Page 1 Red Hat D irectory Server 8.1 Configuration and Command Reference Red Hat Directory Server 8.1 Configuration and Command Reference Configuring and managing Red Hat Directory Server 8.1 with command-line utilities Edition 8.1.10 Ella Deon Lackey Copyright © 2009 Red Hat, Inc.
Page 2: Legal Notice
URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Page 3 Red Hat D irectory Server 8.1 Configuration and Command Reference Abstract T his reference covers the server configuration and the command-line utilities. It is designed primarily for directory administrators and experienced directory users who want to use the command-line to access...
Page 4: Table Of Contents
Table of Contents Table of Contents About T his Reference 1. Directory Server Overview 2. Examples and Formatting 2.1. Command and File Examples 2.2. T ool Locations 2.3. LDAP Locations 2.4. T ext Formatting and Styles 3. Additional Reading 4. Giving Feedback 5.
Page 5 Red Hat D irectory Server 8.1 Configuration and Command Reference 3.1.7. Case Exact String Syntax Plug-in 3.1.8. Case Ignore String Syntax Plug-in 3.1.9. Chaining Database Plug-in 3.1.10. Class of Service Plug-in 3.1.11. Country String Syntax Plug-in 3.1.12. Distinguished Name Syntax Plug-in 3.1.13.
Page 6: Table Of Contents
3.7.7. dnaRangeRequestT imeout 3.7.8. dnaScope 3.7.9. dnaSharedCfgDN 3.7.10. dnaT hreshold 3.7.11. dnaT ype 3.8. MemberOf Plug-in Attributes 3.8.1. memberofattr 3.8.2. memberofgroupattr 4. Server Instance File Reference 4.1. Overview of Directory Server Files 4.2. Backup Files 4.3. Configuration Files 4.4. Database Files 4.5.
Page 7 Red Hat D irectory Server 8.1 Configuration and Command Reference 7.3.16. start-slapd (Starts the Directory Server) 7.3.17. stop-slapd (Stops the Directory Server) 7.3.18. suffix2instance (Maps a Suffix to a Backend Name) 7.3.19. vlvindex (Creates Virtual List View Indexes) 7.4. Perl Scripts 7.4.1.
Page 8: About This Reference
2.1. Command and File Examples All of the examples for Red Hat Directory Server commands, file locations, and other usage are given for Red Hat Enterprise Linux 5 (32-bit) systems. Be certain to use the appropriate commands and files for your platform.
Page 9: Additional Reading
Directory Server Configuration, Command, and File Reference. Also, Managing Servers with Red Hat Console contains general background information on how to use the Red Hat Console. You should read and understand the concepts in that book before you attempt to administer Directory Server.
Page 10: Giving Feedback
If there is any error in this Configuration, Command, and File Reference or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for Red Hat Directory Server through Bugzilla, http://bugzilla.redhat.com/bugzilla. Make the bug report as specific as possible, so we can be more effective in correcting any issues: Select the Red Hat Directory Server product.
Page 11: Introduction
Red Hat D irectory Server 8.1 Configuration and Command Reference Chapter 1. Introduction Directory Server is based on an open-systems server protocol called the Lightweight Directory Access Protocol (LDAP). T he Directory Server is a robust, scalable server designed to manage large scale directories to support an enterprise-wide directory of users and resources, extranets, and e-commerce applications over the Internet.
Page 12: Core Server Configuration Reference
T he Directory Server configuration data are stored in LDIF files in the /etc/dirsrv/slapd-instance_name directory (/etc/opt/dirsrv/slapd-instance_name on HP- UX). T hus, if a server identifier is phonebook, then for a Directory Server on Red Hat Enterprise Linux 5 (32-bit), the configuration LDIF files are all stored under /etc/dirsrv/slapd-phonebook.
Page 13 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 2.1. Directory Server LDIF Configuration Files Configuration Filename Purpose dse.ldif Contains front-end Directory Specific Entries created by the directory at server startup. T hese include the Root DSE ("") and the contents of cn=config and cn=m onitor (ACIs only).
Page 14: How The Server Configuration Is Organized
Chapter 2. Core Server Configuration Reference 50ns-web.ldif Schema for Netscape Web Server. 60pam-plugin.ldif Reserved for future use. 99user.ldif User-defined schema maintained by Directory Server replication consumers which contains the attributes and object classes from the suppliers. 2.1.2. How the Server Configuration Is Organized T he dse.ldif file contains all configuration information including directory-specific entries created by the directory at server startup, such as entries related to the database.
Page 15: Accessing And Modifying Server Configuration
Red Hat D irectory Server 8.1 Configuration and Command Reference T hese entries and their children have many attributes used to configure different database settings, like the cache sizes, the paths to the index files and transaction logs, entries and attributes for monitoring and statistics;...
Page 16 Chapter 2. Core Server Configuration Reference 2.2.2.1. Modifying Configuration Entries Using LDAP T he configuration entries in the directory can be searched and modified using LDAP either via the Directory Server Console or by performing ldapsearch and ldapm odify operations in the same way as other directory entries.
Page 17: Core Server Configuration Attributes Reference
Red Hat D irectory Server 8.1 Configuration and Command Reference nsslapd-schema-ignore-trailing-spaces nsslapd-securelistenhost nsslapd-workingdir nsslapd-return-exact-case nsslapd-maxbersize 2.3. Core Server Configuration Attributes Reference T his section contains reference information on the configuration attributes that are relevant to the core server functionality. For information on changing server configuration, see Section 2.2, “Accessing and...
Page 18 Chapter 2. Core Server Configuration Reference T able 2.2. dse.ldif File Attributes Attribute Value Logging enabled or disabled nsslapd-accesslog-logging- Disabled enabled empty string nsslapd-accesslog nsslapd-accesslog-logging- Enabled enabled filename nsslapd-accesslog nsslapd-accesslog-logging- Disabled enabled empty string nsslapd-accesslog nsslapd-accesslog-logging- Disabled enabled filename nsslapd-accesslog Parameter Description Entry DN...
Page 19 Red Hat D irectory Server 8.1 Configuration and Command Reference right away instead of having to wait for the log entries to be flushed to the file. Disabling log buffering can severely impact performance in heavily loaded servers. Parameter Description...
Page 20 Chapter 2. Core Server Configuration Reference Parameter Description Entry DN cn=config Valid Values on | off Default Value Syntax DirectoryString Example nsslapd-accesslog-logging-enabled: off 2.3.1.8. nsslapd-accesslog-logmaxdiskspace (Access Log Maximum Disk Space) T his attribute specifies the maximum amount of disk space in megabytes that the access logs are allowed to consume.
Page 21 Red Hat D irectory Server 8.1 Configuration and Command Reference Parameter Description Entry DN cn=config Valid Range 0 through 23 Default Value Syntax Integer Example nsslapd-accesslog-logrotationsynchour: 23 2.3.1.12. nsslapd-accesslog-logrotationsyncmin (Access Log Rotation Sync Minute) T his attribute sets the minute of the day for rotating access logs. T his attribute must be used in conjunction with nsslapd-accesslog-logrotationsync-enabled and nsslapd-accesslog- logrotationsynchour attributes.
Page 22 For performance reasons, Red Hat recommends not setting this value to 1 because the server does not rotate the log, and it grows indefinitely.
Page 23 Red Hat D irectory Server 8.1 Configuration and Command Reference T he nsslapd-allow-unauthenticated-binds attribute sets whether to allow an unauthenticated bind to succeed as an anonymous bind. By default, unauthenticated binds are disabled. Parameter Description Entry DN cn=config Valid Values...
Page 24 Chapter 2. Core Server Configuration Reference Example nsslapd-auditlog-list: auditlog2,auditlog3 2.3.1.22. nsslapd-auditlog-logexpirationtime (Audit Log Expiration T ime) T his attribute sets the maximum age that a log file is allowed to be before it is deleted. T his attribute supplies only the number of units. T he units (day, week, month, and so forth) are given by the nsslapd- auditlog-logexpirationtimeunit attribute.
Page 25 Red Hat D irectory Server 8.1 Configuration and Command Reference T his attribute sets the maximum amount of disk space in megabytes that the audit logs are allowed to consume. If this value is exceeded, the oldest audit log is deleted.
Page 26 Chapter 2. Core Server Configuration Reference 2.3.1.29. nsslapd-auditlog-logrotationsyncmin (Audit Log Rotation Sync Minute) T his attribute sets the minute of the day for rotating audit logs. T his attribute must be used in conjunction with nsslapd-auditlog-logrotationsync-enabled and nsslapd-auditlog- logrotationsynchour attributes. Parameter Description Entry DN...
Page 27 Red Hat D irectory Server 8.1 Configuration and Command Reference 2.3.1.33. nsslapd-auditlog-maxlogsperdir (Audit Log Maximum Number of Log Files) T his attribute sets the total number of audit logs that can be contained in the directory where the audit log is stored. Each time the audit log is rotated, a new log file is created. When the number of files contained in the audit log directory exceeds the value stored on this attribute, then the oldest version of the log file is deleted.
Page 28 Chapter 2. Core Server Configuration Reference Example /etc/dirsrv/slapd-phonebook 2.3.1.36. nsslapd-certmap-basedn (Certificate Map Search Base) T his attribute can be used when client authentication is performed using SSL certificates in order to avoid limitations of the security subsystem certificate mapping, configured in the certm ap.conf file. Depending on the certm ap.conf configuration, the certificate mapping may be done using a directory subtree search based at the root DN.
Page 29 Red Hat D irectory Server 8.1 Configuration and Command Reference T his attribute sets whether change sequence numbers (CSNs), when available, are to be logged in the access log. By default, CSN logging is turned on. Parameter Description Entry DN...
Page 30 Chapter 2. Core Server Configuration Reference T able 2.6. Possible Combinations for nsslapd-errorlog Configuration Attributes Attributes in dse.ldif Value Logging enabled or disabled nsslapd-errorlog-logging- Disabled enabled empty string nsslapd-errorlog nsslapd-errorlog-logging- Enabled enabled filename nsslapd-errorlog nsslapd-errorlog-logging- Disabled enabled empty string nsslapd-errorlog nsslapd-errorlog-logging- Disabled enabled...
Page 31 Red Hat D irectory Server 8.1 Configuration and Command Reference Entry DN cn=config Valid Values Default Value None Syntax DirectoryString Example nsslapd-errorlog-list: errorlog2,errorlog3 2.3.1.4 6. nsslapd-errorlog-logexpirationtime (Error Log Expiration T ime) T his attribute sets the maximum age that a log file is allowed to reach before it is deleted. T his attribute supplies only the number of units.
Page 32 Chapter 2. Core Server Configuration Reference T his attribute sets the minimum allowed free disk space in megabytes. When the amount of free disk space falls below the value specified on this attribute, the oldest error log is deleted until enough disk space is freed to satisfy this attribute.
Page 33 Red Hat D irectory Server 8.1 Configuration and Command Reference attribute value to 1 or set the nsslapd-errorlog-logrotationtime attribute to -1. T he server checks the nsslapd-errorlog-maxlogsperdir attribute first, and, if this attribute value is larger than 1, the server then checks the nsslapd-errorlog-logrotationtime attribute. See Section 2.3.1.57,...
Page 34 Chapter 2. Core Server Configuration Reference 2.3.1.58. nsslapd-errorlog-mode (Error Log File Permission) T his attribute sets the access mode or file permissions with which error log files are to be created. T he valid values are any combination of 000 to 777 since they mirror numbered or absolute UNIX file permissions.
Page 35 Red Hat D irectory Server 8.1 Configuration and Command Reference Default Value Syntax Integer Example nsslapd-idletimeout: 0 2.3.1.61. nsslapd-instancedir (Instance Directory) T his attribute is deprecated. T here are now separate configuration parameters for instance-specific paths, such as nsslapd-certdir and nsslapd-lockdir. See the documentation for the specific directory path that is set.
Page 36 Chapter 2. Core Server Configuration Reference Default Value Syntax DirectoryString Example nsslapd-ldapiautobind: off 2.3.1.65. nsslapd-ldapientrysearchbase (Search Base for LDAPI Authentication Entries) With autobind, it is possible to map system users to Directory Server user entries, based on the system user's UID and GUID numbers. T his requires setting Directory Server parameters for which attribute to use for the UID number (nsslapd-ldapiuidnumbertype) and GUID number (nsslapd- ldapigidnumbertype) and setting the search base to use to search for matching user entries.
Page 37 Red Hat D irectory Server 8.1 Configuration and Command Reference 2.3.1.69. nsslapd-ldapimaprootdn (Autobind Mapping for Root User) With autobind, a system user is mapped to a Directory Server user and then automatically authenticated to the Directory Server over a UNIX socket.
Page 38 Chapter 2. Core Server Configuration Reference Parameter Description Entry DN cn=config Valid Values Any local hostname, IPv4 or IPv6 address Default Value Syntax DirectoryString Example nsslapd-listenhost: ldap.example.com NOTE On HP-UX the hostname value can be a relocatable IP address. 2.3.1.73. nsslapd-localhost (Local Host) T his attribute specifies the host machine on which the Directory Server runs.
Page 39 Red Hat D irectory Server 8.1 Configuration and Command Reference Entry DN cn=config Valid Range 0 - 2 gigabytes (2,147,483,647 bytes) Z ero 0 means that the default value should be used. Default Value 2097152 Syntax Integer Example nsslapd-maxbersize: 2097152 2.3.1.77.
Page 40 Chapter 2. Core Server Configuration Reference When an incoming SASL IO packet is larger than the nsslapd-maxsasliosize limit, the server immediately disconnects the client and logs a message to the error log, so that an administrator can adjust the setting if necessary. T his attribute value is specified in bytes.
Page 41 Red Hat D irectory Server 8.1 Configuration and Command Reference system; make sure no other application is attempting to use the same port number. Specifying a port number of less than 1024 means the Directory Server has to be started as root.
Page 42 Chapter 2. Core Server Configuration Reference entries: ou=People,dc=example,dc=com but the request is for this entry: ou=Groups,dc=example,dc=com In this case, the referral would be passed back to the client in an attempt to allow the LDAP client to locate a server that contains the requested entry. Although only one referral is allowed per Directory Server instance, this referral can have multiple values.
Page 43 Red Hat D irectory Server 8.1 Configuration and Command Reference nsslapd-reservedescriptor = 20 + (NldbmBackends * 4) + NglobalIndex + ReplicationDescriptor + ChainingBackendDescriptors + PTADescriptors + SSLDescriptors NldbmBackends is the number of ldbm databases. NglobalIndex is the total number of configured indexes for all databases including system indexes.
Page 44 Setting this attribute allows the server to use custom or non-standard SASL plug-in libraries. T his is usually set correctly during installation, and Red Hat strongly recommends not changing this attribute. If the attribute is not present or the value is empty, this means the Directory Server is using the system provided SASL plug-in libraries which are the correct version.
Page 45 Directory Server Administrator's Guide. WARNING Red Hat strongly discourages turning off schema checking. T his can lead to severe interoperability problems. T his is typically used for very old or non-standard LDAP data that must be imported into the Directory Server. If there are not a lot of entries that have this problem, consider using the extensibleObject object class in those entries to disable schema checking on a per entry basis.
Page 46 Chapter 2. Core Server Configuration Reference Default Value replication-only Syntax DirectoryString Example nsslapd-schemareplace: replication-only 2.3.1.100. nsslapd-securelistenhost T his attribute allows multiple Directory Server instances to run on a multihomed machine (or makes it possible to limit listening to one interface of a multihomed machine). T here can be multiple IP addresses associated with a single hostname, and these IP addresses can be a mix of both IPv4 and IPv6.
Page 47 (host1.example.com:636): Replication bind with SSL client authentication failed: LDAP error 81 (Can't contact LDAP server) Red Hat recommends turning this attribute on to protect Directory Server's outbound SSL connections against a man in the middle (MIT M) attack. NOTE> DNS and reverse DNS must be set up correctly in order for this to work; otherwise, the server cannot resolve the peer IP address to the hostname in the subject DN in the certificate.
Page 48 Syntax DirectoryString Example nsslapd-versionstring: Red Hat-Directory/8.1 2.3.1.109. nsslapd-workingdir T his is the absolute path of the directory that the server uses as its current working directory after startup. T his is the value that the server would return as the value of the getcwd() function, and the value that the system process table shows as its current working directory.
Page 49 Red Hat D irectory Server 8.1 Configuration and Command Reference Syntax DirectoryString Example nsSSLclientauth: allowed 2.3.1.111. passwordAllowChangeT ime T his attribute specifies the length of time that must pass before the user is allowed to change his password. For more information on password policies, see the "Managing Users and Passwords" chapter in the Directory Server Administrator's Guide.
Page 50 Chapter 2. Core Server Configuration Reference password expires using the passwordMaxAge attribute. For more information on password policies, see the "Managing Users and Passwords" chapter in the Directory Server Administrator's Guide. Parameter Description Entry DN cn=config Valid Values on | off Default Value Syntax DirectoryString...
Page 51 Red Hat D irectory Server 8.1 Configuration and Command Reference stored passwords. Set the number of old passwords the Directory Server stores using the passwordInHistory attribute. For more information on password policies, see the "Managing Users and Passwords" chapter in the Directory Server Administrator's Guide.
Page 52 Chapter 2. Core Server Configuration Reference Entry DN cn=config Valid Values on | off Default Value Syntax DirectoryString Example passwordLockout: off 2.3.1.124 . passwordLockoutDuration (Lockout Duration) Indicates the amount of time in seconds during which users are locked out of the directory after an account lockout.
Page 53 Red Hat D irectory Server 8.1 Configuration and Command Reference Valid Range 0 to 64 Default Value Syntax Integer Example passwordMaxRepeats: 1 2.3.1.128. passwordMin8Bit (Password Syntax) T his sets the minimum number of 8-bit characters the password must contain. NOTE T he 7-bit checking for userPassword must be disabled to use this.
Page 54 Chapter 2. Core Server Configuration Reference 2.3.1.132. PasswordMinDigits (Password Syntax) T his sets the minimum number of digits a password must contain. Parameter Description Entry DN cn=config Valid Range 0 to 64 Default Value Syntax Integer Example passwordMinDigits: 3 2.3.1.133. passwordMinLength (Password Minimum Length) T his attribute specifies the minimum number of characters that must be used in Directory Server user password attributes.
Page 55 Red Hat D irectory Server 8.1 Configuration and Command Reference 2.3.1.137. PasswordMinUppers (Password Syntax) T his sets the minimum number of uppercase letters password must contain. Parameter Description Entry DN cn=config Valid Range 0 to 64 Default Value Syntax Integer...
Page 56 Chapter 2. Core Server Configuration Reference T his is an operational attribute, meaning its value is managed by the server and the attribute is not returned in default searches. Parameter Description Entry DN cn=config Valid Range 0 to the maximum 32 bit integer value (2147483647) Default Value Syntax...
Page 57: Cn=Changelog5
Red Hat D irectory Server 8.1 Configuration and Command Reference Example passwordWarning: 86400 2.3.1.14 5. retryCountResetT ime T his attribute specifies the length of time that passes before the passwordRetryCount attribute is reset. Parameter Description Entry DN cn=config Valid Range...
Page 58 Chapter 2. Core Server Configuration Reference 2.3.2.2. nsslapd-changelogmaxage (Max Changelog Age) T his attribute sets the maximum age of any entry in the changelog. T he changelog contains a record for each directory modification and is used when synchronizing consumer servers. Each record contains a timestamp.
Page 59: Cn=Encryption
Red Hat D irectory Server 8.1 Configuration and Command Reference T his attribute defines a time, in a YYMMDDHHMMSS format, when the entry was added. 2.16.840.1.113730.3.1.77 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 2.3.2.8. changeT ype T his attribute specifies the type of LDAP operation, add, delete, m odify, or m odrdn. For example: changeType: modify 2.16.840.1.113730.3.1.7...
Page 60 DirectoryString Example nsSSLclientauth: allowed 2.3.3.3. nsSSL2 Supports SSL version 2. SSLv2 is deprecated, and Red Hat strongly discourages using it. T he server has to be restarted for changes to this attribute to go into effect. Parameter Description Entry DN...
Page 61: Cn=Features
Red Hat D irectory Server 8.1 Configuration and Command Reference Parameter Description Entry DN cn=encryption, cn=config Valid Values For SSLv3: rsa_null_md5 rsa_rc4_128_md5 rsa_rc4_40_md5 rsa_rc2_40_md5 rsa_des_sha rsa_fips_des_sha rsa_3des_sha rsa_fips_3des_sha For T LS: tls_rsa_export1024_with_rc4_56_sha tls_rsa_export1024_with_des_cbc_sha Default Value Syntax DirectoryString Use the plus (+) symbol to enable or minus (-) symbol to disable, followed by the ciphers.
Page 62 Chapter 2. Core Server Configuration Reference Windows synchronization agreement attributes are stored under cn=syncAgreementName, cn=replica, cn=suffix,cn=m apping tree,cn=config. 2.3.6. Suffix Configuration Attributes under cn="suffixName" Suffix configuration attributes are stored under the cn=suffix entry. T he cn=suffix entry is an instance of the nsMappingT ree object class which inherits from the extensibleObject object class.
Page 63 Red Hat D irectory Server 8.1 Configuration and Command Reference cn=config Valid Values 0 | 1 0 means no changes are logged 1 means changes are logged Default Value Syntax Integer Example nsDS5Flags: 0 2.3.7.2. nsds5DebugReplicaT imeout T his attribute gives an alternate timeout period to use when the replication is run with debug logging.
Page 64 Chapter 2. Core Server Configuration Reference Example nsDS5ReplicaBindDN: cn=replication manager, cn=config 2.3.7.6. nsDS5ReplicaChangeCount T his read-only attribute shows the total number of entries in the changelog and whether they still remain to be replicated. When the changelog is purged, only the entries that are still to be replicated remain. Section 2.3.7.10, “nsDS5ReplicaPurgeDelay”...
Page 65 Red Hat D irectory Server 8.1 Configuration and Command Reference T his attribute controls the maximum age of deleted entries (tombstone entries) and state information. T he Directory Server stores tombstone entries and state information so that when a conflict occurs in a multi-master replication process, the server resolves the conflicts based on the timestamp and replica ID stored in the change sequence numbers.
Page 66 T he cn=ReplicationAgreementName entry is an instance of the nsDS5ReplicationAgreem ent object class. Replication agreements are configured only on supplier replicas. 2.3.8.1. cn T his attribute is used for naming. Once this attribute has been set, it cannot be modified. T his attribute is required for setting up a replication agreement.
Page 67 Red Hat D irectory Server 8.1 Configuration and Command Reference Default Value Syntax DirectoryString Example cn: MasterAtoMasterB 2.3.8.2. description Free form text description of the replication agreement. T his attribute can be modified. Parameter Description Entry DN cn=ReplicationAgreementName, cn=replica, cn=suffixDN, cn=mapping tree, cn=config...
Page 68 Chapter 2. Core Server Configuration Reference Default Value Syntax Integer Example nsDS5ReplicaBusyWaitT ime: 3 2.3.8.6. nsDS5ReplicaChangesSentSinceStartup T his read-only attribute shows the number of changes sent to this replica since the server started. Parameter Description Entry DN cn=ReplicationAgreementName, cn=replica, cn=suffixDN, cn=mapping tree, cn=config Valid Range 0 to maximum 32-bit integer (2147483647) Default Value...
Page 69 Red Hat D irectory Server 8.1 Configuration and Command Reference Parameter Description Entry DN cn=ReplicationAgreementName, cn=replica, cn=suffixDN, cn=mapping tree, cn=config Valid Values YYYYMMDDhhmmssZ is the date/time in Generalized T ime form at which the connection was opened. T his value gives the time in relation to Greenwich Mean T ime.
Page 70 Chapter 2. Core Server Configuration Reference Parameter Description Entry DN cn=ReplicationAgreementName, cn=replica, cn=suffixDN, cn=mapping tree, cn=config Valid Values 0 (no replication sessions started), followed by any other error or status message Default Value Syntax DirectoryString Example nsDS5ReplicaLastUpdateStatus: 0 replica acquired successfully 2.3.8.15.
Page 71 Red Hat D irectory Server 8.1 Configuration and Command Reference 2.3.8.19. nsDS5ReplicaSessionPauseT ime T his attribute sets the amount of time in seconds a supplier should wait between update sessions. T he default value is 0. If the attribute is set to a negative value, Directory Server sends the client a message and an LDAP_UNWILLING_T O_PERFORM error code.
Page 72 Chapter 2. Core Server Configuration Reference Syntax Integer Example nsDS5ReplicaT imeout: 600 2.3.8.22. nsDS5ReplicaT ransportInfo T his attribute sets the type of transport used for transporting data to and from the replica. T he attribute values can be either SSL, which means that the connection is established over SSL, or LDAP, which means that regular LDAP connections are used.
Page 73 Red Hat D irectory Server 8.1 Configuration and Command Reference Windows Active Directory servers. T able 2.7. List of Attributes Shared Between Replication and Synchronization Agreements nsDS5ReplicaLastUpdateEnd description nsDS5ReplicaLastUpdateStart nsDS5ReplicaBindDN (the Windows sync nsDS5ReplicaLastUpdateStatus manager ID) nsDS5ReplicaBindMethod nsDS5ReplicaPort nsDS5ReplicaBusyWaitT ime...
Page 74 Chapter 2. Core Server Configuration Reference Valid Values on | off Default Value Syntax DirectoryString Example nsDS7NewWinUserSyncEnabled: on 2.3.9.5. nsds7WindowsDomain T his attribute sets the name of the Windows domain to which the Windows sync peer belongs. Parameter Description Entry DN cn=syncAgreementName, cn=replica, cn=suffixDN, cn=mapping tree, cn=config Valid Values...
Page 75 Red Hat D irectory Server 8.1 Configuration and Command Reference T his attribute lists open connections. T hese are given in the following format: connection: A:YYYYMMDDhhmmssZ:B:C:D:E For example: connection: 31:20010201164808Z:45:45::cn=directory manager A is the connection number, which is the number of the slot in the connection table associated with this connection.
Page 76 Chapter 2. Core Server Configuration Reference threads T his attribute shows the number of threads used by the Directory Server. T his should correspond to nsslapd-threadnumber in cn=config. nbackEnds T his attribute shows the number of Directory Server database backends. backendMonitorDN T his attribute shows the DN for each Directory Server database backend.
Page 77 Red Hat D irectory Server 8.1 Configuration and Command Reference Example nsSaslMapRegexString: \(.*\) 2.3.13. cn=SNMP SNMP configuration attributes are stored under cn=SNMP,cn=config. T he cn=SNMP entry is an instance of the nsSNMP object class. 2.3.13.1. nssnmpenabled T his attribute sets whether SNMP is enabled.
Page 78 Chapter 2. Core Server Configuration Reference Parameter Description Entry DN cn=SNMP, cn=config Valid Values machine hostname or localhost Default Value <blank> Syntax DirectoryString Example nssnmpmasterhost: localhost 2.3.13.7. nssnmpmasterport T he nssnmpmasterport attribute was deprecated with the introduction of net-snmp. T he attribute still appears in dse.ldif but without a default value.
Page 79 Not used. T his value is always 0. CacheEntries and CacheHits are up d ated every ten (10 ) s ec o nd s . Red Hat s tro ng ly enc o urag es us ing the d atab as e b ac kend...
Page 80 In Red Hat Directory Server deployments before Directory Server 8.0, many Directory Server tasks were managed by the Administration Server. T hese tasks were moved to the core Directory Server configuration in version 8.0 and are invoked and administered by Directory Server under the cn=tasks entry.
Page 81 Red Hat D irectory Server 8.1 Configuration and Command Reference Syntax case-exact string Example nsT askStatus: Loading entries..nsT askLog T his entry contains all of the log messages for the task, including both warning and information messages. New messages are appended to the end of the entry value, so this attribute value grows larger, without erasing the original contents, by default.
Page 82 Chapter 2. Core Server Configuration Reference Parameter Description Entry DN cn=task_name, cn=task_type, cn=tasks, cn=config Valid Values 0 to the maximum 32 bit integer value (2147483647) Default Value Syntax Integer Example nsT askT otalItems: 152 nsT askCancel T his attribute allows a task to be aborted while in progress. T his attribute can be modified by users. Parameter Description Entry DN...
Page 83 Red Hat D irectory Server 8.1 Configuration and Command Reference nsUniqueIdGenerator, analogous to the -g option to generate unique ID numbers for the entries nsUniqueIdGeneratorNamespace, analogous to the -G option to generate a unique, name-based ID for the entries nsFilename T he nsFilename attribute contains the path and filenames of the LDIF files to import into the Directory Server instance.
Page 84 Chapter 2. Core Server Configuration Reference Example nsImportChunkSize: 10 nsImportIndexAttrs T his attribute sets whether to index the attributes that are imported into database instance. Parameter Description Entry DN cn=task_name, cn=import, cn=tasks, cn=config Valid Values true | false Default Value true Syntax Case-insensitive string...
Page 85 Red Hat D irectory Server 8.1 Configuration and Command Reference nsExportReplica, analogous to the -r option, to indicate whether the exported database is used in replication nsPrintKey, analogous to the -N option, to set whether to print the entry IDs as the entries are...
Page 86 Chapter 2. Core Server Configuration Reference Valid Values true | false Default Value false Syntax Case-insensitive string Example nsUseOneFile: true nsExportReplica T his attribute identifies whether the exported database will be used in replication. For replicas, the proper attributes and settings will be included with the entry to initialize the replica automatically. Parameter Description Entry DN...
Page 87 Red Hat D irectory Server 8.1 Configuration and Command Reference the parameters of the task and initiates the task. As soon as the task is complete, the task entry is removed from the directory. T he cn=backup entry is a container entry for backup task operations. T he cn=backup entry itself has no attributes, but each of the task entries within this entry, such as cn=task_ID, cn=backup, cn=tasks, cn=config, uses the following attributes to define the backup task.
Page 88 Chapter 2. Core Server Configuration Reference nsArchiveDir T his attribute gives the location of the directory to which to write the backup. Parameter Description Entry DN cn=task_name, cn=restore, cn=tasks, cn=config Valid Values Any local directory location Default Value Syntax Case-exact string Example nsArchiveDir: /export/backups nsDatabaseT ypes...
Page 89 Red Hat D irectory Server 8.1 Configuration and Command Reference Syntax Case-insensitive string, multi-valued Example nsIndexAttribute: "cn:pres,eq" nsIndexAttribute: "description:sub" nsIndexVLVAttribute T his attribute gives the name of the target entry for a VLV index. A virtual list view is based on a browsing index entry (as described in the Administrator's Guide), which defines the virtual list base DN, scope, and filter.
Page 90 Chapter 2. Core Server Configuration Reference Syntax DirectoryString Example cn: example reload task ID schemadir T his contains the full path to the directory containing the custom schema file. Parameter Description Entry DN cn=task_name, cn=schema reload task, cn=tasks, cn=config Valid Values Any local directory path Default Value /etc/dirsrv/slapd-instance_name/schema...
Page 91: Configuration Object Classes
Red Hat D irectory Server 8.1 Configuration and Command Reference T he unique ID generator configuration attributes are stored under cn=uniqueid generator,cn=config. T he cn=uniqueid generator entry is an instance of the extensibleObject object class. nsState T his attribute saves the state of the unique ID generator across server restarts. T his attribute is maintained by the server.
Page 92 Gives the common name of the entry. 2.4 .4 . nsChangelog4 Config (Object Class) In order for Directory Server 8.1 to replicate between Directory Server 4.x servers, the Directory Server 8.1 instance must have a special changelog configured. T his object class defines the configuration for the retro changelog.
Page 93 Red Hat D irectory Server 8.1 Configuration and Command Reference 2.16.840.1.113730.3.2.104 Required Attributes Attribute Definition objectClass Defines the object classes for the entry. Gives the common name of the entry. 2.4 .6. nsDS5Replica (Object Class) T his object class is for entries which define a replica in database replication. Many of these attributes are set within the backend and cannot be modified.
Page 94 Chapter 2. Core Server Configuration Reference Superior Class 2.16.840.1.113730.3.2.103 Required Attributes objectClass Defines the object classes for the entry. Used for naming the replication agreement. Allowed Attributes description Contains a free text description of the replication agreement. nsDS5BeginReplicaRefresh Initializes a replica manually. nsds5debugreplicatimeout Gives an alternate timeout period to use when the replication is run with debug logging.
Page 95 Red Hat D irectory Server 8.1 Configuration and Command Reference attributes for this object class are in chapter 2 of the Red Hat Directory Server Configuration, Command, and File Reference. T his object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.503...
Page 96 Chapter 2. Core Server Configuration Reference (RUV). nsds7DirectoryReplicaSubtree Specifies the Directory Server suffix (root or sub) that is synced. nsds7DirsyncCookie Contains a cookie set by the sync service that functions as an RUV. nsds7NewWinGroupSyncEnabled Specifies whether new Windows group accounts are automatically created on the Directory Server.
Page 97 Red Hat D irectory Server 8.1 Configuration and Command Reference T his object class is defined in Directory Server. Superior Class 2.16.840.1.113730.3.2.39 Required Attributes Attribute Definition objectClass Gives the object classes assigned to the entry. Allowed Attributes Attribute Definition Gives the common name of the entry.
Page 98: Legacy Attributes
Chapter 2. Core Server Configuration Reference in after the lockout period. passwordLockoutDuration Sets the time, in seconds, that users will be locked out of the directory. passwordCheckSyntax Identifies whether or not the password syntax is checked by the server before the password is saved.
Page 99 Red Hat D irectory Server 8.1 Configuration and Command Reference Specifies the common name of the entry. Allowed Attributes Attribute Definition description Gives a text description of the entry. l (localityName) Gives the city or geographical location of the entry.
Page 100 Chapter 2. Core Server Configuration Reference Multi- or Single-Valued Multi-valued Defined in Directory Server 2.5.2. Legacy Replication Attributes T hese attributes were originally used to configure replication for Directory Server 4.x and older servers. Some forms of replication, like consumer-initiated replication, are no longer supported. WARNING T hese attributes are for reference only.
Page 101 Red Hat D irectory Server 8.1 Configuration and Command Reference Defined in Directory Server 2.5.2.3. cirBindCredentials For consumer-initiated replication, this attribute is used to identify the bind password for the replication identity. 2.16.840.1.113730.3.1.85 Syntax IA5String Multi- or Single-Valued Multi-valued Defined in Directory Server 2.5.2.4 .
Page 102 Chapter 2. Core Server Configuration Reference For consumer initiated replication, this attribute shows the time of the last failed updated attempt. 2.16.840.1.113730.3.1.88 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 2.5.2.11. cirUpdateSchedule For consumer-initiated replication, this attribute sets the schedule for replication. 2.16.840.1.113730.3.1.87 Syntax DirectoryString...
Page 103 Red Hat D irectory Server 8.1 Configuration and Command Reference replicaCredentials Stores a password of replicaBindDn. replicaBindMethod Specifies the bind method. replicaUseSSL Specifies a flag whether or not to use SSL. replicaUpdateSchedule Schedule when the replica update occurs. replicaUpdateReplayed Stores the last replicated change number.
Page 104 Chapter 2. Core Server Configuration Reference 2.16.840.1.113730.3.1.202 Syntax Binary Multi- or Single-Valued Multi-valued Defined in Directory Server 2.5.2.21. replicaEntryFilter T his attribute contains an LDAP filter to use to identify the entries to be replicated. 2.16.840.1.113730.3.1.203 Syntax IA5String Multi- or Single-Valued Multi-valued Defined in Directory Server...
Page 105 Red Hat D irectory Server 8.1 Configuration and Command Reference 2.5.2.28. replicaUpdateFailedAt T his attribute contains the time and date of the most recent replication failure. 2.16.840.1.113730.3.1.49 Syntax DirectoryString Multi- or Single-Valued Multi-valued Defined in Directory Server 2.5.2.29. replicaUpdateReplayed T his attribute stores the change number of the most recently replicated change.
Page 106 Chapter 3. Plug-in Implemented Server Functionality Reference Chapter 3. Plug-in Implemented Server Functionality Reference T his chapter contains reference information on Red Hat Directory Server plug-ins. T he configuration for each part of Directory Server plug-in functionality has its own separate entry and set of attributes under the subtree cn=plugins, cn=config.
Page 107 Red Hat D irectory Server 8.1 Configuration and Command Reference 3.1.3. ACL Preoperation Plug-in Plug-in Parameter Description Plug-in Name ACL Preoperation DN of Configuration Entry cn=ACL preoperation, cn=plugins, cn=config Description ACL access check plug-in Configurable Options on | off Default Setting...
Page 108: Case Exact String Syntax Plug-In
Chapter 3. Plug-in Implemented Server Functionality Reference Red Hat recommends leaving this plug-in running at all times. Further Information 3.1.6. Boolean Syntax Plug-in Plug-in Parameter Description Plug-in Name Boolean Syntax DN of Configuration Entry cn=Boolean Syntax, cn=plugins, cn=config Description Syntax for handling booleans...
Page 109: Class Of Service Plug-In
Red Hat D irectory Server 8.1 Configuration and Command Reference "Configuring Directory Databases" chapter in the Directory Server Administrator's Guide. 3.1.10. Class of Service Plug-in Plug-in Parameter Description Plug-in Name Class of Service DN of Configuration Entry cn=Class of Service, cn=plugins, cn=config...
Page 110: Ht T P Client Plug-In
January), two digit day, two digit hour, two digit minute, two digit second, an optional decimal part of a second, and a time zone indication. Red Hat strongly recommends using the Z time zone indication, which indicates Greenwich Mean T ime.
Page 111: Jpeg Syntax Plug-In
Red Hat D irectory Server 8.1 Configuration and Command Reference Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times. Further Information See the "Internationalization" appendix and the section on "Searching an Internationalized Directory"...
Page 112: Multi-Master Replication Plug-In
Default Setting Configurable Arguments None Dependencies None Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times. Further Information 3.1.24 . OID Syntax Plug-in Plug-in Parameter Description Plug-in Name...
Page 113: Password Storage Schemes
For more information on using the different password storage schemes, see the "User Account Management" chapter in the Directory Server Administrator's Guide. CAUTION Do not modify the configuration of the password scheme plug-ins. Red Hat recommends leaving these plug-ins running at all times. T able 3.3. Password Storage Plugins...
Page 114: Postal Address String Syntax Plug-In
Default Setting Configurable Arguments None Dependencies None Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times. Further Information 3.1.27. PT A Plug-in Plug-in Parameter Description Plug-in Name Pass-T hrough Authentication Plug-in...
Page 115: Retro Changelog Plug-In
Red Hat D irectory Server 8.1 Configuration and Command Reference conflict resolution loops. When enabling the plug-in on chained servers, be sure to analyze the performance resource and time needs as well as integrity needs; integrity checks can be time consuming and demanding on memory and CPU. All attributes specified must be indexed for both presence and equality.
Page 116: Space Insensitive String Syntax Plug-In
Dependencies None Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times. Further Information T his plug-in enables the Directory Server to support space and case insensitive values. T his allows applications to search the directory using entries with ASCII space characters.
Page 117: Views Plug-In
Red Hat D irectory Server 8.1 Configuration and Command Reference Configurable Arguments None Dependencies None Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times. Further Information 3.1.36. Views Plug-in...
Page 118: Nsslapd-Plugininitfunc
Valid Values Any valid plug-in version Default Value Product version number Syntax DirectoryString Example nsslapd-pluginVersion: 8.1 3.2.8. nsslapd-pluginVendor T his attribute specifies the vendor of the plug-in. Plug-in Parameter Description Entry DN cn=plug-in name, cn=plugins, cn=config Valid Values...
Page 119: Nsslapd-Plugindescription
Red Hat D irectory Server 8.1 Configuration and Command Reference Syntax DirectoryString Example nsslapd-pluginVendor: Red Hat, Inc. 3.2.9. nsslapd-pluginDescription T his attribute provides a description of the plug-in. Plug-in Parameter Description Entry DN cn=plug-in name, cn=plugins, cn=config Valid Values Default Value...
Page 120: Database Plug-In Attributes
Chapter 3. Plug-in Implemented Server Functionality Reference Entry DN cn=referential integrity postoperation, cn=plugins, cn=config Valid Values Class of Service Default Value Syntax DirectoryString Example nsslapd-plugin-depends-on-named: Views nsslapd-pluginId: roles 3.4. Database Plug-in Attributes T he database plug-in is also organized in an information tree, as shown in Figure 3.1, “Database Plug- in”.
Page 121 Red Hat D irectory Server 8.1 Configuration and Command Reference cn=config Valid Range 100 to the maximum 32-bit integer value (2147483647) entry IDs Default Value 4000 Syntax Integer Example nsslapd-idlistscanlimit: 4000 3.4 .1.3. nsslapd-cache-autosize T his performance tuning-related attribute, which is turned off by default, specifies the percentage of free memory to use for all the combined caches.
Page 122 T his attribute is provided only for system modification/diagnostics and should be changed only with the guidance of Red Hat technical support or Red Hat professional services. Inconsistent settings of this attribute and other configuration attributes may cause the Directory Server to be unstable.
Page 123 T his attribute is provided only for system modification/diagnostics and should be changed only with the guidance of Red Hat T echnical Support or Red Hat Professional Services. Inconsistent settings of this attribute and other configuration attributes may cause the Directory Server to be unstable.
Page 124 Chapter 3. Plug-in Implemented Server Functionality Reference database cache size being configured for the server. If this happens, reduce the size of the database cache size to a value where the server will start again. Parameter Description Entry DN cn=config, cn=ldbm database, cn=plugins, cn=config Valid Values Any valid directory name in a tempfs filesystem,...
Page 125 Red Hat D irectory Server 8.1 Configuration and Command Reference Parameter Description Entry DN cn=config, cn=ldbm database, cn=plugins, cn=config Valid Values Any valid path and directory name Default Value Syntax DirectoryString Example nsslapd-db-logdirectory: /logs/txnlog 3.4 .1.14 . nsslapd-db-logfile-size T his attribute specifies the maximum size of a single file in the log in bytes. By default, or if the value is set to 0, a maximum size of 10 megabytes is used.
Page 126 Do not set this value unless specifically requested to do so by Red Hat support. If this attribute is not defined or is set to a value of 0, transaction batching will be turned off, and it will be impossible to make remote modifications to this attribute via LDAP.
Page 127 T his attribute is provided only for system modification/diagnostics and should be changed only with the guidance of Red Hat technical support or Red Hat professional services. Inconsistent settings of this attribute and other configuration attributes may cause the Directory Server to be unstable.
Page 128: Database Attributes Under Cn=Monitor, Cn=Ldbm Database, Cn=Plugins, Cn=Config
Chapter 3. Plug-in Implemented Server Functionality Reference database (the ldif2db operation). In Directory Server, the import operation can be run as a server task or exclusively on the command-line. In the task mode, the import operation runs as a general Directory Server operation. T he nsslapd- import-cache-autosize attribute enables the import cache to be set automatically to a predetermined size when the import operation is run on the command-line.
Page 129: Database Attributes Under Cn=Netscaperoot, Cn=Ldbm Database, Cn=Plugins, Cn=Config And Cn=Userroot, Cn=Ldbm Database, Cn=Plugins, Cn=Config
Red Hat D irectory Server 8.1 Configuration and Command Reference information on these entries, refer to the "Monitoring Server and Database Activity" chapter in the Directory Server Administrator's Guide. dbcachehits T his attribute shows the requested pages found in the database.
Page 130 Chapter 3. Plug-in Implemented Server Functionality Reference cn=plugins, cn=config Valid Range 1 to 2 -1 on 32-bit systems or 2 -1 on 64-bit systems or -1, which means limitless Default Value Syntax Integer Example nsslapd-cachesize: -1 3.4 .3.2. nsslapd-cachememsize T his performance tuning-related attribute specifies the size, in bytes, for the available memory space for the entry cache.
Page 131 Red Hat D irectory Server 8.1 Configuration and Command Reference Entry DN cn=database_name, cn=ldbm database, cn=plugins, cn=config Valid Values on | off Default Value Syntax DirectoryString Example nsslapd-readonly: off 3.4 .3.5. nsslapd-require-index When switched to on, this attribute allows one to refuse unindexed searches. T his performance-related attribute avoids saturating the server with erroneous searches.
Page 132 Chapter 3. Plug-in Implemented Server Functionality Reference Parameter Description Entry DN cn=index_name, cn=userRoot, cn=ldbm database, cn=plugins, cn=config Valid Values 0 (disabled) | 1 (enabled) Default Value Syntax DirectoryString Example vlvEnbled: 0 3.4 .3.9. vlvFilter T he browsing or virtual list view (VLV) index is created by running a search according to a filter and including entries which match that filter in the index.
Page 133 Red Hat D irectory Server 8.1 Configuration and Command Reference NOTE T his attribute is only available to user databases like userRoot, not configuration databases like o=NetscapeRoot. Parameter Description Entry DN cn=index_name, cn=userRoot, cn=ldbm database, cn=plugins, cn=config Valid Values 1 (onelevel or children search)
Page 134: Database Attributes Under Cn=Database, Cn=Monitor, Cn=Ldbm Database, Cn=Plugins, Cn=Config
Chapter 3. Plug-in Implemented Server Functionality Reference Valid Values Any Directory Server attributes, in a space- separated list Default Value Syntax DirectoryString Example vlvSort: cn givenname o ou sn 3.4 .3.14 . vlvUses T his attribute contains the count for the browsing or virtual list view (VLV) index. For more information on VLV indexes, see the indexing chapter in the Administrator's Guide.
Page 135 Red Hat D irectory Server 8.1 Configuration and Command Reference nsslapd-db-clean-pages T his attribute shows the clean pages currently in the cache. nsslapd-db-commit-rate T his attribute shows the number of transactions that have been committed. nsslapd-db-deadlock-rate T his attribute shows the number of deadlocks detected.
Page 136: Database Attributes Under Cn=Default Indexes, Cn=Config, Cn=Ldbm Database, Cn=Plugins, Cn=Config
Chapter 3. Plug-in Implemented Server Functionality Reference T his attribute shows the clean pages forced from the cache. nsslapd-db-page-rw-evict-rate T his attribute shows the dirty pages forced from the cache. nsslapd-db-page-trickle-rate T his attribute shows the dirty pages written using the m em p_trickle interface. nsslapd-db-page-write-rate T his attribute shows the pages read into the cache.
Page 137 Red Hat D irectory Server 8.1 Configuration and Command Reference Attribute Definition objectClass Defines the object classes for the entry. Gives the common name of the entry. nsSystemIndex Identify whether or not the index is a system defined index. Allowed Attributes...
Page 138: Database Attributes Under Cn=Monitor, Cn=Netscaperoot, Cn=Ldbm Database, Cn=Plugins, Cn=Config
Chapter 3. Plug-in Implemented Server Functionality Reference Entry DN cn=default indexes, cn=config, cn=ldbm database, cn=plugins, cn=config Valid Values true | false Default Value Syntax DirectoryString Example nsSystemIndex: true 3.4 .6. Database Attributes under cn=monitor, cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config T his section covers global, read-only entries for monitoring activity on the NetscapeRoot database. T he attributes containing database statistics are given for each file that makes up the database.
Page 139 Red Hat D irectory Server 8.1 Configuration and Command Reference 3.4 .7.1. nsSubStrBegin By default, for a search to be indexed, the search string must be at least three characters long, without counting any wildcard characters. For example, the string abc would be an indexed search while ab* would not be.
Page 140: Database Attributes Under Cn=Attributename, Cn=Encrypted Attributes, Cn=Database_Name, Cn=Ldbm Database, Cn=Plugins, Cn=Config
Databases" chapter in the Directory Server Administrator's Guide. For more information about indexes, refer to the "Managing Indexes" chapter in the Directory Server Administrator's Guide. 3.4 .8.1. nsAttributeEncryption (Object Class) T his object class is used for core configuration entries which identify and encrypt selected attributes within a Directory Server database.
Page 141: Database Link Plug-In Attributes (Chaining Attributes)
14 1 Red Hat D irectory Server 8.1 Configuration and Command Reference (AES) T riple Data Encryption Standard Block Cipher (3DES) Default Value Syntax DirectoryString Example nsEncryptionAlgorithm: AES 3.5. Database Link Plug-in Attributes (Chaining Attributes) T he database link plug-in attributes are also organized in an information tree, as shown in the following diagram: Figure 3.4 .
Page 142: Database Link Attributes Under Cn=Default Instance Config, Cn=Chaining Database, Cn=Plugins, Cn=Config
14 2 Chapter 3. Plug-in Implemented Server Functionality Reference T his error detection, performance-related attribute specifies the duration of the test issued by the database link to check whether the remote server is responding. If a response from the remote server is not returned before this period has passed, the database link assumes the remote server is down, and the connection is not used for subsequent operations.
Page 143 14 3 Red Hat D irectory Server 8.1 Configuration and Command Reference Contrary to what the name suggests, this attribute does not specify the number of times a database link retries to bind with the remote server but the number of times it tries to bind with the remote server. A value of 1 here indicates that the database link only attempts to bind once.
Page 144 14 4 Chapter 3. Plug-in Implemented Server Functionality Reference Example nsConcurrentOperationsLimit: 5 3.5.2.8. nsConnectionLife T his attribute specifies connection lifetime. Connections between the database link and the remote server can be kept open for an unspecified time or closed after a specific period of time. It is faster to keep the connections open, but it uses more resources.
Page 145: Database Link Attributes Under Cn=Database_Link_Name, Cn=Chaining Database, Cn=Plugins, Cn=Config
14 5 Red Hat D irectory Server 8.1 Configuration and Command Reference Example nsslapd-sizelimit: 2000 3.5.2.13. nsT imeLimit T his attribute shows the default search time limit for the database link. Parameter Description Entry DN cn=default instance config, cn=chaining database, cn=plugins, cn=config...
Page 146: Database Link Attributes Under Cn=Monitor, Cn=Database Instance Name, Cn=Chaining Database, Cn=Plugins, Cn=Config
14 6 Chapter 3. Plug-in Implemented Server Functionality Reference Default Value Syntax DirectoryString Example nsFarmServerURL: ldap://farm1.example.com:389 ldap://farm2.example.com:1389 3.5.3.3. nsMultiplexorBindDn T his attribute gives the DN of the administrative entry used to communicate with the remote server. T he multiplexor is the server that contains the database link and communicates with the farm server. T his bind DN cannot be the Directory Manager, and, if this attribute is not specified, the database link binds as anonym ous.
Page 147: Retro Changelog Plug-In Attributes
14 7 Red Hat D irectory Server 8.1 Configuration and Command Reference headcount T his attribute gives the number of add operations received. nsDeleteCount T his attribute gives the number of delete operations received. nsModifyCount T his attribute gives the number of modify operations received.
Page 148: Nsslapd-Changelogmaxage (Max Changelog Age)
14 8 Chapter 3. Plug-in Implemented Server Functionality Reference T his attribute specifies the name of the directory in which the changelog database is created the first time the plug-in is run. By default, the database is stored with all the other databases under /var/lib/dirsrv/slapd-instance_name/changelogdb.
Page 149: Dnamagicregen
14 9 Red Hat D irectory Server 8.1 Configuration and Command Reference Valid Range Any valid LDAP filter Default Value None Syntax DirectoryString Example dnaFilter: (objectclass=person) 3.7.2. dnaMagicRegen T his attribute sets a user-defined value that instructs the plug-in to assign a new value for the entry.
Page 150: Dnanextvalue
Chapter 3. Plug-in Implemented Server Functionality Reference Example dnaNextRange: 100-500 3.7.5. dnaNextValue T his attribute gives the next available number which can be assigned. After being initially set in the configuration entry, this attribute is managed by the Distributed Numeric Assignment Plug-in. T he dnaNextValue attribute is required to set up distributed numeric assignment for an attribute.
Page 151: Dnat Hreshold: 100
Red Hat D irectory Server 8.1 Configuration and Command Reference T his attribute defines a shared identity that the servers can use to transfer ranges to one another. T his entry is replicated between servers and is managed by the plug-in to let the other servers know what ranges are available.
Page 152: Memberofattr
(such as member) in the group entry and then carrying those changes over to a specific attribute in the entries for the members. 3.8.1. memberofattr T his attribute specifies the attribute in the user entry for the Directory Server to manage to reflect group membership.
Page 153: Server Instance File Reference
Red Hat D irectory Server 8.1 Configuration and Command Reference Chapter 4. Server Instance File Reference T his chapter provides an overview of the files that are specific to an instance of Red Hat Directory Server (Directory Server) — the files stored in the /etc/dirsrv/slapd-instance_name directory.
Page 154: Backup Files
Chapter 4. Server Instance File Reference T able 4 .3. HP-UX 11i (IA64 ) File or Directory Location Backup files /var/opt/dirsrv/slapd-instance/bak Configuration files /etc/opt/dirsrv/slapd-instance Database files /var/opt/dirsrv/slapd-instance/db Runtime files /var/opt/dirsrv/instance LDIF files /var/opt/dirsrv/slapd-instance/ldif Log files /var/opt/log/dirsrv/slapd-instance T ools /opt/dirsrv/bin/ /opt/dirsrv/sbin/ Instance directory /opt/dirsrv/slapd-instance Libraries...
Page 155: Ldif Files
Red Hat D irectory Server 8.1 Configuration and Command Reference Example 4 .2. NetscapeRoot Database Directory Contents entrydn.db4* parentid.db4* givenName.db4* sn.db4* DBVERSION* id2entry.db4* uid.db4* aci.db4* nsUniqueId.db4* uniquemember.db4* ancestorid.db4* numsubordinates.db4* cn.db4* objectclass.db4* T he NetscapeRoot subdirectories contain an index_namedb4 file for every index currently defined in the database.
Page 156: Log Files
/var/run/dirsrv directory when the server is up and running. Both files store the server's process ID. 4.9. Tools Directory Server tools are stored in three directories on Red Hat Enterprise Linux 5 (32-bit): /usr/bin /usr/sbin /usr/lib/m ozldap T he contents of those directories are listed below.
Page 157: Scripts
The /l i b d irec to ry o nly ap p lies to Red Hat Enterp ris e Linux 32-b it s ys tems .
Page 158: Log File Reference
Chapter 5. Log File Reference Chapter 5. Log File Reference Red Hat Directory Server (Directory Server) provides logs to help monitor directory activity. Monitoring helps quickly detecting and remedying failures and, where done proactively, anticipating and resolving potential problems before they result in failure or poor performance. Part of monitoring the directory effectively is understanding the structure and content of the log files.
Page 159 Red Hat D irectory Server 8.1 Configuration and Command Reference Example 5.1. Example Access Log [21/Apr/2009:11:39:51 -0700] conn=11 fd=608 slot=608 connection from 207.1.153.51 to 192.18.122.139 [21/Apr/2009:11:39:51 -0700] conn=11 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [21/Apr/2009:11:39:51 -0700] conn=11 op=0 RESULT err=0 tag=97 nentries=0 etime=0 [21/Apr/2009:11:39:51 -0700] conn=11 op=1 SRCH base="dc=example,dc=com"...
Page 160 Chapter 5. Log File Reference Slot Number T he slot number, in this case slot=608, is a legacy part of the access log which has the same meaning as file descriptor. Ignore this part of the access log. [21/Apr/2009:11:39:51 -0700] conn=11 fd=608 slot=608 connection from 207.1.153.51 to 192.18.122.139 Operation Number T o process a given LDAP request, Directory Server will perform the required series of operations.
Page 161 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 5.1. Commonly-Used T ags T ag Description tag=97 A result from a client bind operation. tag=100 T he actual entry being searched for. tag=101 A result from a search operation.
Page 162 T he entry scope=n defines the scope of the search performed, and n can have a value of 0, 1, or 2. 0 for base search 1 for one-level search 2 for subtree search For more information about search scopes, see "Using ldapsearch" in Appendix B, "Finding Directory Entries", in the Red Hat Directory Server Administrator's Guide. Extended Operation OID...
Page 163 Red Hat D irectory Server 8.1 Configuration and Command Reference An extended operation OID, such as EXT oid="2.16.84 0.1.113730.3.5.3" or EXT oid="2.16.84 0.1.113730.3.5.5" in Example 5.1, “Example Access Log”, provides the OID of the extended operation being performed. T able 5.2, “LDAPv3 Extended Operations Supported by Directory Server”...
Page 164: Access Log Content For Additional Access Logging Levels
Chapter 5. Log File Reference NOTE T he Directory Server operation number starts counting at 0, and, in the majority of LDAP SDK/client implementations, the message ID number starts counting at 1, which explains why the message ID is frequently equal to the Directory Server operation number plus 1. SASL Multi-Stage Bind Logging In Directory Server, logging for multi-stage binds is explicit.
Page 165: Common Connection Codes
Red Hat D irectory Server 8.1 Configuration and Command Reference [12/Jul/2009:16:43:02 +0200] conn=306 fd=60 slot=60 connection from 127.0.0.1 to 127.0.0.1 [12/Jul/2009:16:43:02 +0200] conn=306 op=0 SRCH base="dc=example,dc=com" scope=2 filter="(description=*)" attrs=ALL [12/Jul/2009:16:43:02 +0200] conn=306 op=0 ENTRY dn="ou=Special [12/Jul/2009:16:43:02 +0200] conn=306 op=0 ENTRY dn="cn=Accounting Managers,ou=groups,dc=example,dc=com"...
Page 166: Error Log Logging Levels
Chapter 5. Log File Reference T able 5.3. Common Connection Codes Connection Code Description Client aborts the connection. Corrupt BER tag encountered. If BER tags, which encapsulate data being sent over the wire, are corrupt when they are received, a B1 connection code is logged to the access log.
Page 167: Error Log Content
Red Hat D irectory Server 8.1 Configuration and Command Reference T able 5.4 . Error Log Levels Setting Console Name Description T race function calls Logs a message when the server enters and exits a function. Packeting handlings Logs debug information for packets processed by the server.
Page 168: Error Log Content For Other Log Levels
[07/Jan/2009:15:54:12 -0500] - slapd stopped. Red Hat-Directory/8.1.4 B2008.310.1012 server.example.com:389 (/etc/dirsrv/slapd-example) [07/Jan/2009:22:18:41 -0500] - Red Hat-Directory/8.1.4 B2008.310.1012 starting up [07/Jan/2009:22:18:44 -0500] memory allocator - cannot calloc 0 elements; trying to allocate 0 or a negative number of elements is not portable and gives different results on different platforms.
Page 169 Red Hat D irectory Server 8.1 Configuration and Command Reference...
Page 170 Chapter 5. Log File Reference Example 5.4 . Replication Error Log Entry [09/Jan/2009:13:44:48 -0500] - _csngen_adjust_local_time: gen state before 496799220001:1231526178:0:0 [09/Jan/2009:13:44:48 -0500] - _csngen_adjust_local_time: gen state after 49679b200000:1231526688:0:0 [09/Jan/2009:13:44:48 -0500] NSMMReplicationPlugin - ruv_add_csn_inprogress: successfully inserted csn 49679b20000000010000 into pending list [09/Jan/2009:13:44:48 -0500] NSMMReplicationPlugin - Purged state information from entry uid=mreynolds,ou=People, dc=example, dc=com up to CSN 495e5d73000000010000...
Page 171 Red Hat D irectory Server 8.1 Configuration and Command Reference Plug-in logging records every the name of the plugin and all of the functions called by the plugin. T his has a simple format: [timestamp] Plugin_name - message [timestamp] - function - message T he information returned can be hundreds of lines long as every step is processed.
Page 172: Audit Log Reference
Chapter 5. Log File Reference Example 5.7, “Access Control Summary Logging” shows the summary access control log entry. Example 5.7. Access Control Summary Logging [09/Jan/2009:16:02:01 -0500] NSACLPlugin - #### conn=24826547353419844 op=1 binddn="uid=scarter,ou=people,dc=example,dc=com" [09/Jan/2009:16:02:01 -0500] NSACLPlugin - conn=24826547353419844 op=1 (main): Allow search on entry(ou=people,dc=example,dc=com).attr(uid) to uid=scarter,ou=people,dc=example,dc=com: allowed by aci(2): aciname= "Enable anonymous access", acidn="dc=example,dc=com"...
Page 173: Ldap Result Codes
Red Hat D irectory Server 8.1 Configuration and Command Reference Example 5.8. Audit Log Content ... modifying an entry ... time: 20090108181429 dn: uid=scarter,ou=people,dc=example,dc=com changetype: modify replace: userPassword userPassword: {SSHA}8EcJhJoIgBgY/E5j8JiVoj6W3BLyj9Za/rCPOw== replace: modifiersname modifiersname: cn=directory manager replace: modifytimestamp modifytimestamp: 20090108231429Z ... modifications to o=NetscapeRoot from logging into the Console ...
Page 174 Chapter 5. Log File Reference T able 5.5. LDAP Result Codes Result Defined Value Result Defined Value Code Code SUCCESS INAPPROPRIAT E_AUT HENT ICAT ION OPERAT ION_ERROR INVALID_CREDENT IALS PROT OCOL_ERROR INSUFFICIENT _ACCESS_RIGHT S T IME_LIMIT _EXCEEDED BUSY SIZ E_LIMIT _EXCEEDED UNAVAILABLE COMPARE_FALSE UNWILLING_T O_PERFORM...
Page 175: Command-Line Utilities
Red Hat D irectory Server 8.1 Configuration and Command Reference Chapter 6. Command-Line Utilities T his chapter contains reference information on command-line utilities used with Red Hat Directory Server (Directory Server). T hese command-line utilities make it easy to perform administration tasks on the Directory Server.
Page 176: Ldapsearch
Chapter 6. Command-Line Utilities T able 6.1. Commonly-Used Command-Line Utilities Command-Line Utility Description ldapsearch Searches the directory and returns search results in LDIF format. For details on this tool, see the "Finding Directory Entries" appendix in the Directory Server Administrator's Guide. ldapmodify Adds, deletes, modifies, or renames entries.
Page 177 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 6.2. ldapsearch Syntax Option Description optional_options A series of command-line options. T hese must be specified before the search filter, if used. "(filter)" An LDAP search filter as described in Directory Server Administrator's Guide.
Page 178 Chapter 6. Command-Line Utilities T able 6.3. Commonly-Used ldapsearch Options Option Description Specifies the starting point for the search. T he value specified here must be a distinguished name that currently exists in the database. T his option is optional if the LDAP_BASEDN environment variable has been set to a base DN.
Page 179 Red Hat D irectory Server 8.1 Configuration and Command Reference T he default is 389. If -Z is used, the default is 636. Specifies the scope of the search. T he scope can be one of the following: base searches only the entry specified in the -b option or defined by the LDAP_BASEDN environment variable.
Page 180 Chapter 6. Command-Line Utilities T able 6.4 . Persistent Search Options Option Description Runs the ldapsearch as a persistent search. Prints all of the output from the ldapsearch command from the buffer immediately. T his is useful with the -C for persistent searches because it prints any entry modifications without delay and without the search hanging.
Page 181 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 6.5. Additional SSL ldapsearch Options Option Description Specifies that hostnames should be checked in SSL certificates. Specifies the SSL key password file that contains the token:password pair. Specifies the absolute path, including the filename, of the private key database of the client.
Page 182 For example: -o "mech=DIGEST-MD5" -o "authzid=test_user" -o "authid=test_user" T here are three SASL mechanisms supported in Red Hat Directory Server: CRAM-MD5, described in T able 6.7, “Description of CRAM-MD5 Mechanism Options” DIGEST -MD5, described in T able 6.8, “Description of DIGEST -MD5 SASL Mechanism Options”...
Page 183 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 6.7. Description of CRAM-MD5 Mechanism Options Required Option Description Example Optional Required mech=CRAM-MD5 Gives the SASL mechanism. -o “mech=CRAM-MD5” Required authid=authid_value Gives the ID used to authenticate to the server.
Page 184 Chapter 6. Command-Line Utilities T able 6.8. Description of DIGEST -MD5 SASL Mechanism Options Required Option Description Example Optional Required mech=DIGEST -MD5 Gives the SASL mechanism. -o “mech=DIGEST -MD5” Required authid=authid_value Gives the ID used to authenticate to the server. authid_value can be the following: “authid=dn:uid=msmith,ou=People,o=example.com"...
Page 185 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 6.9. Description of GSSAPI SASL Mechanism Options Required or Option Description Example Optional Required mech=GSSAPI Gives the SASL -o “mech=GSSAPI” mechanism. NOTE Have the Kerberos ticket before issuing a GSS-API request.
Page 186 Chapter 6. Command-Line Utilities T able 6.10. Additional ldapsearch Options Option Description Leaves out the opening version: 1 line from the LDIF output. Specifies that the search retrieve the attributes only, not the attribute values. T his option is useful to determine if an attribute is present for an entry and the value is not important.
Page 187 Red Hat D irectory Server 8.1 Configuration and Command Reference characterset. ldapsearch converts the input from these arguments before it processes the search request. For example, -i no indicates that the bind DN, base DN, and search filter are provided in Norwegian.
Page 188: Ldapmodify
Chapter 6. Command-Line Utilities of the content. Creates file URLs for the files produced by the -t option. Specifies that the user-friendly form of the distinguished name be used in the output. Specifies the LDAP version number to be used on the search.
Page 189 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 6.11. Commonly-Used ldapmodify Options Option Description Adds LDIF entries to the directory without requiring the changetype:add LDIF update statement. T his provides a simplified method of adding entries to the directory. T his option also allows directly adding a file created by ldapm odify.
Page 190 Chapter 6. Command-Line Utilities SSL Options Use the following command-line options to specify that ldapm odify is to use LDAP over SSL (LDAPS) when communicating with the Directory Server. LDAPS encrypts data during transit. Also, use these options for certificate-based authentication. T hese options are valid only when SSL has been turned on and configured for the Directory Server.
Page 191 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 6.12. ldapmodify SSL Options Option Description Specifies that hostnames should be checked in SSL certificates. Specifies the SSL key password file that contains the token:password pair. Specifies the path, including the filename, of the private key database of the client.
Page 192 Chapter 6. Command-Line Utilities “Commonly-Used ldapsearch Options”. T able 6.13. SASL Options Option Description Specifies SASL options. T he format is -o saslOption=value. saslOption can have one of six values: mech, the SASL authentication mechanism authid, the user who is binding to the server (Kerberos principal) authzid, a proxy authorization (ignored by the server since proxy authorization is not...
Page 193 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 6.14 . Additional ldapmodify Options Option Description Causes the utility to check every attribute value to determine whether the value is a valid file reference. If the value is a valid file reference, then the content of the referenced file is used as the attribute value.
Page 194: Ldapdelete
Chapter 6. Command-Line Utilities -V 2 LDAPv3 is the default. An LDAPv3 operation cannot be performed against a Directory Server that only supports LDAPv2. Specifies the proxy DN to use for the modify operation. T his argument is provided for testing purposes.
Page 195 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 6.15. Commonly-Used ldapdelete Options Option Description Specifies the distinguished name with which to authenticate to the server. T he value must be a DN recognized by the Directory Server, and it must also have the authority to delete the entries.
Page 196 Chapter 6. Command-Line Utilities T able 6.16. ldapdelete SSL Options Option Description Specifies that hostnames should be checked in SSL certificates. Specifies the SSL key password file that contains the token:password pair. Specifies the path, including the filename, of the private key database of the client.
Page 197 Red Hat D irectory Server 8.1 Configuration and Command Reference T o learn which SASL mechanisms are supported, search the root DSE. See the -b option in T able 6.3, “Commonly-Used ldapsearch Options”. T able 6.17. SASL Options Option Description Specifies SASL options.
Page 198: Ldappasswd
Chapter 6. Command-Line Utilities T able 6.18. Additional ldapdelete Options Option Description Specifies that the utility must run in continuous operation mode. Errors are reported, but the utility continues with deletions. T he default is to quit after reporting an error. Specifies the file containing the distinguished names of entries to be deleted.
Page 199 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 6.19. ldappasswd-specific Options Option Description Specifies that the command should prompt for the user's existing password. Specifies the user's existing password. For example: -a old_password Specifies that the command should prompt for a new password for the user.
Page 200 Chapter 6. Command-Line Utilities T able 6.20. General ldappasswd Options Option Description Specifies that hostnames should be checked in SSL certificates. Specifies the distinguished name with which to authenticate to the server. T his value must be a DN recognized by the Directory Server, and it must also have the authority to delete the entries.
Page 201 Red Hat D irectory Server 8.1 Configuration and Command Reference for the browser. For example: -P /security/cert.db T he client security files can also be stored on the Directory Server in the /etc/dirsrv/slapd-instance_name directory. In this case, the -P option would call out a path and...
Page 202 Chapter 6. Command-Line Utilities T able 6.21. SASL Options Option Description Specifies SASL options. T he format is -o saslOption=value. saslOption can have one of six values: mech, the SASL authentication mechanism authid, the user who is binding to the server (Kerberos principal) authzid, a proxy authorization (ignored by the server since proxy authorization is not...
Page 203: Ldif
Red Hat D irectory Server 8.1 Configuration and Command Reference Example 6.4 . User Authenticating With a User Certificate and Changing His Password A user, tuser4 , authenticates with the user certificate and changes the password to new_password over SSL.
Page 204: Dbscan
Chapter 6. Command-Line Utilities T able 6.22. ldif Options Option Description Specifies that the ldif utility should interpret the entire input as a single binary value. If -b is not present, each line is considered to be a separate input value. As an alternative to the -b option, use the :<...
Page 205 Red Hat D irectory Server 8.1 Configuration and Command Reference NOTE T he index file options, listed in T able 6.25, “Index File Options ”, are meaningful only when the database file is the secondary index file. T able 6.25. Index File Options...
Page 206 Chapter 6. Command-Line Utilities Example 6.13. Displaying the Changelog File Contents dbscan -f /var/lib/dirsrv/slapd-instance_name/changelogdb/c1a2fc02-1d11b2- 8018afa7-fdce000_424c8a000f00.db4 Example 6.14 . Dumping the Index File uid.db4 with Raw Mode dbscan -R -f /var/lib/dirsrv/slapd-instance_name/db/userRoot/uid.db4 Example 6.15. Displaying the entryID with the Common Name Key "=hr managers" In this example, the common name key is =hr m anagers, and the equals sign (=) means the key is an equality index.
Page 207: Command-Line Scripts
Most Directory Server-related scripts are located in the /usr/lib/dirsrv/slapd-instance_name directory for Red Hat Enterprise Linux 5 (32-bit) (and in /usr/lib64 /dirsrv/slapd-instance_name on Red Hat Enterprise Linux 64-bit systems). A few are located in the /usr/bin directory. T he exact locations are listed in Section 7.2, “Command-Line Scripts Quick...
Page 208: Shell Scripts
Migrates a Directory Server 7.1 Perl instance to Directory Server 8.1. pwdhash Prints the encrypted form of a Shell password using one of the server's encryption algorithms. If a user cannot log in, use this...
Page 209: Bak2Db (Restores A Database From Backup)
Backup)”. For more information on restoring databases, see the "Populating Directory Databases" chapter in the Red Hat Directory Server Administrator's Guide. For more information on using filesystem replica initialization, see the "Managing Replication" chapter in the Red Hat Directory Server Administrator's Guide.
Page 210: Db2Bak (Creates A Backup Of A Database)
Chapter 7. Command-Line Scripts Options Without the -i option, the script must be run when the Directory Server is running from a location from which the server's changelog directory is accessible. T able 7.5. cl-dump Options Option Description Dumps and interprets CSN only. T his option can be used with or without the -i option.
Page 211: Db2Index (Reindexes Database Index Files)
Red Hat D irectory Server 8.1 Configuration and Command Reference Either the -n or the -s option must be specified. By default, the output LDIF will be stored in one file. T o specify the use of several files, use the option -M.
Page 212: Dbverify (Checks For Corrupt Databases)
Chapter 7. Command-Line Scripts T able 7.7. db2index Options Option Description -n backendInstance Gives the name of the instance to be reindexed. -s includeSuffix Gives suffixes to be included or the subtrees to be included if -n has been used. -t attributeName{:indextypes(:mathingrules)} Names of the attributes to be reindexed.
Page 213: Ldif2Db (Import)
URL specifier notation; for example: jpegphoto:< file:///tmp/myphoto.jpg Although the official notation requires three ///, the use of one / is accepted. For further information on the LDIF format, see the "Managing Directory Entries" chapter in the Red Hat Directory Server Administrator's Guide. Syntax ldif2db [[ -n backendInstance ] | [ [ -s includeSuffix ] ...]] [ -x excludeSuffix ] [ [ -i ldifFile ] ] [...
Page 214: Ldif2Ldap (Performs Import Operation Over Ldap)
Chapter 7. Command-Line Scripts T able 7.9. ldif2db Options Option Description Merges chunk size. Encrypts data during import. T his option is used only if database encryption is enabled. -g string Generates a unique ID. T ype none for no unique ID to be generated and determ inistic for the generated unique ID to be name-based.
Page 215: Repl-Monitor (Monitors Replication Status)
Red Hat D irectory Server 8.1 Configuration and Command Reference Retrieves performance monitoring information using the ldapsearch command-line utility. Syntax m onitor monitor Options T here are no options for this script. For more information on the ldapsearch command-line utility, see Section 6.8,...
Page 216: Pwdhash (Prints Encrypted Passwords)
Chapter 7. Command-Line Scripts [connection] host:port:binddn:bindpwd:bindcert host:port:binddn:bindpwd:bindcert [alias] alias = host:port alias = host:port [color] lowmark = color lowmark = color T he connection section defines how this tool may connect to each LDAP server in the replication topology to get the replication-agreement information. T he default binddn is cn=Directory Manager. Simple bind will be used unless bindcert is specified with the path of a certificate database.
Page 217: Restart-Slapd (Restarts The Directory Server)
Red Hat D irectory Server 8.1 Configuration and Command Reference log in, use this script to compare the user's password to the password stored in the directory. Syntax pwdhash [ -D config_directory ] [ -H ] [[ -s scheme ] | [ -c comparepwd ]] [ password ] Options T able 7.12.
Page 218 Chapter 7. Command-Line Scripts Syntax saveconfig Options T here are no options for this script. 7.3.16. start-slapd (Starts the Directory Server) Starts the Directory Server. It might be a good idea to check whether the server has been effectively started using the ps command because it could sometimes be that the script returned while the startup process was still on-going, resulting in a confusing message.
Page 219: Perl Scripts
Red Hat D irectory Server 8.1 Configuration and Command Reference 7.3.19. vlvindex (Creates Virtual List View Indexes) T o run the vlvindex script, the server must be stopped. T he vlvindex script creates virtual list view (VLV) indexes, known in the Directory Server Console as browsing indexes. VLV indexes introduce flexibility in the way search results are viewed.
Page 220 Chapter 7. Command-Line Scripts Syntax bak2db.pl [ -v ] -D rootdn { -w password | -w - | -j filename } -a backupDirectory [ -t databaseType ] [ -n backend ] Options T he script bak2db.pl creates an entry in the directory that launches this dynamic task. T he entry is generated based upon the values provided for each option.
Page 221 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 7.19. cl-dump.pl command options Option Description Dumps and interprets change sequence numbers (CSN) only. T his option can be used with or without the -i option. -D bindDn Specifies the Directory Server's bind DN.
Page 222 Chapter 7. Command-Line Scripts Syntax db2index.pl [ -v ] -D rootdn { -w password | -w - | -j filename } -n backendInstance [ -t attributeName(:indextypes(:mathingrules)) ] [ -T vlvAttributeName ] Options T he script db2index.pl creates an entry in the directory that launches this dynamic task. T he entry is generated based upon the values provided for each option.
Page 223 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 7.22. db2ldif.pl Options Option Description Deletes, for reasons of backward compatibility, the first line of the LDIF file that gives the version of the LDIF standard. -a outputFile Gives the filename of the output LDIF file.
Page 224 Chapter 7. Command-Line Scripts T able 7.23. fixup-memberof.pl Options Option Description -b baseDN T he DN of the subtree containing the entries to update. -D rootdn Gives the user DN with root permissions, such as Directory Manager. T he default is the DN of the Directory Manager, which is read from the nsslapd-root attribute under cn=config.
Page 225 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 7.24 . ldif2db.pl Options Option Description Merges chunk size. -D rootdn Specifies the user DN with root permissions, such as Directory Manager. Decrypts encrypted data during export. T his option is used only if database encryption is enabled.
Page 226 Chapter 7. Command-Line Scripts T able 7.25. Information Extracted from Access Logs Number of restarts FDs (file descriptors) taken T otal number of connections FDs returned T otal operations requested Highest FD taken T otal results returned Disruptions: Results to requests ratio Broken pipes Number of searches Connections reset by peer...
Page 227 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 7.26. logconv.pl Options Option Description -d mgrDN Specifies the distinguished name (DN) of the Directory Manger in the logs being analyzed. T his allows the tool to collect statistics for this special user.
Page 228 FDs that are not yet closed. 7.4 .9. migrate-ds.pl T he m igrate-ds.pl script is used to migrate a Directory Server 7.1 instance to Directory Server 8.1. Migration can happen between instances on on the same machine, on different machines, or on different platforms.
Page 229 T he m igrate-ds-adm in.pl script is used to migrate a Directory Server 7.1 instance to Directory Server 8.1. Migration can happen between instances on on the same machine, on different machines, or on different platforms. T his script migrates both the Directory Server instances and the Administration...
Page 230 Chapter 7. Command-Line Scripts IMPORTANT Do not run setup-ds-adm in.pl for the new Directory Server 8.1 instance before running the migration script if you are migrating from a 7.1 server. If you are upgrading from a Directory Server 8.0 server, do not run m igrate-ds-adm in.pl.
Page 231 Red Hat D irectory Server 8.1 Configuration and Command Reference number of d's increases the debug level. --logfile name T his parameter specifies a log file to which to write the output. If this is not set, then the migration information is written to a temporary file, named /tm p/m igrateXXXXX.log.
Page 232 7.4 .14 . ns-newpwpolicy.pl (Adds Attributes for Fine-Grained Password Policy) Adds entries required for implementing the user- and subtree-level password policy. For instructions on how to enable this feature, see the Red Hat Directory Server Administrator's Guide. Syntax ns-newpwpolicy.pl [ -D rootdn ] [ -w password | -j filename ] [ -p port ] [ -h host ] -U userDN -S...
Page 233 Red Hat D irectory Server 8.1 Configuration and Command Reference T able 7.31. ns-newpwpolicy.pl Options Option Description -D rootdn Specifies the Directory Server user DN with root permissions, such as Directory Manager. T he default value is cn=directory m anager.
Page 234 HT ML file would automatically refresh itself. T his is useful for continuous monitoring. See also the -t option. T he script has been integrated into Red Hat Administration Express, so that the replication status can be monitored through a web browser.
Page 235 Red Hat D irectory Server 8.1 Configuration and Command Reference Configuration File Format T he configuration file defines the following: T he connection parameters for connecting to the LDAP servers to get replication information; specifying this information is mandatory. T he server alias for more readable server names; specifying this information is optional.
Page 236 7.4 .18. schema-reload.pl (Reload Schema Files Dynamically) Manually reloads the schema files used by the Red Hat Directory Server instance either in the default location or in user-specified locations. T o run this script, the server must be running. T he script creates an entry in the directory that launches this dynamic task.
Page 237 Red Hat D irectory Server 8.1 Configuration and Command Reference Options Option Alternate Options Description --silent T his runs the register script in silent mode, drawing the configuration information from a file (set with the --file parameter) or from arguments passed in the command line rather than interactively.
Page 238 Chapter 7. Command-Line Scripts Syntax setup-ds-adm in.pl [ --debug ] [ --silent ] [ --file=name ] [ --keepcache ] [ --log=name ] [ --update ] Options Option Alternate Options Description --silent T his runs the register script in silent mode, drawing the configuration information from a file (set with the --file parameter) or from arguments...
Page 239 Red Hat D irectory Server 8.1 Configuration and Command Reference IMPORTANT Never run verify-db.pl when a modify operation is in progress. T his command calls the BerkeleyDB utility db_verify and does not perform any locking. T his can lead to data corruption if the script is run at the same time as a modify.
Page 240 T he ns-slapd command-line utilities all perform server administration tasks, and, while it can be argued that they allow a greater degree of flexibility for users, Red Hat recommends using the command-line scripts described in Chapter 7, Command-Line Scripts A.1.
Page 241 24 1 Red Hat D irectory Server 8.1 Configuration and Command Reference T able A.1. db2ldif Options Option Description -a outputFile Defines the output file in which the server saves the exported LDIF. T his file is stored by default in the directory where the command-line utility resides.
Page 242 24 2 Using the ns-slapd Command-Line Utilities Options T able A.2. ldif2db Options Option Description -d debugLevel Specifies the debug level to use during runtime. For further information, refer to Section 2.3.1.44, “nsslapd-errorlog-level (Error Log Level)”. -D configDir Specifies the location of the server configuration directory that contains the configuration information for the import process.
Page 243 24 3 Red Hat D irectory Server 8.1 Configuration and Command Reference ns-slapd archive2db -D configDir -a archiveDir Options T able A.3. archive2db Options Option Description -D configDir Specifies the location of the server configuration directory that contains the configuration information for the index creation process.
Page 244 24 4 Glossary T able A.5. db2index Options Option Description -d debugLevel Specifies the debug level to use during index creation. For further information, refer to Section 2.3.1.44, “nsslapd-errorlog-level (Error Level)”. -D configDir Specifies the location of the server configuration directory that contains the configuration information for the index creation process.
Page 245 24 5 Red Hat D irectory Server 8.1 Configuration and Command Reference All IDs T hreshold Replaced with the ID list scan limit in Directory Server version 7.1. A size limit which is globally applied to every index key managed by the server. When the size of an individual ID list reaches this limit, the server replaces that ID list with an All IDs token.
Page 246 24 6 Glossary bind distinguished name bind bind DN Distinguished name used to authenticate to Directory Server when performing an operation. bind rule In the context of access control, the bind rule specifies the credentials and conditions that a particular user or client must satisfy in order to get access to directory information. branch entry An entry that represents the top of a subtree in the directory.
Page 247 24 7 Red Hat D irectory Server 8.1 Configuration and Command Reference supplier server then replays these modifications on the replicas stored on replica servers or on other masters, in the case of multi-master replication. character type Distinguishes alphabetic characters from numeric or other characters and the mapping of upper-case to lower-case letters.
Page 248 24 8 Glossary daemon A background process on a Unix machine that is responsible for a particular system task. Daemon processes do not need human intervention to continue functioning. Directory Access Protocol. T he ISO X.500 standard protocol that provides client access to the directory.
Page 249 24 9 Red Hat D irectory Server 8.1 Configuration and Command Reference Domain Name System. T he system used by machines on a network to associate standard IP addresses (such as 198.93.93.10) with hostnames (such as www.exam ple.com ). Machines normally get the IP address for a hostname from a DNS server, or they look it up in tables maintained on their systems.
Page 250 Glossary Generic Security Services. T he generic access protocol that is the native way for UNIX-based systems to access and authenticate Kerberos services; also supports session encryption. hostname A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, www.exam ple.com is the machine www in the subdomain exam ple and com domain.
Page 251 Red Hat D irectory Server 8.1 Configuration and Command Reference location of a machine on the Internet (for example, 198.93.93.10). International Standards Organization. knowledge reference Pointers to directory information stored in different databases. LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over T CP/IP and across multiple platforms.
Page 252 Glossary managed object A standard value which the SNMP agent can access and send to the NMS. Each managed object is identified with an official name and a numeric identifier expressed in dot-notation. managed role Allows creation of an explicit enumerated list of members. management information base See MIB.
Page 253 Red Hat's LDAP Directory Server daemon or service that is responsible for all actions of the Directory Server. See Also slapd. object class Defines an entry type in the directory by defining which attributes are contained in the entry.
Page 254 Glossary requested. parent access When granted, indicates that users have access to entries below their own in the directory tree if the bind DN is the parent of the targeted entry. pass-through authentication pass-through subtree In pass-through authentication, the PT A directory server will pass through bind requests to the authenticating directory server from all clients whose DN is contained in this subtree.
Page 255 Red Hat D irectory Server 8.1 Configuration and Command Reference PT A Mechanism by which one Directory Server consults another to check bind credentials. Also pass-through authentication. PT A directory server In pass-through authentication A), the PT A Directory Server is the server that sends...
Page 256 Glossary Replication configuration where replica servers, either hub or consumer servers, pull directory data from supplier servers. T his method is available only for legacy replication. replication Act of copying directory trees or subtrees from supplier servers to replica servers. replication agreement Set of configuration parameters that are stored on the supplier server and identify the databases to replicate, the replica servers to which the data is pushed, the times during which...
Page 257 Red Hat D irectory Server 8.1 Configuration and Command Reference Server Console Java-based application that allows you to perform administrative management of your Directory Server from a GUI. server daemon T he server daemon is a process that, once running, listens for and accepts requests from clients.
Page 258 Glossary master agent. Also called a subagent. A software library establishing a secure connection between two parties (client and server) used to implement HT T PS, the secure version of HT T P. Also called Secure Sockets Layer. standard index index maintained by default.
Page 259 Red Hat D irectory Server 8.1 Configuration and Command Reference target entry T he entries within the scope of a CoS. T CP/IP T ransmission Control Protocol/Internet Protocol. T he main network protocol for the Internet and for enterprise (company) networks.
Page 260 Index 01common.ldif ldif files, LDIF and Schema Configuration Files 05rfc224 7.ldif ldif files, LDIF and Schema Configuration Files 05rfc2927.ldif ldif files, LDIF and Schema Configuration Files 10presence.ldif ldif files, LDIF and Schema Configuration Files 10rfc2307.ldif ldif files, LDIF and Schema Configuration Files 20subscriber.ldif ldif files, LDIF and Schema Configuration Files...
Page 261 Red Hat D irectory Server 8.1 Configuration and Command Reference B4 , Common Connection Codes P2 , Common Connection Codes T 1 , Common Connection Codes T 2 , Common Connection Codes U1 , Common Connection Codes contents, Access Log Reference...
Page 262 Index changeLog, changeLog changelog configuration attributes changelogmaxentries, nsslapd-changelogmaxentries (Max Changelog Records) nsslapd-changelogdir, nsslapd-changelogdir nsslapd-changelogmaxage, nsslapd-changelogmaxage (Max Changelog Age) changelog configuration entries cn=changelog5, cn=changelog5 changeLogEntry, changeLogEntry (Object Class) changeNumber, changeNumber changes, changes changeT ime, changeT ime changeT ype, changeT ype cl-dump command-line shell script, cl-dump (Dumps and Decodes the Changelog) quick reference,...
Page 263 Red Hat D irectory Server 8.1 Configuration and Command Reference nsInstance, cn=export nsNoWrap, cn=export nsPrintKey, cn=export nsUseId2Entry, cn=export nsUseOneFile, cn=export configuration entry, cn=export cn=import attributes nsExcludeSuffix, cn=import nsFilename, cn=import nsImportChunkSize, cn=import nsImportIndexAttrs, cn=import nsIncludeSuffix, cn=import nsInstance, cn=import nsUniqueIdGenerator, cn=import nsUniqueIdGeneratorNamespace,...
Page 264 Index SNMP configuration entries, cn=SNMP cn=tasks attributes T ask Invocation Attributes for Entries under cn=tasks nsT askCancel, T ask Invocation Attributes for Entries under cn=tasks nsT askCurrentItem, T ask Invocation Attributes for Entries under cn=tasks nsT askExitCode, T ask Invocation Attributes for Entries under cn=tasks nsT askLog, T ask Invocation Attributes for Entries under cn=tasks nsT askStatus,...
Page 265: Suffix Configuration Attributes Under Cn="Suffixname
Red Hat D irectory Server 8.1 Configuration and Command Reference restoreconfg , restoreconfig (Restores Administration Server Configuration) saveconfig , saveconfig (Saves Administration Server Configuration) start-slapd , start-slapd (Starts the Directory Server) stop-slapd, stop-slapd (Stops the Directory Server) suffix2instance , suffix2instance (Maps a Suffix to a Backend Name)
Page 266 Index configuration entries modifying using LDAP, Modifying Configuration Entries Using LDAP restrictions to modifying, Restrictions to Modifying Configuration Entries and Attributes configuration files, Configuration Files location of, Accessing and Modifying Server Configuration configuration information tree dse.ldif file, Core Server Configuration Attributes Reference connection attribute, cn=monitor connection code,...
Page 267 Red Hat D irectory Server 8.1 Configuration and Command Reference nsDumpUniqId, cn=export nsExcludeSuffix, cn=import, cn=export nsExportReplica, cn=export nsFilename, cn=import, cn=export nsImportChunkSize, cn=import nsImportIndexAttrs, cn=import nsIncludeSuffix, cn=import, cn=export nsIndexAttribute, cn=index nsIndexVLVAttribute, cn=index nsInstance, cn=import, cn=export nsNoWrap, cn=export nsPrintKey, cn=export nsruvReplicaLastModified, nsruvReplicaLastModified...
Page 268 Index nsslapd-changelogmaxentries, nsslapd-changelogmaxentries (Max Changelog Records) nsslapd-config, nsslapd-config nsslapd-conntablesize, nsslapd-conntablesize nsslapd-counters, nsslapd-counters nsslapd-csnlogging, nsslapd-csnlogging nsslapd-ds4-compatible-schema, nsslapd-ds4-compatible-schema nsslapd-errorlog, nsslapd-errorlog (Error Log) nsslapd-errorlog-level, nsslapd-errorlog-level (Error Log Level) nsslapd-errorlog-list, nsslapd-errorlog-list nsslapd-errorlog-logexpirationtime, nsslapd-errorlog-logexpirationtime (Error Log Expiration T ime) nsslapd-errorlog-logexpirationtimeunit, nsslapd-errorlog-logexpirationtimeunit (Error Log Expiration T ime Unit) nsslapd-errorlog-logging-enabled, nsslapd-errorlog-logging-enabled (Enable Error Logging)
Page 269 Red Hat D irectory Server 8.1 Configuration and Command Reference nsslapd-schema-ignore-trailing-spaces, nsslapd-schema-ignore-trailing-spaces (Ignore T railing Spaces in Object Class Names) nsslapd-schemacheck, nsslapd-schemacheck (Schema Checking) nsslapd-schemareplace, nsslapd-schemareplace nsslapd-securelistenhost, nsslapd-securelistenhost nsslapd-securePort, nsslapd-securePort (Encrypted Port Number) nsslapd-security, nsslapd-security (Security) nsslapd-sizelimit, nsslapd-sizelimit (Size Limit)
Page 270 Index nsAttributeEncryption, Database Attributes under cn=attributeName, cn=encrypted attributes, cn=database_name, cn=ldbm database, cn=plugins, cn=config nsEncryptionAlgorithm, Database Attributes under cn=attributeName, cn=encrypted attributes, cn=database_name, cn=ldbm database, cn=plugins, cn=config database files, Database Files database link plug-in configuration attributes nsAbandonCount, Database Link Attributes under cn=monitor, cn=database instance name, cn=chaining database, cn=plugins, cn=config nsAbandonedSearchCheckInterval, nsAbandonedSearchCheckInterval...
Page 271 Red Hat D irectory Server 8.1 Configuration and Command Reference dbcachetries, Database Attributes under cn=monitor, cn=ldbm database, cn=plugins, cn=config dbfilecachehit, Database Attributes under cn=monitor, cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config dbfilecachemiss, Database Attributes under cn=monitor, cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config dbfilenamenumber,...
Page 272 Index cn=ldbm database, cn=plugins, cn=config nsslapd-db-page-rw-evict-rate, Database Attributes under cn=database, cn=monitor, cn=ldbm database, cn=plugins, cn=config nsslapd-db-page-size, nsslapd-db-page-size nsslapd-db-page-trickle-rate, Database Attributes under cn=database, cn=monitor, cn=ldbm database, cn=plugins, cn=config nsslapd-db-page-write-rate, Database Attributes under cn=database, cn=monitor, cn=ldbm database, cn=plugins, cn=config nsslapd-db-pages-in-use, Database Attributes under cn=database, cn=monitor, cn=ldbm database, cn=plugins, cn=config nsslapd-db-spin-count, nsslapd-db-spin-count...
Page 273 Red Hat D irectory Server 8.1 Configuration and Command Reference quick reference, Command-Line Scripts Quick Reference dbcachehitratio attribute, Database Attributes under cn=monitor, cn=ldbm database, cn=plugins, cn=config dbcachehits attribute, Database Attributes under cn=monitor, cn=ldbm database, cn=plugins, cn=config dbcachepagein attribute, Database Attributes under cn=monitor, cn=ldbm database,...
Page 274 Index quick reference, Command-Line Scripts Quick Reference ds_removal command-line utility options, ds_removal syntax, ds_removal dT ableSize attribute, cn=monitor editing dse.ldif file, Configuration Changes Requiring Server Restart encryption root password, nsslapd-rootpw (Root Password) specifying password storage scheme, passwordStorageScheme (Password Storage Scheme) encryption configuration attributes nsSSL2, nsSSL2...
Page 275 Red Hat D irectory Server 8.1 Configuration and Command Reference configuration of, Configuration of Indexes jpeg images, ldif LDAP modifying configuration entries, Modifying Configuration Entries Using LDAP LDAP Data Interchange Format (LDIF) binary data, ldif LDAP result codes, LDAP Result Codes...
Page 276 Index 20subscriber.ldif, LDIF and Schema Configuration Files 25java-object.ldif, LDIF and Schema Configuration Files 28pilot.ldif, LDIF and Schema Configuration Files 30ns-common.ldif, LDIF and Schema Configuration Files 50ns-admin.ldif, LDIF and Schema Configuration Files 50ns-certificate.ldif, LDIF and Schema Configuration Files 50ns-directory.ldif, LDIF and Schema Configuration Files 50ns-mail.ldif, LDIF and Schema Configuration Files 50ns-value.ldif,...
Page 277 Red Hat D irectory Server 8.1 Configuration and Command Reference multi-master replication changelog changelog, cn=changelog5 nbackends attribute, cn=monitor newRdn, newRdn newSuperior, newSuperior ns-accountstatus.pl command-line perl script, ns-accountstatus.pl (Establishes Account Status) quick reference, Command-Line Scripts Quick Reference ns-activate.pl command-line perl script, ns-activate.pl (Activates an Entry or Group of Entries)
Page 278 Index nsDatabaseT ypes, cn=backup, cn=restore nsDeleteCount attribute, Database Link Attributes under cn=monitor, cn=database instance name, cn=chaining database, cn=plugins, cn=config nsDS50ruv attribute, nsDS50ruv nsDS5BeginReplicaRefresh attribute, nsDS5BeginReplicaRefresh nsDS5Flags attribute, nsDS5Flags nsDS5ReplConflict attribute, nsDS5ReplConflict nsDS5Replica, nsDS5Replica (Object Class) nsDS5ReplicaBindDN attribute, nsDS5ReplicaBindDN nsDS5ReplicaBindMethod attribute, nsDS5ReplicaBindMethod nsDS5ReplicaBusyWaitT ime attribute, nsDS5ReplicaBusyWaitT ime...
Page 279 Red Hat D irectory Server 8.1 Configuration and Command Reference nshoplimit attribute, nshoplimit nsImportChunkSize, cn=import nsImportIndexAttrs, cn=import nsIncludeSuffix, cn=import, cn=export nsIndexAttribute, cn=index nsIndexT ype attribute, nsIndexT ype nsIndexVLVAttribute, cn=index nsInstance, cn=import, cn=export nsLookT hroughLimit attribute, nsLookT hroughLimit nsMatchingRule attribute, nsMatchingRule...
Page 280 Index nsslapd-accesslog-logrotationtime attribute, nsslapd-accesslog-logrotationtime (Access Log Rotation T ime) nsslapd-accesslog-maxlogsize attribute, nsslapd-accesslog-maxlogsize (Access Log Maximum Log Size) nsslapd-accesslog-maxlogsperdir attribute, nsslapd-accesslog-maxlogsperdir (Access Log Maximum Number of Log Files) nsslapd-accesslog-mode attribute, nsslapd-accesslog-mode (Access Log File Permission) nsslapd-allow-unauthenticated-binds attribute, nsslapd-allow-unauthenticated-binds nsslapd-attribute-name-exceptions attribute, nsslapd-attribute-name-exceptions nsslapd-auditlog-list attribute, nsslapd-auditlog-list nsslapd-auditlog-logexpirationtime attribute,...
Page 281 Red Hat D irectory Server 8.1 Configuration and Command Reference cn=monitor, cn=ldbm database, cn=plugins, cn=config nsslapd-db-cache-try attribute, Database Attributes under cn=database, cn=monitor, cn=ldbm database, cn=plugins, cn=config nsslapd-db-checkpoint-interval attribute, nsslapd-db-checkpoint-interval nsslapd-db-circular-logging attribute, nsslapd-db-circular-logging nsslapd-db-clean-pages attribute, Database Attributes under cn=database, cn=monitor, cn=ldbm database, cn=plugins, cn=config...
Page 282 Index nsslapd-db-verbose attribute, nsslapd-db-verbose nsslapd-dbcachesize attribute, nsslapd-dbcachesize nsslapd-dbncache attribute, nsslapd-dbncache nsslapd-directory attribute, nsslapd-directory, nsslapd-directory nsslapd-ds4 -compatible-schema attribute, nsslapd-ds4 -compatible-schema nsslapd-errorlog attribute, nsslapd-errorlog (Error Log) nsslapd-errorlog-level attribute, nsslapd-errorlog-level (Error Log Level) nsslapd-errorlog-list attribute, nsslapd-errorlog-list nsslapd-errorlog-logexpirationtime attribute, nsslapd-errorlog-logexpirationtime (Error Log Expiration T ime) nsslapd-errorlog-logexpirationtimeunit attribute, nsslapd-errorlog-logexpirationtimeunit (Error Log Expiration T ime Unit)
Page 283 Red Hat D irectory Server 8.1 Configuration and Command Reference nsslapd-maxsasliosize attribute, nsslapd-maxsasliosize (Maximum SASL Packet Size) nsslapd-maxthreadsperconn attribute, nsslapd-maxthreadsperconn (Maximum T hreads per Connection) nsslapd-mode attribute, nsslapd-mode nsslapd-nagle attribute, nsslapd-nagle nsslapd-outbound-ldap-io-timeout attribute, nsslapd-outbound-ldap-io-timeout nsslapd-plug-in attribute, nsslapd-plug-in nsslapd-plugin-depends-on-named attribute, nsslapd-plugin-depends-on-named...
Page 284 Index nssnmplocation attribute, nssnmplocation nssnmpmasterhost attribute, nssnmpmasterhost nssnmpmasterport attribute, nssnmpmasterport nssnmporganization attribute, nssnmporganization nsSSL2 attribute, nsSSL2 nsSSL3 attribute, nsSSL3 nsSSL3ciphers attribute, nsSSL3ciphers nsSSLclientauth attribute, nsSSLclientauth (Client Authentication), nsSSLclientauth nsSSLSessionT imeout attribute, nsSSLSessionT imeout nsState attribute, nsState, cn=uniqueid generator nsSubStrBegin attribute, nsSubStrBegin nsSubStrEnd attribute, nsSubStrEnd...
Page 285 Red Hat D irectory Server 8.1 Configuration and Command Reference passwordInHistory attribute, passwordInHistory (Number of Passwords to Remember) passwordLockout attribute, passwordLockout (Account Lockout) passwordLockoutDuration attribute, passwordLockoutDuration (Lockout Duration) passwordMaxAge attribute, passwordMaxAge (Password Maximum Age) passwordMaxFailure attribute, passwordMaxFailure (Maximum Password Failures)
Page 286 Index name, cn=chaining database, cn=plugins, cn=config nsAbandonedSearchCheckInterval, nsAbandonedSearchCheckInterval nsActiveChainingComponents, nsActiveChainingComponents nsAddCount, Database Link Attributes under cn=monitor, cn=database instance name, cn=chaining database, cn=plugins, cn=config nsBindConnectionCount, Database Link Attributes under cn=monitor, cn=database instance name, cn=chaining database, cn=plugins, cn=config nsBindConnectionsLimit, nsBindConnectionsLimit nsBindCount, Database Link Attributes under cn=monitor, cn=database instance name, cn=chaining database, cn=plugins, cn=config nsBindMechanism, nsBindMechanism...
Page 287 Red Hat D irectory Server 8.1 Configuration and Command Reference database, cn=plugins, cn=config nsslapd-db-durable-transactions, nsslapd-db-durable-transactions nsslapd-db-hash-buckets, Database Attributes under cn=database, cn=monitor, cn=ldbm database, cn=plugins, cn=config nsslapd-db-hash-elements-examine-rate, Database Attributes under cn=database, cn=monitor, cn=ldbm database, cn=plugins, cn=config nsslapd-db-hash-search-rate, Database Attributes under cn=database, cn=monitor,...
Page 288 Index nsT imeLimit, nsT imeLimit nsT ransmittedControls, nsT ransmittedControls nsUnbindCount, Database Link Attributes under cn=monitor, cn=database instance name, cn=chaining database, cn=plugins, cn=config nsUseStartT LS, nsUseStartT LS vlvBase, vlvBase vlvEnabled, vlvEnabled vlvFilter, vlvFilter vlvScope, vlvScope vlvSort, vlvSort vlvUses, vlvUses plug-ins configuration of, Overview of the Directory Server Configuration distributed number assignment plug-in, Distributed Numeric Assignment Plug-in...
Page 289: Replication Attributes Under Cn=Replica, Cn="Suffixdn", Cn=Mapping Tree, Cn=Config
Red Hat D irectory Server 8.1 Configuration and Command Reference repl-monitor.pl command-line perl script, repl-monitor.pl (Monitors Replication Status) quick reference, Command-Line Scripts Quick Reference replication agreement configuration attributes description, description nsDS50ruv, nsDS50ruv nsDS5BeginReplicaRefresh, nsDS5BeginReplicaRefresh nsDS5ReplicaBindDN, nsDS5ReplicaBindDN nsDS5ReplicaBindMethod, nsDS5ReplicaBindMethod nsDS5ReplicaBusyWaitT ime,...
Page 290: Cn=Sasl
Index retro changelog plug-in configuration attributes nsslapd-changelogdir, nsslapd-changelogdir retryCountResetT ime, retryCountResetT ime SASL configuration attributes nsSaslMapBaseDNT emplate, nsSaslMapBaseDNT emplate nsSaslMapFilterT emplate, nsSaslMapFilterT emplate nsSaslMapRegexString, nsSaslMapRegexString SASL configuration entries cn=sasl, cn=sasl saveconfig command-line shell script, saveconfig (Saves Administration Server Configuration) quick reference, Command-Line Scripts Quick Reference schema-reload.pl, schema-reload.pl (Reload Schema Files Dynamically)
Page 291: Cn=Snmp
Red Hat D irectory Server 8.1 Configuration and Command Reference SNMP configuration attributes nssnmpcontact, nssnmpcontact nssnmpdescription, nssnmpdescription nssnmpenabled, nssnmpenabled nssnmplocation, nssnmplocation nssnmpmasterhost, nssnmpmasterhost nssnmpmasterport, nssnmpmasterport nssnmporganization, nssnmporganization SNMP configuration entries cn=SNMP, cn=SNMP special attributes changeLog, changeLog changeNumber, changeNumber changes, changes...
Page 292: Cn=Tasks
Index targetDn, targetDn totalConnections attribute, cn=monitor trailing spaces in object class names, nsslapd-schema-ignore-trailing-spaces (Ignore T railing Spaces in Object Class Names) ttl, T ask Invocation Attributes for Entries under cn=tasks uniqueid generator configuration attributes nsState, cn=uniqueid generator uniqueid generator configuration entries cn=uniqueid generator, cn=uniqueid generator verify-db.pl...

Red Hat 8.1 Configuration And Command Reference

Quick Links

Need help?

Questions and answers

Related Manuals for Red Hat 8.1

Summary of Contents for Red Hat 8.1

Table of Contents