Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE ENTREPRISE SERVER 6.0 - ADMINISTRATOR
Summary of Contents for Netscape NETSCAPE ENTREPRISE SERVER 6.0 - ADMINISTRATOR
- Page 1 Administrator’s Guide Netscape Enterprise Server Version 6.0 November 2001...
- Page 2 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
-
Page 3: Table Of Contents
Contents About This Guide ............. . 19 What’s In This Guide? . - Page 4 Virtual Server Configuration ............38 Multiple-Server Configuration .
- Page 5 Creating Users ............... . . 63 Guidelines for Creating User Entries .
- Page 6 Chapter 5 Securing Your Enterprise Server ........89 Requiring Authentication .
- Page 7 Requiring Client Authentication ............119 To Require Client Authentication .
- Page 8 Restarting With Inittab (UNIX/Linux) ..........150 Restarting With the System RC Scripts (UNIX/Linux) .
- Page 9 Limiting Access to Areas of Your Server ..........186 Restricting Access to the Entire Server .
- Page 10 Chapter 10 Monitoring Servers ..........215 Monitoring the Server Using Statistics .
- Page 11 Configuring Your Search Pattern Files ..........250 Configuring Files Manually .
- Page 12 User-defined Pattern Variables ........... . 285 Configuration File Variables .
- Page 13 Specifying Settings Associated with a Virtual Server ........311 Allowing Users to Monitor Individual Virtual Servers .
- Page 14 Configuring Unique CGI Attributes for Each Software Virtual Server ....346 Specifying CGI as a File Type ............347 Downloading Executable Files .
- Page 15 Editing a Configuration Style ............374 Removing a Configuration Style .
- Page 16 Response Data ..............395 Appendix C ACL File Syntax .
- Page 17 Installing FrontPage Server Extensions ........... 420 Installing FrontPage Server Extensions on Windows NT Systems .
- Page 18 Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 19: About This Guide
About This Guide This guide describes how to configure and administer Netscape® Enterprise Server, Version 6.0. It is intended for information technology administrators in the corporate enterprise who want to extend client-server applications to a broader audience through the World Wide Web. This preface includes the following sections: •... -
Page 20: Part I: Server Basics
How This Guide Is Organized Once you are familiar with the fundamentals of using the Administration Server, you can refer to Part III, “Configuring, Monitoring, and Performance Tuning,” which includes examples of how to configure and monitor your Enterprise Servers. Part IV, “Managing Virtual Servers and Services”... -
Page 21: Part Iii: Configuring, Monitoring, And Performance Tuning
How This Guide Is Organized Part III: Configuring, Monitoring, and Performance Tuning This part includes examples of how to use the Server Manager to configure and monitor your Enterprise Servers. The following chapters are included: • Chapter 7, “Configuring Server Preferences” describes how to configure server preferences for your Enterprise Server. -
Page 22: Part V: Appendixes
Conventions Used In This Guide Part V: Appendixes This section includes various appendixes with reference material that you may wish to review. This section includes the following appendixes: • Appendix A, “Command Line Utilities” provides instructions for using command line utilities in place of the user interface screens. - Page 23 Using the Enterprise Server Documentation NOTE Printed manuals are also available as online files in PDF and HTML format. See the Netscape Enterprise Server Release Notes for URLs pointing to these documents. Enterprise Server Table 1 Documentation For information about See the following Late-breaking information about the software and the documentation.
- Page 24 Using the Enterprise Server Documentation Table 1 Enterprise Server Documentation (Continued) For information about See the following An overview of the programming technologies and APIs you can use to Netscape Enterprise Server extend and modify Enterprise Server, to dynamically generate content in Programmer’s Guide response to client requests, and to modify the content of the server.
-
Page 25: Part 1 Server Basics
Part 1 Server Basics Chapter 1, “Introduction to Enterprise Server” Chapter 2, “Administering Enterprise Servers”... - Page 26 Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 27: Chapter 1 Introduction To Enterprise Server
Chapter 1 Introduction to Enterprise Server This chapter introduces Netscape Enterprise Server and discusses some of the fundamental server concepts. Read it to obtain an overview of how Enterprise Server works. This chapter includes the following sections: • Enterprise Server •... -
Page 28: Enterprise Server Features
Enterprise Server Enterprise Server Features Enterprise Server is primarily designed to provide access to your business HTML files. In addition, it offers the following features: • Enterprise-wide manageability—Including delegated administration, cluster management, and LDAP (Lightweight Directory Access Protocol) support. LDAP integration with Directory Server enables you to store users and groups in a centralized directory. -
Page 29: Administering And Managing Enterprise Servers
Enterprise Server Architecture Administering and Managing Enterprise Servers You can manage your Enterprise Server(s) via the following user interfaces: • Enterprise Server Administration Server • Server Manager • Class Manager • Virtual Server Manager In previous releases, the Enterprise Enterprise Server and other Netscape servers were administered by a single server, called the Administration Server. -
Page 30: Content Engines
Enterprise Server Architecture • Application Services These server modules are described in the following sections. Content Engines Enterprise Server content engines are designed for manipulating customer data. The following three content engines make up the Web Publishing layer of the Enterprise Server architecture: HTTP (Web Server), Content Management, and Search. -
Page 31: Runtime Environments
Enterprise Server Architecture Netscape Server Application Programming Interface (NSAPI) is used to implement the functions the server calls when processing a request (Server Application Functions) which provide the core and extended functionality of the Enterprise Server. It allows the server’s processing of requests to be divided into small steps which may be arranged in a variety of ways for speed and flexible configuration. -
Page 32: Enterprise Server Configuration
Enterprise Server Configuration Enterprise Server Configuration Enterprise Server is configured to enable you to turn on or off various features, determine how to respond to individual client requests, and write programs that run on and interact with the server’s operation. The instructions (called directives) which identify these options are stored in configuration files. -
Page 33: Enterprise Server Configuration Files
Enterprise Server Configuration Enterprise Server Configuration Files Enterprise Server includes a variety of configuration files that enable you to set various global variables, and to customize how the server responds to specific events and client requests. You can modify the configuration files automatically using the Administrator Server, Server Manager, and Class Manager user interface, or by editing the files directly using a text editor. -
Page 34: Dynamic Reconfiguration
Enterprise Server Configuration mime.types: the MIME (Multi-purpose Internet Mail Extension) type configuration file. This file maps file extensions to MIME types, to enable the server to determine the type of content being requested. For example, requests for resources with . html extensions indicate that the client is requesting an HTML file, while requests for resources with... - Page 35 Enterprise Server Configuration • bin contains the binary files for the server, such as the actual server, the Administration Server forms, and so on. In addition, this directory includes the folder that contains files needed for migrating server settings https/install and default configuration files needed for backward compatibility.
- Page 36 Enterprise Server Configuration contains session database data from SessionData MMapSessionManager is the script that starts the Server Manager on Windows startsvr.bat NT® machines. The Server Manager lets you configure all servers installed in the server root directory. is the script that stops the Server Manager on Windows NT stopsvr.bat machines.
-
Page 37: Unix And Linux Platforms
Enterprise Server Configuration contains the Digest Authentication Plugin for Netscape Directory digest Server, as well as information about the plugin. contains samples and example components, plugins and samples technologies supported by the Enterprise Server servlet engine. This includes binaries, all code, and a build enviroment. contains information about and examples of web-apps servlets applications. -
Page 38: Virtual Server Configuration
Administration Server contains the Administration Server configuration files. config contains the Administration Server log files. logs contains session database data from SessionData MMapSessionManager is the script that restarts the Server Manager. restart is the script that starts the Server Manager. The Server Manager lets start you configure all servers installed in the server root directory. -
Page 39: Server Manager
Server Manager The URL you use to navigate to the Administration Server page depends on the computer host name and the port number you choose for the Administration Server when you install Enterprise Server. For example, if you installed the Administration Server on port 1234, the URL would look like this: http://myserver.example.com:1234 Before you can get to any forms, the Administration Server prompts you to... -
Page 40: Using The Resource Picker
Server Manager You can access the Server Manager for Enterprise Server by performing the following steps: Install and start your Enterprise Server. The Administration Server displays the Servers page. In the Manage Servers area, select the desired server and click Manage. Enterprise Server displays the Server Manager Preferences page. -
Page 41: Wildcards Used In The Resource Picker
Class Manager Figure 1-1 Resource Picker The Resource Picker appears on a number of pages, including the Server Manager’s Log Preferences page and most screens accessible from the Class Manager’s Content Management tab. To use the Resource Picker, choose a resource from the drop-down list for configuration. -
Page 42: Virtual Server Manager
Virtual Server Manager Enterprise Server displays the Class Manager’s Select a Virtual Server page. You can also access the Class Manager by simply clicking the Class Manager link in the upper right-hand corner of the screen. The Class Manager provides the following tabs to manage your Enterprise Server virtual servers: •... -
Page 43: Chapter 2 Administering Enterprise Servers
Chapter 2 Administering Enterprise Servers This chapter describes how to administer Netscape Enterprise Server with the Enterprise Server Administration Server. Using the Administration Server, you can manage servers, add and remove servers, and migrate servers from a previous release. This chapter includes the following sections: •... -
Page 44: Windows Nt Platforms
Accessing the Administration Server Windows NT Platforms The Enterprise Server installation program creates a program group with several icons for Windows NT platforms. The program group includes the following icons: • Release Notes • Start Administration Server • Uninstall Enterprise Server 6.0 •... -
Page 45: Running Multiple Servers
Running Multiple Servers Running Multiple Servers There are two ways you can have multiple web servers running on your system: • Use virtual servers • Install multiple instances of the server Virtual Servers Virtual servers allow you, with a single installed server, to offer companies or individuals domain names, IP addresses, and some server administration capabilities. -
Page 46: Removing A Server
Removing a Server If you installed your server before configuring your system to host multiple IP addresses, configure your system to respond to different IP addresses. Then you can either install hardware virtual servers or change the server’s bind address using the Server Manager and install separate instances of the server for each IP address. -
Page 47: Migrating A Server
Migrating a Server Migrating a Server You can migrate a server from iPlanet™ Web Server 4.x to Enterprise Server 6.0. Your 4.x server is preserved, and a new 6.0 server using the same settings is created. You should stop running the 4.x server before migrating settings. Make sure you have a compatible version of a web browser installed on your computer before migrating settings. - Page 48 Migrating a Server Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 49: Part 2 Using The Administration Server
Part 2 Using the Administration Server Chapter 3, “Setting Administration Preferences” Chapter 4, “Managing Users and Groups” Chapter 5, “Securing Your Enterprise Server” Chapter 6, “Managing Server Clusters”... - Page 50 Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 51: Chapter 3 Setting Administration Preferences
Chapter 3 Setting Administration Preferences You can configure your Administration Server using the pages on the Preferences and Global Settings tabs. Note that you must enable cookies in your browser to run the CGI programs necessary for configuring your server. This chapter includes the following sections: •... -
Page 52: Editing Listen Socket Settings
Editing Listen Socket Settings You can stop the server using one of the following methods: • Access the Administration Server, choose the Preferences tab, select the Shut Down link, and click “Shut down the administration server button!”. For more information, see The Shut Down Page in the online help. •... -
Page 53: Changing The Superuser Settings
Changing the Superuser Settings You do not need to specify a server user if you chose a port number greater than 1024 and are not running as the user (in this case, you do not need to be root logged on as to start the server). -
Page 54: Allowing Multiple Administrators
Allowing Multiple Administrators To change the superuser settings for the Administration Server, perform the following steps: Access the Administration Server and choose the Preferences tab. Click the Superuser Access Control link. Make the desired changes and click OK.. NOTE You can change the Administration Server user from root to another user on the operating system to enable multiple users (belonging to the group) to edit/manage the configuration files. - Page 55 Allowing Multiple Administrators • superuser is the user listed in the file . This is the user name (and server_root /https-admserv/config/admpw password) you specified during installation. This user has full access to all forms in the Administration Server, except the Users & Groups forms, which depend on the superuser having a valid account in an LDAP server such as Directory Server.
-
Page 56: Specifying Log File Options
Specifying Log File Options CAUTION Once you create an access-control list, the distributed administration group is added to that list. If you change the name of the “administrators” group, you must manually edit the access-control list to change the group it references. -
Page 57: The Access Log File
Specifying Log File Options The Access Log File The access log records information about requests to and responses from the server. To view the access log file, perform the following steps: Access the Administration Server and choose the Preferences tab. Click the View Access Log link and click OK. -
Page 58: Using Cron-Based Log Rotation (Unix/Linux)
Configuring Directory Services Once the rotation starts, Enterprise Server creates a new time stamped access log file when there is a request that needs to be logged to the access log file and it occurs after the previously-scheduled “next rotate time.” Using Cron-based Log Rotation (UNIX/Linux) You can configure several features of your Enterprise Server to operate automatically and set to begin at specific times. -
Page 59: Restricting Server Access
Restricting Server Access Restricting Server Access You can control access to the entire server or to parts of the server (that is, directories, files, file types). When the server evaluates an incoming request, it determines access based on a hierarchy of rules called access-control entries (ACEs), and then it uses the matching entries to determine if the request is allowed or denied. - Page 60 Configuring JRE/JDK Paths Regardless of whether you choose to install the JRE or specify a path to the JDK during installation, you can tell the Enterprise Server to switch to using either the JRE or JDK at any time by performing the following steps: Access the Enterprise Server Administration Server.
-
Page 61: Chapter 4 Managing Users And Groups
Chapter 4 Managing Users and Groups This chapter describes how to add, delete, and edit the users and groups who can access your Netscape Enterprise Server. This chapter includes the following sections: • Using LDAP to Manage Users and Groups •... -
Page 62: Understanding Distinguished Names (Dns)
Using LDAP to Manage Users and Groups Understanding Distinguished Names (DNs) Use the Users and Groups tab of the Administration Server to create or modify users, groups, and organizational units. A user is an individual in your LDAP database, such as an employee of your company. A group is two or more users who share a common attribute. -
Page 63: Creating Users
Creating Users current directory to LDIF using the Directory Server’s LDIF export function. This function creates an LDIF-formatted file that represents your directory. Add or edit entries using the ldapmodify command along with the appropriate LDIF update statements. To add entries to the database using LDIF, first define the entries in an LDIF file, then import the LDIF file from Directory Server. -
Page 64: How To Create A New User Entry
Creating Users • Note that the base DN specifies the distinguished name where directory lookups will occur by default, and where all Netscape Web Administration Server’s entries are placed in your directory tree. A “DN” is the string representation for the name of an entry in a Directory Server. •... - Page 65 Creating Users For example, if a user entry for Billie Holiday is created within the organizational unit Marketing, and the directory’s base DN is o=Example Corporation, c=US, then the person’s DN is: cn=Billie Holiday, ou=Marketing, o=Example Corporation, c=US However, note that you can change this format to a uid-based distinguished name.
-
Page 66: Managing Users
Managing Users Managing Users You edit user attributes from the Administration Server Manage Users form. From this form you can find, change, rename, and delete user entries; manage user licenses; and potentially change product-specific information. Some, but not all, Netscape servers add additional forms to this area that allow you to manage product-specific information. -
Page 67: Building Custom Search Queries
Managing Users An email address. Any search string containing an at (@) symbol is assumed to be an email address. If an exact match cannot be found, then a search is performed to find all email addresses that begin with the search string. - Page 68 Managing Users The available search attribute options are described in the following table: Table 4-3 Search Attribute Options Option Name Description full name Search each entry’s full name for a match. last name Search each entry’s last name, or surname for a match.
-
Page 69: Editing User Information
Managing Users Table 4-4 Search Type Options Option Name Description Causes an approximate, or phonetic, search to be performed. Use this sounds like option if you know an attribute’s value, but you are unsure of the spelling. For example, if you are not sure if a user’s name is spelled “Sarret,”... -
Page 70: Managing A User's Password
Managing Users Managing a User’s Password The password you set for user entries is used by the various servers for user authentication. To change or create a user’s password, perform the following steps: Access the Administration Server and choose Users & Groups tab. Display the user entry as described in “Finding User Information,”... -
Page 71: Renaming Users
Managing Users Renaming Users The rename feature changes only the user’s name; all other fields are left intact. In addition, the user’s old name is still preserved so searches against the old name will still find the new entry. When you rename a user entry, you can only change the user’s name; you cannot use the rename feature to move the entry from one organizational unit to another. -
Page 72: Creating Groups
Creating Groups Click Delete User. For more information, see The Manage Users Page in the online help. Creating Groups A group is an object that describes a set of objects in an LDAP database. An Enterprise Server group consists of users who share a common attribute. For instance, the set of objects might be a number of employees who work in the marketing division of your company. -
Page 73: Static Groups
Creating Groups Static Groups The Administration Server enables you to create a static group by specifying the same group attribute in the DNs of any number of users. A static group doesn’t change unless you add a user to it or delete a user from it. Guidelines for Creating Static Groups Consider the following guidelines when using the Administration Server forms to create new static groups:... -
Page 74: How Enterprise Server Implements Dynamic Groups
Creating Groups . If you apply a search filter for department=marketing department=marketing the search returns a group including all DNs containing the attribute . You can then define a dynamic group from the search department=marketing results based on this filter. Subsequently, you can define an ACL for the resulting dynamic group. -
Page 75: Groups Can Be Static And Dynamic
Creating Groups The mapping from an ACL to an LDAP database is defined both in the configuration file (which associates the ACL database names with dbswitch.conf actual LDAP database URLs) and the ACL file (which defines which databases are to be used for which ACL). For example, if you want base access rights on membership in a group named “staff,”... - Page 76 Creating Groups Table 4-5 Dynamic Groups: Required Parameters Parameter Name Description The Distinguished Name (DN) of the search base, or point from <base_dn> which all searches are performed in the LDAP directory. This parameter is often set to the suffix or root of the directory, such as “o=example.com”.
-
Page 77: To Create A Dynamic Group
Managing Groups • When you are finished entering the desired information, click Create Group to add the group and immediately return to the New Group form. Alternatively, click Create and Edit Group to add the group and then proceed to the Edit Group form for the group you have just added. -
Page 78: Finding Group Entries
Managing Groups Finding Group Entries Before you can edit a group entry, first you must find and display the entry. To find a group entry, perform the following steps: Access the Administration Server and choose the Users & Groups tab. Click the Manage Groups link. -
Page 79: Editing Group Attributes
Managing Groups For more information regarding how to build a custom search filter, see “Building Custom Search Queries,” on page 67. Editing Group Attributes To edit a group entry, perform the following steps: Access the Administration Server and choose the Users & Groups tab. Click the Manage Groups link. - Page 80 Managing Groups Enterprise Server displays a new form that enables you to search for entries. If you want to add user entries to the list, make sure Users is shown in the Find pull-down menu. If you want to add group entries to the group, make sure Group is shown.
-
Page 81: Adding Groups To The Group Members List
Managing Groups Adding Groups to the Group Members List You can add groups (instead of individual members) to the group’s members list. Doing so causes any users belonging to the included group to become a member of the receiving group. For example, if Bob Smith is a member of the Engineering Managers group, and you make the Engineering Managers group a member of the Engineering Personnel group, then Bob Smith is also a member of the Engineering Personnel group. -
Page 82: Managing See Alsos
Managing Groups Table 4-6 Additional Information Task You Want to Complete Read Section Remove entries from the owners “Removing Entries from the Group Members List,” list on page 81. Managing See Alsos “See alsos” are references to other directory entries that may be relevant to the current group. -
Page 83: Renaming Groups
Creating Organizational Units Renaming Groups To rename a group, perform the following steps: Access the Administration Server and choose the Users & Groups tab. Click the Manage Groups link and locate the group you want to manage as described in “Finding Group Entries,” on page 78. Click the Rename Group button and type the new group name in the resulting dialog box. -
Page 84: Managing Organizational Units
Managing Organizational Units For example, if you create a new organization called Accounting within the organizational unit West Coast, and your Base DN is o=Example Corporation, US, then the new organization unit’s DN is: ou=Accounting, ou=West Coast, o=Example Corporation, c=US Managing Organizational Units You edit and manage organizational units from the Organizational Unit Edit form. -
Page 85: The "Find All Units Whose" Field
Managing Organizational Units In the Look within field, select the organizational unit under which you want to search for entries. The default is the root point of the directory. In the Format field, choose either On-Screen or Printer. Click Find. All the organizational units matching your search criteria are displayed. -
Page 86: Renaming Organizational Units
Managing Organizational Units Renaming Organizational Units To rename an organizational unit entry, access the Administration Server and perform the following steps: Make sure no other entries exist in the directory under the organizational unit that you want to rename. Locate the organizational unit you want to edit as described in “Finding Organizational Units,”... -
Page 87: Managing A Preferred Language List
Managing a Preferred Language List Managing a Preferred Language List Enterprise Server enables you to display and maintain the list of preferred languages. To manage the preferred language list, perform the following steps: Access the Administration Server and choose the Users & Groups tab. Click the Manage Preferred Language List link. - Page 88 Managing a Preferred Language List Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 89: Chapter 5 Securing Your Enterprise Server
Chapter 5 Securing Your Enterprise Server This chapter describes how to activate the various security features designed to safeguard your data, deny intruders access, and allow access to those you want. Netscape Enterprise Server 6.0 incorporates the security architecture of all Netscape servers: it’s built on industry standards and public protocols for maximum interoperability and consistency. -
Page 90: Requiring Authentication
Requiring Authentication Requiring Authentication Authentication is the process of confirming an identity. In the context of network interactions, authentication is the confident identification of one party by another party. Certificates are one way of supporting authentication. Using Certificates for Authentication A certificate consists of digital data that specifies the name of an individual, company, or other entity, and certifies that the public key, included in the certificate, belongs to that entity. -
Page 91: Virtual Server Certificates
Creating a Trust Database Virtual Server Certificates You can have a different certificate database per virtual server. Each virtual server database can contain multiple certificates. Virtual servers can also have different certificates within each instance. Creating a Trust Database Before requesting a server certificate, you must create a trust database. In Enterprise Server the Administration Server and each server instance can have its own trust database. -
Page 92: Using Password.conf
Creating a Trust Database For the Server Manager, click Apply, and then Restart for changes to take effect. Using password.conf By default, the web server prompts the administrator for the key database password before starting up. If you want to be able to restart an unattended web server, you need to save the password in a file. -
Page 93: Requesting And Installing A Verisign Certificate
Requesting and Installing a VeriSign Certificate If you are using a different PKCS#11 module (for hardware encryption or hardware accelerators), specify the name of the PKCS#11 module, followed with the password. For example: nFast: your_password Stop and restart your server for the new setting to take effect. You will always be prompted to supply a password when starting the web server, even after the file has been created. -
Page 94: Installing A Verisign Certificate
Requesting and Installing Other Server Certificates Click Get Certificate. Follow the VeriSign procedure. Installing a VeriSign Certificate If you request and receive approval for a VeriSign certificate, it should appear in the drop-down list of the Install VeriSign Certificate page in one to three days. To install a VeriSign Certificate, perform the following steps: Access either the Administration Server or the Server Manager and choose the Security tab. -
Page 95: Required Ca Information
Requesting and Installing Other Server Certificates Required CA Information Before you begin the request process, make sure you know what information your CA requires. Whether you are requesting a server certificate from a commercial CA or an internal CA, you need to provide the following information: •... -
Page 96: Requesting Other Server Certificates
Requesting and Installing Other Server Certificates Some commercial CAs offer certificates with greater detail and veracity to organizations or individuals who provide more thorough identification. For example, you might be able to purchase a certificate stating that the CA has not only verified that you are the rightful administrator of the www.example.com computer, but that you are a company that has been in business for three years,... - Page 97 Requesting and Installing Other Server Certificates Enter your identification information. The format of this information varies by CA. For a general description of these fields, alist of Certificate Authorities is available through both Server Administrator, and Server Manager Security Pages under Request a Certificate.
-
Page 98: Installing Other Server Certificates
Requesting and Installing Other Server Certificates Installing Other Server Certificates When you receive your certificate back from the CA, it will be encrypted with your public key so that only you can decrypt it. Only by entering the correct password for your trust database, can you decrypt and install your certificate. - Page 99 Requesting and Installing Other Server Certificates Server Certificate Chain is for a CA’s certificate to include in a certificate chain. Trusted Certificate Authority (CA) is for a certificate of a CA that you want to accept as a trusted CA for client authentication. Select the Cryptographic Module from the drop-down list.
-
Page 100: Migrating Certificates When You Upgrade
Migrating Certificates When You Upgrade The certificate is stored in the server’s certificate database. The filename will be . For example: <alias>-cert7.db cert7.db https- serverid-hostname- Migrating Certificates When You Upgrade If you are upgrading from Enterprise Server 3.x, you will need to migrate your trust and certificate databases. -
Page 101: Using The Built-In Root Certificate Module
Migrating Certificates When You Upgrade Choose: Migrate 3.X Certificates link from the Administration Server Migrate Certificate link from the Server Manager. Enter the 3.6 Server Root. Enter the Alias. Enter the Password. Click OK. For the Server Manager, click Apply, and then Restart for changes to take effect. -
Page 102: Managing Certificates
Managing Certificates Managing Certificates You can view, delete, or edit the trust settings of the various certificates installed on your server. This includes your own certificate and certificates from CAs. To manage certificate lists, perform the following steps: Access either the Administration Server or the Server Manager and choose the Security tab. -
Page 103: Installing And Managing Crls And Ckls
Installing and Managing CRLs and CKLs Installing and Managing CRLs and CKLs Certificate revocation lists (CRLs) and compromised key lists (CKLs) make known any certificates and keys that either client or server users should no longer trust. If data in a certificate changes, for example, a user changes offices or leaves the organization before the certificate expires, the certificate is revoked, and its data appears in a CRL. -
Page 104: Managing Crls And Ckls
Installing and Managing CRLs and CKLs If you selected Compromised Key List, the Add Compromised Key List page will appear listing CKL information. If a CRL or CKL list already exists in the database, a Replace NOTE Certificate Revocation List or Replace Compromised Key List page will appear. -
Page 105: Setting Security Preferences
Setting Security Preferences Setting Security Preferences Once you have a certificate, you can begin securing your server. Several security elements are provided by Enterprise Server. Encryption is the process of transforming information so it is unintelligible to anyone but the intended recipient. Decryption is the process of transforming encrypted information so that it is intelligible again. -
Page 106: Ssl And Tls Protocols
Setting Security Preferences CAUTION Do not select “No Encryption, only MD5 message authentication”. If no other ciphers are available on the client side, the server will default to this setting and no encryption will occur. SSL and TLS Protocols Enterprise Server 6.0 supports the Secure Sockets Layer (SSL) and the Transport Layer Security (TLS) protocols for encrypted communication. -
Page 107: Enabling Security For Connection Groups
Setting Security Preferences Enabling Security for Connection Groups You can secure your server’s connection groups by: • Turning the security on • Selecting a server certificate for a connection group • Selecting ciphers Turning Security On You must turn security on before you can configure the other security settings for your connection group. -
Page 108: Selecting A Server Certificate For A Connection Group
Setting Security Preferences Access either the Administration Server or the Server Manager and choose the Security tab. For the Server Manager you must first select the server instance from the drop-down list. Select the Preferences tab, if not already displayed. Choose the Edit Listen Sockets link. -
Page 109: Selecting Ciphers
Setting Security Preferences Click the Attributes link. The Security Settings of Listen Socket page appears. If you have an external module installed, the Manage Server NOTE Certificates page will appear requiring the external module’s password before you can continue. Select a server certificate from the drop-down CertificateName list for the connection group. - Page 110 Setting Security Preferences Click the Edit Listen Sockets link. The Listen Socket Table page appears. Use the drop-down Action list to select Edit, if not already displayed, for the connection group you are enabling security for. Use the drop-down list to turn Security on for that connection group, if it is off. Click OK.
-
Page 111: Configuring Security Globally
Setting Security Preferences For the Server Manager, click Apply, and then Restart for changes to take effect. When you apply changes after turning on security for a connection NOTE group, the file is automatically modified to show magnus.conf security on, and all virtual servers associated with the connection group are automatically assigned the default security parameters. -
Page 112: Sslsessiontimeout
Setting Security Preferences Enter the values for: SSLSessionTimeout SSLCacheEntires SSL3SessionTimeout Click OK Click Apply, and then Restart for changes to take effect. These SSL Configuration File Directives are described below: SSLSessionTimeout directive controls SSL2 session caching. SSLSessionTimeout Syntax seconds SSLSessionTimeout is the number of seconds until a cached SSL session becomes invalid. -
Page 113: Using External Encryption Modules
Using External Encryption Modules Using External Encryption Modules Enterprise Server 6.0 supports the following methods of using external cryptographic modules such as smart cards or token rings: • PKCS#11 • FIPS-140 You will need to add the PKCS #11 module before activating the FIPS-140 encryption standard. -
Page 114: Using Pk12Util
Using External Encryption Modules LD_LIBRARY_PATH server_root/bin/https/bin You can find the PATH for your machine listed under: server_root/https-admin/start Enter the command: modutil The options will be listed. Perform the actions required. For example, to add the PCKS#11 module in UNIX you would enter: (the name of PCKS#11 file) (your modutil -add... - Page 115 Using External Encryption Modules Enter the command: pk12util The options will be listed. Perform the actions required. For example, in UNIX you would enter: pk12util -o certpk12 -n Server-Cert [-d /server/alias] [-P https-test-host] Enter the database password. Enter password. pkcs12 Importing with pk12util To import a certificate and key into an internal or external PKCS#11 module, perform the following steps:...
-
Page 116: Selecting The Certificate Name For A Connection Group
Using External Encryption Modules Perform the actions required. For example, in UNIX you would enter: pk12util -i pk12_sunspot [-d certdir][-h “nCipher”][-P https-jones.example.com-jones-] -P must follow the -h and be the last argument. Enter the exact token name including capital letters and spaces between quote marks. -
Page 117: Fips-140 Standard
Using External Encryption Modules Click OK. The Attributes link now appears. Click the Attributes link. The Security Settings of Listen Socket page appears. Use the drop-down CertificateName list to select the external server certificate. Click OK For the Server Manager, click Apply, and then Restart for changes to take effect. -
Page 118: Setting Client Security Requirements
Setting Client Security Requirements To enable FIPS-140, perform the following steps: Install the plug-in following the FIPS-140 instructions. Access either the Administration Server or the Server Manager and choose the Preferences tab. For the Server Manager you must first select the server instance from the drop-down list. -
Page 119: Requiring Client Authentication
Setting Client Security Requirements Requiring Client Authentication You can enable the connection groups for your Administration Server and each server instance to require client authentication. When client authentication is enabled, the client’s certificate is required before the server will send a response to a query. -
Page 120: To Require Client Authentication
Setting Client Security Requirements To Require Client Authentication To require client authentication, perform the following steps: Access either the Administration Server or the Server Manager and choose the Preferences tab. For the Server Manager you must first select the server instance from the drop-down list. - Page 121 Setting Client Security Requirements The server tries to match the CA to the list of trusted CAs in the Administration Server. If there isn’t a match, Enterprise Server ends the connection. If there is a match, the server continues processing the request. After verifying the certificate is from a trusted CA, the server maps the certificate to an LDAP entry by: •...
-
Page 122: Using The Certmap.conf File
Setting Client Security Requirements Using the certmap.conf File Certificate mapping determines how a server looks up a user entry in the LDAP directory. You can use to configure how a certificate, designated by certmap.conf name, is mapped to an LDAP entry. You edit this file and add entries to match the organization of your LDAP directory and to list the certificates you want your users to have. - Page 123 Setting Client Security Requirements • is a list of comma-separated attributes used to determine where in the DNComps LDAP directory the server should start searching for entries that match the user’s information (that is, the owner of the client certificate). The server gathers values for these attributes from the client certificate and uses the values to form an LDAP DN, which then determines where the server starts its search in the LDAP directory.
- Page 124 Setting Client Security Requirements Table 5-2 Attributes for x509v3 Certificates Attribute Description Organizational unit UNIX/Linux userid Email address email The attribute names for the filters need to be attribute names from the certificate, not from the LDAP directory. For example, some certificates have attribute for the user’s email address;...
-
Page 125: Creating Custom Properties
Setting Client Security Requirements Creating Custom Properties You can use the client certificate API to create your own properties. For information on programming and using the client certificate API, see the Netscape Enterprise Server NSAPI Programmer’s Guide. Once you have a custom mapping, you reference the mapping as follows: <... - Page 126 Setting Client Security Requirements certmap default default default:DNComps default:FilterComps e, uid certmap usps ou=United States Postal Service, o=usps, c=US usps:DNComps ou,o,c usps:FilterComps e usps:verifycert on When the server gets a certificate from anyone other than the US Postal Service, it uses the default mapping, which starts at the top of the LDAP tree and searches for an entry matching the client’s email and userid.
-
Page 127: Setting Stronger Ciphers
Setting Stronger Ciphers If one or more matching entries are found, the server proceeds to verify the entries. If no matching entries are found, the server will use DNComps FilterComps search for matching entries. In this example, the server would search for uid=Walt in all entries under Whitman... -
Page 128: Considering Additional Security Issues
Considering Additional Security Issues To Set Stronger Ciphers, perform the following steps: Access the Server Manager and select the server instance from the drop-down list. Click the Virtual Server Class tab. Select a class from the drop-down list and click Manage. The Class Manger page appears. -
Page 129: Limit Physical Access
Considering Additional Security Issues So in addition to enabling encryption on your server, you should take extra security precautions. For example, put the server machine into a secure room, and don’t allow individuals you don’t trust to upload programs to your server. The following sections describe the most important things you can do to make your server more secure: •... -
Page 130: Choosing Solid Passwords
Considering Additional Security Issues You should also turn on encryption for the Administration Server. If you don’t use an SSL connection for administration, then you should be cautious when performing remote server administration over an unsecure network. Anyone could intercept your administrative password and reconfigure your servers. Choosing Solid Passwords You use a number of passwords with your server: the administrative password, the private key password, database passwords, and so on. -
Page 131: Changing Passwords Or Pins
Considering Additional Security Issues Changing Passwords or PINs It’s a good practice to change your trust database/key pair file password or PIN periodically. If your Administration Server is SSL enabled, this password is required when starting the server. Changing your password periodically adds an extra level of server protection. -
Page 132: Limiting Other Applications On The Server
Considering Additional Security Issues Limiting Other Applications on the Server Carefully consider all applications that run on the same machine as the server. It’s possible to circumvent your server’s security by exploiting holes in other programs running on your server. Disable all unnecessary programs and services. For example, the UNIX daemon is difficult to configure securely and it can sendmail... -
Page 133: Knowing Your Server's Limits
Considering Additional Security Issues Knowing Your Server’s Limits The server offers secure connections between the server and the client. It can’t control the security of information once the client has it, nor can it control access to the server machine itself and its directories and files. Being aware of these limitations helps you understand what situations to avoid. -
Page 134: Specifying Chroot For A Virtual Server Class
Considering Additional Security Issues Figure 5-1 Example of chroot Directory Structure Specifying chroot for a Virtual Server Class You can specify the directory for a virtual server class by performing the chroot following steps: Access the Server Manager and select the server instance from the drop-down list. - Page 135 Considering Additional Security Issues Access the Server Manager and select the server instance from the drop-down list. Select the Virtual Server Class tab. Click on the link for the virtual server you wish to specify the directory chroot for from the Tree View of the Server. Select the Settings tab.
- Page 136 Considering Additional Security Issues Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 137: Chapter 6 Managing Server Clusters
Chapter 6 Managing Server Clusters This chapter describes the concept of clustering Netscape Enterprise Servers and explains how you can use them to share configurations among servers. This chapter includes the following sections: • About Clusters • Guidelines for Using Server Clusters •... -
Page 138: Guidelines For Using Server Clusters
Guidelines for Using Server Clusters • Share one or more configuration files between servers • Start and stop all servers from one “master” Administration Server • View the access and error logs for the servers you selected By clustering your Enterprise Servers, you’re able to specify a master Administration Server for administering all of your clusters. -
Page 139: Setting Up A Cluster
Setting Up a Cluster • Install all of the servers you want to include in a particular cluster prior to creating any clusters. • Make sure all servers in a cluster must be version 6.0 Enterprise Servers. • Make sure all cluster-specific Administration Servers have the same userid and password as the master administration server. -
Page 140: Adding A Server To A Cluster
Adding a Server to a Cluster Administer a remote server by accessing its Server Manager forms from the cluster form or by copying a configuration file from one server in the cluster to another. NOTE After changing the configuration for a remote server, restart the remote server. -
Page 141: Modifying Server Information
Modifying Server Information Your master Administration Server now attempts to contact the remote server. This can take a few minutes. You will receive a message confirming the server is added to the cluster. Click OK. NOTE If you have two or more servers on different computers that use the same identifier, the server identifier and the hostname for each computer are displayed. -
Page 142: Removing Servers From A Cluster
Removing Servers from a Cluster Removing Servers from a Cluster To remove a server from the cluster, perform the following steps: Go to the master Administration Server and choose the Cluster Mgmt tab. Click the Remove Server link. Select the remote server or servers to modify by: Checking a specific server Clicking Select All Click Reset Selection to undo all selections. -
Page 143: Adding Variables
Adding Variables Clicking Select All to select all of the servers in the cluster Click Reset Selection to undo all selections. Select Start or Stop remote servers from the drop down menu. Select View Access or View Error log records from the drop down menu and enter the number of lines you wish to view. - Page 144 Adding Variables Click OK. The variable must also be added to the server’s configuration file you are transferring to the slave. For example: if port was the variable added. SERVERPORT $Port You can set variables with different values for each slave in the configuration file. Once added, variables can also be edited and deleted using the drop-down Option list in the Add Variables page.
-
Page 145: Part 3 Configuring, Monitoring, And Performance Tuning
Part 3 Configuring, Monitoring, and Performance Tuning Chapter 7, “Configuring Server Preferences” Chapter 8, “Controlling Access to Your Server” Chapter 9, “Using Log Files” Chapter 10, “Monitoring Servers” Chapter 11, “Tuning Your Server for Performance” Chapter 12, “Using Search”... - Page 146 Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 147: Chapter 7 Configuring Server Preferences
Chapter 7 Configuring Server Preferences This chapter describes how to configure server preferences for your Netscape Enterprise Server. This chapter contains the following sections: • Starting and Stopping the Server • Tuning Your Server for Performance • Editing the magnus.conf File •... -
Page 148: Setting The Termination Timeout
Starting and Stopping the Server The status of the server appears in the Server On/Off page. You can start and stop the server using one of the following methods: • Click the Server On or Server Off in the Server On/Off page. •... -
Page 149: Restarting The Server (Unix/Linux)
Starting and Stopping the Server where seconds represents the number of seconds the server will wait before timing out. The advantages to configuring this value is that the server will wait longer for connections to complete. However, because servers often have connections open from nonresponsive clients, increasing the termination timeout may increase the time it takes for the server to shut down. -
Page 150: Restarting With Inittab (Unix/Linux)
Starting and Stopping the Server Using a text editor, open the start file, which is located in server_root/https-server_id. Locate the line in the script and insert the following: -start password echo " "| where password is the SSL password you have chosen. For example, if the SSL password is , the edited line might look like netscape... -
Page 151: Stopping The Server Manually (Unix/Linux)
Starting and Stopping the Server You can use the optional parameter at the end of the line. option runs The -i the server in mode, so that if the server process is ever killed or crashed, inittab will restart the server for you. This option also prevents the server from inittab putting itself in a background process. -
Page 152: Using The Automatic Restart Utility (Windows Nt)
Starting and Stopping the Server By default, the web server prompts the administrator for the key database password before starting up. If you want to be able to restart an unattended web server, you need to save the password in a file. -
Page 153: Tuning Your Server For Performance
Tuning Your Server for Performance Turning Off the Debugging Dialog Box (Windows NT) If you’ve installed an application (such as a compiler) that has modified the system debugging settings and the server crashes, you might see a system-generated application error dialog box. The server will not restart until you click OK. To turn off the debugging dialog box that appears if the server crashes, perform the following steps: Start the Registry Editor. -
Page 154: Editing The Magnus.conf File
Editing the magnus.conf File Editing the magnus.conf File When the Enterprise Server starts up, it looks in a file called in the magnus.conf server_root/server_id directory to establish a set of global variable settings /config that affect the server’s behavior and configuration. Enterprise Server executes all the directives defined in . -
Page 155: Choosing Mime Types
Choosing MIME Types Choosing MIME Types The Mime Types page allows you to edit your server’s MIME files. MIME (Multi-purpose Internet Mail Extension) types control what types of multimedia files your mail system supports. MIME types also specify what file extensions belong to certain server file types, for example to designate what files are CGI programs. -
Page 156: Restoring Configuration Settings
Restoring Configuration Settings NOTE You must turn on distributed administration before you can restrict server access. To restrict access to your Enterprise Servers, perform the following steps: Access the Server Manager and choose the Preferences tab. Click the Restrict Access link. For more information, see Chapter 8, “Controlling Access to Your Server”... -
Page 157: Adding And Using Thread Pools
Adding and Using Thread Pools Adding and Using Thread Pools You can use thread pools to allocate a certain number of threads to a specific service. Another use for thread pools is for running thread-unsafe plugins. By defining a pool with the maximum number of threads set to 1, only one request is allowed into the specified service function. -
Page 158: Using Thread Pools
Adding and Using Thread Pools You can also edit the thread pool settings in vsclass. , where vsclass is the obj.conf virtual server class name. A thread pool appears in vsclass. as follows: obj.conf Init fn="thread-pool-init" name=name_of_the_pool MaxThreads=n MinThreads=n QueueSize=n StackSize=n Use the following parameters to change the pool: MinThreads MaxThreads... -
Page 159: Chapter 8 Controlling Access To Your Server
Chapter 8 Controlling Access to Your Server This chapter discusses the various methods you can use to control access to the Administration Server and to the files or directories on your web site. For example, for the Administration Server, you can specify who has full control of all the servers installed on a machine and who has partial control of one or more servers. -
Page 160: Setting Access Control For User-Group
What Is Access Control? • Which programs they can access • Who can access the files or directories on your web site You can control access to the entire server or to parts of the server, or the files or directories on your web site. -
Page 161: Default Authentication
What Is Access Control? All of these methods require a directory server. User-Group authentication requires users to authenticate themselves before getting access to the Administration Server, or the files and directories on your web site. With authentication users verify their identity by entering a username and password, using a client certificate, or digest authentication plug-in. -
Page 162: Ssl Authentication
What Is Access Control? The following dialog appears when users authenticate themselves to the server: Figure 8-1 Example of Username and Password Prompt After clicking OK, the user will see: • The Server Administration page, if authenticated to access Enterprise Application Server •... -
Page 163: Digest Authentication
What Is Access Control? Requiring client authentication for controlling access to specific resources differs from requiring client authentication for all connections to the server. If you set the server to require client authentication for all connections, the client only needs to present a valid certificate issued by a trusted CA. - Page 164 What Is Access Control? In order for this to work, your directory server needs access to the user’s password in cleartext. Later versions of Directory Server include a reversible password plug-in using a symmetric encryption algorithm to store data in an encrypted form, that can later be decrypted to its original form.
- Page 165 What Is Access Control? Checks existence of user in LDAP directory. If not found, generates 401 response, and process stops. Gets request-digest value from directory server and checks for match to client’s request-digest. If not, generates 401 response, and process stops. Constructs Authorization-Info header and inserts into server headers.
-
Page 166: Other Authentication
What Is Access Control? Paste them into either: \Winnt\system32 Directory Server install directory: [server_root]\bin\sldap\server Setting the Directory Server to Use the DES Algorithm The DES algorithm is needed to encrypt the attribute where the digest password is stored. To set the Directory Server to use the DES algorithm, perform the following steps: Launch the Directory Server Console. -
Page 167: Using Access Control Files
What Is Access Control? Since more than one person may use a particular computer, Host-IP authentication is more effective when combined with User-Group authentication. If both methods of authentication are used, a username and password will be required for access. Host-IP authentication does not require DNS to be configured on your server. -
Page 168: Configuring The Acl User Cache
How Access Control Works Configuring the ACL User Cache By default, the Enterprise Server caches user and group authentication results in the ACL user cache. You can control the amount of time that ACL user cache is valid by using the directive in the file. - Page 169 How Access Control Works version 3.0; # The following "es-internal" rules protect files such # as icons and images related to Enterprise Server. # These "es-internal" rules should not be modified. acl "es-internal"; allow (read, list, execute,info) user = "anyone"; deny (write, delete) user = "anyone";...
- Page 170 How Access Control Works # in the username and password dialog box in the client’s # browser. "path=/export/user/990628.1/docs/my_stuff/web/presentation.html" authenticate (user,group) { database = "default"; method = "basic"; prompt = "Presentation Owner"; deny (all) (user = "anyone" or group = "my_group"); allow (all) (user = "SpecificMemberOfGroupB") and (ip = "208.12.54.76");...
-
Page 171: Setting Access Control
Setting Access Control Setting Access Control This section describes the process of restricting access to the files or directories on your web site. You can set global access control rules for all servers, and also individually for specific servers. For instance, a human resources department might create ACLs allowing all authenticated users to view their own payroll data, but restrict access to updating data to only human resource personnel responsible for payroll. - Page 172 Setting Access Control Figure 8-2 Access Control Rules Page. The Administration Server has two lines of default access control rules which cannot be edited. Check Access control is on, if not already selected. To create or edit the global ACL, click on Deny in the Action column. The Allow /Deny page is displayed in the lower frame: Figure 8-3 Allow /Deny Page...
- Page 173 Setting Access Control The User/Group page appears in the lower frame: Figure 8-4 User/Group Page Select which users and groups you will allow access to and click Update. Clicking List for Group and User will provide lists for you to choose from. Click on anyplace in the From Host column.
- Page 174 Setting Access Control Figure 8-5 Programs Select the Program Groups or enter the specific file name in the Program Items field you will allow access to, and click Update. (Optional) Click the x under the Extra column to add a customized ACL expression.
-
Page 175: Setting Access Control For A Server Instance
Setting Access Control Setting Access Control for a Server Instance You can create, edit, or delete access control for a specific server instance using the Server Manager. If deleting, you should not delete all the ACL rules from the ACL NOTE files. - Page 176 Setting Access Control The Access Control List Management Page offering three options appears: Figure 8-6 Access Control List Management Page Select one of the following: Pick a resource to specify a wildcard pattern for files or directories (such as ), choose a directory or a filename to restrict, or browse for a file or *.html directory.
- Page 177 Setting Access Control Table 8-2 describes the resource wildcards you can use. Table 8-2 Server Resource Wildcards Resource wildcard What it means default A named ACL created during installation that restricts write access so only users in the LDAP directory can publish documents.
- Page 178 Setting Access Control To create or edit the ACL for this server instance, click on Deny in the Action column. The Allow /Deny page is displayed in the lower frame: Figure 8-8 Allow /Deny Page Select Allow, if it isn’t already selected as the default, and click Update. Click on anyone in the Users/Groups column.
- Page 179 Setting Access Control Select which users and groups you will allow access to and click Update. Clicking List for Group and User will provide lists for you to choose from. Click on anyplace in the From Host column. Enter Host Names and IP Addresses allowed access and click Update. Click on all in the Rights column.
-
Page 180: Selecting Access Control Options
Selecting Access Control Options Click Submit to store the new access control rules in the ACL file. NOTE Clicking Revert will remove all of the settings you’ve just created. Repeat all steps above for each server instance you wish to establish access control for. - Page 181 Selecting Access Control Options Enterprise Server checks lists of users and groups stored in an LDAP server, such as Directory Server. You can allow or deny access to everyone in the database, you can allow or deny specific people by using wildcard patterns, or you can select who to allow or deny from lists of users and groups.
-
Page 182: Specifying The From Host
Selecting Access Control Options Basic uses the HTTP method to get authentication information from the client. The username and password are only encrypted if encryption is turned on for the server. SSL uses the client certificate to authenticate the user. To use this method, SSL must be turned on for the server. -
Page 183: Restricting Access To Programs
Selecting Access Control Options You can only use the wildcard notation for wildcard patterns that match the computers’ host names or IP addresses. For example, to allow or deny all computers in a specific domain, you would enter a wildcard pattern that matches all hosts from that domain, such as . -
Page 184: Setting Access Rights
Selecting Access Control Options The Program Groups listed reflect the tabs of the Administration Server, for example, Preferences and Global Settings, and represent access to those pages. When an administrator accesses the Administration Server, the server uses their username, host, and IP to determine what pages they can view. •... -
Page 185: Writing Customized Expressions
Selecting Access Control Options Execute allows users to execute server-side applications, such as CGI programs, Java applets, and agents Delete allows users who also have write privileges to delete files or directories. List allows users to access lists of the files in directories that don’t contain file. -
Page 186: Responding When Access Is Denied
Limiting Access to Areas of Your Server From the Administration Server, you could create and turn on access control for a specific server instance and leave it off (which is the default) for other servers. For example, you could deny all access to the Server Manager pages from the Administration Server. -
Page 187: Restricting Access To The Entire Server
Limiting Access to Areas of Your Server The following procedures are described in this section: • Restricting Access to the Entire Server • Restricting Access to a Directory (Path) • Restricting Access to a URI (Path) • Restricting Access to a File Type •... -
Page 188: Restricting Access To A Directory (Path)
Limiting Access to Areas of Your Server Restricting Access to a Directory (Path) You can allow users in a group to read or run applications in directories, and its subdirectories and files, that are controlled by an owner of the group. For example, a project manager might update status information for a project team to review. -
Page 189: Restricting Access To A Uri (Path)
Limiting Access to Areas of Your Server Restricting Access to a URI (Path) You can use a URI to control access to a single user’s content on the web server. URIs are paths and files relative to the server’s document root directory. Using URIs is an easy way to manage your server’s content if you frequently rename or move all or part of it (for example, for disk space). -
Page 190: Restricting Access Based On Time Of Day
Limiting Access to Areas of Your Server Click Wildcard in the Pick a resource section and enter a wildcard pattern. For example, *.cgi. Click Edit Access Control. Create a new rule to allow read access to all users. Create another rule that allows write and delete access only to a specified group. -
Page 191: Restricting Access Based On Security
Limiting Access to Areas of Your Server Enter the days of the week and the times of day to be allowed. Example: user = "anyone" and dayofweek = "sat,sun" or (timeofday >= 1800 and timeofday <= 600) The message “Unrecognized expressions” will be displayed in the Users/Groups and From Host fields when you create a custom expression. -
Page 192: Working With Dynamic Access Control Files
Working with Dynamic Access Control Files Enter ssl="on" Example: user = "anyone" and ssl="on" Submit and Apply your changes. Any errors in the custom expression will generate an error message. Make corrections and submit again. Working with Dynamic Access Control Files Server content is seldom managed entirely by one person. -
Page 193: Enabling .Htaccess From The User Interface
Working with Dynamic Access Control Files You can use files in combination with the server’s standard access .htaccess control. The standard access controls are always applied before any .htaccess access control, regardless of the ordering of directives. Do not require PathCheck user authentication with both standard and access control when... -
Page 194: Enabling .Htaccess From Magnus.conf
Working with Dynamic Access Control Files Enabling .htaccess from magnus.conf To manually enable your sever to use the , you need to first modify the .htaccess server’s file to load, initialize, and activate the plug-in. magnus.conf Open n the file. magnus.conf i server_root /https- server_name /config After the other... -
Page 195: Converting Existing .Nsconfig Files To .Htaccess Files
Working with Dynamic Access Control Files PathCheck fn="htaccess-find" </Object> processing should be the last directive in the object. .htaccess PathCheck To activate file processing for particular server directories, .htaccess place the directive in the corresponding definition in PathCheck magnus.conf To name your files something other than , you must .htaccess... -
Page 196: Using Htaccess-Register
Working with Dynamic Access Control Files To convert your files, at the command prompt, enter the path to Perl on your system, the path to the plug-in script, and the path to your file. For server.xml example: server_root \install\perl server_root/plugins/htaccess/htconvert server_root /https-server_name/config/server.xml files are converted to... -
Page 197: Example Of An .Htaccess File
Working with Dynamic Access Control Files Example of an .htaccess File The following example shows an file: .htaccess <Limit> GET POST order deny,allow deny from all allow from all </Limit> <Limit> PUT DELETE order deny,allow deny from all </Limit> AuthName mxyzptlk.kawaii.com AuthUserFile /server_root/mxyz-docs/service.pwd AuthGroupFile /server_root/mxyz-docs/service.grp Supported .htaccess Directives... -
Page 198: Deny
Working with Dynamic Access Control Files deny Syntax Deny from host where: • host is all, to deny access from all client hosts • host is all or the last part of a DNS host name • host is a full or partial IP address Does not need to be enclosed in a range but usually is. -
Page 199: Authname
Working with Dynamic Access Control Files Effect Specifies that the named user file is to be used for any user names referenced in a require user or require valid-user directive. Note that the use of in the groups-with-users=yes Init fn=htaccess-init directive in , or specifying an directive with the same... -
Page 200: Limitexcept
Working with Dynamic Access Control Files Effect Applies the enclosed directives only for requests using the specified HTTP methods. <LimitExcept> Syntax <LimitExcept method method ...> allow, deny, order, or require directives </LimitExcept> where method is an HTTP method such as GET, POST, or PUT. Any method that the web server understands can be used here. -
Page 201: Require
Controlling Access for Virtual Servers require Syntax • requires group groupname groupname • requires user username username • requires valid-user Does not need to be enclosed within a range, but <Limit> <LimitExcept> usually is. Effect • requires group requires the authenticated user to be a member of one of the specified groups. -
Page 202: Accessing Databases From Virtual Servers
Controlling Access for Virtual Servers This configuration allows multiple virtual servers to share the same ACL file. If you want to require user-group authentication for a virtual server, you must add one or more USERDB tags to its definition. These USERDB tags create a connection between the database names in your ACL file and the actual databases found in dbswitch.conf The following example maps the ACLs with no ‘database’... -
Page 203: Specifying Ldap Databases In The User Interface
Controlling Access for Virtual Servers Specifying LDAP Databases in the User Interface After you have defined one or more user authentication databases in , you can use the Class Manager to configure which databases each dbswitch.conf of your virtual servers will use for authentication. You can also use the Class Manger to add a newly created database definition from for the dbswitch.conf... - Page 204 Controlling Access for Virtual Servers Click on the virtual server class link where you wish to specify the LDAP database listed under Tree View of the Server. Select the Virtual Servers tab, if not already displayed. Click the ACL Settings link. Choose Edit or Delete from the drop-down list in the Option field for each virtual server you wish to change.
-
Page 205: Chapter 9 Using Log Files
Chapter 9 Using Log Files You can monitor your server’s activity using several different methods. This chapter discusses how to monitor your server by recording and viewing log files. For information on using the built-performance monitoring services, quality of service features, or SNMP, see Chapter 10, “Monitoring Servers.” This chapter contains the following sections: •... -
Page 206: Viewing An Access Log File
Viewing an Access Log File NOTE Due to limitations in the operating system, Enterprise Server cannot work with log files larger than 2GB on Linux. As soon as the maximum file size is reached, logging will cease. Viewing an Access Log File You can view the server’s active and archived access log files. -
Page 207: Viewing The Error Log File
Viewing the Error Log File Table 9-1 The fields in the last line of the sample access log file Access Log Field Example Hostname or IP address of arrow.example.com. (In this case, the hostname is shown client because the web server’s setting for DNS lookups is enabled;... -
Page 208: Archiving Log Files
Archiving Log Files To view a server instance’s error log file, from the Server Manager, choose the Logs tab, and choose the View Error Log page. To view an error log for an individual virtual server, from the Class Manager, select a virtual server to manage from the highlighted Manage Virtual Servers page, then click the link under the heading Error Log on the Virtual Server Manager page. -
Page 209: Internal-Daemon Log Rotation
Archiving Log Files Internal-daemon Log Rotation This type of log rotation happens within the HTTP daemon and can only be configured at startup time. Internal daemon log rotation allows the server to rotate logs internally without requiring a server restart. Logs rotated using this method are saved in the following format: access.<4 digit year><2 digit month><2 digit day><4 digit 24-hour time>... -
Page 210: Setting Log Preferences
Setting Log Preferences Once the rotation starts, Enterprise Server creates a new time stamped log file when there is a request or error that needs to be logged to the access or error log file and it occurs after the prior-scheduled “next rotate time.” NOTE You should archive the server logs before running the log analyzer. -
Page 211: Easy Cookie Logging
Setting Log Preferences Click the Vsid check box. Alternatively to this, you can click the Custom Format: radio button and add the string ‘%vsid%. NOTE When adding the custom format string ‘%vsid%, you must use a new access log file. For information on the LogVsId directive in , see the section “Error magnus.conf... -
Page 212: Running The Log Analyzer
Running the Log Analyzer Running the Log Analyzer directory contains the log analysis tool that server-root /extras/log_anly runs through the Server Manager user interface. This log analyzer analyzes files in common log format only. The HTML document in the directory that log_anly explains the tool’s parameters. - Page 213 Running the Log Analyzer The following describes the syntax. flexanlg -h.): -P: proxy log format Default: no -n servername: The name of the server -x : Output in HTML Default: no -r : Resolve IP addresses to hostnames Default: no -p [c,t,l]: Output order (counts, time stats, lists) Default: ctl -i filename: Input log file(s)
-
Page 214: Viewing Events (Windows Nt)
Viewing Events (Windows NT) Viewing Events (Windows NT) In addition to logging errors to the server error log (see “Viewing the Error Log File” on page 207), Enterprise Server logs severe system errors to the Event Viewer. The Event Viewer lets you monitor events on your system. Use the Event Viewer to see errors resulting from fundamental configuration problems, which can occur before the error log can be opened. -
Page 215: Chapter 10 Monitoring Servers
Chapter 10 Monitoring Servers This chapter contains information on ways to monitor your server, including the built-in monitoring tool, the quality of service features, and Simple Network Management Protocol (SNMP). You can use SNMP together with Netscape management information bases (MIB) and network management software such as HP OpenView to monitor your servers in real-time just as you monitor other devices in your network. -
Page 216: Monitoring The Server Using Statistics
Monitoring the Server Using Statistics • Enabling the Subagent • Understanding SNMP Messages Monitoring the Server Using Statistics You can use the statistics feature to monitor your server’s current activity. The statistics show you how many requests your server is handling and how well it is handling these requests. -
Page 217: Using Statistics
Using Quality of Service Click Apply to apply your changes. You do not need to restart the server. For more information on enabling statistics, see the online help. Using Statistics Once you’ve enabled statistics, you can get a variety of information on how your server instance and your virtual servers are running. -
Page 218: Quality Of Service Example
Using Quality of Service You can enable these settings for the entire server or for a class of virtual servers in the Server Manager from the Monitor tab. However, you can override these server or class-level settings for an individual virtual server. For more information on setting quality of service limits for an individual server, see “Configuring Virtual Server Quality of Service Settings,”... -
Page 219: Setting Up Quality Of Service
Using Quality of Service At 1 second, the bandwidth is calculated for the 10th time (1000 milliseconds/ 100 milliseconds). The total traffic is 5000 bytes, which is divided by 30 seconds. The bandwidth is 5000/30 = 166 bytes per second. At 30 seconds, the bandwidth is calculated for the 300th time. - Page 220 Using Quality of Service If your site has a lot of large file transfers, use a large value (several minutes or more) or this field. A large file transfer might take up all the allowed bandwidth for a short metric interval, and result in connections being denied if you’ve enforced the maximum bandwidth setting.
-
Page 221: Required Changes To Obj.conf
Using Quality of Service Required Changes to obj.conf To enable quality of service, you must include directives in your obj.conf invoke two Server Application Functions (SAFs): an AuthTrans qos-handler an Error qos-error AuthTrans directive must be the first configured in qos-handler AuthTrans the default object in order to work properly. - Page 222 Using Quality of Service If chunked encoding is enabled in either or both directions, the chunking layer removes the chunk headers and they are not counted in the traffic. Other headers or protocol items are counted. • The quality of service features cannot accurately measure traffic from calls.
-
Page 223: Snmp Basics
SNMP Basics • The concurrent connections are computed with a different granularity for virtual servers than for virtual server classes and the global server instance. The connection counter for an individual virtual server is incremented atomically immediately after the request is parsed and routed to the virtual server. -
Page 224: The Enterprise Server Mib
The Enterprise Server MIB NOTE After making any SNMP configuration changes, you must click the Apply button, then restart SNMP subagent. The master agent exchanges information between the various subagents and the NMS. The master agent is installed with the Administration Server. You can have multiple subagents installed on a host computer, but only one master agent. - Page 225 The Enterprise Server MIB The Enterprise Server 6.0 MIB has an object identifier of and is located in the http 60 (nes60 OBJECT IDENTIFIER ::= {http 60 }) server_root directory. /plugins/snmp You can see administrative information about your web server and monitor the server in real time using the Enterprise Server MIB.
- Page 226 The Enterprise Server MIB Table 10-1 nes.mib managed objects and descriptions (Continued) Managed object Description nesInstanceCount2xx Number of 200-level (Successful) responses issued by the server instance. nesInstanceCount3xx Number of 300-level (Redirection) responses issued by the server instance. nesInstanceCount4xx Number of 400-level (Client Error) responses issued by the server instance.
- Page 227 The Enterprise Server MIB Table 10-1 nes.mib managed objects and descriptions (Continued) Managed object Description nesVsCount2xx Number of 200-level (Successful) responses issued by the virtual server. nesVsCount3xx Number of 300-level (Redirection) responses issued by the virtual server. nesVsCount4xx Number of 400-level (Client Error) responses issued by the virtual server.
- Page 228 The Enterprise Server MIB Table 10-1 nes.mib managed objects and descriptions (Continued) Managed object Description nesProcessConnectionQueueMax Maximum number of connections allowed in connection queue. nesProcessConnectionQueueTotal Number of connections that have been accepted. nesProcessConnectionQueueOverflows Number of connections rejected due to connection queue overflow. nesProcessKeepaliveCount Number of connections currently in keepalive queue.
-
Page 229: Setting Up Snmp
Setting Up SNMP Setting Up SNMP In general, to use SNMP you must have a master agent and at least one subagent installed and running on a your system. You need to install the master agent before you can enable a subagent. The procedures for setting up SNMP are different depending upon your system. -
Page 230: Using A Proxy Snmp Agent (Unix/Linux)
Using a Proxy SNMP Agent (UNIX/Linux) Table 10-2 Overview of procedures for enabling SNMP master agents and subagents If your server meets these conditions..follow these procedures. These are discussed in detail in the following sections. • Native agent is currently running 1. -
Page 231: Installing The Proxy Snmp Agent
Using a Proxy SNMP Agent (UNIX/Linux) Installing the Proxy SNMP Agent If an SNMP agent is running on your system and you want to continue using the native SNMP daemon, follow the steps in these sections: Install the SNMP master agent. See “Installing the SNMP Master Agent” on page 233. -
Page 232: Starting The Proxy Snmp Agent
Reconfiguring the SNMP Native Agent Here is an example of a file: CONFIG AGENT AT PORT 1161 WITH COMMUNITY public SUBTREES 1.3.6.1.2.1.1, 1.3.6.1.2.1.2, 1.3.6.1.2.1.3, 1.3.6.1.2.1.4, 1.3.6.1.2.1.5, 1.3.6.1.2.1.6, 1.3.6.1.2.1.7, 1.3.6.1.2.1.8 FORWARD ALL TRAPS; Starting the Proxy SNMP Agent To start the proxy SNMP agent, at the command prompt, enter: # sagt -c CONFIG&... -
Page 233: Installing The Snmp Master Agent
Installing the SNMP Master Agent AIX uses several configuration files to screen its communications. One of them, , needs to be changed so that the SNMP daemon accepts the incoming snmpd.conf messages from the SMUX subagent. For more information, see the online manual page for . -
Page 234: Enabling And Starting The Snmp Master Agent
Enabling and Starting the SNMP Master Agent In the Server Manager, the SNMP Master Agent Community page from the choose Global Settings tab. The Community Strings page appears. Type the community string for the master agent. Choose an operation for the community. Click OK. -
Page 235: Manually Configuring The Snmp Master Agent
Enabling and Starting the SNMP Master Agent server_root ./start -shell / /plugins/snmp/magt/magt server_root /plugins/snmp/magt/CONFIG server_root /plugins/snmp/magt/INIT The master agent will then start on the desired port. However, the user interface will be able to detect that the master agent is running. Manually Configuring the SNMP Master Agent To configure the master SNMP agent manually: Log in as superuser. -
Page 236: Defining Syscontact And Syslocation Variables
Enabling and Starting the SNMP Master Agent Defining sysContact and sysLocation Variables You can edit the file to add initial values for CONFIG sysContact sysLocation which specify the MIB-II variables. The strings for sysContact sysLocation in this example are enclosed in quotes. Any string sysContact sysLocation that contains spaces, line breaks, tabs, and so on must be in quotes. -
Page 237: Starting The Snmp Master Agent
Enabling and Starting the SNMP Master Agent Enter the name of the person responsible for the server and the person’s contact information in the Contact field. Select On to Enable the SNMP Statistics Collection. Click OK. Click Apply. Starting the SNMP Master Agent Once you have installed the SNMP master agent, you can start it manually or by using the Administration Server. -
Page 238: Starting The Snmp Master Agent Using The Administration Server
Configuring the SNMP Master Agent Starting the SNMP Master Agent Using the Administration Server To start the SNMP master agent using the Administration Server, perform the following steps: Log in to the Administration Server. In the Server Manager, choose the SNMP Master Agent Control page from the Global Settings tab. -
Page 239: Enabling The Subagent
Enabling the Subagent destination for the SNMP master agent from Enterprise Server. You can also view, edit, and remove the trap destinations you have already configured. When you configure trap destinations using Enterprise Server, you are actually editing the file. CONFIG Enabling the Subagent After you have installed the master agent that comes with the Administration... - Page 240 Understanding SNMP Messages NMS-initiated Communication. The NMS either requests information from the server or changes the value of a variable store in the server’s MIB. For example: The NMS sends a message to the Administration Server master agent. The message might be a request for data (a GET message) or an instruction to set a variable in the MIB (a SET message).
-
Page 241: Chapter 11 Tuning Your Server For Performance
Chapter 11 Tuning Your Server for Performance For information on tuning your server for performance, please see the Netscape Enterprise Server Performance Tuning, Sizing, and Scaling Guide. - Page 242 Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 243: Chapter 12 Using Search
Chapter 12 Using Search The Netscape Enterprise Server search function allows you to search the contents and attributes of documents on the server. As the server administrator, you can create a customized text search interface tailored to your user community. The Search function is not available on Linux platforms. -
Page 244: Configuring Text Search
Configuring Text Search Users can search through server documents for a specific word or attribute value, obtaining a set of search results that list all documents that match the query. They can then select a document from the list to browse it in its entirety. This provides easy access to server content. -
Page 245: Controlling Search Access
Configuring Text Search • Turn the search function off and on • Restrict the amount of memory available for indexing operations This section includes the following topics: • Controlling Search Access • Mapping URLs • Eliminating Words from Search • Turning Search On or Off •... - Page 246 Configuring Text Search For example, if the path for a file is: server_root /Docs/marketing/bizplans/planB.doc you could prevent users from seeing all but the last directory by defining a URL prefix of and mapping it to: plans server_root /Docs/marketing/bizplans From then on, users need only enter to locate the file.
-
Page 247: Eliminating Words From Search
Configuring Text Search For example: C:/Netscape/Servers/docs/marketing/plans Click OK. Click Apply. Edit one of the current additional directories listed by selecting one of the following: Edit Remove If editing, select edit next to the listed directory you wish to change. Enter a new prefix using ASCII format. (Optional) Select a style in the Apply Style drop-down list if you want to apply a style to the directory: For more information about styles, seeChapter 17, “Applying Configuration... -
Page 248: Turning Search On Or Off
Configuring Text Search Add the stop words to , one per line and left justified. You can use style.stp operators such as square brackets ([ ]) to indicate character classes, periods (.) to indicate any character, and plus notation (+) to indicate repeats. For example, the file style.stp might contain the following lines:... -
Page 249: Configuring The Search Parameters
Configuring Text Search Configuring the Search Parameters As server administrator, you can set the default parameters that govern what users see when they get search results. To configure search parameters, perform the following steps: Access the Server Manager and choose Search. Click the Search Configuration link. -
Page 250: Configuring Your Search Pattern Files
Configuring Text Search Table 12-1 Common Posix Date and Time Formats Format Displayed result (example) Abbreviated week day (for example, Wed) Full week day (for example, Wednesday) Abbreviated month (for example, Oct) Full month (for example, October) Date and time formatted for current locale Day of the month as a decimal number (for example, 01-31) Hour as a decimal number, 24 hour military format (for example, 00-23) Month as a decimal number (for example, 01-12) -
Page 251: Configuring Files Manually
Configuring Text Search To configure pattern files, perform the following steps: Access the Server Manager and choose Search. Click the Search Pattern Files link. The Enterprise Server displays the Search Pattern Files page. Enter the absolute path for the directory where your pattern files are stored. The default start (header), end (footer), and query page pattern files are located in this directory. -
Page 252: The Configuration Files
Configuring Text Search The Configuration Files The configuration files that govern searching are described in the following list: • —This user definitions file defines the user-defined pattern userdefs.ini variables. It maps to the file for your language (English, userdefs.ini German, Japanese, and so on). You can customize a search interface for all your pattern files by creating and defining your own pattern variables in the file. -
Page 253: Indexing Your Documents
Indexing Your Documents An indexing operation typically requires approximately 1.5MB per file, and since there are two files, one of which is temporary, you may need as much as 3MB of disk space for indexing. Setting the file size to 1.5MB per file puts a cap on how large each file can become. -
Page 254: About Collection Attributes
Indexing Your Documents • Searchable attributes • Number of documents in the collection • Collection’s status • Brief description of the collection. For more details, see “Displaying Collection Contents” on page 271. When creating a collection, you must define the type of files that it contains: •... - Page 255 Indexing Your Documents Table 12-2 The Default Attributes Indexed for Each File Format (Continued) NEWS text The source userID of the news item. From text The text from the subject field of the news item. Subject text Any keywords defined for the news item Keywords date The date the news item was created.
-
Page 256: Creating A New Collection
Indexing Your Documents For example, a document could have these lines of HTML code: <META NAME="Writer" CONTENT="R. Hunter"> <META NAME="Song" CONTENT="Stella Blue"> If this document was indexed with its META tags extracted, you could search it for specific values in the writer or product fields. For example, you could enter this query: Writer <contains>... - Page 257 Indexing Your Documents NOTE You need to have at least 3MB of available disk space on your system to create a collection. For information on how you can restrict the size of the index files, see “Restricting Your Index File Size”...
- Page 258 Indexing Your Documents The collection name is used for collection maintenance. This is the physical file name for the file, so follow the standard directory-naming conventions for your operating system. You can use up to a maximum of 128 characters. Spaces are converted to underscores.
-
Page 259: Configuring A Collection
Indexing Your Documents NOTE Once you begin indexing a collection, you cannot stop the process until either the indexing is complete, or you reboot the system. Shutting down your server does not kill the process. Click Apply. Choose Apply Changes to hard start /restart your server. Configuring a Collection After you have created a collection you can modify some of its initial settings. -
Page 260: Updating A Collection
Indexing Your Documents A user-defined name in the Label field. A URL in the URL for Documents field, if that has changed. For example, you might change the URL mapping from publisher/help to the simpler /helpFiles The HTML tagging the server will use when highlighting a search query word or phrase in a displayed document in the Highlight Begin and Highlight End fields. -
Page 261: Maintaining A Collection
Indexing Your Documents To update a collection, perform the following steps: Access the Server Manager and select the server instance from the drop-down list that the collection is in. Choose the Search tab. Click the Update Collection link. The Enterprise Server displays the Update Collection page. Choose the collection to update. -
Page 262: Scheduling Regular Maintenance
Indexing Your Documents You can perform the following collection management tasks: • Optimize collections—You can optimize a collection to improve performance if you frequently add, delete, or update documents or directories in your collections. An analogy is defragmenting your hard drive. Optimizing is not done automatically;... - Page 263 Indexing Your Documents To optimize, reindex, or update your collection, perform the following steps: Choose Search from the Server Manager. Click the Schedule Collection Maintenance link. The Enterprise Server displays the Schedule Collection Maintenance window. Choose a collection from the drop-down list. This lists all the collections that you have created.
-
Page 264: Removing Scheduled Collection Maintenance
Performing a Search: The Basics Removing Scheduled Collection Maintenance You can remove scheduled regular maintenance of a collection if no longer needed. To unschedule collection maintenance, perform the following steps: Choose Search from the Server Manager. Click the Remove Scheduled Collection Maintenance link. The Enterprise Server displays the Remove Scheduled Collection Maintenance window. -
Page 265: Search Home Page
Performing a Search: The Basics • displaying search results—the server displays a list of the documents that match your criteria • viewing a document—the user can view a specific highlighted document from the search results list • viewing the contents of a collection—the user can look at the information that is maintained for each of your collections. -
Page 266: Guided Search
Performing a Search: The Basics With the advanced HTML page, you have the additional options of selecting multiple collections to search through, establishing a sort sequence for the results, and defining how many documents are to be displayed on a page. Typically, clicking the Prev and Next arrows moves you through the pages of results. - Page 267 Performing a Search: The Basics To access the guided search interface through the Search home page, perform the following steps: Enter the following URL in the location field in your web browser: server_root:port search http:// Click the Guided Search link on the home page. To access guided search through the standard search query page, perform the following steps: Go to the standard search query page by typing the following URL in the...
-
Page 268: Advanced Search
Performing a Search: The Basics Clear to remove the entire query Click the Search button to execute the search. Advanced Search You can choose to use the advanced HTML search interface, which helps you construct the query. This is especially useful if you want to create a query that searches through more than one collection, or that produces results sorted by a specific attribute value. -
Page 269: The Search Results
Performing a Search: The Basics Expand or limit the number of matching documents you want the search to return depending on how many fields are listed for each document in the search results page, or how many you want to see at a time. The Prev and Next buttons allow you access to additional pages of documents if there are too many to fit on a page at once. -
Page 270: Sorting The Results
Performing a Search: The Basics The file format in the collection indicates which default attributes are available for searching. For information about the attributes for each format, see “About Collection Attributes” on page 254. For entries resulting from a search that checks for comparative proximity of words to each other, or for the exactness of the match, the file’s ranking can be provided by showing a score. -
Page 271: Displaying Collection Contents
Using the Query Operators To view a highlighted document, click on the document’s entry in the search results. The field you use to access the highlighted document depends on how your search interface has been designed; in the default installation you click the icon shown next to the document’s listing. -
Page 272: Default Assumptions
Using the Query Operators NOTE The query language is not case-sensitive. The examples use uppercase for clarity only. The search engine interprets the search query based on a set of syntax rules. For example, by entering the word region, the actual word region and all its stemmed variations, such as regions and regional, are found. -
Page 273: Search Rules
Using the Query Operators • <PHRASE> Search considers words separated by spaces to be part of a phrase. For example, Monterey otter is interpreted as a phrase, and both words must be present and together to be found. Such a search would not find documents containing sea otter or Monterey Bay. -
Page 274: Using Query Operators As Search Words
Using the Query Operators Using Query Operators as Search Words You can use any of the query operators as a search word, but you must enclose the word in quotation marks. For example, you could search for documents about the ebb and flow of the tides with the following query: <CONTAINS>... - Page 275 Using the Query Operators Table 12-3 Deciding which operator to use Type of Search Valid Operators Examples Finding words or phrases in • <STARTS> Title <STARTS> Help specific document fields or in • <CONTAINS> Finds documents with titles that specific locations in the field. start with Help.
- Page 276 Using the Query Operators Table 12-4 Query language operators (Continued) Operator Description Examples equals (=) • Finds documents in which a Created = 6-30-96 document field matches a specific Finds documents created on June 30, 1996. date or numeric value greater than (>) •...
- Page 277 Using the Query Operators Table 12-4 Query language operators (Continued) Operator Description Examples • Finds documents in which two or <NEAR/N> stock <NEAR/1> purchase more specified words are within N • Finds documents containing the number of words from each other. N phrases stock purchase and purchase can be an integer up to 1000.
-
Page 278: Using Wildcards
Using the Query Operators Table 12-4 Query language operators (Continued) Operator Description Examples • Finds documents in which part or all <SUBSTRING> <SUBSTRING> employ of a string in a document field Finds documents that can match on all or matches the character string you part of employ, so it can succeed with ploy. -
Page 279: Non-Alphanumeric Characters
Customizing the Search Interface Table 12-5 Wildcard Operators Character Description • Specifies 0 or more alphanumeric characters. For example, air* finds documents that contain air, airline, and airhead. • Cannot use this wildcard as the first character in an expression. •... -
Page 280: Dynamically Generated Headers And Footers
Customizing the Search Interface NOTE The search home page, at http://server_root:port/search also provides an introduction to the search interface, as well as an online QuickStart tutorial on customizing the interface. The tutorial discusses the various pattern files, and gives examples of how they can be changed to produce different results. - Page 281 Customizing the Search Interface There are pattern files for different kinds of collections: email, news, ASCII, PDF, and HTML. There are several general types of pattern files, each of which has a particular use. A file prefix designates which type of file the pattern file is for, for example, , or .
-
Page 282: Search Function Syntax
Customizing the Search Interface <td align=right><b>$$queryLabel</b></td> <td align=left> <input name="NS-query" size=40 value="$$NS-display-query"></td> Each line contains standard HTML tags, and one or more variables with the . Examining each line more closely requires looking at the $$NS- prefix configuration files mentioned in “Configuring Files Manually” on page 251. •... -
Page 283: Url Encodings
Customizing the Search Interface You can create a complete search function as an HREF element within a pattern file. The example given is from the , which defines HTML-descriptions.pat file how collection information is displayed. The following lines produce a heading for each collection with the label (“Collection:”), and provide a link to the actual collection file through the collection’s label ( ) defined in the... -
Page 284: Required Search Arguments
Customizing the Search Interface Table 12-6 Common URL Encodings Character Description Code Space Semicolon Slash Question mark Colon At sign Equal sign & Ampersand Required Search Arguments Although you can customize almost every aspect of query and result pages, there are some arguments required for search functions to display the different types of search pages. -
Page 285: Using Pattern Variables
Customizing the Search Interface Search functions that display the collection contents require only this argument: • , in upper- or lowercase) NS-search-page=contents Using Pattern Variables Using pattern variables you can customize the search text interface. This eliminates the need to update the actual HTML pages as user requirements change. For example, if the interface has graphics or text elements that change periodically, you can define a pattern variable pointing to a pathname where that graphic or text is maintained and stored. - Page 286 Customizing the Search Interface Each line begins with a variable name, and is followed by a definition for that variable. Many are labels for screen elements, some are paths to other files, and some have more complex contents. For example, the following lines are from the query section of that file.
-
Page 287: Configuration File Variables
Customizing the Search Interface Search macros are described further in “Macros and Generated Pattern Variables” on page 290. You can use any supported HTML character entity in your variable definitions. You can use entity names that are defined in the &name; format as well as those defined with the three-digit code in the &#nnn;... - Page 288 Customizing the Search Interface NS-max-records = 20 NS-query-pat = /text/NS-query.pat NS-ms-tocstart = /text/HTML-tocstart.pat NS-ms-tocend = /text/HTML-tocend.pat NS-default-html-title = (Untitled) NS-HTML-descriptions-pat = /text/HTML-descriptions.pat NS-date-time = %b-%d-%y %H:%M Although installations may vary depending on how each server is configured, the most commonly found variables are listed in the following table: Commonly found variables Table 12-8 Variable...
- Page 289 Customizing the Search Interface Collection-specific variables are defined in the file. Among the dblist.ini variables defined there are: NS-doc-root = C:/netscape/servers/docs NS-url-base = / NS-display-select = YES The variables in your file may differ according to the type of dblist.ini collections you are using.
-
Page 290: Macros And Generated Pattern Variables
Customizing the Search Interface Macros and Generated Pattern Variables There are some search macros that you can use in your pattern files or decorated URLs. The search function itself generates some pattern variables you can use in subsequent search requests to define how output is to be displayed. These macros and variables have a prefix of to indicate their use. - Page 291 Customizing the Search Interface Table 12-10 Macros and generated pattern variables (Continued) Variable Description The size of the document rounded to the nearest K $$NS-doc-size obtain this value, you must set NS-use-system-stat By default it is set to NO, since system statistics are expensive.
- Page 292 Customizing the Search Interface Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 293: Part 4 Managing Virtual Servers And Services
Part 4 Managing Virtual Servers and Services Chapter 13, “Using Virtual Servers” Chapter 14, “Creating and Configuring Virtual Servers” Chapter 15, “Extending Your Server With Programs” Chapter 16, “Content Management” Chapter 17, “Applying Configuration Styles”... - Page 294 Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 295: Chapter 13 Using Virtual Servers
Chapter 13 Using Virtual Servers This chapter explains how to set up and administer virtual servers using your Netscape Enterprise Server. This chapter contains the following sections: • Virtual Servers Overview • Using Enterprise Server Features with Virtual Servers • Using the Virtual Server User Interface •... -
Page 296: Multiple Server Instances
Virtual Servers Overview To set up virtual servers, you need to set up the following: • Virtual Server Classes • Listen Sockets • Connection Groups • Virtual Servers The settings for virtual servers are stored in the file, found in the server.xml server_root/server_ID/ directory. -
Page 297: Virtual Server Classes
Virtual Servers Overview Virtual Server Classes Virtual servers are grouped into classes. Using classes you can configure similar virtual servers at the same time, so you don’t have to configure each one separately. Though all virtual servers in a class share the same basic configuration information, you can also set variables and change configuration per virtual server. -
Page 298: Virtual Servers In A Class
Virtual Servers Overview Virtual Servers in a Class A virtual server that belongs to a class is called a member of that class. Some virtual server settings are configured for all virtual servers in a class, and some are configured individually. These settings are configured on the Class Manager’s Virtual Servers tab. -
Page 299: Connection Groups
Virtual Servers Overview In addition, you specify the number of acceptor threads (sometimes called accept threads) in the listen socket. Accept threads are threads that wait for connections. The threads accept connections and put them in a queue where they are then picked up by worker threads. -
Page 300: Types Of Virtual Servers
Virtual Servers Overview This section includes the following topics: • Types of Virtual Servers • IP-Address-Based Virtual Servers • URL-Host-Based Virtual Servers • Default Virtual Server Types of Virtual Servers In previous versions of Enterprise Server, there were two kinds of virtual servers: hardware and software. -
Page 301: Url-Host-Based Virtual Servers
Virtual Servers Overview URL-Host-Based Virtual Servers You can set up URL-host-based virtual servers by giving them unique URL hosts. The contents of the Host request header directs the server to the correct virtual server. For example, if you want to set up virtual servers for customers a, b, and c) so that each customer can have an individual domain name, you first configure DNS to recognize that each customer’s URL, , resolves... -
Page 302: Virtual Server Selection For Request Processing
Virtual Servers Overview The default virtual server is set by connection group. You specify a default virtual server when you create a listen socket. That becomes the default virtual server of the connection group created by default for the listen socket. You can always change the default virtual server. -
Page 303: Document Root
Virtual Servers Overview Document Root The primary document directory or document root is the central directory that contains all the virtual server’s files to make available to remote clients. The document root directory provides an easy way to restrict access to the files on a virtual server. -
Page 304: Migrating Virtual Servers From A Previous Release
Using Enterprise Server Features with Virtual Servers Migrating Virtual Servers from a Previous Release If you used virtual servers in a previous version of Enterprise Server, you may be able to migrate them to the current release using the migration tools. For more information, see the Netscape Enterprise Server Installation and Migration Guide. -
Page 305: Using Access Control With Virtual Servers
Using Enterprise Server Features with Virtual Servers One way to implement SSL with virtual servers is to have two listen sockets, one using SSL and listening to port 443, and one that is not using SSL. A user would typically access the virtual server through the non-SSL listen socket. When the need to have secure transactions arises, users could click a button on the web page to start initiating secure transactions. -
Page 306: Using The Virtual Server User Interface
Using the Virtual Server User Interface Using the Virtual Server User Interface To create and edit virtual servers, you can use the user interface or a command line utility. The user interface for administering virtual servers has three parts: • The Server Manager contains settings that affect the server as a whole (or all virtual servers). -
Page 307: Using Variables
Using the Virtual Server User Interface Click Manage Virtual Servers. Choose a virtual server and click Manage. You can also click the virtual server name in the tree view of the server. You can use a command line utility, , to perform the same virtual HttpServerAdmin server tasks as you can perform using the user interface. -
Page 308: Setting Up Virtual Servers
Setting Up Virtual Servers On Windows NT, the dynamic reconfiguration script is a batch file called ’ located in each instance’s directory. There are no command line reconfig.bat arguments. You can run the reconfiguration script by simply typing ’ ’ or reconfig ’... -
Page 309: Creating A Connection Group
Setting Up Virtual Servers Fill in the fields. Listen sockets must have a unique combination of port number and IP address. You can use either IPV4 or IPV6 addresses. If you want to create a listen socket for IP-address-based virtual servers, the IP address must be 0.0.0.0, ANY, any or INADDR_ANY, meaning it listens on all IP addresses on that port. -
Page 310: Creating A Virtual Server Class
Setting Up Virtual Servers Creating a Virtual Server Class To create a virtual server class, follow these steps: From the Server Manager, click the Virtual Server Class tab. Click Add Class. Name the class. Insert a document root for the class. The directory must already exist. -
Page 311: Specifying Services Associated With A Virtual Server Class
Allowing Users to Monitor Individual Virtual Servers Click OK. The class is changed or deleted. Specifying Services Associated with a Virtual Server Class Some of the characteristics that differentiate one class of virtual servers from another are the services that are enabled for that class of virtual servers. For example, one class of virtual servers might have CGIs enabled while another doesn’t. - Page 312 Allowing Users to Monitor Individual Virtual Servers For security reasons, this administration user interface is on a separate port from either the administration server port or the Enterprise Server instance port. This user interface runs on a virtual server within the Administration Server. This virtual server is set up by default and is called useradmin.
- Page 313 Allowing Users to Monitor Individual Virtual Servers Create a new listen socket that runs a port separate from the port that the Administration Server uses. For example, if your Administration Server runs on port 8888, this new listen socket must have a different port number. Using a different listen socket helps safeguard your Administration Server.
-
Page 314: Access Control
Allowing Users to Monitor Individual Virtual Servers Code Example 13-2 Updated useradmin <VSCLASS id="userclass" objectfile="userclass.obj.conf" rootobject="default" > <VS id="useradmin" connections="group2" state="on" mime="mime1" urlhosts="user-app" aclids="acl1"> <VARS webapps_file="user-apps.xml" webapps_enable="on"/> <USERDB id="default" database="default" /> </VS> </VSCLASS In this example, the connection group is set to , the group created group2 previously, and the state is set to... -
Page 315: Deploying Virtual Servers
Deploying Virtual Servers Deploying Virtual Servers Enterprise Server’s virtual server architecture is very flexible. A server instance can have any number of listen sockets, both secure and non-secure. You can associate any number of virtual servers with these sockets through connection groups. You can have both IP-address-based and URL-host-based virtual servers. - Page 316 Deploying Virtual Servers Figure 13-2 Default configuration In this configuration, connections to the following reach the server and are served by virtual server VS1 • (initiated on http://127.0.0.1/ example.com • (initiated on http://localhost/ example.com • http://example.com/ • http://10.0.0.1/ Use this configuration for traditional Enterprise Server use. You do not need to add additional virtual servers or listen sockets.
-
Page 317: Example 2: Secure Server
Deploying Virtual Servers Example 2: Secure Server If you want to use SSL in the default configuration, you can simply change the listen socket to secure mode. This is a similar to the way you set security in previous versions of the Enterprise Server. You can also add a new secure listen socket configured to ANY:443 and associate VS1 to the new listen socket’s default connection group. -
Page 318: Example 3: Intranet Hosting
Deploying Virtual Servers Example 3: Intranet Hosting A more complex configuration of the Enterprise Server is one in which the server hosts a few virtual servers for an intranet deployment. For example, you have three internal sites where employees can look up other users’ phone numbers, look at maps of the campus, and track the status of their requests to the Information Services department. - Page 319 Deploying Virtual Servers While URL-host-based virtual servers are easy to set up, they have the following disadvantages: • Supporting SSL in this configuration requires non-standard setup using wildcard certificates. For more information see Chapter 5, “Securing Your Enterprise Server.” • URL-host-based virtual servers don’t work with legacy HTTP clients Figure 13-5 Intranet hosting using IP-addressed-based virtual servers...
- Page 320 Deploying Virtual Servers The disadvantages are: • They require configuration changes on the host computer (configuration of real or virtual network interfaces) • They don’t scale to configurations with thousands of virtual servers Both configurations require setting up name-to-address mappings for the three names.
-
Page 321: Example 4: Mass Hosting
Deploying Virtual Servers Compared to the original configuration for IP-address-based virtual servers with one listen socket on ANY:80, the configuration with multiple listen sockets may give you a minimal performance gain because the server does not have to find out the address the request came in on. - Page 322 Deploying Virtual Servers Figure 13-7 Mass Hosting Notice that the virtual server installed when you installed the server, VS1, still exists in defaultclass Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 323: Chapter 14 Creating And Configuring Virtual Servers
Chapter 14 Creating and Configuring Virtual Servers A class of virtual servers has virtual servers (members of the class) associated with it. You can override some of the class-level settings at the virtual server level. This chapter describes how you can create and configure individual virtual servers. For information on configuring virtual server classes, see Chapter 16, “Content Management.”... -
Page 324: Editing Virtual Server Settings
Editing Virtual Server Settings Choose a name for the virtual server. Choose a connection group for the virtual server. Choose a URL host for the virtual server. You can type more than one URL host, separated by spaces. Click OK. These settings are all that is required for creating a virtual server. -
Page 325: Generating Reports For A Virtual Server
Editing Using the Virtual Server Manager • ACL file • MIME types file • CGI settings If you are editing a single virtual server, it’s convenient to use the Virtual Server Manager and change all these settings on one page. The Logs tab contains a single page allowing you to generate reports for the selected virtual server. - Page 326 Editing Using the Virtual Server Manager Set the value of to On using the drop-down list. LogVSid You can also manually set to On by adding in the LogVSid LogVSid on file. magnus.conf Click OK. Click Apply. Click Apply Changes for your changes to take effect. Go to the Logs tab in the Server Manager for the server instance and select Log Preferences.
-
Page 327: Editing Using The Class Manager
Editing Using the Class Manager Select the Logs tab. The Generate Reports page appears. This page will not appear unless a virtual server has been created and LogVSid is On, as described above. (Optional) change the settings if desired. Click OK to generate the report. Editing Using the Class Manager Use the following Class Manager pages to edit virtual server settings. -
Page 328: Configuring Virtual Server Mime Settings
Editing Using the Class Manager Type the URL Hosts you want to use, if different than displayed under Urlhosts column. You can type more than one URL host, separated by spaces. When you are through editing virtual servers click OK. Configuring Virtual Server MIME Settings You can set the MIME types file for an individual virtual server. -
Page 329: Configuring Virtual Server Quality Of Service Settings
Editing Using the Class Manager For more information on security, see Chapter 5, “Securing Your Enterprise Server.” Configuring Virtual Server Quality of Service Settings Quality of service refers to the performance limits you set for a virtual server. For example, an ISP might want to charge different amounts of money for virtual servers depending on how much bandwidth allowed them. -
Page 330: Configuring Virtual Server Log Settings
Editing Using the Class Manager Choose whether or not to enforce the maximum connections setting. If you choose to enforce the maximum connections, once the server reaches its limit additional connections are refused. If you do not enforce the maximum connections, when the maximum is exceeded the server logs a message to the error log. -
Page 331: Configuring Virtual Server Java Web Application Settings
Deleting a Virtual Server Configuring Virtual Server Java Web Application Settings A web application is a collection of Java servlets, JSPs, HTML pages, classes and other resources. All the resources are stored in a directory, and all requests to that directory run the application. - Page 332 Deleting a Virtual Server Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 333: Chapter 15 Extending Your Server With Programs
Chapter 15 Extending Your Server With Programs This chapter discusses how to install programs on the Netscape Enterprise Server that dynamically generate HTML pages in response to requests from clients. These programs are known as server-side applications. (Client-side applications, which are downloaded to the client, run on the client machine.) This chapter includes the following sections: •... -
Page 334: Types Of Server-Side Applications That Run On The Server
Java Servlets and JavaServer Pages (JSP) Types of Server-Side Applications That Run on the Server The Enterprise Server can run the following types of server-side applications to dynamically generate content: • Java servlets • CGI programs The Enterprise Server can also run programs that extend or modify the behavior of the server itself. -
Page 335: Overview Of Servlets And Javaserver Pages
Java Servlets and JavaServer Pages (JSP) • What the Server Needs to Run Servlets and JSPs • Working with Web Applications • Deploying Web Applications Using wdeploy • Deploying and Editing Web Applications with the User Interface • Deploying Servlets and JSPs Not in Web Applications •... -
Page 336: What The Server Needs To Run Servlets And Jsps
Java Servlets and JavaServer Pages (JSP) For information about developing servlets and JSPs for use with Enterprise Server, see the Netscape Enterprise Server Programmer’s Guide to Servlets. What the Server Needs to Run Servlets and JSPs To enable servlets, select the Java tab in the Server manager, then select the Enable/Disable Servlets/JSP tab. -
Page 337: Working With Web Applications
Java Servlets and JavaServer Pages (JSP) • You can specify it after the server is installed. To specify the path to the JDK, switch to the Enterprise Application Server, select the Global Settings tab, and use the Configure JRE/JDK Paths page, as described in “Configuring JRE/JDK Paths,”... - Page 338 Java Servlets and JavaServer Pages (JSP) You can use the utility at the command line to deploy a WAR file into a wdeploy virtual server web application environment: wdeploy deploy -u uri_path -i instance -v vs_id [-d directory] war_file -n You can also delete a virtual server web application: wdeploy delete -u uri_path -i instance -v vs_id hard|soft -n You can also list the web application URIs and directories for a virtual server:...
- Page 339 Java Servlets and JavaServer Pages (JSP) For example: wdeploy deploy -u /hello -i server.example.com -v netscape.com -d /nes60/https-server.example.com/netscape.com/web-apps/hello /nes60/plugins/servlets/examples/web-apps/HelloWorld/HelloWorld.war This utility results in the following entry: web-apps.xml <vs> <web-app uri="/hello" dir="/nes60/https-server.example.com/netscape.com/webapps/hello"/> </vs> /nes60/https-server.example.com/netscape.com/web-apps/hello directory has the following contents: colors index.jsp META-INF WEB-INF/ web.xml...
-
Page 340: Deploying And Editing Web Applications With The User Interface
Java Servlets and JavaServer Pages (JSP) Accessing Deployed Web Applications After you have deployed an application, you can access it from a browser as follows: http://vs_urlhost[:vs_port]/uri_path/[index_page] The parts of the URL have the following meanings: vs_urlhost One of the urlhosts values for the virtual server. vs_port (optional) Only needed if the virtual server uses a non-default port. - Page 341 Java Servlets and JavaServer Pages (JSP) Enter the path on the local or server machine to the file containing the web application in the field provided. On server machines enter the absolute path to the WAR file. On local machines you can browse the available paths. Clicking browse will bring up the File Upload window, allowing you to select the WAR file to upload to your server.
-
Page 342: Deploying Servlets And Jsps Not In Web Applications
Java Servlets and JavaServer Pages (JSP) Click OK. Click Apply. Select Dynamic Reconfiguration for your web application to be deployed. Deploying Servlets and JSPs Not in Web Applications You can deploy 4.x servlets and JSPs outside of web applications, but only in the default virtual server. -
Page 343: Installing Cgi Programs
Installing CGI Programs The server uses two directories to cache information for JavaServer Pages (JSP) and servlets: • ClassCache The server uses the following directory to cache information for JavaServer Pages (JSP): server_root server_id virtual_server_id webapp_uri /https- /ClassCache/ When the server serves a JSP page, it creates a and a file .java... -
Page 344: Overview Of Cgi
Installing CGI Programs In addition, the following sections discuss how to install Windows NT-specific CGI programs: • Installing Windows NT CGI Programs • Installing Shell CGI Programs for Windows NT Overview of CGI Common Gateway Interface (CGI) programs can be defined with any number of programming languages. - Page 345 Installing CGI Programs Regardless of the programming language, all CGI programs accept and return data in the same manner. For information about writing CGI programs, see the following sources of information: • Netscape Enterprise Server Programmer’s Guide • The Common Gateway Interface at: http://hoohoo.ncsa.uiuc.edu/cgi/overview.html There are two ways to store CGI programs on your server machine: •...
-
Page 346: Specifying A Cgi Directory
Installing CGI Programs Specifying a CGI Directory To specify a CGI-only directory for a class of virtual servers, perform the following steps: From the Class Manager, choose the Programs tab. The CGI Directory window appears. In the URL Prefix field, type the URL prefix to use for this directory. That is, the text you type appears as the directory for the CGI programs in URLs. -
Page 347: Specifying Cgi As A File Type
Installing CGI Programs In the CGI Directory text field, type the directory to chdir to after chroot but before execution begins. (Unix only) In the CGI Nice text field, type an increment that determines the CGI program’s priority relative to the server. Typically, the server is run with a nice value of 0 and the nice increment would be between 0 (the CGI program runs at same priority as server) and 19 (the CGI program runs at much lower priority than server). -
Page 348: Installing Windows Nt Cgi Programs
Installing Windows NT CGI Programs Another possible solution is to remove as a file extension from the .exe type and add it instead to the magnus-internal/cgi application/octet-stream type (the MIME type for normal downloadable files). You can do this through the Server Manager, by choosing the Server Preferences tab and clicking the MIME Types link. -
Page 349: Specifying A Windows Nt Cgi Directory
Installing Windows NT CGI Programs HTTPS Keysize: when HTTPS is on, this value reports the number of bits in the session key used for encryption. HTTPS Secret Keysize: when HTTPS is on, this value reports the number of bits used to generate the server’s private key. •... -
Page 350: Specifying Windows Nt Cgi As A File Type
Installing Windows NT CGI Programs CGI parameters are passed from the server to Windows NT CGI programs through files, which the server normally deletes after the Windows NT CGI program finishes execution. If you enable script tracing, these files are retained in a directory or wherever the environment variables TMP and TEMP /temp... -
Page 351: Installing Shell Cgi Programs For Windows Nt
Installing Shell CGI Programs for Windows NT File Suffix: Enter the file suffixes that you want the server to associate with Windows NT CGI. If you activated CGI, WinCGI, and shell CGI file types, you must specify a different suffix for each type of CGI. For example, you can’t use the suffix for both a CGI program and a shell CGI program. -
Page 352: Specifying A Shell Cgi Directory (Windows Nt)
Installing Shell CGI Programs for Windows NT NOTE For information on setting Windows NT file extensions, see your Windows NT documentation. Specifying a Shell CGI Directory (Windows NT) To create a directory for your shell CGI files, perform the following steps: Create the shell directory on your computer. -
Page 353: Specifying Shell Cgi As A File Type (Windows Nt)
Installing Shell CGI Programs for Windows NT Specifying Shell CGI as a File Type (Windows You can use the Enterprise Server’s MIME Types window to associate a file extension with the shell CGI feature. This is different from creating an association in Windows NT. -
Page 354: Using The Query Handler
Using the Query Handler Using the Query Handler Enterprise Server NOTE The use of Query Handlers is outdated. Although Netscape Navigator clients still support it, it is rarely used. It is much more common for people to use forms in their HTML pages to submit queries. You can specify a default query handler CGI program. -
Page 355: Chapter 16 Content Management
Chapter 16 Content Management This chapter describes how you can configure and manage content for classes of virtual servers and virtual servers. This chapter contains the following sections: • Setting the Primary Document Directory • Setting Additional Document Directories • Customizing User Public Information Directories (Unix/Linux) •... -
Page 356: Setting The Primary Document Directory
Setting the Primary Document Directory Setting the Primary Document Directory The primary document directory (also called the document root) is the central directory where you store all the files you want to make available to remote clients. When you add a class, you specify a document directory with an absolute path. If you do not use a variable as part of that path, the document root for every virtual server in the class will default to the same directory. -
Page 357: Setting Additional Document Directories
Setting Additional Document Directories Setting Additional Document Directories Most of the time, the documents for a virtual or server instance are in the primary document directory. Sometimes, though, you may want to serve documents from a directory outside of the document root. You can do this by setting additional document directories. -
Page 358: Customizing User Public Information Directories (Unix/Linux)
Customizing User Public Information Directories (Unix/Linux) Customizing User Public Information Directories (Unix/Linux) Sometimes users want to maintain their own web pages. You can configure public information directories that let all the users on a server create home pages and other documents without your intervention. You can only set these up for the entire class. -
Page 359: Restricting Content Publication
Customizing User Public Information Directories (Unix/Linux) Choose whether to load the password database at startup. For more information, see “Loading the Entire Password File on Startup,” on page 359. Choose whether to apply a configuration style. Click OK. For more information, see the online help for the User Document Directories page. Another way to give users separate directories is to create a URL mapping to a central directory that all of your users can modify. -
Page 360: Using Configuration Styles
Enabling Remote File Manipulation Using Configuration Styles You can apply a configuration style for the server to control access to directories from public information directories. This prevents users from creating symbolic links to information you do not want made public. For more information on configuration files, see Chapter 17, “Applying Configuration Styles.”... -
Page 361: Setting The Document Preferences
Configuring Document Preferences • Selecting Directory Indexing • Specifying a Server Home Page • Specifying a Default MIME Type • Parsing the Accept Language Header These settings are all configured for the class, not individual virtual servers. Setting the Document Preferences To set the document preferences, follow these steps: From the Class Manager, click the Content Management tab. -
Page 362: Specifying A Server Home Page
Configuring Document Preferences The server indexes directories by searching the directory for an index file called , which is a file you create and maintain as an overview index.html home.html of the directory’s contents. For more information, see the previous section, “Entering an Index Filename”... -
Page 363: Parsing The Accept Language Header
Configuring URL Forwarding Parsing the Accept Language Header When clients contact a server using HTTP 1.1, they can send header information describing the languages they accept. You can configure your server to parse this language information. For example, if you store documents in Japanese and English, you could choose to parse the accept language header. -
Page 364: Customizing Error Responses
Customizing Error Responses To configure URL forwarding, follow these steps: From the Class Manager, click the Content Management tab. Click URL Forwarding. Type the URL prefix you want to redirect, and whether you want to redirect it to another prefix or to a static URL. Click OK. -
Page 365: Changing The Character Set
Changing the Character Set Changing the Character Set The character set of a document is determined in part by the language it is written in. You can override a client’s default character set setting for a document, a set of documents, or a directory by selecting a resource and entering a character set for that resource. -
Page 366: Setting The Document Footer
Setting the Document Footer To change the character set, follow these steps: From the Class Manager, click the Content Management tab. Click International Characters. Choose Entire Server from the resource picker to apply your change to the whole class, or navigate to the document root for a specific virtual server, or to a specific directory or within a specific virtual server. -
Page 367: Using Htaccess
Using htaccess Type any text you want to have appear in the footer. The maximum number of characters for a document footer is 765. If you want to include the date the document was last modified, type the string :LASTMOD:. For more information see the online help for the Document Footer page. -
Page 368: Setting Up Server-Parsed Html
Setting up Server-Parsed HTML Choose Entire Server from the resource picker to apply your change to the whole class, or navigate to the document root for a specific virtual server, or to a specific directory or within a specific virtual server. Choose whether to enable soft and/or hard links and the directory to start from. -
Page 369: Setting Cache Control Directives
Setting Cache Control Directives For more information on setting your server to accept parsed HTML, see the online help for the Parse HTML page. For more information on using server-parsed HTML, see theNetscape Enterprise Server Programmer’s Guide. Setting Cache Control Directives Cache-control directives are a way for Enterprise Server to control what information is cached by a proxy server. -
Page 370: Using Stronger Ciphers
Using Stronger Ciphers Using Stronger Ciphers For information on setting stronger ciphers, see “Setting Stronger Ciphers,” on page 127. Netscape Enterprise Server Administrator’s Guide • November 2001... -
Page 371: Chapter 17 Applying Configuration Styles
Chapter 17 Applying Configuration Styles Configuration styles are an easy way to apply a set of options to specific files or directories that your various virtual servers maintain. For example, you can create a configuration style that sets up access logging. When you apply that configuration style to the files and directories that you want to log, you don’t have to individually configure access logging for all the files and directories in your virtual server. - Page 372 Creating a Configuration Style From the drop-down list, choose a configuration style to edit and click Edit this Style. From the list of links available, click the category you want to configure for your style. You can configure the information listed in Table 17-1. Fill out the form that appears, and click OK.
-
Page 373: Assigning A Configuration Style
Assigning a Configuration Style Table 17-1 Configuration Style Categories (Continued) Category Description Remote file Enables you to allow clients to upload files, delete files, create manipulation directories, remove directories, list the contents of a directory, and rename files on your server. Require Stronger Allows you to enforce stronger security requirements. -
Page 374: Listing Configuration Style Assignments
Listing Configuration Style Assignments Listing Configuration Style Assignments After you have created configuration styles and applied them to files or directories, you can get a list of the configuration styles and where you applied them. To list the configuration style assignments, perform the following steps: Access the Class Manager. -
Page 375: Removing A Configuration Style
Removing a Configuration Style When you choose a style to edit, your Resource Picker lists configuration styles instead of other resources. After you have finished editing a style, click OK and Save and Apply. The Resource Picker exits the styles mode. You can also choose to exit the styles mode by choosing Exit styles mode from the Resource Picker. - Page 376 Removing a Configuration Style Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 377: Part 5
Part 5 Appendixes Appendix A, “Command Line Utilities” Appendix B, “HyperText Transfer Protocol” Appendix C, “ACL File Syntax” Appendix D, “Internationalized Enterprise Server” Appendix E, “Server Extensions for Microsoft FrontPage”... - Page 378 Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 379: Appendix A Command Line Utilities
Appendix A Command Line Utilities This appendix provides instructions for using command line utilities in place of the user interface screens. This appendix contains the following sections: • Formatting LDIF Entries • HttpServerAdmin (Virtual Server Administration) Formatting LDIF Entries LDIF consists of one or more directory entries separated by a blank line. Each LDIF entry consists of an optional entry ID, a required distinguished name, one or more object classes, and multiple attribute definitions. -
Page 380: Httpserveradmin (Virtual Server Administration)
HttpServerAdmin (Virtual Server Administration) HttpServerAdmin (Virtual Server Administration) is a command line utility that performs the same administrative HttpServerAdmin functions as the virtual server user interface in the Server Manager and the Class Manager. If you prefer to set up your virtual servers using the command line interface, use HttpServerAdmin is in server_root... -
Page 381: Control Command
HttpServerAdmin (Virtual Server Administration) There are four possible values for the command_name parameter: • control • create • delete • list Each command has its own set of command options. For more information, see the sections in this chapter that describe each command. Regardless of the value of the command parameter, the parameters shown in Table A-1 can apply to all uses of the command. -
Page 382: Syntax
HttpServerAdmin (Virtual Server Administration) Table A-2 Control command options Options Value -disable Disables the specified virtual server, or all virtual servers in the class if no virtual server is specified. Syntax HttpServerAdmin control -cl classname, -control_option [-id virtual_server] -d server_root -sinst http_instance Parameters Use these parameters with the command options to control virtual servers Table A-3... -
Page 383: Options
HttpServerAdmin (Virtual Server Administration) Options Use the options shown in Table A-4 with the command to create classes, create listen sockets, and virtual servers. Create command options Table A-4 Option Value Creates a virtual server class. Creates a connection group. Creates a listen socket. -
Page 384: Create Connection Group
HttpServerAdmin (Virtual Server Administration) Example HttpServerAdmin create -c -cl myclass1 -d /export/netscape/servers -sinst https-netscape.com Create Connection Group Use this option of the create command to create a connection group. Syntax HttpServerAdmin create -g group_ID -lsid listen_socket -ip IPaddress -sname server_name -defaultvs default_virtual_server -d server_root -sinst http_instance Parameters Use the parameters shown in Table A-8 with the command option to... -
Page 385: Create Virtual Server
HttpServerAdmin (Virtual Server Administration) Syntax HttpServerAdmin create -l -ip ip_address -port port_number -sname server_name -defaultvs default_virtual_server [-sec security] [-acct number_of_accept_threads] -d server_root -sinst http_instance Parameters Use the parameters shown in Table A-7 with the command option to create -l create listen sockets. Table A-7 Create listen socket parameters Parameter... - Page 386 HttpServerAdmin (Virtual Server Administration) Syntax HttpServerAdmin create -v -id virtual_server -cl classname -urlh urlhosts -conngroupid connection_group_ID[-state state][-docroot document_root] [-mime mime_types_file] [-aclid acl_ID] -d server_root -sinst http_instance Parameters Use the parameters shown in Table A-8 with the command option to create -v create virtual servers.
-
Page 387: Delete Command
HttpServerAdmin (Virtual Server Administration) delete Command Use the delete command to delete classes of virtual servers, virtual servers, and listen sockets. Options Use the options shown in Table A-9 with the command to delete classes. delete Delete command options Table A-9 Option Value Deletes the specified virtual server class. -
Page 388: Delete Connection Group
HttpServerAdmin (Virtual Server Administration) Delete Connection Group Use this option of the delete command to delete a connection group. Syntax HttpServerAdmin delete -g -id connection_group -lsid listen_socket -d server_root -sinst http_instance Parameters Use the parameters shown in Table A-9 with the command to delete a delete connection group. -
Page 389: Delete Virtual Server
HttpServerAdmin (Virtual Server Administration) Example HttpServerAdmin delete -l -id ls3 -d /export/netscape/server6 -sinst https-netscape.com Delete Virtual Server Use this option of the delete command to delete a virtual server. Syntax HttpServerAdmin delete -v -id virtual_server -cl classname -d server_root -sinst http_instance Parameters Use the parameters shown in Table A-9 with the command to delete a... -
Page 390: Options
HttpServerAdmin (Virtual Server Administration) Options Table A-14 List command options Option Value Lists all virtual server classes. -g -lsid listen_socket Lists all connection groups for a listen socket. Lists all listen sockets. Lists all virtual servers. Example HttpServerAdmin list -c -d /export/netscape/server6 -sinst https-netscape.com HttpServerAdmin list -l -d /export/netscape/server6 -sinst https-netscape.com... -
Page 391: Appendix B Hypertext Transfer Protocol
Appendix B HyperText Transfer Protocol This appendix provides a short introduction to a few HyperText Transfer Protocol (HTTP) basics. For more information on HTTP, see the Internet Engineering Task Force (IETF) home page at http://www.ietf.org/home.html This appendix contains the following sections: •... -
Page 392: Requests
Requests Netscape Enterprise Server supports HTTP 1.1. Some previous versions of the server supported HTTP 1.0. The server is conditionally compliant with the HTTP 1.1 proposed standard, as approved by the Internet Engineering Steering Group (IESG) and the Internet Engineering Task Force (IETF) HTTP working group. For more information on the criteria for being conditionally compliant, see the Hypertext Transfer Protocol—HTTP/1.1 specification (RFC 2068) at: http://www.ietf.org/html.charters/http-charter.html... -
Page 393: Request Header
Responses Request Header The client can send header fields to the server. Most are optional. Some commonly used request headers are shown in Table B-1. Table B-1 Common request headers Request header Description The file types the client can accept. Accept Used if the client wants to authenticate itself with a server;... -
Page 394: Status Code
Responses Status Code When a client makes a request, one item the server sends back is a status code, which is a three-digit numeric code. There are four categories of status codes: • Status codes in the 100–199 range indicate a provisional response. •... -
Page 395: Response Header
Responses Response Header The response header contains information about the server and information about the document that will follow. Common response headers are shown in Table B-3. Table B-3 Common response headers Response header Description The name and version of the Enterprise Server. Server The current date (in Greenwich Mean Time). - Page 396 Responses Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 397: Appendix C Acl File Syntax
Appendix C ACL File Syntax This appendix describes the access-control list (ACL) files and their syntax. ACL files are text files that contain lists that define who can access resources stored on your web server. By default, the web server uses one ACL file that contains all of the lists for access to your server. -
Page 398: Authentication Methods
ACL File Syntax • URI (Uniform Resource Indicator) ACLs specify a directory or file relative to the server’s document root. • Named ACLs specify a name that is referenced in resources in the obj.conf file. The server comes with a “default” named resource that allows read access to anyone and write access to users in the LDAP directory. -
Page 399: Authorization Statements
ACL File Syntax SSL requires the user to have a client certificate. The web server must have encryption turned on, and the user’s certificate issuer must be in the list of trusted CAs to be authenticated. By default, the server uses the Basic method for any ACL that doesn’t specify a method. -
Page 400: Hierarchy Of Authorization Statements
ACL File Syntax Start each line with either allow or deny. It’s usually a good idea to deny access to everyone in the first rule and then specifically allow access for users, groups, or computers in subsequent rules. This is because of the hierarchy of rules. That is, if you allow anyone access to a directory called , and then you have a /my_stuff... -
Page 401: Attribute Expressions
ACL File Syntax If there are more than one ACLs that match, the server uses the last statement that matches. However, if you use an absolute statement, then the server stops looking for other matches and uses the ACL containing the absolute statement. If you have two absolute statements for the same resource, the server uses the first one in the file and stops looking for other resources that match. -
Page 402: Operators For Expressions
ACL File Syntax You can also restrict access to your server by time of day (based on the local time on the server) by using the attribute. For example, you can use the timeofday attribute to restrict access to certain users during specific hours. timeofday NOTE Use 24-hour time to specify times. -
Page 403: The Default Acl File
ACL File Syntax • less than < • greater than or equal to • less than or equal to <= The Default ACL File After installation, the file server_root/httpacl/generated.https-serverid.acl provided default settings for the server. The server uses the working file until you create settings in the user interface. -
Page 404: Referencing Acl Files In Obj.conf
Referencing ACL Files in obj.conf Referencing ACL Files in obj.conf If you have named ACLs or separate ACL files, you can reference them in the file. You do this in the directive using the obj.conf PathCheck check-acl function. The line has the following syntax: PathCheck fn="check-acl"... -
Page 405: Appendix D Internationalized Enterprise Server
Appendix D Internationalized Enterprise Server The internationalized version of the Netscape Enterprise Server contains special features tailored for the non-U.S. environment. These features include a choice of user-interface language (Japanese, French, or German) and a choice of search engines that allow you to use text search on a variety of languages. This appendix contains the following sections: •... -
Page 406: Entering Utf-8 Data
General Information For information on installing the international version of the server, see the Enterprise Server,Enterprise Edition Release Notes. Entering UTF-8 Data If you want to enter data on the Server Manager or the Administration UTF-8 Server pages, you need to be aware of the following issues: File or Directory Names If a file or directory name is to appear in a URL, it cannot contain 8-bit or multi-byte characters. -
Page 407: Using Other Language Settings
General Information For example, if is set to , and a client sends the acceptlanguage Accept-language header with the value , when requesting the following fr-CH,de URL: http://www.example.com/somepage.html Your server searches for the file in the following order: list Accept-language fr-CH,de http://www.example.com/fr_ch/somepage.html http://www.example.com/somepage_fr_ch.html... -
Page 408: Search Information
Search Information Table D-2 Language Settings in magnus.conf Directive Values Description Specifies the language in which client messages, ClientLanguage en, fr, de, such as “Not Found” or “Access denied” are to be expressed. This value is used to determine which ns-httpd.db database to use for the localized messages. -
Page 409: Searching In Japanese
Search Information Searching in Japanese The following information is specific to searching in Japanese. Query Operators This release supports the following query operators for Japanese: Table D-3 Query operators for Japanese Operator Japanese Character CONTAINS ENDS MATCHES NEAR NEAR/N PHRASE STARTS English only STEM... -
Page 410: Searching In Japanese
Servlet Internationalization • NEWS • MAIL The PDF document format is not supported for Japanese. NOTE Searching in Japanese The following sections give additional information about searching in the Japanese character set. Document Encodings This release supports the following document encodings for the Japanese language: •... -
Page 411: Auto
Servlet Internationalization • Does not send any charset information in the Content-Type header On the server side, if a servlet tries to access data using POST getParameter , the servlet container does not have any information about getParameterValues which character encoding to use for strings. -
Page 412: None
Posting to JSPs This option is typically used if the servlet that is reading the data does not necessarily know what the charset of the posted data is. The hint parameter name, which by default is can be changed using j_encoding element in parameter-encoding... - Page 413 Posting to JSPs %> <h1>The Entered Name is : <%= request.getParameter("test") %> </h1> </body> </html> Appendix D Internationalized Enterprise Server...
- Page 414 Posting to JSPs Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 415: Appendix E Server Extensions For Microsoft
Appendix E Server Extensions for Microsoft FrontPage This appendix describes using server extensions on your Netscape Enterprise Server that provide support for Microsoft® FrontPage®. These extensions provide the internal server-side support you need if you are using FrontPage webs. This appendix includes the following sections: •... -
Page 416: Types Of Frontpage Webs
Overview • When FrontPage web users participate in a discussion group, the extensions take advantage of the available WebBots to maintain an index of links to discussion articles, tables of contents, and search forms. The extensions can minimize file transfers over the Internet. For example, when a user opens a FrontPage web from an Enterprise Server with the extensions, web metadata, such as its map of links, is downloaded to the user’s machine but the full set of web pages remain on the server. -
Page 417: Domain Names And Frontpage Webs
Overview Domain Names and FrontPage Webs FrontPage webs can be implemented on an Enterprise Server and accessed by web browsers in the following ways: • As private domain names, such as . These are usually www.example.com implemented as virtual servers on the same physical server machine using multi-hosting. -
Page 418: Downloading The Extensions
Downloading the Extensions Downloading the Extensions The first step towards installing the extensions is to download them. You can use Microsoft’s FrontPage sites or, if you want to install the UNIX /Linux extensions, you can use Ready-to-Run Software’s site, which also provides a great deal of information and instruction. -
Page 419: Space Requirements
Downloading the Extensions [UNIX /Linux] You can download an install script and a set of server extensions from the Microsoft web site. Download the file fp_install.sh and the tar file for your platform (for Solaris, it is fp40.solaris.tar.Z Before you install the FrontPage Server Extensions, you need to be sure you have enough disk space available on your local machine, that you have a document root directory, that you have enabled authentication, and that you are aware of some important post-install issues such as access permissions. -
Page 420: Some Additional Considerations
Installing FrontPage Server Extensions Some Additional Considerations • Do not remove any of the internal files needed by FrontPage such as the file. Doing so disables access control for content upload. .nsconfig • You cannot set a web to be restricted to valid end-users only. If you set this, you receive a message that says “This server does not support restricting end user access.”... - Page 421 Installing FrontPage Server Extensions These installation instructions are for the standalone FrontPage Server Extensions that are in a self-extracting executable that is downloadable from the Microsoft FrontPage web site. NOTE You must log into your Windows NT system as Administrator or have administrator permission to install the FrontPage Server Extensions.
- Page 422 Installing FrontPage Server Extensions The installation also updates the text indices and recalculates the links in the Web, adds a FrontPage administration account, password, and IP address restriction, and reminds the web administrator to restart the server if new ObjectType directives were added to the file.
- Page 423 Installing FrontPage Server Extensions For FrontPage2000 extensions, these components are installed in the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40 directory, where C is your default hard drive: • The FrontPage Server Extensions files are copied to the .dll .exe \bin subdirectory and to the directory.
- Page 424 Installing FrontPage Server Extensions • Creates files in the directories .nsconfig \_vti_bin \_vti_adm \_vti_aut and the document root directory. Once you have completed the installation process, you must also perform the following administrative tasks: • For FrontPage 97 and 98, execute the file (located in the fpsrvwin.exe \bin...
-
Page 425: Installing Frontpage97 Server Extensions On Unix /Linux Systems
Installing FrontPage Server Extensions Installing FrontPage97 Server Extensions on UNIX /Linux Systems The installation process on a UNIX /Linux system requires you to have the appropriate file permissions and directories set up beforehand. The extensions require a specific directory structure, which is discussed later in this section. After installation, you must perform some additional administrative tasks for setting permissions and accessing specific webs. - Page 426 Installing FrontPage Server Extensions tar xvf /usr/tmp/wpp.solaris.tar Rename the directory /executables ) to /usr/local/frontpage/version2.0/executables /_vti_bin mv executables _vti_bin Move the file to the directory: fpsrvadm.suid.exe /bin mv fpsrvadm.suid.exe bin Run the shell program and follow the on-screen instructions, fp_install.sh which ask for the information described in the following table. When you are prompted for the name of the server configuration file, enter the pathname of your server’s file.
- Page 427 Installing FrontPage Server Extensions Installing the Server Extensions on each FrontPage web may take several minutes and may increase the CPU load on your computer. If this is a new installation of the FrontPage Server Extensions, each page’s contents are parsed to expand FrontPage components, such as Include components and Substitution components, create a hyperlink map of the FrontPage web, and extract page titles and base URLs.
-
Page 428: Installing Frontpage98 Server Extensions On Unix /Linux Systems
Installing FrontPage Server Extensions Once the FrontPage program is started, the user is prompted for the name of a server to edit or open. If the user wants to edit a web on a different machine, click on “MoreWebs” on the line to select a web server or disk location enter in the servername:portnumber of the web to edit. -
Page 429: Installing Frontpage2000 Server Extensions On Unix /Linux Systems
Installing FrontPage Server Extensions Installing the Server Extensions on each FrontPage web may take several minutes and may increase the CPU load on your computer. If this is a new installation of the FrontPage Server Extensions, each page’s contents are parsed to expand FrontPage components, such as Include components and Substitution components, create a hyperlink map of the FrontPage web, and extract page titles and base URLs. - Page 430 Installing FrontPage Server Extensions After installation, you must perform some additional administrative tasks for setting permissions and accessing specific webs. You must be logged in as the root user to perform the installation. NOTE Also, the root user must have write permission for the /usr/local directory, even if this is not the directory where you will install the extensions.
-
Page 431: Further Information
Further Information • Adds seven subdirectories under the server’s document root: /_vti_bin (contains shtml.exe) /_vti_bin/_vti_adm (contains admin.exe) /_vti_bin/_vti_aut (contains author.exe) /_vti_cnf /_vti_pvt /_private /_vti_log /_vti_txt /images Creates . files in the and the nsconfig /_vti_bin /_vti_adm /_vti_aut document root directories. Further Information Additional detailed information can be obtained from Microsoft’s FrontPage web site:... - Page 432 Further Information Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 433: Glossary
Glossary Access Control Entries (ACEs) A hierarchy of rules which the web server uses to evaluate incoming access requests. Access Control List (ACL) A collection of ACEs. An ACL is a mechanism for defining which users have access to your server. You can define ACL rules that are specific to a particular file or directory, granting or denying access to one or more users and groups. - Page 434 certification authority (CA) An internal or third-party organization that issues digital files used for encrypted transactions. Certificate revocation list (CRL) CA list, provided by the CA, of all revoked certificates. Compromised key list (CKL) A list of key information about users who have compromised keys.
- Page 435 daemon (UNIX) A background process responsible for a particular system task. digest authentication. Allows the user to authenticate without sending the username and password as cleartext. The browser uses the MD5 algorithm to create a digest value. The server uses the Digest Authentication plug-in to compare the digest value provided by the client.
- Page 436 file type The format of a given file. For example, a graphics file doesn’t have the same file type as a text file. File types are usually identified by the file extension (.gif or .html). firewall A network configuration, usually both hardware and software, that protects networked computers within an organization from outside access.
- Page 437 HTTP-NG The next generation of HyperText Transfer Protocol. HTTPD An abbreviation for the HTTP daemon or service, a program that serves information using the HTTP protocol. The Enterprise Server is often called an HTTPD. HTTPS A secure version of HTTP, implemented using the Secure Sockets Layer, SSL.
- Page 438 JavaScript A compact, object-based scripting language for developing client and server Internet applications. JavaServer Pages Extensions that enable all JavaServer page metafunctions, including instantiation, initialization, destruction, access from other components, and configuration management. JavaServer pages, are reusable Java applications that run on a web server rather than in a web browser. Java Servlets Extensions that enable all Java servlet metafunctions, including instantiation, initialization, destruction, access from other components, and...
- Page 439 mime.types The MIME (Multi-purpose Internet Mail Extension) type configuration file. This file maps file extensions to MIME types, to enable the server to determine the type of content being requested. For example, requests for resources with .html extensions indicate that the client is requesting an HTML file, while requests for resources with .gif extensions indicate that the client is requesting an image file in GIF format.
- Page 440 pk12util Software utility required to export the certificate and key databases from your internal machine, and import them into an external PKCS#11 module. primary document directory See document root. protocol A set of rules that describes how devices on a network exchange information.
- Page 441 server daemon A process that, once running, listens for and accepts requests from clients. Server Plug-in API An extension that allows you to extend and/or customize the core functionality of Netscape servers and provide a scalable, efficient mechanism for building interfaces between the HTTP server and back-end applications. Also known as NSAPI.
- Page 442 Sym-links (UNIX) Abbreviation for symbolic links, which is a type of redirection used by the UNIX operating system. Sym-links let you create a pointer from one part of your file system to an existing file or directory on another part of the file system.
- Page 443 URL mapping The process of mapping a document directory’s physical pathname to a user-defined alias so that files within the directory need only refer to the directory’s alias instead of the file’s full physical pathname. Thus, instead of identifying a file as usr/netscape/servers/docs/index.html, you could identify the file as /myDocs/index.html.
- Page 444 Netscape Enterprise Server Administrator’s Guide • November 2001...
-
Page 445: Index
Index SYMBOLS $$NS-server-url 283, 291 $$NS-sort-by 291 - 287 $$queryLabel 282 != (not equal to) 402 $$sitename 282 $ 287 $, in wildcards 23, 65, 68, 76, 121, 177 $$logo 282 $TOKENNAME 117 $$NS-collection-list 290 %vsid%, adding to log file format string 210 $$NS-collection-list-dropdown 290 %vsid%, in log file format string 210 $$NS-collections-searched 290... - Page 446 ? wildcard operator 279 IP addresses 182 LDAP directories and 182 ?, in wildcards 23, 65, 68, 76, 121, 177 methods (Basic, SSL) 161 ^, in wildcards 23, 65, 68, 76, 121, 177 my_stuff directory 170 |, in wildcards 23 overview 159 ~, in wildcards 23, 65, 68, 76, 121, 177 programs 184...
- Page 447 distributed administration and 56 UI overview 29 editing settings for virtual servers 203 URL navigation to 39 file, defines the mapping from an ACL to an administration, distributed LDAP database 75 enabling 54 files, syntax 397 administrator’s userid (superuser) 39 obj.conf, referencing 404 administrators restricting access based on security 191...
- Page 448 attribute expressions ACL, attribute 401 base 76 operators 402 base_dn 76 attribute, search options Basic authentication method 398 list of 68 bin directory 35 attributes 76 adjusting the maximum number of 252 bong-file 127 filters 254 for search collections 255 JVM, configuring 342 x509v3 certificates 123 authentication...
- Page 449 managing 102 CGI programs migrating 100 FrontPage extensions 415 migrating to Enterprise Server 6.0 100 CGI.exe 422 other server, installing 98 CGIStub requesting other server certificates 96 processes to aid in CGI execution 344 root, removing 101 CGIStubIdleTimeout 344 root, restoring 101 character entities selecting name for a connection group 116 HTML 287...
- Page 450 clusters community string adding a server to 140 a text string that an SNMP agent uses for adding variables 143 authorization 238 configuring 139 component options definition and potential tasks for using 137 available at Enterprise Server installation 32 guidelines for configuring servers into 138 compromised key lists (CKLs) guidelines for using 138 installing and managing 103...
- Page 451 category, Require Stronger Security 373 cp819 365 category, Restrict Access 373 CRLs (certificate revocation lists) category, Server Parsed HTML 373 installing and managing 103 creating 371 cron daemon editing 374 using cron controls 58 listing assignments 374 cron.conf 35, 209 removing 375 cron-based log rotation 209 using virtual servers 305...
- Page 452 default listen socket (ls1) 52 DirID 255 defaultclass distinguished name virtual server class 298 for users, form of 64 DefaultLanguage 408 Distinguished Name (DN) attribute definition 62 DELETE 184 distinguished names delete access 185 mapping certificates to LDAP entries 121 deleting distributed administration web applications 338...
- Page 453 Domain Name System Enterprise-wide manageability feature overview alias, defined 435 delegated administration, clusters, and LDAP 28 defined 435 equals (=) 276 domain names error log FrontPage 417 example 57 drop words 435 viewing 57 for search 247 error log file 205, 207 dsgw.conf 35 location 205 dsgwfilter.conf 35...
- Page 454 file extensions FTS_Keywords 255 CGI 345 FTS_ModificationDate 255 defined 435 FTS_Producer 255 file manipulation, remote FTS_Subject 255 enabling 360 FTS_Title 255 File System Service application services overview 31 file types defined 436 file variables configuration 287 generated pattern variables 290 FileName 255 GET 184, 392 files...
- Page 455 groups-with-users 196 default attributes (Title, Sourcetype) 255 guidelines HTML, server-parsed creating difficult passwords 130 file cache 156 html_doc 256 HTTP compliance with 1.1 392 defined 436 requests 392 responses 393 Handler, Query status codes 394 using 354 HTTP (HyperText Transfer Protocol) hard links, definition 367 overview 391 hardware accelerators...
- Page 456 inetOrgPerson, object class 64 info access 185 Java INIT 237 guided search interface 266 init-clf 211 Java Development Kit (JDK) InitFn 124 configuring paths 59 inittab 92, 149, 151 download location 59 defined 437 Java Runtime Environment (JRE) 336 editing 150 configuring paths 59 restarting servers 150 Java Servlet API 335...
- Page 457 key pair file using to change an attribute value that is not changing password 131 displayed by the group edit form 79 key size restriction (based on PathCheck directive in LDIF obj.conf) 127 adding database entries 63 entries, described 379 key-pair file entries, formatting 379 introduction 91...
- Page 458 log files language settings 406, 407 2GB size limitation with Linux OS 206 security issues 111 access 205, 206 termination timeout 148 archiving 57, 208 tuning thread limit 153 common format for 211 magnus.conf.clfilter 35 configuring 210 MAIL 410 error 205, 207 mail 65, 124 flexible format 211 Mail Service...
- Page 459 migrating to 6.0 47 environment variable 337 MIME nesInstanceContact 225 charset parameter 365 nesInstanceCount2xx - 5xx 226 octet-stream 348 nesInstanceCountOther 226 virtual server settings, configuring 328 nesInstanceDeathCount 225 -mime 386 nesInstanceDescription 225 MIME (Multi-purpose Internet Mail Extension) types nesInstanceEntry 225 definition and accessing page 155 nesInstanceId 225 MIME types...
- Page 460 nesVsCount2xx - 5xx 227 NS-display-select 289 nesVsCountOther 227 NS-doc-root 289 nesVsEntry 226 nsfc.conf file cache settings 156 nesVsId 226 NS-highlight-end 289 nesVsIndex 226 NS-highlight-start 289 nesVsInOctets 226 NS-HTML-descriptions-pat 288 nesVsOutOctets 226 NS-language 289 nesVsRequests 226 NS-largest-set 288 nesVsTable 226 NS-max-records 282, 288 Netscape Server Application Programming Interface (NSAPI) NS-ms-tocend 288...
- Page 461 OpenView, HP network management software pattern files user with SNMP 215 HTML 280 search, configuring 250 operators attribute expressions 402 pattern variables for Chinese, Japanese, and Korean 409 configuration files 289 modifying 274 search 291 query language 275 user defined 287 query, combining 273 user-defined 285 which to use 274...
- Page 462 programs operators, using 271 access control 184 operators, which to use? 274 operators. modifying 274 how to store on server 345 performing a standard, search 265 wildcards, using 278 properties custom, creating 125 Query Handler using 354 protocol data units (PDUs) 239 query language PROTOCOL_FORBIDDEN 127 operators 275...
- Page 463 requests sagt, command for starting Proxy SNMP agent 232 HTTP 392 samples directory 37 require 201 scope 76 RequireAuth 195 search resource adjusting the number of attributes 252 defined 440 advanced 268 arguments, required 284 Resource Picker collection-specific variables 289 configuration styles 372 configuration file variables 289 figure of 41...
- Page 464 restricting memory for indexing 252 increasing 129 results 269 virtual servers, configuring 328 sorting the results 270 Security & Access Control stemming, cancelling 274 application services overview 31 stop words 247 security directives 112 style.stp 247 See alsos syntax, basic 282 managing 82 turning on and off 248 Server 395...
- Page 465 servers setting, superuser checking status in real time via SNMP 215 changing 53 installing multiple 45 setup directory 37 migrating to 6.0 47 shell CGI 351 ports under 1024 53 shell programs remote, adding to a cluster 140 installing CGI, Windows NT 351 removing from a cluster 142 shutting down the Administration Server 52 restart time interval, changing 152...
- Page 466 definition 367 search type option 69 software modules, Enterprise Server 29 startsvr.bat 36 sounds like static groups search type option 69 definition 72 guidelines for creating 73 SourceType 254, 255 statistics specifying dynamically generated 280 accessing 217 quality of service bandwidth lost when server authentication 163 reconfigured dynamically 222 defined 441...
- Page 467 definition 367 tocend.pat 281 symbolic links, restricting 367 tocrec.pat 281 syntax tocstart.pat 281 ACL files 397 top-level domain authority 442 search function, basic 282 traffic sysContact 235, 236 settings, counting statistics for 218 sysContract 236 Transport Layer Security (TLS) sysLocation 235, 236 encrypted communication protocol 106 system RC scripts trap...
- Page 468 USERDB 202 access to Administration Server 39 userdb directory 37 defined 442 userdefs.ini 279, 285 encodings 283 userdefs.ini file 252 how to map 246 User-Group authentication 161, 167 mapping, defined 443 userPassword 65 SSL-enabled servers and 111 users URL forwarding authentication 160 configuring 363 managing 66...
- Page 469 virtual server class editing settings via Virtual Server Manager 324 creating via HttpServerAdmin create example, default configuration 315 command 383 example, intranet hosting 318 specifying the chroot directory 134 example, mass hosting 321 thread pools 158 example, secure server 317 using quality of service 217 HttpServerAdmin, setting up via 380 introduction 295...
- Page 470 wdeploy utility 338, 443 attributes 123 web 426 x-euc-jp 365 web application x-mac-roman 365 defined 443 x-sjis 365 web application archive (WAR) defined 443 web applications deploying 338 Web Publishing layer, architecture overview 30 web site restricting access (global and single-instance) 171 web software standards support 28 web, root 416...
Need help?
Do you have a question about the NETSCAPE ENTREPRISE SERVER 6.0 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers