Complete Contents
Introduction
Chapter 1 Administering the Directory Server
Chapter 2 LDAP Data Interchange Format
Chapter 3 Extending the Directory Schema
Chapter 4 Managing Directory Server Databases
Chapter 5 Managing Access Control
Chapter 6 Managing Password and Account Lockout Policies
Chapter 7 Managing Indexes
Chapter 8 Finding Directory Entries
Chapter 9 Managing Directory Entries
Chapter 10 Managing Your Directory Server
Chapter 11 Managing SSL
Chapter 12 Managing Replication
Chapter 13 Managing Referrals
Chapter 14 NT Directory Synchronization
Chapter 15 Managing SNMP
Chapter 16 Configuration Parameters
Appendix A LDAP URLs
Appendix B Internationalization
Appendix C UI Reference
Glossary
Contents Bookshelf



Symbols
#, in slapd.conf 369
-, in change operation 234
::, in LDIF statements 40
<$endtrange 158
\, in parameter values 369
"", in ldapmodify commands 224
'', in ldapsearch 196

A
access control
  ACI attribute 90
  ACI language syntax 126
  allowing or denying access 93
  anonymous access 96, 109
  bind rules 95
    access at specific time or day 99
    access based on attribute value 98
    access based on authentication method 100
    access from a specific location 99
    Boolean 100
    general access 97
    user and group access 96
  change log and 307
  defining
    with LDIF files 125-147
    with Server Console 101-125
  dynamic targets 97
  overview 89
  password protection and 155
  permissions 93
  rights 94
  target DN containing comma and 128, 147
  targeting 90
    attributes 91
    entries 91
    using LDAP search filters 92
    using LDIF 127
Access Log 246
Access log
  manually disabling 247
access log
  configuring 246
  manually rotating 253
  turning off 246
  turning on 246
  viewing 246
Access Log parameter
  description and syntax 376
  viewing and changing 246
access-control information (ACI) instruction, See ACI instruction
access-control list (ACL)
  glossary entry 515
  overview 89
accesscontrol parameter 393
accessloglevel parameter 383
accesslog-logexpirationtime parameter 378
accesslog-logexpirationtimeunit parameter 378
accesslog-logging-enabled parameter 377
accesslog-logrotationtime parameter 381
accesslog-logrotationtimeunit parameter 382
accesslog-maxlogdiskspace parameter 379
accesslog-maxlogsize parameter 379
accesslog-maxNumOfLogsPerDir parameter 380
accesslog-minfreediskspace parameter 381
account lockout 156, 157, 383
  disabling 156
  enabling 156
  lockout duration 156, 158, 406
  maximum password failures 411
  modifying preferences 156
  parameters 157
  password failure counter 156, 158, 425
  policy 149-158
  setting preferences for 156
  unlocking account 434
Account Lockout parameter 383
account lockout policies
  modifying 156
  setting up 156
account lockout policy
  parameters 157
Account Lockout Scheme parameter
  configuring 156
account lockout storage scheme
  overview 156
ACI
  creating
    using LDIF 125
    using Server Console 101
  deleting 108
  editing 107
ACI attribute
  default index for 168
  overview 90
ACI instruction
  bind rules 95
  name 126
  password protection and 155
  permissions 93
  target DN containing comma and 128, 147
  targets 90
ACI language syntax 126-140
ACL, See access-control list
aclupg utility, location of 32
ACR
  deleting 108
Add rights 94
Administration Server
  functions of 25
  master agents and 356
agents
  master agent 356
    Unix 356
    Windows NT 356
  subagent 356
    configuring 365
    enabling 365
    starting and stopping on Unix 365
AIX SNMP daemon 364
algorithms
  consumer-initiated replication 323-324
  metaphone phonetic algorithm 162
  searching 160-161
  supplier-initiated replication 321-323
alias dereferencing 200
allidsthreshold parameter 437
allowed attributes
  creating 55
  deleting 55, 57
  editing in object class 56
allowing access 93
  using LDIF 130
anonymous access
  change log restrictions on 307
  defining 142
  LDIF example 142
  overview 96
  Server Manager example 109
approximate index
  CPU cycles and 167
  overview 162
  query string codes 162
  when to use 167
approximate search 193
attribute list, glossary entry 515
attribute parameter 383
Attribute to be Indexed parameter 167, 438
attribute type field (LDIF) 39
attribute value field (LDIF) 39
attribute values
  access based on 98
  adding 239
  deleting 242
  modifying 240
  replacing 239
  syntax 60, 61
attributes
  ACI 90
  adding 239
  creating 55
  defining 59
  deleting
    multiple 239
    using LDIF update statements 241
  deleting from object class 55, 56, 57
  for integrity updates 84
  glossary entry 515
  indexing existing 176
  multi-valued 60, 61
  ntGroupCreateNewAccount attribute 342
  ntGroupDomainId 341
  ntUserCreateNewAccount 342
  ntUserDomainId 340
  OID 60
  searching for 192
  standard 51, 58
  syntax 60, 61
  targeting 91
  user-defined 58
  values
    adding 239
    deleting 242
    modifying 240
    replacing 239
  viewing 58
Audit log
  manually disabling 252
  viewing 251
audit log
  configuring 251
  disabling 251
  enabling 251
Audit Log parameter
  description and syntax 384
  viewing and changing 251
auditlog-logexpirationtime parameter 385
auditlog-logexpirationtimeunit parameter 386
auditlog-logging-enabled parameter 385
auditlog-logrotationtime parameter 389
auditlog-logrotationtimeunit parameter 390
auditlog-maxlogdiskspace parameter 386
auditlog-maxlogsize parameter 387
auditlog-maxNumOfLogsPerDir parameter 388
auditlog-minfreediskspace parameter 389
authentication 289
  access control and 100
  certificate-based 293
  glossary entry 515
  LDAP URLs and 453
authentication certificates glossary entry 515
authmethod keyword 139

B
backing up the database 74
backslash, in parameter values 369
base 64 encoding 40
base DN, ldapsearch and 203
binary data, LDIF and 40
bind failures, account lockout and 158
bind rules
  access at specific time or day 99
    LDIF example 146
    Server Manager example 117
  access based on attribute value
    example 135
    overview 98
  access based on authentication method 100
    LDIF example 139
    Server Manager example 120
  access from a specific location 99
    LDIF example 145
    Server Manager example 119
  ACI language syntax 126
  anonymous access 96
    LDIF example 133
    Server Manager example 109
  Boolean
    example 140
    overview 100
  general access
    example 133
    overview 97
  group access 98
    LDIF example 134, 135
    Server Manager example 113
  LDAP URLs 97
  LDIF keywords for 132
  overview 95
  syntax 95
  user access 97
    LDIF example 133
    parent 98
    self 98
    Server Manager example 111
Bind to Server field 27
bindDN
  directory tree access and 27
  glossary entry 515
Boolean bind rules
  example 140
  overview 100
Boolean operators, in search filters 194
browser glossary entry 516

C
cache
  specifying maximum entries 271, 446
  specifying size in bytes 445
cache hit ratio 263
certificate
  mapping to a DN 294
  password 30
Certificate and Key Directory parameter 390
certificate database
  password 293
certificate-based authentication 293
  replication and 293
certification authority glossary entry 516
CGI glossary entry 516
change log
  access control and 307
  configuring for CIR 306
  configuring for SIR 300
  consumer access to 307
  expiration of entries 77
  synchronization and 322, 324
change operations 234
  add 239
  delete 239
  replace 239
Changelog DB Directory parameter 391
Changelog DB Suffix parameter 392
changetypes
  add 235
  delete 242
  modify 239
character type 456
Check Password Syntax parameter 392
checking password syntax 154
checking the database schema 52
checkpoint interval 439
ciphers
  described 291
  list of 291, 396
  selecting 291
ciphertext glossary entry 516
CIR agreements
  editing 310
    connection type 310
    consumer 310
    description 310
    name 310
    replicated content 310
    schedule 310
client
  glossary entry 516
  using to find entries 189
client authentication, replication and 305, 311
code page 455
collation order
  overview 456
  search filters and 205
command line
  monitoring database from 266
  monitoring server from 258
  providing input from 224
command-line scripts 33
  bak2db 34, 76
  db2bak 34, 74
  db2ldif 34
  finding 33
  getpwenc 34
  ldif2db 34
  monitor 34
  restart-slapd 34
  start-slapd 34
  stop-slapd 35
  vlvindex 35
command-line utilities
  certificate-based authentication and 293
  db2index 176
  db2ldif 65
  ldapdelete 230
  ldapmodify 224, 225, 226, 428
  ldapsearch 191-205
  ldif 40
  ldif2index 176
  ldif2ldbm 70, 71, 72
  location of 32
  PATH variable and 33
  start 29
  stop 29
  table of 31
commands
  export 64
  import 68
commas, in DNs 196, 224
  ACI targets and 128, 147
  specifying LDIF entries with 43, 45
  specifying suffix with 41, 42, 46
  using ldapsearch with 205
Compare rights 94
compound search filters 193
configuration files
  location of 35
  slapd.conf 35
  slapd.dynamic_ldbm.conf 35
  slapd.ldbm.conf 173
configuration parameters 367-448
  changing
    using Server Console 368
    using slapd.conf 368
connections
  monitoring 257-258, 259, 260
  viewing number of 255
consistency updates 80
consumer server
  adding
    for supplier-initiated replication 303
  glossary entry 516
  trust database and 293
consumer-initiated replication
  adding suppliers 310
  change log access 307
  duplicating agreements 310
  glossary entry 516
  overview 298
  replication algorithm 323-324
  using SSL 311
continued lines
  in LDIF 39
  in LDIF update statements 234
conventions, in this book 23
converting database to LDIF
  from the command-line 65
  using Server Console 64
copiedFrom attribute 321, 323
counter, password failures 156, 158
country code 457
CPU cycles, index files and 167
creating the directory 46
crypt encryption 155, 422

D
daemon
  glossary entry 516
dash, in change operation 234
database
  backing up 74
  controlling access 89-146
  converting to LDIF
    from the command-line 65
    using Server Console 64
  costs of indexing 165
  creating using LDIF 46
  extending the schema 51-61
  integrity update interval 83
  maintaining relationships 80
  managing with LDIF 63-73
  monitoring from command-line 266-269
  monitoring from server console 261-266
  referential integrity 80
  restoring 75-76, 85
  restoring with replicated entries 77
  schema checking 52
  selecting for monitoring 260
  updating 165, 233
  viewing backend information 260
database backups
  creating 74
  deleting 76
  location of files 74
  online 73, 74, 75
  overview 73
Database Checkpoint Interval parameter 86, 439
Database Durable Transactions parameter 87, 441
database files, directory for 441
database parameter 439
database schema
  checking 52
  creating new attributes 59
  creating new object classes 54
  defined 428
  deleting attributes 61
  deleting object classes 57
  editing object classes 56
  extending 51-61
  standard 51
  viewing attributes 58
  viewing object classes 53
database server parameters 436-448
  Attribute to be Indexed 167, 438
  database 439
  Database Checkpoint Interval 86, 439
  Database Durable Transactions 87, 441
  Database Transaction Log Directory 85, 442
  DB Directory 441
  dynamicconf 35, 440
  Maximum Cache Size 445
  Maximum DB Cache size in bytes 271
  Maximum Entries in Cache 271, 445
  mode 446
  Read-only 262, 447
  Root DN 426
  Root Password 269, 426
  Root Password Storage Scheme 427
  Suffix 79, 447
  table of 436
Database Transaction Log directory parameter 85, 442
database transaction logging
  checkpoint interval 86
  described 85
  durable transactions 87
  log file location 85
date format 456
dayofweek keyword 139
DB Directory parameter 441
db_home_directory parameter 443
db2index utility
  parameters 176
db2ldif utility
  example of use 66, 67
  exporting LDIF with 65
  parameters 66
debug level, specifying 66, 71, 176, 407
default indexes 168
defining
  attributes 59
  object classes 54
Delete rights 94
deleting
  ACI 108
  ACR 108
  attribute values 242
  attributes 239, 241
  attributes from an object class 55, 56, 57
  database backups 76
  entries 242
    database integrity and 80
    synchronization and 342
  LDIF files 73
  multiple attributes 239
  object classes 57
denying access 93
  precedence rule 93
  using LDIF 130
DES cipher 291, 293
directory creation 46
directory server
  international character sets 455
  internationalization and 455
  MIB 358
  monitoring 253-260
    from command line 258
    from server console 254
  monitoring database
    from command line 266
  monitoring from server console 254-258
  performance counters 253-260
  SNMP traps 357
  starting and stopping 28
  supported languages 457
Directory Server Console
  backing up database 73
directory server console, capabilities of 26
Directory Server Entry (DSE), searching 203
Directory Server gateway
  glossary entry 516
  schema checking and 428
directory service glossary entry 516
directory trees
  finding entries in 195
  machine data 325
  mapping to URLs 329
disk space
  access log and 246
  index files and 166
  log files and 253
distinguished names
  for replication 430
  glossary entry 516
  root 426
  specifying local database suffix 447
  synchronization and 347
dn field (LDIF) 38
dn.dbb file 171
dn2id.dbb file 171
DNS alias glossary entry 517
dns keyword 138
Domain Name System (DNS) glossary entry 516
domain, access from specific 99
DSE See Directory Server Entry
durable transactions 87, 441
dynamic parameter changes 35, 440
dynamically creating indexes 173
dynamicconf parameter 35, 440

E
enabling NT synchronization service 414
Encrypted Port Number parameter
  description and syntax 395
  viewing and changing 273
encryption
  crypt 155
  password 155
  replication and 304, 311
  root password 426, 427
  SHA 155
  specifying password storage scheme 421
Encryption Alias parameter 395
Encryption Ciphers parameter 396
encryption method, for root password 426, 427
end of file marker 224
entries
  adding
    using Directory tab 214-222
    using LDIF update statements 235
  adding using LDIF 225
  cache hit ratio 263
  creating
    synchronization and 337, 340
    using LDIF 41-45
  deleting 230-233
    synchronization and 342
    using ldapdelete 230
    using LDIF update statements 242
    using Server Console 223
  finding 195
  maintaining relationships 80
  managing
    using Directory tab 214-223
    using Server Console 214-223
  mapping to URLs 329
  modifying 226-243
    synchronization and 342
    using ldapmodify 226
    using LDIF update statements 239
  moving 238
  order of creation 225
  order of deletion 230, 243
  renaming 238
  root 46
  targeting 91
  working with 213-243
entry cache hit ratio 263
environment variables
  LDAP_BASEDN 203
  overview 33
EOF marker 224
equality index 162
equality search 192
  example 194
  international example 210
Error log
  manually disabling 249
error log
  configuring 249
  manually rotating 253
  specifying 397
  turning off 249
  turning on 249
  viewing 248
Error Log parameter
  description and syntax 397
  viewing and changing 249
errorlog-logexpirationtime parameter 399
errorlog-logexpirationtimeunit parameter 399
errorlog-logging-enabled parameter 398
errorlog-logrotationtime parameter 402
errorlog-logrotationtimeunit parameter 403
errorlog-maxlogdiskspace parameter 400
errorlog-maxlogsize parameter 400
errorlog-maxNumOfLogsPerDir parameter 401
errorlog-minfreediskspace parameter 402
expiration of passwords
  overview 153
  slapd.conf parameter 418
  warning message 154
export command 64
extending the directory schema 51-61

F
file extension glossary entry 517
file type glossary entry 517
files
  access log 246
  containing search filters 200
  database backup 74
  dn.dbb 171
  dn2id.dbb 171
  EOF marker 224
  error log 248
  id2children.dbb 171
  id2entry.dbb 171
  locating configuration 35
  slapd.conf 35, 368-369, 427
  slapd.dynamic_ldbm.conf 35
  slapd.ldbm.conf 70, 173
finding
  attributes 192
  entries 195
  supported suffixes 203
fonts, in this book 23
format, LDIF 38

G
general access
  example 133
  overview 97
general server parameters 370-383
  Access Log 376
  Account Lockout 383
  Account Lockout Scheme 156
  attribute 383
  Audit Log 251, 384
  Certificate and Key Directory 390
  Changelog DB Directory 391
  Changelog DB Suffix 392
  Check Password Syntax 392
  Encrypted Port Number 273, 395
  Encryption Alias 395
  Encryption Ciphers 396
  Error Log 249, 397
  Idle Time Out 270
  Lockout Duration 406
  Log Level 407
  Look Through Limit 271, 444
  Max Changelog Age 409
  Max Changelog Records 409
  Max File Descriptors 270
  Maximum Password Failures 411
  maxthreadsperconn 412
  NLS 413
  NT Synchronization Service Enabled 414
  NT Synchronization Service Port Number 414
  Number of Passwords to Remember 416
  objectClass 416
  orcauto 394
  order of precedence 369
  Password Change 417, 421
  Password Expiration 418
  Password History 418
  Password Maximum Age 419, 420
  Password Minimum Length 420
  Password Storage Scheme 150, 421
  Port Number 273, 422
  Referral 328, 423
  Reset Password Failure Count After 425
  Schema Check 52, 428
  Send Warning 429
  Size Limit 270, 430
  Supplier DN 299, 430
  Supplier Password 431
  Supplier SSL Clients 300, 431
  threadnumber 432
  Time Limit 270, 433
  Track Modifies 433
  Unlock Account 434
glossary of terms 515-521
greater than or equal to search
  international example 211
  overview 193
groupdn keyword 134
groupdnattr keyword 134
groups
  access control and 96
    LDIF example 134, 135
    Server Manager example 113
  access to directory 98
  creating
    synchronization and 341
  permissions for 144

H
hostnames glossary entry 517
HTML glossary entry 517
HTTP glossary entry 517
HTTPD glossary entry 517
HTTP-NG glossary entry 517
HTTPS glossary entry 517

I
id field (LDIF) 38
id2children.dbb file 171
id2entry.dbb file 171
Idle Time Out parameter
  viewing and changing 270
idletimeout parameter 403
illegal strings, passwords 154
import command 68
importing LDIF
  from the command-line 70
  using Server Console 68
index files
  defaults maintained by directory server 171
  directory for 441
  specifying cache size 445
indexes
  approximate 162, 167
  cost of 164-167
  creating 167
    dynamically 173-176
    from Server Console 171
    from slapd.conf 173
  defaults maintained by directory server 168
  dynamic changes to 173-176
  equality 162
  of existing attributes 176
  International 164
  international 164
  managing 159-180
  presence 161, 168
  specifying type 438
  substring 163, 167
  system defaults 168
  system resources and 166
  types of 161
instancedir parameter 404
interaction table 361
international character sets 455
International index
  overview 164
international searches 205-211
  equality 210
  examples 209
  greater than 211
  greater than or equal to 211
  less than 210
  less than or equal to 210
  matching rule filter syntax 206
  substring 211
  using OIDs 207
internationalization
  character type 456
  collation order 456
  country code 457
  date format 456
  indexing and 164
  language tag 457
  locales and 455
  location of files 413, 456
  matching rule filters 206
  modifying entries 243
  monetary format 456
  object identifiers and 457
  of LDIF files 49
  search filters and 205
  supported languages 455
  supported locales 457
  time format 456
ioblocktimeout parameter 404
IP address glossary entry 517
ip keyword 137

J
jpeg images 40

L
language code
  in LDIF entries 49
  list of supported 457
language support 455
  language tag 457
  searching and 205
  specifying using locales 457
language tags
  described 457
  in international searches 208
  in LDIF update statements 243
LDAP clients
  certificate-based authentication and 293
  database schema and 51
  glossary entry 517
  monitoring database with 266
  monitoring server with 258
  using to find entries 189
LDAP Data Interchange Format (LDIF) 67
  access control keywords
    authmethod 139
    dayofweek 139
    dns 138
    groupdn 134
    groupdnattr 134
    ip 137
    target 127
    targetattr 129
    targetfilter 130
    timeofday 138
    userdn 133
    userdnattr 134
  ACI language syntax and 125
  binary data 40
  converting to
    from the command-line 65
    using Server Console 64
  deleting files 73
  entry format 38
    Organization 41
    Organizational Person 44
    Organizational Unit 42
  example 48
  glossary entry 518
  importing
    Maximum DB Cache size in Bytes parameter and 271
    with ldif2ldbm 70
    with Server Console 68
  internationalization and 49
  line continuation 39
  managing databases with 63-73
  reasons for converting to 64
  Server Console and 225
  update statements 233
  using to create directory 46
LDAP search filters
  DNs with commas and 205
  in targets 92
    examples 122, 130
LDAP URLs
  access control and 97
  components of 449
  described 449-453
  examples 452
  security and 453
  syntax 449
LDAP_BASEDN environment variable 203
ldapdelete utility
  deleting entries 230
  DNs with commas and 224
  example of use 233
  parameters 230
ldapmodify utility 428
  creating multiple entries 225
  DNs with commas and 224
  example of use 229
  location of 32
  modifying entries 226
  parameters 227
  schema checking and 226
  smart referrals and 329
  using with internationalized entries 243
  vs. ldapdelete 226
LDAPReplica object class 325
ldapsearch utility
  base DN and 203
  DNs with commas and 196, 205
  example of use 202
  format 196
  international searches 205
  limiting attributes returned 204
  parameters
    commonly used 197
    optional 199
    SSL 198
  search filters 191
  specifying files 204
  using 195
  verbose mode 202
LDAPServer object class 325
LDIF
  specifying entries
    organization 41
    organizational person 44
    organizational unit 43
LDIF entries
  binary data in 40
  commas in 41, 43, 45, 46
  creating 41-49
    Organizational People 44
    Organizational Units 42
    Organizations 41
  internationalization and 49
LDIF files
  continued lines 39
  creating directory using 46
  creating multiple entries 225
  database management and 63
  deleting 73
  example 48
  importing
    from the command-line 70
    using Server Console 68
  importing from Server Console 225
  internationalization and 49
  setting access controls 125-147
LDIF format 38
LDIF update statements 233-243
  adding attributes 239
  adding entries 235
  continued lines 234
  deleting attribute values 242
  deleting attributes 241
  deleting entries 242
  format of 234
  functions of 233
  modifying attribute values 240
  modifying entries 239
ldif utility
  converting binary data to LDIF 40
  location of 32
ldif2index utility
  indexing existing attributes 176
  location of 32
ldif2ldbm utility
  example of use 72
  importing LDIF with 70
  location of 32
  parameters 71
length, password 154, 420
less than or equal to search
  international example 210
  syntax 193
less than search
  international example 210
  syntax 193
Lightweight Directory Access Protocol (LDAP)
  glossary entry 518
  managing settings 272
listenhost parameter 405
locales
  defined 455
  location of files 456
  supported 457
localuser parameter 406
locked accounts 156, 157
lockout duration 156, 158
Lockout Duration parameter 406
log files
  access 376
  change 322, 324
  database transaction 85
  error 397
  location of 253
  manually rotating 253
  monitoring 245-253
  Security Accounts Manager (SAM) 337
  synchronization service event log 346
Log Level parameter
  description and syntax 407
Look Through Limit parameter
  description and syntax 444
  role in searching algorithm 161
  viewing and changing 271

M
machine data 325
machine, access from specific 99
mail accounts
  creating automatically 350
  synchronizing 350
managed device
  managed device-initiated communication 357
  overview 355
managed object 356
management information base, See MIB
Manager tab 269
manual synchronization with NT 350
manually rotating log files 253
master agent
  overview 356
  Unix 356
  Windows NT 356
matchingRule format 207
  using language tag 208
  using language tag and suffix 209
  using OID 207
  using OID and suffix 208
Max Changelog Age parameter 409
Max Changelog Records parameter 409
Max File Descriptors parameter
  viewing and changing 270
maxbersize parameter 411
maxdescriptors parameter 410
Maximum Cache Size parameter
  description and syntax 445
Maximum DB Cache size in bytes parameter
  viewing and changing 271
Maximum Entries in Cache parameter
  description and syntax 445
  viewing and changing 271
Maximum Password Failures parameter
  description and syntax 411
maxthreadsperconn parameter 412
MD5 message authentication 292
  glossary entry 518
  signature 518
MD5 signature glossary entry 518
memory
  controlling amount used 167
  index files and 167
  Maximum DB Cache size in Bytes parameter and 271
messaging server, creating accounts automatically 350
metaphone phonetic algorithm 162
MIB
  directory server 358
  location of 358
  netscape-ldap.mib 358
    entries table 361
    interaction table 361
    operations table 359
  overview 356
minimum length of passwords 154
minimum password length 420
mode parameter 446
modifying
  attribute values 240
  entries 239
  international entries 243
monetary format 456
monitoring
  database from command-line 266-269
  database from server console 261-266
  server from server console 254-258
moving entries 238
multiple indexes, cost of 165
multiple search filters 193

N
nagle parameter 413
Netscape MIBs 358
Netscape NT Directory Synchronization service 336
netscape-ldap.mib 358
  entries table 361
  interaction table 361
  location of 358
  operations table 359
network management station (NMS)
  NMS-initiated communication 357
network settings, viewing and changing 272
new attributes, creating 59
NIS
  glossary entry 518
NLS parameter 413
ns-slapd
  glossary entry 518
  location of 32
NT Synchronization Service Enabled parameter
  description and syntax 414
NT Synchronization Service Port Number parameter
  description and syntax 414
NTGroup object class 338
ntGroupCreateNewAccount 342
ntGroupDomainId attribute 341
ntsynchusessl parameter 415
NTUser object class 337
ntUserCreateNewAccount attribute 342
ntUserDomainId attribute 340
Number of Passwords to Remember parameter 416

O
object class
  creating 54
  deleting 57
  editing 56
  glossary entry 518
  name 55
  OID 55
  parent object 55
  standard 51
  viewing 53
object classes
  standard 53
  user-defined 53
object identifier
  glossary entry 519
object identifier (OID) 457
  attribute 60
  in matchingRule 207
  object class 55
objectClass field (LDIF) 38
objectClass parameter 416
OID
  glossary entry 519
OID, See object identifier
online backups
  creating from command line 75
  creating from server console 74
  creating using db2bak 74
operating system environment variables 33
operations table 359
operations, defined 255
operators
  Boolean 194
  international searches and 205
  search filters and 192
  suffix 206
optional attributes
  creating 55
  deleting 55, 57
  editing 56
  editing in object class 56
orcauto parameter 394
organization, specifying entries for 41
organizational person, specifying entries for 44
organizational unit, specifying entries for 42

P
parent access 98
parent object 55
password
  parameters 152
  policy 149-158
Password Change parameter 417, 421
password encryption, types of 422
Password Expiration parameter 418
password file 30
  glossary entry 519
Password History parameter 418
Password Maximum Age parameter 419, 420
Password Minimum Length parameter 420
password policies
  account lockout 156, 157
  change after reset 152
  expiration warning 154
  lockout duration 156, 158
  managing 149-158
  modifying 150
  overview 149-155
  password expiration 153
  password failure counter 156, 158
  password history 155
  password length 154
  password storage scheme 155
    overview 155
  setting up 150
  syntax checking 154
  user defined passwords 153
password policy
  parameters 152
password storage scheme
  configuring 155
  overview 149
Password Storage Scheme parameter
  configuring 150
  description and syntax 421
passwords
  account lockout 156, 157
  certificate 30
  changing after reset 152
  encryption of 155
  encryption types 422
  expiration 153, 418
  expiration warning 154, 429
  failure counter 156, 158
  history 155
  illegal strings 154
  lockout duration 156, 158
  managing 149-158
  maximum age 419, 420
  minimum length 154, 420
  modifying preferences 150
  resetting 158
  reusing 155, 418
  root 426
  root DN 269
  setting 158
  setting preferences for 150
  supplier 431
  synchronizing changes with NT 337
  syntax checking 154, 392
  user defined 153
PATH variable 33
PDUs 356
performance counters 254, 261
  Database tab 261
  monitoring the server with 253-260
  Server tab 254
performance tuning 269
  database 271
  server 270
permissions
  ACI language syntax 126
  allowing or denying access 93
    using LDIF 130
  assigning rights 94
    using LDIF 130
  defining
    for all users 141
    for group of users 144
    for single user 142
  overview 93
  precedence rule 93
  specifying for index files 446
Port Number parameter
  description and syntax 422
  viewing and changing 273
port numbers
  less than 1024 422
  NT synchronization service 414
  synchronization service 345
pound symbol, in slapd.conf 369
precedence rule 93
preferences, security 291
presence index
  defaults 168
  overview 161
presence search
  example 194
  syntax 193
protocol data units, See PDUs
protocol glossary entry 519
public-key encryption glossary entry 519
pw_change parameter 417
pw_exp parameter 418
pw_history parameter 418
pw_inhistory parameter 416
pw_lockout parameter 383
pw_lockoutduration parameter 406
pw_maxage parameter 419
pw_maxfailure parameter 411
pw_minage parameter 420
pw_minlength parameter 420
pw_must_change parameter 421
pw_resetfailurecount parameter 425
pw_syntax parameter 392
pw_unlock parameter 434
pw_warning parameter 429

Q
quotation marks, in parameter values 196, 224, 369

R
RAM glossary entry 519
rc.local
  glossary entry 519
RC2 cipher 291, 292
RC4 cipher 291, 292
Read rights 94
read-only mode 262
Read-only parameter 262, 447
redirection 327
ref attribute 331
referential integrity
  described 80
  disabling 82
  specifying attributes to update 84
  update interval 83
referral object class 331
Referral parameter 328
  description and syntax 423
  role in searching algorithm 160
  Suffix parameter and 447
referrals
  example 331
  ldapsearch parameter 201
  number of hops 201
  overview 327
  smart 329
  URLs 328
relative distinguished name glossary entry 519
renaming entries
  database integrity and 80
  restrictions 238
replacing attribute values 239
replicated entries, restoring database with 77
replication
  consumer-initiated 298
  glossary entry 519
  overview 298
  restoring database 77
  SSL and 304, 311
  Supplier DN parameter 430
  supplier-initiated 298
replication agreements
  adding a consumer 303
  adding a supplier 310
  creating for CIR 308
  creating for SIR 301
  duplicating 303, 310
  editing for CIR 310
  editing for SIR 304
  glossary entry 519
required attributes
  creating 55
  deleting 55, 57
  editing 56
reservedescriptors parameter 424
Reset Password Failure Count After parameter 425
resetting passwords 158
Resource Summary
  viewing 255
resource use, connections 257-258
resource use, monitoring 256-258
restoring database
  using bak2db 76
restoring the database 75-76, 85
result_tweak parameter 426
reusing passwords 155, 418
RFC glossary entry 519
rights
  list of 94
  setting
    using LDIF 130
root
  glossary entry 519
Root DN parameter
  description and syntax 426
  Suffix parameter and 79
root DN password
  managing 269
root DSE, searching 203
root entry creation 46
Root Password parameter 269, 426
Root Password Storage Scheme parameter 427
root password, root DN and 427

S
SASL, See Simple Authentication and Security Layer
scheduling
  NT synchronization service 349
schema
  checking 52
  creating new attributes 59
  creating new object classes 54
  deleting attributes 61
  editing object classes 56
  extending 51-61
  glossary entry 520
  searching 203
  standard 51
  targets and 92
  viewing attributes 58
  viewing object classes 53
Schema Check parameter
  description and syntax 428
  turning schema checking on or off 52
schema checking
  attribute parameter and 383
  glossary entry 520
  ldapmodify and 226
  objectclass parameter and 416
  overview 52
  turning on or off 52
schema entry, searching 203
schema rules, defining 416
search filters 191-195
  Boolean operators 194
  contained in file 204
  examples 191, 194
  matching rule 206
  operators in 192
  specifying attributes 192
  specifying file 200, 232
  syntax 191
  using compound 193
  using multiple 193
search operations
  limiting entries checked 444
  limiting entries returned 430
  setting time limits 433
Search rights 94
search types, list of 192, 205
searches
  approximate 193
  equality 192, 194, 210
  example 202
  greater than or equal to 193, 211
  international 205
  international examples 209
  less than 210
  less than or equal to 193, 210
  of directory tree 195
  presence 193, 194
  restricting scope of one-level 171
  restricting scope of subtree 171
  sort criteria 201
  specifying scope 198
  substring 192, 211
searching algorithm, process described 160-161
Secure Sockets Layer (SSL)
  access control and 100
  certificate password 30
  enabling 289
  Encrypted Port Number parameter 395
  Encryption Ciphers parameter 396
  glossary entry 520
  replication and 304, 311
  security parameter 428
  server startup and 30
  setting preferences 291
  specifying directory location 390
security
  certificate-based authentication 293
  Encrypted Port Number parameter 395
  Encryption Ciphers parameter 396
  LDAP URLs and 453
  setting preferences 291
  specifying SSL directory location 390
Security Accounts Manager (SAM) log file 337
security parameter 428
self access 98
  LDIF example 133
  Server Manager example 110
Selfwrite rights
  description 94
  example 123
Send Warning parameter 429
Server Console
  changing configuration parameters 368
  converting to LDIF 64
  creating indexes 171
  glossary entry 520
  importing LDIF with 68
  monitoring server with 254
  restoring database 75
  setting access controls 101-125
  setting account lockout policies 156-158
  setting password policies 149-155
server console
  capabilities of 26
server daemon glossary entry 520
server parameters
  database 436-448
    Attribute to be Indexed 167, 438
    database 439
    Database Checkpoint Interval 86, 439
    Database Durable Transactions 87, 441
    Database Transaction Log Directory 85, 442
    DB Directory 441
    dynamicconf 35, 440
    Maximum Cache Size 445
    Maximum DB Cache size in Bytes 271
    Maximum Entries in Cache 271, 445
    mode 446
    Read-only 262, 447
    Root DN 426
    Root Password 269, 426
    Root Password Storage Scheme 427
    Suffix 79, 447
  general 370-383
    Access Log 246, 376
    Account Lockout 383
    Account Lockout Scheme 156
    attribute 383
    Audit Log 251, 384
    Certificate and Key Directory 390
    Changelog DB Directory 391
    Changelog DB Suffix 392
    Check Password Syntax 392
    Encrypted Port Number 273, 395
    Encryption Alias 395
    Encryption Ciphers 396
    Error Log 249, 397
    Idle Time Out 270
    Lockout Duration 406
    Log Level 407
    Look Through Limit 271, 444
    Max Changelog Age 409
    Max Changelog Records 409
    Max File Descriptors 270
    Maximum Password Failures 411
    maxthreadsperconn 412
    NLS 413
    NT Synchronization Service Enabled 414
    NT Synchronization Service Port Number 414
    Number of Passwords to Remember 416
    objectClass 416
    orcautor 394
    Password Change 417, 421
    Password Expiration 418
    Password History 418
    Password Maximum Age 419, 420
    Password Minimum Length 420
    Password Storage Scheme 150, 421
    Port Number 273, 422
    Referral 328, 423
    Reset Password Failure Count After 425
    Schema Check 52, 428
    Send Warning 429
    Size Limit 270, 430
    Supplier DN 299, 430
    Supplier Password 431
    Supplier SSL Clients 300, 431
    threadnumber 432
    Time Limit 270, 433
    Track Modifies 433
    Unlock Account 434
server root glossary entry 520
Server Selector glossary entry 520
server service glossary entry 520
servers, updating consumers 77
service glossary entry 520
Services Control Panel 29
setting passwords 158
SHA encryption 155, 422
simple authentication 100
Simple Authentication and Security Layer (SASL), access control and 100
Simple Network Management Protocol, See SNMP
single user, permissions for 142
SIR agreements
  editing 304
    connection type 304
    consumer 304
    description 304
    name 304
    replicated content 304
    schedule 304
Size Limit parameter
  description and syntax 430
  role in searching algorithm 160
  viewing and changing 270
slapd glossary entry 520
slapd.at.conf file, schema checking and 428
slapd.conf file
  and dynamic changes 35, 440
  changing configuration parameters 368
  creating indexes from 173
  format of 368-369
  location of 35
  overview 35
  root password and 427
  schema checking and 428
slapd.dynamic_ldbm.conf file
  overview 35
slapd.ldbm.conf file 173
  creating indexes using 173
  creating international indexes using 173
  example 174
  international indexes and 173
  ldif2ldbm and 70
slapd.oc.conf file, schema checking and 428
smart referrals
  creating 329
  example 331
  ldapsearch parameter 201
SNMP 355-366
  agents 356
  AIX SNMP daemon 364
  configuring 363-366
  managed device 355, 357
  managed objects 356
  master agent
    overview 356
    Unix 356
    Windows NT 356
  MIB
    entries table 361
    interaction table 361
    location of 358
    operations table 359
  NMS-initiated communication 357
  overview 355
  SNMP tab 365
  subagent
    configuring 365
    configuring contact 366
    configuring description 366
    configuring location 366
    configuring master host 365
    configuring master port 365
    configuring organization 366
    enabling 365
    overview 356
    starting and stopping on Unix 365
  tab 365
  traps 357
Solaris, thread concurrency 257, 260
sort criteria 201
special characters, in parameters values 369
standard
  attributes 51, 58
  database schema 51
  object classes 51, 53
standard index files 171
Start at field 349
starting the directory server 28
status, synchronization 351
stopping the directory server 28
styles, in this book 23
subagent
  configuring 365
  enabling 365
  overview 356
  starting and stopping on Unix 365
substring index
  CPU cycles and 167
  overview 163
  when to use 167
substring search 192
  international example 211
Suffix parameter
  commas in DN and 448
  description and syntax 447
  managing 79
  Referral parameter and 423
superuser
  glossary entry 521
Supplier DN parameter
  configuring 299
  description and syntax 430
Supplier Password parameter
  configuring 300
  description and syntax 431
supplier server
  adding
    for consumer-initiated replication 310
  glossary entry 521
  restoring database 77
  trust database and 293
Supplier SSL Clients parameter
  description and syntax 431
  viewing and changing 300
supplier-initiated replication
  adding consumers 303
  duplicating agreements 303
  glossary entry 521
  overview 298
  replication algorithm 321-323
  using normal bind 300
  using SSL 304
symmetric encryption glossary entry 521
synchronization
  automatic creation of mail accounts 350
  concurrently changing entries 343
  configuring 344
  directory server to NT 339
    creating entries 340
    creating groups 341
    deleting entries 342
    modifying entries 342
    multiple synchronization services 339
    NTGroup object class 341
    ntGroupCreateNewAccount 342
    ntGroupDomainId attribute 341
    NTUser object class 340
    ntUserCreateNewAccount 342
    ntUserDomainId attribute 340
  disabling 348
  event log file location 346
  manual 350
  NT to directory server 336
    add all users 339
    creating entries 337
    finding changes 337
  NTGroup object class 338
  NTUser object class 337
  scheduling 349
  Start at field 349
  starting and stopping 351
  status 351
  Synchronize every field 349
synchronization service 336
  enabling 414
  port number 414
Synchronize every field 349
syntax
  ACI language 126-140
  attribute value 60, 61
  bind rules 95
  LDAP URLs 449
  ldapsearch 196
  LDIF update statements 234
  matching rule filter 206
  password 154, 392
  search filter 191
  specifying for attribute name 383
system connections
  monitoring 257-258
system indexes 168
system resources
  cost of indexing 166
  monitoring 256-258

T
tabs
  Manager 269
  performance counters 254, 261
  SNMP 365
target keyword 127
targetattr keyword 129
targetfilter keyword 130
targeting
  ACI language syntax 126
  attributes 91
  directory entries 91
  DNs containing commas 128, 147
  LDIF keywords for 127
  overview 90
  using LDAP search filters 92
  using LDAP URLs 97
  using LDIF 127
  wildcards and 91
TCP/IP glossary entry 521
terms, in this book 23, 515-521
thread concurrency, on Solaris 257
threadnumber parameter 432
threads, monitoring 257, 259-260
time format 456
Time Limit parameter
  description and syntax 433
  role in searching algorithm 160
  viewing and changing 270
timeofday keyword 138
Track Modifies parameter
  description and syntax 433
transaction logging
  checkpoint interval 439
  durable transactions 441
traps 357
Triple DES cipher 291, 292, 293
trivial words 154
tuning performance 269
  database 271
  server 270

U
uid
  glossary entry 521
Uniform Resource Locators, See URLs
Unix
  AIX SNMP daemon 364
  master agent 356
Unlock Account parameter 434
URL
  glossary entry 521
  LDAP 423, 449-453
  referrals and 328
user access 96
  LDIF example 133
  Server Manager example 111
  to child entries 98
  to directory 97
  to own entry 98
    LDIF example 133
    Server Manager example 110
user defined passwords 153
userat parameter 435
user-defined attributes 58
user-defined object classes 53
userdn keyword 133
userdnattr keyword 134
useroc parameter 435
users, account lockout 156, 157, 158
UTF-8 455

V
viewing
  attributes 58

W
warning, password expiration 154, 429
white space, in parameter values 369
wildcards
  in international searches 209
  in matching rule filters 209
  in targets 91
Windows NT
  directory server NT synchronization configuration tool 343
  directory server to NT synchronization 339
  master agent 356
  NT to directory server synchronization 336
    schedule 349
  setting up synchronization 344
  synchronizing with directory server 336
Write rights 94

X
X.500 standard glossary entry 521
 

© Copyright 1998 Netscape Communications Corporation