|
|
Symbols |
#, in slapd.conf 369
-, in change operation 234
::, in LDIF statements 40
<$endtrange 158
\, in parameter values 369
"", in ldapmodify commands 224
'', in ldapsearch 196
|
A |
access control
ACI attribute 90
ACI language syntax 126
allowing or denying access 93
anonymous access 96, 109
bind rules 95
access at specific time or day 99
access based on attribute value 98
access based on authentication method 100
access from a specific location 99
Boolean 100
general access 97
user and group access 96
change log and 307
defining
with LDIF files 125-147
with Server Console 101-125
dynamic targets 97
overview 89
password protection and 155
permissions 93
rights 94
target DN containing comma and 128, 147
targeting 90
attributes 91
entries 91
using LDAP search filters 92
using LDIF 127
Access Log 246
Access log
manually disabling 247
access log
configuring 246
manually rotating 253
turning off 246
turning on 246
viewing 246
Access Log parameter
description and syntax 376
viewing and changing 246
access-control information (ACI) instruction, See ACI instruction
access-control list (ACL)
glossary entry 515
overview 89
accesscontrol parameter 393
accessloglevel parameter 383
accesslog-logexpirationtime parameter 378
accesslog-logexpirationtimeunit parameter 378
accesslog-logging-enabled parameter 377
accesslog-logrotationtime parameter 381
accesslog-logrotationtimeunit parameter 382
accesslog-maxlogdiskspace parameter 379
accesslog-maxlogsize parameter 379
accesslog-maxNumOfLogsPerDir parameter 380
accesslog-minfreediskspace parameter 381
account lockout 156, 157, 383
disabling 156
enabling 156
lockout duration 156, 158, 406
maximum password failures 411
modifying preferences 156
parameters 157
password failure counter 156, 158, 425
policy 149-158
setting preferences for 156
unlocking account 434
Account Lockout parameter 383
account lockout policies
modifying 156
setting up 156
account lockout policy
parameters 157
Account Lockout Scheme parameter
configuring 156
account lockout storage scheme
overview 156
ACI
creating
using LDIF 125
using Server Console 101
deleting 108
editing 107
ACI attribute
default index for 168
overview 90
ACI instruction
bind rules 95
name 126
password protection and 155
permissions 93
target DN containing comma and 128, 147
targets 90
ACI language syntax 126-140
ACL, See access-control list
aclupg utility, location of 32
ACR
deleting 108
Add rights 94
Administration Server
functions of 25
master agents and 356
agents
master agent 356
Unix 356
Windows NT 356
subagent 356
configuring 365
enabling 365
starting and stopping on Unix 365
AIX SNMP daemon 364
algorithms
consumer-initiated replication 323-324
metaphone phonetic algorithm 162
searching 160-161
supplier-initiated replication 321-323
alias dereferencing 200
allidsthreshold parameter 437
allowed attributes
creating 55
deleting 55, 57
editing in object class 56
allowing access 93
using LDIF 130
anonymous access
change log restrictions on 307
defining 142
LDIF example 142
overview 96
Server Manager example 109
approximate index
CPU cycles and 167
overview 162
query string codes 162
when to use 167
approximate search 193
attribute list, glossary entry 515
attribute parameter 383
Attribute to be Indexed parameter 167, 438
attribute type field (LDIF) 39
attribute value field (LDIF) 39
attribute values
access based on 98
adding 239
deleting 242
modifying 240
replacing 239
syntax 60, 61
attributes
ACI 90
adding 239
creating 55
defining 59
deleting
multiple 239
using LDIF update statements 241
deleting from object class 55, 56, 57
for integrity updates 84
glossary entry 515
indexing existing 176
multi-valued 60, 61
ntGroupCreateNewAccount attribute 342
ntGroupDomainId 341
ntUserCreateNewAccount 342
ntUserDomainId 340
OID 60
searching for 192
standard 51, 58
syntax 60, 61
targeting 91
user-defined 58
values
adding 239
deleting 242
modifying 240
replacing 239
viewing 58
Audit log
manually disabling 252
viewing 251
audit log
configuring 251
disabling 251
enabling 251
Audit Log parameter
description and syntax 384
viewing and changing 251
auditlog-logexpirationtime parameter 385
auditlog-logexpirationtimeunit parameter 386
auditlog-logging-enabled parameter 385
auditlog-logrotationtime parameter 389
auditlog-logrotationtimeunit parameter 390
auditlog-maxlogdiskspace parameter 386
auditlog-maxlogsize parameter 387
auditlog-maxNumOfLogsPerDir parameter 388
auditlog-minfreediskspace parameter 389
authentication 289
access control and 100
certificate-based 293
glossary entry 515
LDAP URLs and 453
authentication certificates glossary entry 515
authmethod keyword 139
|
B |
backing up the database 74
backslash, in parameter values 369
base 64 encoding 40
base DN, ldapsearch and 203
binary data, LDIF and 40
bind failures, account lockout and 158
bind rules
access at specific time or day 99
LDIF example 146
Server Manager example 117
access based on attribute value
example 135
overview 98
access based on authentication method 100
LDIF example 139
Server Manager example 120
access from a specific location 99
LDIF example 145
Server Manager example 119
ACI language syntax 126
anonymous access 96
LDIF example 133
Server Manager example 109
Boolean
example 140
overview 100
general access
example 133
overview 97
group access 98
LDIF example 134, 135
Server Manager example 113
LDAP URLs 97
LDIF keywords for 132
overview 95
syntax 95
user access 97
LDIF example 133
parent 98
self 98
Server Manager example 111
Bind to Server field 27
bindDN
directory tree access and 27
glossary entry 515
Boolean bind rules
example 140
overview 100
Boolean operators, in search filters 194
browser glossary entry 516
|
C |
cache
specifying maximum entries 271, 446
specifying size in bytes 445
cache hit ratio 263
certificate
mapping to a DN 294
password 30
Certificate and Key Directory parameter 390
certificate database
password 293
certificate-based authentication 293
replication and 293
certification authority glossary entry 516
CGI glossary entry 516
change log
access control and 307
configuring for CIR 306
configuring for SIR 300
consumer access to 307
expiration of entries 77
synchronization and 322, 324
change operations 234
add 239
delete 239
replace 239
Changelog DB Directory parameter 391
Changelog DB Suffix parameter 392
changetypes
add 235
delete 242
modify 239
character type 456
Check Password Syntax parameter 392
checking password syntax 154
checking the database schema 52
checkpoint interval 439
ciphers
described 291
list of 291, 396
selecting 291
ciphertext glossary entry 516
CIR agreements
editing 310
connection type 310
consumer 310
description 310
name 310
replicated content 310
schedule 310
client
glossary entry 516
using to find entries 189
client authentication, replication and 305, 311
code page 455
collation order
overview 456
search filters and 205
command line
monitoring database from 266
monitoring server from 258
providing input from 224
command-line scripts 33
bak2db 34, 76
db2bak 34, 74
db2ldif 34
finding 33
getpwenc 34
ldif2db 34
monitor 34
restart-slapd 34
start-slapd 34
stop-slapd 35
vlvindex 35
command-line utilities
certificate-based authentication and 293
db2index 176
db2ldif 65
ldapdelete 230
ldapmodify 224, 225, 226, 428
ldapsearch 191-205
ldif 40
ldif2index 176
ldif2ldbm 70, 71, 72
location of 32
PATH variable and 33
start 29
stop 29
table of 31
commands
export 64
import 68
commas, in DNs 196, 224
ACI targets and 128, 147
specifying LDIF entries with 43, 45
specifying suffix with 41, 42, 46
using ldapsearch with 205
Compare rights 94
compound search filters 193
configuration files
location of 35
slapd.conf 35
slapd.dynamic_ldbm.conf 35
slapd.ldbm.conf 173
configuration parameters 367-448
changing
using Server Console 368
using slapd.conf 368
connections
monitoring 257-258, 259, 260
viewing number of 255
consistency updates 80
consumer server
adding
for supplier-initiated replication 303
glossary entry 516
trust database and 293
consumer-initiated replication
adding suppliers 310
change log access 307
duplicating agreements 310
glossary entry 516
overview 298
replication algorithm 323-324
using SSL 311
continued lines
in LDIF 39
in LDIF update statements 234
conventions, in this book 23
converting database to LDIF
from the command-line 65
using Server Console 64
copiedFrom attribute 321, 323
counter, password failures 156, 158
country code 457
CPU cycles, index files and 167
creating the directory 46
crypt encryption 155, 422
|
D |
daemon
glossary entry 516
dash, in change operation 234
database
backing up 74
controlling access 89-146
converting to LDIF
from the command-line 65
using Server Console 64
costs of indexing 165
creating using LDIF 46
extending the schema 51-61
integrity update interval 83
maintaining relationships 80
managing with LDIF 63-73
monitoring from command-line 266-269
monitoring from server console 261-266
referential integrity 80
restoring 75-76, 85
restoring with replicated entries 77
schema checking 52
selecting for monitoring 260
updating 165, 233
viewing backend information 260
database backups
creating 74
deleting 76
location of files 74
online 73, 74, 75
overview 73
Database Checkpoint Interval parameter 86, 439
Database Durable Transactions parameter 87, 441
database files, directory for 441
database parameter 439
database schema
checking 52
creating new attributes 59
creating new object classes 54
defined 428
deleting attributes 61
deleting object classes 57
editing object classes 56
extending 51-61
standard 51
viewing attributes 58
viewing object classes 53
database server parameters 436-448
Attribute to be Indexed 167, 438
database 439
Database Checkpoint Interval 86, 439
Database Durable Transactions 87, 441
Database Transaction Log Directory 85, 442
DB Directory 441
dynamicconf 35, 440
Maximum Cache Size 445
Maximum DB Cache size in bytes 271
Maximum Entries in Cache 271, 445
mode 446
Read-only 262, 447
Root DN 426
Root Password 269, 426
Root Password Storage Scheme 427
Suffix 79, 447
table of 436
Database Transaction Log directory parameter 85, 442
database transaction logging
checkpoint interval 86
described 85
durable transactions 87
log file location 85
date format 456
dayofweek keyword 139
DB Directory parameter 441
db_home_directory parameter 443
db2index utility
parameters 176
db2ldif utility
example of use 66, 67
exporting LDIF with 65
parameters 66
debug level, specifying 66, 71, 176, 407
default indexes 168
defining
attributes 59
object classes 54
Delete rights 94
deleting
ACI 108
ACR 108
attribute values 242
attributes 239, 241
attributes from an object class 55, 56, 57
database backups 76
entries 242
database integrity and 80
synchronization and 342
LDIF files 73
multiple attributes 239
object classes 57
denying access 93
precedence rule 93
using LDIF 130
DES cipher 291, 293
directory creation 46
directory server
international character sets 455
internationalization and 455
MIB 358
monitoring 253-260
from command line 258
from server console 254
monitoring database
from command line 266
monitoring from server console 254-258
performance counters 253-260
SNMP traps 357
starting and stopping 28
supported languages 457
Directory Server Console
backing up database 73
directory server console, capabilities of 26
Directory Server Entry (DSE), searching 203
Directory Server gateway
glossary entry 516
schema checking and 428
directory service glossary entry 516
directory trees
finding entries in 195
machine data 325
mapping to URLs 329
disk space
access log and 246
index files and 166
log files and 253
distinguished names
for replication 430
glossary entry 516
root 426
specifying local database suffix 447
synchronization and 347
dn field (LDIF) 38
dn.dbb file 171
dn2id.dbb file 171
DNS alias glossary entry 517
dns keyword 138
Domain Name System (DNS) glossary entry 516
domain, access from specific 99
DSE See Directory Server Entry
durable transactions 87, 441
dynamic parameter changes 35, 440
dynamically creating indexes 173
dynamicconf parameter 35, 440
|
E |
enabling NT synchronization service 414
Encrypted Port Number parameter
description and syntax 395
viewing and changing 273
encryption
crypt 155
password 155
replication and 304, 311
root password 426, 427
SHA 155
specifying password storage scheme 421
Encryption Alias parameter 395
Encryption Ciphers parameter 396
encryption method, for root password 426, 427
end of file marker 224
entries
adding
using Directory tab 214-222
using LDIF update statements 235
adding using LDIF 225
cache hit ratio 263
creating
synchronization and 337, 340
using LDIF 41-45
deleting 230-233
synchronization and 342
using ldapdelete 230
using LDIF update statements 242
using Server Console 223
finding 195
maintaining relationships 80
managing
using Directory tab 214-223
using Server Console 214-223
mapping to URLs 329
modifying 226-243
synchronization and 342
using ldapmodify 226
using LDIF update statements 239
moving 238
order of creation 225
order of deletion 230, 243
renaming 238
root 46
targeting 91
working with 213-243
entry cache hit ratio 263
environment variables
LDAP_BASEDN 203
overview 33
EOF marker 224
equality index 162
equality search 192
example 194
international example 210
Error log
manually disabling 249
error log
configuring 249
manually rotating 253
specifying 397
turning off 249
turning on 249
viewing 248
Error Log parameter
description and syntax 397
viewing and changing 249
errorlog-logexpirationtime parameter 399
errorlog-logexpirationtimeunit parameter 399
errorlog-logging-enabled parameter 398
errorlog-logrotationtime parameter 402
errorlog-logrotationtimeunit parameter 403
errorlog-maxlogdiskspace parameter 400
errorlog-maxlogsize parameter 400
errorlog-maxNumOfLogsPerDir parameter 401
errorlog-minfreediskspace parameter 402
expiration of passwords
overview 153
slapd.conf parameter 418
warning message 154
export command 64
extending the directory schema 51-61
|
F |
file extension glossary entry 517
file type glossary entry 517
files
access log 246
containing search filters 200
database backup 74
dn.dbb 171
dn2id.dbb 171
EOF marker 224
error log 248
id2children.dbb 171
id2entry.dbb 171
locating configuration 35
slapd.conf 35, 368-369, 427
slapd.dynamic_ldbm.conf 35
slapd.ldbm.conf 70, 173
finding
attributes 192
entries 195
supported suffixes 203
fonts, in this book 23
format, LDIF 38
|
G |
general access
example 133
overview 97
general server parameters 370-383
Access Log 376
Account Lockout 383
Account Lockout Scheme 156
attribute 383
Audit Log 251, 384
Certificate and Key Directory 390
Changelog DB Directory 391
Changelog DB Suffix 392
Check Password Syntax 392
Encrypted Port Number 273, 395
Encryption Alias 395
Encryption Ciphers 396
Error Log 249, 397
Idle Time Out 270
Lockout Duration 406
Log Level 407
Look Through Limit 271, 444
Max Changelog Age 409
Max Changelog Records 409
Max File Descriptors 270
Maximum Password Failures 411
maxthreadsperconn 412
NLS 413
NT Synchronization Service Enabled 414
NT Synchronization Service Port Number 414
Number of Passwords to Remember 416
objectClass 416
orcauto 394
order of precedence 369
Password Change 417, 421
Password Expiration 418
Password History 418
Password Maximum Age 419, 420
Password Minimum Length 420
Password Storage Scheme 150, 421
Port Number 273, 422
Referral 328, 423
Reset Password Failure Count After 425
Schema Check 52, 428
Send Warning 429
Size Limit 270, 430
Supplier DN 299, 430
Supplier Password 431
Supplier SSL Clients 300, 431
threadnumber 432
Time Limit 270, 433
Track Modifies 433
Unlock Account 434
glossary of terms 515-521
greater than or equal to search
international example 211
overview 193
groupdn keyword 134
groupdnattr keyword 134
groups
access control and 96
LDIF example 134, 135
Server Manager example 113
access to directory 98
creating
synchronization and 341
permissions for 144
|
H |
hostnames glossary entry 517
HTML glossary entry 517
HTTP glossary entry 517
HTTPD glossary entry 517
HTTP-NG glossary entry 517
HTTPS glossary entry 517
|
I |
id field (LDIF) 38
id2children.dbb file 171
id2entry.dbb file 171
Idle Time Out parameter
viewing and changing 270
idletimeout parameter 403
illegal strings, passwords 154
import command 68
importing LDIF
from the command-line 70
using Server Console 68
index files
defaults maintained by directory server 171
directory for 441
specifying cache size 445
indexes
approximate 162, 167
cost of 164-167
creating 167
dynamically 173-176
from Server Console 171
from slapd.conf 173
defaults maintained by directory server 168
dynamic changes to 173-176
equality 162
of existing attributes 176
International 164
international 164
managing 159-180
presence 161, 168
specifying type 438
substring 163, 167
system defaults 168
system resources and 166
types of 161
instancedir parameter 404
interaction table 361
international character sets 455
International index
overview 164
international searches 205-211
equality 210
examples 209
greater than 211
greater than or equal to 211
less than 210
less than or equal to 210
matching rule filter syntax 206
substring 211
using OIDs 207
internationalization
character type 456
collation order 456
country code 457
date format 456
indexing and 164
language tag 457
locales and 455
location of files 413, 456
matching rule filters 206
modifying entries 243
monetary format 456
object identifiers and 457
of LDIF files 49
search filters and 205
supported languages 455
supported locales 457
time format 456
ioblocktimeout parameter 404
IP address glossary entry 517
ip keyword 137
|
J |
jpeg images 40
|
L |
language code
in LDIF entries 49
list of supported 457
language support 455
language tag 457
searching and 205
specifying using locales 457
language tags
described 457
in international searches 208
in LDIF update statements 243
LDAP clients
certificate-based authentication and 293
database schema and 51
glossary entry 517
monitoring database with 266
monitoring server with 258
using to find entries 189
LDAP Data Interchange Format (LDIF) 67
access control keywords
authmethod 139
dayofweek 139
dns 138
groupdn 134
groupdnattr 134
ip 137
target 127
targetattr 129
targetfilter 130
timeofday 138
userdn 133
userdnattr 134
ACI language syntax and 125
binary data 40
converting to
from the command-line 65
using Server Console 64
deleting files 73
entry format 38
Organization 41
Organizational Person 44
Organizational Unit 42
example 48
glossary entry 518
importing
Maximum DB Cache size in Bytes parameter and 271
with ldif2ldbm 70
with Server Console 68
internationalization and 49
line continuation 39
managing databases with 63-73
reasons for converting to 64
Server Console and 225
update statements 233
using to create directory 46
LDAP search filters
DNs with commas and 205
in targets 92
examples 122, 130
LDAP URLs
access control and 97
components of 449
described 449-453
examples 452
security and 453
syntax 449
LDAP_BASEDN environment variable 203
ldapdelete utility
deleting entries 230
DNs with commas and 224
example of use 233
parameters 230
ldapmodify utility 428
creating multiple entries 225
DNs with commas and 224
example of use 229
location of 32
modifying entries 226
parameters 227
schema checking and 226
smart referrals and 329
using with internationalized entries 243
vs. ldapdelete 226
LDAPReplica object class 325
ldapsearch utility
base DN and 203
DNs with commas and 196, 205
example of use 202
format 196
international searches 205
limiting attributes returned 204
parameters
commonly used 197
optional 199
SSL 198
search filters 191
specifying files 204
using 195
verbose mode 202
LDAPServer object class 325
LDIF
specifying entries
organization 41
organizational person 44
organizational unit 43
LDIF entries
binary data in 40
commas in 41, 43, 45, 46
creating 41-49
Organizational People 44
Organizational Units 42
Organizations 41
internationalization and 49
LDIF files
continued lines 39
creating directory using 46
creating multiple entries 225
database management and 63
deleting 73
example 48
importing
from the command-line 70
using Server Console 68
importing from Server Console 225
internationalization and 49
setting access controls 125-147
LDIF format 38
LDIF update statements 233-243
adding attributes 239
adding entries 235
continued lines 234
deleting attribute values 242
deleting attributes 241
deleting entries 242
format of 234
functions of 233
modifying attribute values 240
modifying entries 239
ldif utility
converting binary data to LDIF 40
location of 32
ldif2index utility
indexing existing attributes 176
location of 32
ldif2ldbm utility
example of use 72
importing LDIF with 70
location of 32
parameters 71
length, password 154, 420
less than or equal to search
international example 210
syntax 193
less than search
international example 210
syntax 193
Lightweight Directory Access Protocol (LDAP)
glossary entry 518
managing settings 272
listenhost parameter 405
locales
defined 455
location of files 456
supported 457
localuser parameter 406
locked accounts 156, 157
lockout duration 156, 158
Lockout Duration parameter 406
log files
access 376
change 322, 324
database transaction 85
error 397
location of 253
manually rotating 253
monitoring 245-253
Security Accounts Manager (SAM) 337
synchronization service event log 346
Log Level parameter
description and syntax 407
Look Through Limit parameter
description and syntax 444
role in searching algorithm 161
viewing and changing 271
|
M |
machine data 325
machine, access from specific 99
mail accounts
creating automatically 350
synchronizing 350
managed device
managed device-initiated communication 357
overview 355
managed object 356
management information base, See MIB
Manager tab 269
manual synchronization with NT 350
manually rotating log files 253
master agent
overview 356
Unix 356
Windows NT 356
matchingRule format 207
using language tag 208
using language tag and suffix 209
using OID 207
using OID and suffix 208
Max Changelog Age parameter 409
Max Changelog Records parameter 409
Max File Descriptors parameter
viewing and changing 270
maxbersize parameter 411
maxdescriptors parameter 410
Maximum Cache Size parameter
description and syntax 445
Maximum DB Cache size in bytes parameter
viewing and changing 271
Maximum Entries in Cache parameter
description and syntax 445
viewing and changing 271
Maximum Password Failures parameter
description and syntax 411
maxthreadsperconn parameter 412
MD5 message authentication 292
glossary entry 518
signature 518
MD5 signature glossary entry 518
memory
controlling amount used 167
index files and 167
Maximum DB Cache size in Bytes parameter and 271
messaging server, creating accounts automatically 350
metaphone phonetic algorithm 162
MIB
directory server 358
location of 358
netscape-ldap.mib 358
entries table 361
interaction table 361
operations table 359
overview 356
minimum length of passwords 154
minimum password length 420
mode parameter 446
modifying
attribute values 240
entries 239
international entries 243
monetary format 456
monitoring
database from command-line 266-269
database from server console 261-266
server from server console 254-258
moving entries 238
multiple indexes, cost of 165
multiple search filters 193
|
N |
nagle parameter 413
Netscape MIBs 358
Netscape NT Directory Synchronization service 336
netscape-ldap.mib 358
entries table 361
interaction table 361
location of 358
operations table 359
network management station (NMS)
NMS-initiated communication 357
network settings, viewing and changing 272
new attributes, creating 59
NIS
glossary entry 518
NLS parameter 413
ns-slapd
glossary entry 518
location of 32
NT Synchronization Service Enabled parameter
description and syntax 414
NT Synchronization Service Port Number parameter
description and syntax 414
NTGroup object class 338
ntGroupCreateNewAccount 342
ntGroupDomainId attribute 341
ntsynchusessl parameter 415
NTUser object class 337
ntUserCreateNewAccount attribute 342
ntUserDomainId attribute 340
Number of Passwords to Remember parameter 416
|
O |
object class
creating 54
deleting 57
editing 56
glossary entry 518
name 55
OID 55
parent object 55
standard 51
viewing 53
object classes
standard 53
user-defined 53
object identifier
glossary entry 519
object identifier (OID) 457
attribute 60
in matchingRule 207
object class 55
objectClass field (LDIF) 38
objectClass parameter 416
OID
glossary entry 519
OID, See object identifier
online backups
creating from command line 75
creating from server console 74
creating using db2bak 74
operating system environment variables 33
operations table 359
operations, defined 255
operators
Boolean 194
international searches and 205
search filters and 192
suffix 206
optional attributes
creating 55
deleting 55, 57
editing 56
editing in object class 56
orcauto parameter 394
organization, specifying entries for 41
organizational person, specifying entries for 44
organizational unit, specifying entries for 42
|
P |
parent access 98
parent object 55
password
parameters 152
policy 149-158
Password Change parameter 417, 421
password encryption, types of 422
Password Expiration parameter 418
password file 30
glossary entry 519
Password History parameter 418
Password Maximum Age parameter 419, 420
Password Minimum Length parameter 420
password policies
account lockout 156, 157
change after reset 152
expiration warning 154
lockout duration 156, 158
managing 149-158
modifying 150
overview 149-155
password expiration 153
password failure counter 156, 158
password history 155
password length 154
password storage scheme 155
overview 155
setting up 150
syntax checking 154
user defined passwords 153
password policy
parameters 152
password storage scheme
configuring 155
overview 149
Password Storage Scheme parameter
configuring 150
description and syntax 421
passwords
account lockout 156, 157
certificate 30
changing after reset 152
encryption of 155
encryption types 422
expiration 153, 418
expiration warning 154, 429
failure counter 156, 158
history 155
illegal strings 154
lockout duration 156, 158
managing 149-158
maximum age 419, 420
minimum length 154, 420
modifying preferences 150
resetting 158
reusing 155, 418
root 426
root DN 269
setting 158
setting preferences for 150
supplier 431
synchronizing changes with NT 337
syntax checking 154, 392
user defined 153
PATH variable 33
PDUs 356
performance counters 254, 261
Database tab 261
monitoring the server with 253-260
Server tab 254
performance tuning 269
database 271
server 270
permissions
ACI language syntax 126
allowing or denying access 93
using LDIF 130
assigning rights 94
using LDIF 130
defining
for all users 141
for group of users 144
for single user 142
overview 93
precedence rule 93
specifying for index files 446
Port Number parameter
description and syntax 422
viewing and changing 273
port numbers
less than 1024 422
NT synchronization service 414
synchronization service 345
pound symbol, in slapd.conf 369
precedence rule 93
preferences, security 291
presence index
defaults 168
overview 161
presence search
example 194
syntax 193
protocol data units, See PDUs
protocol glossary entry 519
public-key encryption glossary entry 519
pw_change parameter 417
pw_exp parameter 418
pw_history parameter 418
pw_inhistory parameter 416
pw_lockout parameter 383
pw_lockoutduration parameter 406
pw_maxage parameter 419
pw_maxfailure parameter 411
pw_minage parameter 420
pw_minlength parameter 420
pw_must_change parameter 421
pw_resetfailurecount parameter 425
pw_syntax parameter 392
pw_unlock parameter 434
pw_warning parameter 429
|
Q |
quotation marks, in parameter values 196, 224, 369
|
R |
RAM glossary entry 519
rc.local
glossary entry 519
RC2 cipher 291, 292
RC4 cipher 291, 292
Read rights 94
read-only mode 262
Read-only parameter 262, 447
redirection 327
ref attribute 331
referential integrity
described 80
disabling 82
specifying attributes to update 84
update interval 83
referral object class 331
Referral parameter 328
description and syntax 423
role in searching algorithm 160
Suffix parameter and 447
referrals
example 331
ldapsearch parameter 201
number of hops 201
overview 327
smart 329
URLs 328
relative distinguished name glossary entry 519
renaming entries
database integrity and 80
restrictions 238
replacing attribute values 239
replicated entries, restoring database with 77
replication
consumer-initiated 298
glossary entry 519
overview 298
restoring database 77
SSL and 304, 311
Supplier DN parameter 430
supplier-initiated 298
replication agreements
adding a consumer 303
adding a supplier 310
creating for CIR 308
creating for SIR 301
duplicating 303, 310
editing for CIR 310
editing for SIR 304
glossary entry 519
required attributes
creating 55
deleting 55, 57
editing 56
reservedescriptors parameter 424
Reset Password Failure Count After parameter 425
resetting passwords 158
Resource Summary
viewing 255
resource use, connections 257-258
resource use, monitoring 256-258
restoring database
using bak2db 76
restoring the database 75-76, 85
result_tweak parameter 426
reusing passwords 155, 418
RFC glossary entry 519
rights
list of 94
setting
using LDIF 130
root
glossary entry 519
Root DN parameter
description and syntax 426
Suffix parameter and 79
root DN password
managing 269
root DSE, searching 203
root entry creation 46
Root Password parameter 269, 426
Root Password Storage Scheme parameter 427
root password, root DN and 427
|
S |
SASL, See Simple Authentication and Security Layer
scheduling
NT synchronization service 349
schema
checking 52
creating new attributes 59
creating new object classes 54
deleting attributes 61
editing object classes 56
extending 51-61
glossary entry 520
searching 203
standard 51
targets and 92
viewing attributes 58
viewing object classes 53
Schema Check parameter
description and syntax 428
turning schema checking on or off 52
schema checking
attribute parameter and 383
glossary entry 520
ldapmodify and 226
objectclass parameter and 416
overview 52
turning on or off 52
schema entry, searching 203
schema rules, defining 416
search filters 191-195
Boolean operators 194
contained in file 204
examples 191, 194
matching rule 206
operators in 192
specifying attributes 192
specifying file 200, 232
syntax 191
using compound 193
using multiple 193
search operations
limiting entries checked 444
limiting entries returned 430
setting time limits 433
Search rights 94
search types, list of 192, 205
searches
approximate 193
equality 192, 194, 210
example 202
greater than or equal to 193, 211
international 205
international examples 209
less than 210
less than or equal to 193, 210
of directory tree 195
presence 193, 194
restricting scope of one-level 171
restricting scope of subtree 171
sort criteria 201
specifying scope 198
substring 192, 211
searching algorithm, process described 160-161
Secure Sockets Layer (SSL)
access control and 100
certificate password 30
enabling 289
Encrypted Port Number parameter 395
Encryption Ciphers parameter 396
glossary entry 520
replication and 304, 311
security parameter 428
server startup and 30
setting preferences 291
specifying directory location 390
security
certificate-based authentication 293
Encrypted Port Number parameter 395
Encryption Ciphers parameter 396
LDAP URLs and 453
setting preferences 291
specifying SSL directory location 390
Security Accounts Manager (SAM) log file 337
security parameter 428
self access 98
LDIF example 133
Server Manager example 110
Selfwrite rights
description 94
example 123
Send Warning parameter 429
Server Console
changing configuration parameters 368
converting to LDIF 64
creating indexes 171
glossary entry 520
importing LDIF with 68
monitoring server with 254
restoring database 75
setting access controls 101-125
setting account lockout policies 156-158
setting password policies 149-155
server console
capabilities of 26
server daemon glossary entry 520
server parameters
database 436-448
Attribute to be Indexed 167, 438
database 439
Database Checkpoint Interval 86, 439
Database Durable Transactions 87, 441
Database Transaction Log Directory 85, 442
DB Directory 441
dynamicconf 35, 440
Maximum Cache Size 445
Maximum DB Cache size in Bytes 271
Maximum Entries in Cache 271, 445
mode 446
Read-only 262, 447
Root DN 426
Root Password 269, 426
Root Password Storage Scheme 427
Suffix 79, 447
general 370-383
Access Log 246, 376
Account Lockout 383
Account Lockout Scheme 156
attribute 383
Audit Log 251, 384
Certificate and Key Directory 390
Changelog DB Directory 391
Changelog DB Suffix 392
Check Password Syntax 392
Encrypted Port Number 273, 395
Encryption Alias 395
Encryption Ciphers 396
Error Log 249, 397
Idle Time Out 270
Lockout Duration 406
Log Level 407
Look Through Limit 271, 444
Max Changelog Age 409
Max Changelog Records 409
Max File Descriptors 270
Maximum Password Failures 411
maxthreadsperconn 412
NLS 413
NT Synchronization Service Enabled 414
NT Synchronization Service Port Number 414
Number of Passwords to Remember 416
objectClass 416
orcautor 394
Password Change 417, 421
Password Expiration 418
Password History 418
Password Maximum Age 419, 420
Password Minimum Length 420
Password Storage Scheme 150, 421
Port Number 273, 422
Referral 328, 423
Reset Password Failure Count After 425
Schema Check 52, 428
Send Warning 429
Size Limit 270, 430
Supplier DN 299, 430
Supplier Password 431
Supplier SSL Clients 300, 431
threadnumber 432
Time Limit 270, 433
Track Modifies 433
Unlock Account 434
server root glossary entry 520
Server Selector glossary entry 520
server service glossary entry 520
servers, updating consumers 77
service glossary entry 520
Services Control Panel 29
setting passwords 158
SHA encryption 155, 422
simple authentication 100
Simple Authentication and Security Layer (SASL), access control and 100
Simple Network Management Protocol, See SNMP
single user, permissions for 142
SIR agreements
editing 304
connection type 304
consumer 304
description 304
name 304
replicated content 304
schedule 304
Size Limit parameter
description and syntax 430
role in searching algorithm 160
viewing and changing 270
slapd glossary entry 520
slapd.at.conf file, schema checking and 428
slapd.conf file
and dynamic changes 35, 440
changing configuration parameters 368
creating indexes from 173
format of 368-369
location of 35
overview 35
root password and 427
schema checking and 428
slapd.dynamic_ldbm.conf file
overview 35
slapd.ldbm.conf file 173
creating indexes using 173
creating international indexes using 173
example 174
international indexes and 173
ldif2ldbm and 70
slapd.oc.conf file, schema checking and 428
smart referrals
creating 329
example 331
ldapsearch parameter 201
SNMP 355-366
agents 356
AIX SNMP daemon 364
configuring 363-366
managed device 355, 357
managed objects 356
master agent
overview 356
Unix 356
Windows NT 356
MIB
entries table 361
interaction table 361
location of 358
operations table 359
NMS-initiated communication 357
overview 355
SNMP tab 365
subagent
configuring 365
configuring contact 366
configuring description 366
configuring location 366
configuring master host 365
configuring master port 365
configuring organization 366
enabling 365
overview 356
starting and stopping on Unix 365
tab 365
traps 357
Solaris, thread concurrency 257, 260
sort criteria 201
special characters, in parameters values 369
standard
attributes 51, 58
database schema 51
object classes 51, 53
standard index files 171
Start at field 349
starting the directory server 28
status, synchronization 351
stopping the directory server 28
styles, in this book 23
subagent
configuring 365
enabling 365
overview 356
starting and stopping on Unix 365
substring index
CPU cycles and 167
overview 163
when to use 167
substring search 192
international example 211
Suffix parameter
commas in DN and 448
description and syntax 447
managing 79
Referral parameter and 423
superuser
glossary entry 521
Supplier DN parameter
configuring 299
description and syntax 430
Supplier Password parameter
configuring 300
description and syntax 431
supplier server
adding
for consumer-initiated replication 310
glossary entry 521
restoring database 77
trust database and 293
Supplier SSL Clients parameter
description and syntax 431
viewing and changing 300
supplier-initiated replication
adding consumers 303
duplicating agreements 303
glossary entry 521
overview 298
replication algorithm 321-323
using normal bind 300
using SSL 304
symmetric encryption glossary entry 521
synchronization
automatic creation of mail accounts 350
concurrently changing entries 343
configuring 344
directory server to NT 339
creating entries 340
creating groups 341
deleting entries 342
modifying entries 342
multiple synchronization services 339
NTGroup object class 341
ntGroupCreateNewAccount 342
ntGroupDomainId attribute 341
NTUser object class 340
ntUserCreateNewAccount 342
ntUserDomainId attribute 340
disabling 348
event log file location 346
manual 350
NT to directory server 336
add all users 339
creating entries 337
finding changes 337
NTGroup object class 338
NTUser object class 337
scheduling 349
Start at field 349
starting and stopping 351
status 351
Synchronize every field 349
synchronization service 336
enabling 414
port number 414
Synchronize every field 349
syntax
ACI language 126-140
attribute value 60, 61
bind rules 95
LDAP URLs 449
ldapsearch 196
LDIF update statements 234
matching rule filter 206
password 154, 392
search filter 191
specifying for attribute name 383
system connections
monitoring 257-258
system indexes 168
system resources
cost of indexing 166
monitoring 256-258
|
T |
tabs
Manager 269
performance counters 254, 261
SNMP 365
target keyword 127
targetattr keyword 129
targetfilter keyword 130
targeting
ACI language syntax 126
attributes 91
directory entries 91
DNs containing commas 128, 147
LDIF keywords for 127
overview 90
using LDAP search filters 92
using LDAP URLs 97
using LDIF 127
wildcards and 91
TCP/IP glossary entry 521
terms, in this book 23, 515-521
thread concurrency, on Solaris 257
threadnumber parameter 432
threads, monitoring 257, 259-260
time format 456
Time Limit parameter
description and syntax 433
role in searching algorithm 160
viewing and changing 270
timeofday keyword 138
Track Modifies parameter
description and syntax 433
transaction logging
checkpoint interval 439
durable transactions 441
traps 357
Triple DES cipher 291, 292, 293
trivial words 154
tuning performance 269
database 271
server 270
|
U |
uid
glossary entry 521
Uniform Resource Locators, See URLs
Unix
AIX SNMP daemon 364
master agent 356
Unlock Account parameter 434
URL
glossary entry 521
LDAP 423, 449-453
referrals and 328
user access 96
LDIF example 133
Server Manager example 111
to child entries 98
to directory 97
to own entry 98
LDIF example 133
Server Manager example 110
user defined passwords 153
userat parameter 435
user-defined attributes 58
user-defined object classes 53
userdn keyword 133
userdnattr keyword 134
useroc parameter 435
users, account lockout 156, 157, 158
UTF-8 455
|
V |
viewing
attributes 58
|
W |
warning, password expiration 154, 429
white space, in parameter values 369
wildcards
in international searches 209
in matching rule filters 209
in targets 91
Windows NT
directory server NT synchronization configuration tool 343
directory server to NT synchronization 339
master agent 356
NT to directory server synchronization 336
schedule 349
setting up synchronization 344
synchronizing with directory server 336
Write rights 94
|
X |
X.500 standard glossary entry 521
|
|
|
|