute 115 connection code 213 core server configuration attributes backendMonitorDN 116 bytessent 116 cn 100 connection 115 currentconnection 115 currenttime 116 description 105 dtablesize 116...
Page 318 nsDS5ReplicaTransportInfo 114 nsDS5ReplicaType 104 nsDS5ReplicaUpdateInProgress 114 nsDS5ReplicaUpdateSchedule 115 nsslapd-accesscontrol 36 nsslapd-accesslog 37 nsslapd-accesslog-level 38 nsslapd-accesslog-list 38 nsslapd-accesslog-logbuffering 39 nsslapd-accesslog-logexpirationtime 39, 85 nsslapd-accesslog-logexpirationtimeunit 39, 43 nsslapd-accesslog-logging-enabled 40 nsslapd-accesslog-logmaxdiskspace 40 nsslapd-accesslog-logminfreediskspace 41 nsslapd-accesslog-logrotationsync-enabled 41 nsslapd-accesslog-logrotationsynchour 42 nsslapd-accesslog-logrotationsyncmin 42 nsslapd-accesslog-logrotationtime 43 nsslapd-accesslog-maxlogsize 44 nsslapd-accesslog-maxlogsperdir 44 nsslapd-accesslog-mode 45 nsslapd-attribute-name-exceptions 46...
Page 319 nsslapd-errorlog-level 58 nsslapd-errorlog-llist 59 nsslapd-errorlog-logexpirationtime 59 nsslapd-errorlog-logexpirationtimeunit 59 nsslapd-errorlog-logging-enabled 60 nsslapd-errorlog-logmaxdiskspace 60 nsslapd-errorlog-logminfreediskspace 61 nsslapd-errorlog-logrotationsync-enabled 61 nsslapd-errorlog-logrotationsynchour 62 nsslapd-errorlog-logrotationsyncmin 62 nsslapd-errorlog-logrotationtime 62, 63 nsslapd-errorlog-logrotationtimeunit 64 nsslapd-errorlog-maxlogsize 64 nsslapd-errorlog-maxlogsperdir 65 nsslapd-errorlog-mode 65 nsslapd-groupvalnestlevel 66 nsslapd-idletimeout 67 nsslapd-instancedir 67 nsslapd-ioblocktimeout 67 nsslapd-lastmod 68 nsslapd-listenhost 68 nsslapd-localhost 69 nsslapd-localuser 69...
Page 320 nsslapd-ssl-check-hostname 83 nsslapd-state 99 nsslapd-threadnumber 83 nsslapd-timelimit 84 nsslapd-versionstring 84 nssnmpcontact 118 nssnmpdescription 118 nssnmpenabled 117 nssnmplocation 118 nssnmpmasterhost 119 nssnmpmasterport 119 nssnmporganization 117 nsssl2 attribute 96 nsssl3 attribute 96 nsssl3ciphers attribute 97 nssslclientauth attribute 96 nssslsessiontimeout attribute 95 nsState 105 nsstate 120 opscompleted 116 opsinitiated 116...
Page 321 exporting 252, 253 importing 255 reindexing index files 254 database encryption nsAttributeEncryption 178 nsEncryptionAlgorithm 178 database files 195 database link plug-in configuration attributes nsAbandonCount 190 nsAbandonedSearchCheckInterval 183 nsActiveChainingComponents 181 nsAddCount 189 nsBindConnectionCount 190 nsBindConnectionsLimit 183 nsBindCount 190 nsBindRetryLimit 183 nsBindTimeout 184 nsCheckLocalACI 184 nsCompareCount 190 nsConcurrentBindLimit 184...
Page 322 dbcachepagein 167 dbcachepageout 167 dbcacheroevict 167 dbcacherwevict 167 dbcachetries 167 dbfilecachehit 176 dbfilecachemiss 176 dbfilenamenumber 176, 183 dbfilepagein 176 dbfilepageout 177 description 176 nsIndexType 174 nsLookThroughLimit 152 nsMatchingRule 175 nsslapd-cache-autosize 153 nsslapd-cache-autosize-split 153 nsslapd-cachememsize 169 nsslapd-cachesize 168 nsslapd-db-abort-rate 171 nsslapd-db-active-txns 171 nsslapd-db-cache-hit 171 nsslapd-db-cache-region-wait-rate 171 nsslapd-dbcachesize 154...
Page 323 nsslapd-db-log-write-rate 173 nsslapd-db-longest-chain-length 173 nsslapd-dbncache 163 nsslapd-db-page-create-rate 173 nsslapd-db-page-ro-evict-rate 173 nsslapd-db-page-rw-evict-rate 173 nsslapd-db-pages-in-use 173 nsslapd-db-page-size 160 nsslapd-db-page-trickle-rate 173 nsslapd-db-page-write-rate 173 nsslapd-db-spin-count 161 nsslapd-db-transaction-batch-val 161 nsslapd-db-transaction-logging 162 nsslapd-db-trickle-percentage 162 nsslapd-db-txn-region-wait-rate 173 nsslapd-db-verbose 163 nsslapd-directory 169 nsslapd-idlistscanlimit 152 nsslapd-import-cache-autosize 165 nsslapd-import-cachesize 164 nsslapd-mode 166 nsslapd-readonly 169 nsslapd-require-index 170...
Page 324 db2index 293 db2ldif command-line shell and batch script 252 quick reference 248 db2ldif.pl command-line perl script 267 quick reference 249 dbcachehitratio attribute 167 dbcachehits attribute 167 dbcachepagein attribute 167 dbcachepageout attribute 167 dbcacheroevict attribute 167 dbcacherwevict attribute 167 dbcachetries attribute 167 dbfilecachehit attribute 176 dbfilecachemiss attribute 176 dbfilenamenumber attribute 176, 183...
Page 325 encryption root password 78 specifying password storage scheme 91 encryption configuration attributes nsssl2 96 nsssl3 96 nsssl3ciphers 97 nssslclientauth 96 nssslsessiontimeout 95 encryption configuration entries cn=encryption 95 encryption method, for root password 78 entriessent attribute 116 entrydn.db4 file 196 files ancestorid.db4 196 containing search filters 233 entrydn.db4 196...
Page 326 configuration of 31 jpeg images 243 LDAP modifying configuration entries 33 LDAP Data Interchange Format (LDIF) binary data 243 LDAP result codes 214 ldapdelete command-line utility additional options 242 commonly used options 240 options 235, 240 ssl options 241 syntax 240 ldapmodify command-line utility additional options 238 commonly used options 235...
Page 327 05rfc2247.ldif 121 05rfc2927.ldif 121 10rfc2307.ldif 121 20subscriber.ldif 121 25java-object.ldif 121 28pilot.ldif 121 30ns-common.ldif 121 50ns-admin.ldif 121 50ns-calendar.ldif 121 50ns-certificate.ldif 122 50ns-compass.ldif 122 50ns-directory.ldif 122 50ns-legacy.ldif 122 50ns-mail.ldif 122 50ns-mcd-browser.ldif 122 50ns-mcd-config.ldif 122 50ns-mcd-li.ldif 122 50ns-mcd-mail.ldif 122 50ns-media.ldif 122 50ns-mlm.ldif 122 50ns-msg.ldif 122 50ns-netshare.ldif 122 50ns-news.ldif 122...
Page 328 logconv.pl script 270 options 273 syntax 272 Meta Directory changelog retro changelog 92 migrateInstance7 quick reference 250 monitor command-line shell and batch script 259 quick reference 249 multi-master replication changelog changelog 92 nbackends attribute 116 nsAbandonCount attribute 190 nsAbandonedSearchCheckInterval attribute 183 ns-accountstatus.pl command-line perl script 276 quick reference 250...
Page 329 nsDeleteCount attribute 190 nsDS50ruv attribute 115 nsDS5Flags attribute 101 nsDS5ReplicaBindDN attribute 101, 106 nsDS5ReplicaBindMethod attribute 106 nsDS5ReplicaBusyWaitTime attribute 107 nsDS5ReplicaChangeCount attribute 102 nsDS5ReplicaChangesSentSinceStartup attribute 107 nsDS5ReplicaCredentials attribute 108 nsDS5ReplicaHost attribute 108 nsDS5ReplicaID attribute 102 nsDS5ReplicaLastInitEnd attribute 108 nsDS5ReplicaLastInitStart attribute 109 nsDS5ReplicaLastInitStatus attribute 109 nsDS5ReplicaLastUpdateEnd attribute 110 nsDS5ReplicaLastUpdateStart attribute 110...
Page 330 nsMaxTestResponseDelay attribute 181 nsModifyCount attribute 190 nsMultiplexorBindDN attribute 188 nsMultiplexorCredentials attribute 188 ns-newpolicy.pl quick reference 250 ns-newpwpolicy.pl command-line perl script 278 nsOperationConnectionCount attribute 190 nsOperationConnectionsLimit attribute 186 nsProxiedAuthorization attribute 186 nsReferralOnScopedSearch attribute 186 nsRenameCount attribute 190 nsSearchBaseCount attribute 190 nsSearchOneLevelCount attribute 190 nsSearchSubtreeCount attribute 190 nsSizeLimit attribute 187 ns-slapd and slapd.exe command-line utilities...
Page 331 nsslapd-attribute-name-exceptions attribute 46 nsslapd-auditlog-logexpirationtime attribute 47 nsslapd-auditlog-logexpirationtimeunit attribute 48 nsslapd-auditlog-logging-enabled attribute 48 nsslapd-auditlog-logmaxdiskspace attribute 49 nsslapd-auditlog-logminfreediskspace attribute 49 nsslapd-auditlog-logrotationsync-enabled attribute 50 nsslapd-auditlog-logrotationsynchour attribute 50 nsslapd-auditlog-logrotationsyncmin attribute 51 nsslapd-auditlog-logrotationtime attribute 51 nsslapd-auditlog-logrotationtimeunit attribute 52 nsslapd-auditlog-maxlogsize attribute 52 nsslapd-auditlog-maxlogsperdir attribute 53 nsslapd-auditlog-mode attribute 53 nsslapd-backend attribute 100 nsslapd-cache-autosize attribute 153 nsslapd-cache-autosize-split attribute 153...
Page 332 nsslapd-db-hash-elements-examine-rate attribute 172 nsslapd-db-hash-search-rate attribute 172 nsslapd-db-home-directory attribute 157 nsslapd-db-idl-divisor attribute 158 nsslapd-db-lock-conflicts attribute 172 nsslapd-db-lockers attribute 172 nsslapd-db-lock-region-wait-rate attribute 172 nsslapd-db-lock-request-rate attribute 172 nsslapd-db-logbuf-size attribute 159 nsslapd-db-log-bytes-since-checkpoint attribute 172 nsslapd-db-logdirectory attribute 159 nsslapd-db-logfile-size attribute 160 nsslapd-db-log-region-wait-rate attribute 172 nsslapd-db-log-write-rate attribute 173 nsslapd-db-longest-chain-length attribute 173 nsslapd-dbncache attribute 163 nsslapd-db-page-create-rate attribute 173...
Page 333 nsslapd-errorlog-logrotationtime attribute 62, 63 nsslapd-errorlog-logrotationtimeunit attribute 64 nsslapd-errorlog-maxlogsize attribute 64 nsslapd-errorlog-maxlogsperdir attribute 65 nsslapd-errorlog-mode attribute 65 nsslapd-groupvalnestlevel attribute 66 nsslapd-idletimeout attribute 67 nsslapd-idlistscanlimit attribute 152 nsslapd-import-cache-autosize attribute 165 nsslapd-import-cachesize attribute 164 nsslapd-instancedir attribute 67 nsslapd-ioblocktimeout attribute 67 nsslapd-lastmod attribute 68 nsslapd-listenhost attribute 68 nsslapd-localhost attribute 69 nsslapd-localuser attribute 69...
Page 334 nsslapd-rootdn attribute 77 nsslapd-rootpw attribute 78 nsslapd-rootpwstoragescheme attribute 78 nsslapd-schemacheck attribute 80 nsslapd-schema-ignore-trailing-spaces attribute 79 nsslapd-schemareplace attribute 80 nsslapd-securelistenhost attribute 81 nsslapd-securePort attribute 81 nsslapd-security attribute 82 nsslapd-sizelimit attribute 82 nsslapd-ssl-check-hostname attribute 83 nsslapd-state attribute 99 nsslapd-suffix attribute 170 nsslapd-threadnumber attribute 83 nsslapd-timelimit attribute 84 nsslapd-versionstring attribute 84 nssnmpcontact attribute 118...
Page 335 opscompleted attribute 116 opsinitiated attribute 116 parentid.db4 file 196 passswordLockoutDuration attribute 88 pass-through authentication 304 passwordChange attribute 85 passwordCheckSyntax attribute 85 passwordExp attribute 86 passwordHistory attribute 86 passwordInHistory attribute 87 passwordLockout attribute 87 passwordMaxAge attribute 88 passwordMaxFailure attribute 88 passwordMinAge attribute 89 passwordMinLength attribute 89 passwordMustChange attribute 90 passwordResetFailureCount attribute 90...
Page 336 dbfilepageout 177 description 176 nsAbandonCount 190 nsAbandonedSearchCheckInterval 183 nsActiveChainingComponents 181 nsAddCount 189 nsBindConnectionCount 190 nsBindConnectionsLimit 183 nsBindCount 190 nsBindRetryLimit 183 nsBindTimeout 184 nsCheckLocalACI 184 nsCompareCount 190 nsConcurrentBindLimit 184 nsConcurrentOperationsLimit 185 nsConnectionLife 185 nsDeleteCount 190 nsFarmServerURL 188 nshoplimit 189 nsIndexType 174 nsLookThroughLimit 152 nsMatchingRule 175 nsMaxResponseDelay 181...
Page 337 nsslapd-db-cache-size-bytes 171 nsslapd-db-cache-try 171 nsslapd-db-checkpoint-interval 154 nsslapd-db-circular-logging 155 nsslapd-db-clean-pages 171 nsslapd-db-commit-rate 171 nsslapd-db-deadlock-rate 172 nsslapd-db-debug 156 nsslapd-db-dirty-pages 172 nsslapd-db-durable-transactions 156 nsslapd-db-hash-buckets 172 nsslapd-db-hash-elements-examine-rate 172 nsslapd-db-hash-search-rate 172 nsslapd-db-home-directory 157 nsslapd-db-idl-divisor 158 nsslapd-db-lock-conflicts 172 nsslapd-db-lockers 172 nsslapd-db-lock-region-wait-rate 172 nsslapd-db-lock-request-rate 172 nsslapd-db-logbuf-size 159 nsslapd-db-log-bytes-since-checkpoint 172 nsslapd-db-logdirectory 159 nsslapd-db-logfile-size 160...
Page 338 nsslapd-pluginDescription 150 nsslapd-pluginEnabled 148 nsslapd-pluginId 149 nsslapd-pluginInitFunc 147 nsslapd-pluginPath 147 nsslapd-pluginType 148 nsslapd-pluginVendor 149 nsslapd-pluginVersion 149 nsslapd-readonly 169 nsslapd-require-index 170 nsslapd-suffix 170 nsSystemIndex 174 nsTimeLimit 187 nsTransmittedControls 182 nsUnbindCount 190 plug-ins configuration of 28 port numbers less than 1024 72 read-only monitoring configuration attributes backendMonitorDN 116 bytessent 116...
Page 339 nsDS5ReplicaBusyWaitTime 107 nsDS5ReplicaChangesSentSinceStartup 107 nsDS5ReplicaCredentials 108 nsDS5ReplicaHost 108 nsDS5ReplicaLastInitEnd 108 nsDS5ReplicaLastInitStart 109 nsDS5ReplicaLastInitStatus 109 nsDS5ReplicaLastUpdateEnd 110 nsDS5ReplicaLastUpdateStart 110 nsDS5ReplicaLastUpdateStatus 110 nsDS5ReplicaPort 111 nsDS5ReplicaReapActive 111 nsDS5ReplicaRefresh 111 nsDS5ReplicaRoot 112 nsDS5ReplicaSessionPauseTime 112 nsDS5ReplicaTimeout 113 nsDS5ReplicaTransportInfo 114 nsDS5ReplicaUpdateInProgress 114 nsDS5ReplicaUpdateSchedule 115 object classes 105 replication configuration attributes cn 100 nsDS5Flags 101...
Page 340 retro changelog plug-in configuration attributes nsslapd-changelogdir 191 root password, Root DN and 78 saveconfig command-line shell and batch script 261 quick reference 249 scripts 247 location of perl scripts 249 location of shell and batch scripts 248 perl scripts 264 search filters specifying file 233, 243 search operations...
Page 341 quick reference 249 starttime attribute 116 statistics from access logs 271 stop-slapd command-line shell and batch script 262 quick reference 249 suffix and replication configuration entries cn=mapping tree 98 suffix configuration attributes nsslapd-backend 100 nsslapd-state 99 object classes 99 suffix2instance quick reference 249 suffixd2instance command-line shell and batch script 262...
Page 342 command-line shell and batch script 263 quick reference 249 Netscape Directory Server Configuration, Command, and File Reference • October 2004...

Netscape DIRECTORY SERVER 7.0 Configuration Manual

About this Reference Guide

Chapter 1 Introduction

Chapter 2 Core Server Configuration Reference

Chapter 3 Plug-In Implemented Server Functionality Reference

Quick Links

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 7.0

Summary of Contents for Netscape NETSCAPE DIRECTORY SERVER 7.0