Netscape NETSCAPE DIRECTORY SERVER 6.0, Configuration Manual

Page 1: ...Configuration Command and File Reference Netscape Directory Server Version6 0 December 2001...

Page 2: ...2001 Netscape Communications Corporation All rights reserved Portions of the Software copyright 1995 PEER Networks Inc All rights reserved The Software contains the Taligent International Classes from...

Page 3: ...d Line Scripts 21 Chapter 2 Core Server Configuration Reference 23 Server Configuration Overview 23 LDIF Configuration Files Location 25 Schema Configuration Files Location 25 How the Server Configura...

Page 4: ...attribute name exceptions 41 nsslapd auditlog Audit Log 41 nsslapd auditlog list 42 nsslapd auditlog logexpirationtime Audit Log Expiration Time 42 nsslapd auditlog logexpirationtimeunit Audit Log Ex...

Page 5: ...rt Port Number 61 nsslapd privatenamespaces 61 nsslapd readonly Read Only 62 nsslapd referral Referral 62 nsslapd referralmode Referral Mode 63 nsslapd reservedescriptors Reserved File Descriptors 63...

Page 6: ...cn encryption 81 nssslsessiontimeout 81 nssslclientauth 81 nsssl2 82 nsssl3 82 nsssl3ciphers 82 cn features 84 cn mapping tree 84 Suffix Configuration Attributes Under cn dc example dc com 85 nsslapd...

Page 7: ...5ReplicaTransportInfo 98 nsDS5ReplicaUpdateInProgress 98 nsDS5ReplicaUpdateSchedule 99 nsDS50ruv 99 cn monitor 99 connection 99 currentConnections 100 totalConnections 100 dTableSize 100 readWaiters 1...

Page 8: ...ntry String Syntax Plug in 115 Distinguished Name Syntax Plug in 116 Generalized Time Syntax Plug in 116 Integer Syntax Plug in 117 Internationalization Plug in 117 ldbm database Plug in 118 Legacy Re...

Page 9: ...b durable transactions 138 nsslapd db home directory 138 nsslapd db idl divisor 140 nsslapd db logbuf size 140 nsslapd db logdirectory 141 nsslapd db logfile size 141 nsslapd db page size 142 nsslapd...

Page 10: ...k conflicts 150 nsslapd db lock region wait rate 150 nsslapd db lock request rate 150 nsslapd db lockers 150 nsslapd db log bytes since checkpoint 150 nsslapd db log region wait rate 151 nsslapd db lo...

Page 11: ...eckInterval 159 nsBindConnectionsLimit 159 nsBindRetryLimit 160 nsBindTimeout 160 nsCheckLocalACI 160 nsConcurrentBindLimit 161 nsConcurrentOperationsLimit 161 nsConnectionLife 161 nsOperationConnecti...

Page 12: ...es 173 Log Files 174 Chapter 5 Access Log and Connection Code Reference 175 Access Log Content 175 Access Logging Levels 176 Default Access Logging Content 177 Connection Number 178 File Descriptor 17...

Page 13: ...ting Command Line Scripts 219 Command Line Scripts Quick Reference 220 Shell and Batch Scripts 222 bak2db Restore database from backup 223 db2bak Create backup of database 223 db2ldif Export database...

Page 14: ...entries 241 ns inactivate pl Inactivate an entry or group of entries 241 Appendix A Using the ns slapd and slapd exe Command Line Utilities 243 Overview of ns slapd and slapd exe Commands 243 ns slapd...

Page 15: ...line utilities provided with Directory Server This chapter contains the following sections Directory Server Overview page 15 Prerequisite Reading page 16 What Is In This Reference Guide page 16 Conve...

Page 16: ...ory service you can install the Directory Server The instructions for installing the various Directory Server components are contained in the Netscape Directory Server Installation Guide Managing Serv...

Page 17: ...ide Procedures for installing Directory Server as well as procedures for migrating your Directory Server Netscape Directory Server Deployment Guide Provides an overview for planning your deployment of...

Page 18: ...Related Information 18 Netscape Directory Server Configuration Command and File Reference December 2001...

Page 19: ...the Lightweight Directory Access Protocol LDAP The Directory Server is a robust scalable server designed to manage large scale directories to support enterprise wide directory of users and resources...

Page 20: ...hanges in the course of directory activity From a security standpoint such an overview can help customers detect errors and intrusion as they know what kind of changes to expect and what will be consi...

Page 21: ...ng the ns slapd and slapd exe Command Line Utilities Using Directory Server Command Line Scripts In addition to command line utilities several non configurable scripts are provided with the Directory...

Page 22: ...Using Directory Server Command Line Scripts 22 Netscape Directory Server Configuration Command and File Reference December 2001...

Page 23: ...all attributes The material is divided into the following sections Server Configuration Overview page 23 Accessing and Modifying Server Configuration page 28 Core Server Configuration Attributes Refer...

Page 24: ...ontained in the entry cn Telephone Syntax cn plugins cn config Similarly database specific configuration is stored under cn ldbm database cn plugins cn config and cn chaining database cn plugins cn co...

Page 25: ...fig schema For a full list of the LDIF configuration files that are supplied with Directory Server see Table 2 4 under Configuration Quick Reference Tables at the end of this chapter How the Server Co...

Page 26: ...ration Entry for Telephone Syntax Plug in on page 26 shows an example of the configuration entry for a plug in in this case the Telephone Syntax plug in Code Example 2 2 Configuration Entry for Teleph...

Page 27: ...and the cn UserRoot subtree contains all the configuration data for the first user defined database created during server installation The cn UserRoot subtree is called UserRoot by default However th...

Page 28: ...ctory Server Installation Guide and the Innosoft Distributed Directory Server Transition Guide Accessing and Modifying Server Configuration This section discusses access control for configuration entr...

Page 29: ...Server Administrator s Guide Changing Configuration Attributes You can view and change server attribute values in one of three ways You make the changes by using LDAP through Netscape Console by perf...

Page 30: ...tries in the Netscape Directory Server Administrator s Guide However certain changes do require the server to be restarted before they are taken into account See Configuration Changes Requiring Server...

Page 31: ...ributes If an attribute is added to cn config the server will ignore it If an invalid value is entered for an attribute this will be ignored by the server Since ldapdelete is used for deleting entire...

Page 32: ...he server configuration and how to change it see Server Configuration Overview on page 23 and Accessing and Modifying Server Configuration on page 28 For a list of the server features that are plug in...

Page 33: ...of the nsslapdConfig object class which in turn inherits from extensibleObject object class For attributes to be taken into account by the server both of these object classes in addition to the top ob...

Page 34: ...ess for example the number of entries returned For more information on turning access logging off see Chapter 12 Monitoring Server and Database Activity in the Netscape Directory Server Administrator...

Page 35: ...serverID logs access Syntax DirectoryString Example nsslapd accesslog usr netscape servers slapd serverID logs access Entry DN cn config Valid Range 0 No access logging 4 Logging for internal access o...

Page 36: ...iration Time Specifies the maximum age that a log file is allowed to reach before it is deleted This attribute supplies only the number of units The units are provided by the nsslapd accesslog logexpi...

Page 37: ...ttribute must be switched to on and the nsslapd accesslog configuration attribute must have a valid path and filename The table below lists the four possible combinations of values for these two confi...

Page 38: ...ons to the total amount of disk space that you want to be used by the access log nsslapd accesslog logminfreediskspace Access Log Minimum Free Disk Space Specifies the minimum allowed free disk space...

Page 39: ...logrotationtime attribute to 1 The server checks the nsslapd accesslog maxlogsperdir attribute first and if this attribute value is larger than 1 the server then checks the nsslapd accesslog logrotati...

Page 40: ...at can be contained in the directory where the access log is stored If you are using log file rotation then each time the access log is rotated a new log file is created When the number of files conta...

Page 41: ...the nsslapd auditlog logging enabled configuration attribute must be switched to on The table below lists the four possible combinations of values for these two configuration attributes and their out...

Page 42: ...rationtimeunit attribute Attributes in dse ldif Value Logging enabled or disabled nsslapd auditlog logging enabled nsslapd auditlog on empty string Disabled nsslapd auditlog logging enabled nsslapd au...

Page 43: ...og logging enabled configuration attribute must be switched to on The table below lists the four possible combinations of values for these two configuration attributes and their outcome in terms of di...

Page 44: ...nt to be used by the audit log nsslapd auditlog logminfreediskspace Audit Log Minimum Free Disk Space Specifies the minimum permissible free disk space in megabytes When the amount of free disk space...

Page 45: ...logsperdir attribute value to 1 or the nsslapd auditlog logrotationtime attribute to 1 The server checks the nsslapd auditlog maxlogsperdir attribute first and if this attribute value is larger than 1...

Page 46: ...it logs that can be contained in the directory where the audit log is stored If you are using log file rotation then each time the audit log is rotated a new log file is created When the number of fil...

Page 47: ...ed at the root DN then the nsslapd certmap basedn attribute may force the search to be based at some entry other than the root For further information see Chapter 11 Managing SSL in the Netscape Direc...

Page 48: ...enumber userpassword However RFC 2252 indicates that this attribute should be published as follows objectclasses 2 5 6 6 NAME person DESC Standard ObjectClass SUP top MUST objectclass sn cn MAY aci de...

Page 49: ...have a valid path and file name and the nsslapd errorlog logging enabled configuration attribute must be switched to on The table below lists the four possible combinations of values for these two con...

Page 50: ...t debugging 8 Connection management 16 Print out packets sent received 32 Search filter processing 64 Config file processing 128 Access control list processing 2048 Log entry parsing debugging 4096 Ho...

Page 51: ...ntimeunit attribute nsslapd errorlog logexpirationtimeunit Error Log Expiration Time Unit Specifies the units for the nsslapd errorlog logexpirationtime attribute If the unit is unknown by the server...

Page 52: ...of log files that can be created due to log file rotation Also remember that there are 3 different log files access log audit log and error log maintained by the Directory Server each of which will co...

Page 53: ...me Unit attribute Although it is not recommended for performance reasons to specify no log rotation as the log will grow indefinitely you have two ways of specifying this Either you set the nsslapd er...

Page 54: ...maxlogsperdir to 1 the server ignores this attribute When setting a maximum log size consider the total number of log files that can be created due to log file rotation Also remember that there are 3...

Page 55: ...tate the log and it will grow indefinitely If the value for this attribute is higher than 1 then you need to check the nsslapd errorlog logrotationtime attribute to establish whether or not log rotati...

Page 56: ...slapd lastmod Track Modification Time Specifies whether the Directory Server maintains the modification attributes for Directory Server entries These attributes include modifiersname The distinguished...

Page 57: ...his attribute Directory Server will only respond to requests sent to the interface that corresponds to the hostname provided on this attribute nsslapd localhost Local Host This read only attribute spe...

Page 58: ...ts prevents some kinds of denial of service attacks The limit applies to the total size of the LDAP request For example if the request is to add an entry and the entry in the request is larger than tw...

Page 59: ...se This number will differ depending on your operating system Some operating systems allow you to configure the number of file descriptors available to a process See your operating system documentatio...

Page 60: ...f this attribute is off the TCP_NODELAY option is set so that LDAP responses such as entries or result messages are sent back to a client immediately When the attribute is turned on default TCP behavi...

Page 61: ...4 requires the Directory Server to run as root If you are changing the port number for a configuration directory you must also update the corresponding Server Instance Entry in the configuration direc...

Page 62: ...receives a request for an entry not belonging to the local tree that is an entry whose suffix does not match the value specified on any of the suffix attributes For example suppose the database contai...

Page 63: ...index management and managing replication The number of file descriptors that the server reserves for this purpose subtracts from the total number of file descriptors available for servicing LDAP clie...

Page 64: ...s being unable to access your directory Therefore when you increase the value on this attribute you should also increase the value on the nsslapd maxdescriptors attribute Note that you may not be able...

Page 65: ...lients that can check the case of attribute names in results returned from the server ReplicationDescriptor NSupplierReplica 8 where NSupplierReplica is number of replicas in the server that can act a...

Page 66: ...sword Storage Scheme on page 67 When viewed from the server console this attribute shows the value When viewed from the dse ldif file this attribute shows the encryption method followed by the encrypt...

Page 67: ...erver Administrator s Guide Default Value N A Syntax DirectoryString encryption_method encrypted_Password Example nsslapd rootpw SSHA 9Eko69APCJfF Entry DN cn config Valid Range Any encryption method...

Page 68: ...nsslapd securePort Encrypted Port Number TCP IP port number used for SSL TLS communications This selected port must be unique on the host system make sure no other application is attempting to use th...

Page 69: ...s of the number found To set a no limit value whereby the Directory Server will wait indefinitely for the search to complete specify a value of 1 for this attribute in the dse ldif file This limit app...

Page 70: ...the search request as well as an exceeded time limit error When no limit is set ns slapd will return every matching entry to the client regardless of the time it takes To set a no limit value whereby...

Page 71: ...er Account Management in the Netscape Directory Server Administrator s Guide Entry DN cn config Valid range 1 to the maximum 32 bit integer value 2147483647 in seconds Default value 3600 Syntax Intege...

Page 72: ...For more information on password policies see Chapter 7 User Account Management in the Netscape Directory Server Administrator s Guide passwordExp Password Expiration Indicates whether user passwords...

Page 73: ...e passwordInHistory Number of Passwords to Remember Indicates the number of passwords the Directory Server stores in history Passwords that are stored in history cannot be reused by users By default t...

Page 74: ...tory Server Administrator s Guide passwordLockoutDuration Lockout Duration Indicates the amount of time in seconds during which users will be locked out of the directory after an account lockout The a...

Page 75: ...e passwordLockout attribute For more information on password policies see Chapter 7 User Account Management in the Netscape Directory Server Administrator s Guide passwordMinAge Password Minimum Age I...

Page 76: ...cult to crack but short enough that users can remember the password without writing it down For more information on password policies see Chapter 7 User Account Management in the Netscape Directory Se...

Page 77: ...Management in the Netscape Directory Server Administrator s Guide passwordStorageScheme Password Storage Scheme Specifies the type of encryption used to store Directory Server passwords Enter the pas...

Page 78: ...e of 0 then the account will be locked indefinitely For more information on password policies see Chapter 7 User Account Management in the Netscape Directory Server Administrator s Guide passwordWarni...

Page 79: ...by Netscape Meta Directory See Retro Changelog Plug in on page 125 of Chapter 3 Plug in Implemented Server Functionality Reference for further information regarding the Retro Changelog Plug in Multi m...

Page 80: ...ngelogdir nsslapd changelogmaxentries Max Changelog Records Specifies the maximum number of records the change log may contain If this attribute is absent there is no maximum number of records the cha...

Page 81: ...e duration of an SSL session for both SSLv2 and SSLv3 The minimum timeout value is 5 seconds and if you enter a value below this then it is automatically replaced by 5 seconds Values outside the valid...

Page 82: ...ciphers the Directory Server will use during SSL communications For more information on the ciphers supported by the Directory Server refer to Chapter 11 Managing SSL in the Netscape Directory Server...

Page 83: ..._des_sha rsa_3des_sha rsa_fips_3des_sha For TLS tls_rsa_export1024_with_rc4_56_sha tls_rsa_export1024_with_des_cbc_sha Default Value N A Syntax DirectoryString symbol to enable or symbol to disable fo...

Page 84: ...d to suffixes are found under the suffix subentry cn dc example dc com cn mapping tree cn config Replication configuration attributes are stored under cn replica cn dc example dc com cn mapping tree c...

Page 85: ...se or database link used to process requests This attribute can be multi valued with one database or database link per value This attribute is required when the value of the nsslapd state attribute is...

Page 86: ...e taken into account by the server this object class in addition to the top object class must be present in the entry Replication configuration attributes are presented in this section For further inf...

Page 87: ...entry you can only have one supplier bind DN per replication agreement The value can either be the DN of the local entry on the consumer server or in the case of an SSL connection the certificate iden...

Page 88: ...egarding purge operation properties nsDS5ReplicaId Specifies the unique ID for masters in a given replication environment nsDS5ReplicaLegacyConsumer If this attribute is absent or has a value of false...

Page 89: ...hange log When setting this attribute ensure that the purge delay is longer than the longest replication cycle in your replication policy to avoid incurring conflict resolution problems and server div...

Page 90: ...plicaTombstonePurgeInterval Specifies the time interval in seconds between purge operation cycles When setting this attribute bear in mind that the purge operation is time consuming Entry DN cn replic...

Page 91: ...Under cn ReplicationAgreementName cn replica cn dc example dc com cn mapping tree cn config The replication attributes that concern the replication agreement are stored under cn ReplicationAgreementNa...

Page 92: ...attribute can be modified nsDS5ReplicaBindDN Specifies the DN to use when binding The value of this attribute must be the same as the one in cn replica on the consumer replica This may be empty if ce...

Page 93: ...sed authentication is used this attribute may not have a value Please note that the example below is what you view not what you type Entry DN cn ReplicationAgreementName cn dc example dc com cn mapp i...

Page 94: ...t This optional read only attribute states when the initialization of the consumer replica started Default Value N A Syntax DirectoryString DES encrypted_password Example nsDS5ReplicaCredentials DES 9...

Page 95: ...Value N A Syntax GeneralizedTime Example nsDS5ReplicaLastInitStart YYYYMMDDhhmmssZ 20000902160000 Entry DN cn ReplicationAgreementName cn dc example dc com cn mapp ing tree cn config Valid Range 0 Co...

Page 96: ...it cannot be modified Entry DN cn ReplicationAgreementName cn dc example dc com cn mapp ing tree cn config Valid Range N A Default Value N A Syntax GeneralizedTime Example nsDS5ReplicaLastUpdateStart...

Page 97: ...llowed attribute specifies the number of seconds outbound LDAP operations will wait for a response from the remote replica before timing out and failing If you see Warning timed out waiting messages i...

Page 98: ...ions are used If this attribute is absent then regular LDAP connections are used This attribute cannot be modified once set nsDS5ReplicaUpdateInProgress This read only attribute states whether or not...

Page 99: ...present in the entry The cn monitor read only attributes are presented in this section connection List of open connections given in the following format connection 31 20010201164808Z 45 45 cn director...

Page 100: ...ns where some requests are pending and not currently being serviced by a thread in Directory Server opsInitiated Number of Directory Server operations initiated opsCompleted Number of Directory Server...

Page 101: ...lugins cn config on page 166 cn replication No attributes to document When configuring legacy replication it will be stored under this cn replication node which serves as a placeholder cn SNMP SNMP co...

Page 102: ...or maintaining the Directory Server nssnmpdescription Provides a unique description of the Directory Server instance Entry DN cn SNMP cn config Valid Range Organization name Default Value N A Syntax D...

Page 103: ...ks No attributes to document Entry DN cn SNMP cn config Valid Range Description Default Value N A Syntax DirectoryString Example nssnmpdescription Employee directory instance Entry DN cn SNMP cn confi...

Page 104: ...is maintained by the server You should not edit it Configuration Quick Reference Tables This section provides quick reference tables for LDIF configuration files supplied with the Directory Server ob...

Page 105: ...s 05rfc2927 ldif Schema from RFC 2927 MIME Directory Profile for LDAP Schema Contains the ldapSchemas operational attribute required for the attribute to show up in the subschema subentry 10rfc2307 Sc...

Page 106: ...ging Server to define mail users and mail groups 50ns mcd browser ldif Schema used by Netscape Mission Control Desktop to hold browser client preferences 50ns mcd config ldif Schema used by Netscape M...

Page 107: ...restart cn config cn ldbm nsslapd cachesize Modifying the cachesize attribute cn config cn ldbm nsslapd dbcachesize Modifying the dbcachesize attribute cn config cn ldbm nsslapd dbncache Modifying the...

Page 108: ...ence December 2001 cn encryption cn config nssslclientauth Enabling or disabling client authentication cn encryption cn config nssslsessiontimeout Changing the lifetime of an SSL session Table 2 5 Con...

Page 109: ...butes Allowed by Certain Plug ins page 132 Database Plug in Attributes page 133 Database Link Plug in Attributes chaining attributes page 156 Retro Changelog Plug in Attributes page 167 Overview The c...

Page 110: ...entry as shown in the following example Server Plug in Functionality Reference The following tables provide you with a quick overview of the plug ins provided with Directory Server 6 0 along with thei...

Page 111: ...ord followed by and then suffix es on which the check is to occur Dependencies None Performance Related Information None Further Information If your Directory Server uses non ASCII characters for exam...

Page 112: ...ts None Dependencies database Performance Related Information None Further Information Chapter 6 Managing Access Control in the Netscape Directory Server Administrator s Guide Plug in Name Binary Synt...

Page 113: ...mance Related Information Do not modify the configuration of this plug in Netscape recommends that you leave this plug in running at all times Further Information Plug in Name Case Exact String Syntax...

Page 114: ...ance Related Information Do not modify the configuration of this plug in Netscape recommends that you leave this plug in running at all times Further Information Plug in Name Chaining Database DN of C...

Page 115: ...not modify the configuration of this plug in Netscape recommends that you leave this plug in running at all times Further Information Chapter 5 Advanced Entry Management in the Netscape Directory Ser...

Page 116: ...s None Dependencies None Performance Related Information Do not modify the configuration of this plug in Netscape recommends that you leave this plug in running at all times Further Information Plug i...

Page 117: ...e indication which stands for Greenwich Mean Time Plug in Name Integer Syntax DN of Configuration Entry cn Integer Syntax cn plugins cn config Description Syntax for handling integers Configurable Opt...

Page 118: ...plug in Netscape recommends that you leave this plug in running at all times Further Information See Appendix D Internationalization in the Netscape Directory Server Administrator s Guide Plug in Nam...

Page 119: ...er of a 4 x server Dependencies database Performance Related Information None Further Information Chapter 8 Managing Replication in the Netscape Directory Server Administrator s Guide Plug in Name Mul...

Page 120: ...not modify the configuration of this plug in Netscape recommends that you leave this plug in running at all times Further Information Plug in Name CLEAR DN of Configuration Entry cn CLEAR cn Password...

Page 121: ...Information Do not modify the configuration of this plug in Netscape recommends that you leave this plug in running at all times Further Information Chapter 7 User Account Management in the Netscape...

Page 122: ...Configuration Entry cn SHA cn Password Storage Schemes cn plugins cn config Description SHA password storage scheme for password encryption Configurable Options on off Default Setting on Configurable...

Page 123: ...ing at all times Further Information Chapter 7 User Account Management in the Netscape Directory Server Administrator s Guide Plug in Name Postal Address Syntax DN of Configuration Entry cn Postal Add...

Page 124: ...le Options on off Default Setting off Configurable Arguments ldap example com 389 o example Dependencies None Performance Related Information Chapter 16 Using the Pass Through Authentication Plug in i...

Page 125: ...the change for example usr netscape logs referint 3 All the additional attribute names you want to be checked for referential integrity Dependencies database Performance Related Information You shoul...

Page 126: ...Information Chapter 8 Managing Replication in the Netscape Directory Server Administrator s Guide Plug in Name Roles Plugin DN of Configuration Entry cn Roles Plugin cn plugins cn config Description...

Page 127: ...Options on off Default Setting on Configurable Arguments None Dependencies None Performance Related Information Do not modify the configuration of this plug in Netscape recommends that you leave this...

Page 128: ...encies N A Performance Related Information Directory Server 6 0 provides the UID Uniqueness plug in default If you want to ensure unique values for other attributes you can create instances of the UID...

Page 129: ...n function to be initiated Configurable Options on off Default Setting on Configurable Arguments None Dependencies None Performance Related Information Do not modify the configuration of this plug in...

Page 130: ...s enabled This attribute can be changed over protocol but will only take effect when the server is next restarted Default Value None Syntax DirectoryString Example nsslapd pluginInitfunc NS7bitAttr_In...

Page 131: ...n config Valid Range Any valid plug in ID Default Value None Syntax DirectoryString Example nsslapd pluginId chaining database Entry DN cn plug in name cn plugins cn config Valid Range Any valid plug...

Page 132: ...on page 130 for further information All plug ins whose type value matches one of the values in the following valid range will be started by the server prior to this plug in The following post operati...

Page 133: ...the server will fail to start The following post operation Referential Integrity Plug in example shows that the Class of Service plug in will be started prior to the postoperation Referential Integrit...

Page 134: ...ere It is worth noting that binder based resource limits work for this limit which means that if a value for the operational attribute nsLookThroughlimit is present in the entry you bind as the defaul...

Page 135: ...ing and uses the normal nsslapd cachememsize and nsslapd dbcachesize attributes nsslapd cache autosize split This performance tuning related attribute specifies the percentage of cache space to alloca...

Page 136: ...nsaction log The database transaction log contains a sequential listing of all recent database operations and is used for database recovery only A checkpoint entry indicates which database operations...

Page 137: ...more information on database transaction logging see Chapter 12 Monitoring Server and Database Activity in the Netscape Directory Server Administrator s Guide nsslapd db circular logging Specifies cir...

Page 138: ...ibute is absent from dse ldif To disable durable transactions you add the attribute to dse ldif This attribute is provided only for system modification diagnostics and should be changed only with the...

Page 139: ...either manually or by using a script Failure to create the directory referenced on the nsslapd db home directory attribute will result in Directory Server being unable to start Also if you have multip...

Page 140: ...commit forces the buffer to be written to disk Larger buffer sizes can signficantly increase throughput in the presence of long running transactions highly concurrent applications or transactions prod...

Page 141: ...bute to dse ldif For more information on database transaction logging see Chapter 12 Monitoring Server and Database Activity in the Netscape Directory Server Administrator s Guide nsslapd db logfile s...

Page 142: ...to a value of 0 transaction batching will be turned off and it will be impossible to make remote modifications to this attribute via LDAP However setting this attribute to a value greater than 0 cause...

Page 143: ...ce but at the risk of data loss and or database corruption in the event of a system crash If turned off it would be necessary to set up other database recovery procedures NOTE The nsslapd db transacti...

Page 144: ...Server to be unstable nsslapd import cachesize This performance tuning related attribute determines the size of the database cache used in the bulk import process By setting this attribute value so t...

Page 145: ...tabase Activity in the Netscape Directory Server Administrator s Guide dbcachehits Requested pages found in the database dbcachetries Total requested pages found in the database cache dbcachehitratio...

Page 146: ...UserRoot subtree is called UserRoot by default However this is not hard coded and given the fact that there will be multiple database instances this name will be changed and defined by the user as and...

Page 147: ...directory Specifies absolute path to database instance If your database instance is manually created then this attribute must be included something which is set by default and modifiable in the Netsc...

Page 148: ...ix on a single database instance but this is no longer the case As a result this attribute is mono valued to enforce the fact that each database instance can only have one suffix entry Any changes mad...

Page 149: ...r of transactions that have been aborted nsslapd db active txns Number of transactions that are currently active nsslapd db cache hit Requested pages found in the cache nsslapd db cache try Total cach...

Page 150: ...elements examine rate Total number of hash elements traversed during hash table lookups nsslapd db hash search rate Total number of buffer hash table lookups nsslapd db lock conflicts Total number of...

Page 151: ...able lookups nsslapd db page create rate Pages created in the cache nsslapd db page read rate Pages read into the cache nsslapd db page ro evict rate Clean pages forced from the cache nsslapd db page...

Page 152: ...ing Indexes in the Netscape Directory Server Administrator s Guide nsSystemIndex This mandatory attribute specifies whether or not the index is a system index that is an index which is vital for Direc...

Page 153: ...approx approximate index sub substring index matching rule international index index browse browsing index Default Value N A Syntax DirectoryString Example nsindextype eq Entry DN cn default indexes...

Page 154: ...cape Directory Server Administrator s Guide dbfilenamenumber This attribute indicates the name of the file and provides a sequential integer identifier starting at 0 for the file All associated statis...

Page 155: ...default indexes cn config cn ldbm database cn plugins cn config custom indexes can be created for o Netscaperoot and o UserRoot and are stored under the cn index cn NetscapeRoot cn ldbm database cn p...

Page 156: ...ver Administrator s Guide Database Link Plug in Attributes chaining attributes The database link plug in is also organized in an information tree as shown in Figure 3 3 Figure 3 3 Database Link Plug I...

Page 157: ...wed to chain which explains why this attribute will probably not appear in a list of cn config cn chaining database cn config attributes as LDAP considers empty attributes to be non existent nsMaxResp...

Page 158: ...ce i e cn database link instance cn chaining database cn plugins cn config configuration attribute allows you to alter the controls the database link forwards The following controls are forwarded by d...

Page 159: ...andonedSearchCheckInterval Number of seconds that pass before the server checks for abandoned operations nsBindConnectionsLimit Maximum number of TCP connections the database link establishes with the...

Page 160: ...real Valid Range for this attribute except reasonable patience limits nsCheckLocalACI Reserved for advanced use only Controls whether ACIs are evaluated on the database link as well as the remote data...

Page 161: ...ter a specific period of time It is faster to keep the connections open but is uses more resources When the value is 0 and you provide a list of failover servers in the nsFarmServerURL attribute the m...

Page 162: ...proxied authorization is disabled Entry DN cn default instance config cn chaining database cn plugins cn config Valid Range 0 to limitless seconds where 0 means forever Default Value 0 Syntax Integer...

Page 163: ...bytes nsTimeLimit Specifies the default search time limit for the database link Entry DN cn default instance config cn chaining database cn plugins cn config Valid Range on off Default Value off Synta...

Page 164: ...ribute can contain optional servers for failover separated by spaces If using cascading changing this URL can point to another database link nsMultiplexorBindDN Gives the DN of the administrative entr...

Page 165: ...tabase is allowed to chain that is the number of times a request can be forwarded from one database link to another Example nsMultiplexerBindDN cn proxy manager Entry DN cn database link instance name...

Page 166: ...e instance name cn chaining database cn plugins cn config information tree nsAddCount Number of add operations received nsDeleteCount Number of delete operations received nsModifyCount Number of modif...

Page 167: ...ng application compatibility with Directory Server 4 x versions This Retro Changelog plug in is used to record modifications made to a supplier server When the supplier server s directory is modified...

Page 168: ...ecords which is the default behavior as this attribute is not present by default NOTE For performance reasons you will probably want to store this database on a different physical disk Entry DN cn Ret...

Page 169: ...rors and intrusion by indicating what kind of changes to expect and as a result what changes are considered abnormal This chapter contains the following sections Overview of Directory Server Files pag...

Page 170: ...ape servers slapd serverID directory To reflect the directory structure under usr netscape servers slapd serverID this chapter is divided into the following sections Backup Files Configuration Files D...

Page 171: ...backup copy of the dse ldif configuration file from the time of installation Configuration Files Each Directory Server instance contains the following directory for storing configuration files config...

Page 172: ...ndex_name db3 file for every index currently defined in the database where index_name is the name of the index In addition to these index_name db3 files the Netscape and userRoot subdirectories contai...

Page 173: ...nd resource limits for Directory Administrators Lock Files Each Directory Server instance contains a locks directory for storing lock related files Code Example 4 5 on page 173 shows a sample listing...

Page 174: ...log files is dependent on the log configuration The slapd stats file is a memory mapped file which cannot be read by an editor It contains data collected by the Directory Server SNMP data collection c...

Page 175: ...ovide an exhaustive list of error messages However the information presented in this chapter will serve as a a good starting point for common problems This chapter includes the following sections Acce...

Page 176: ...ent levels of access logging available with Directory Server 6 0 then describes the default access logging content and ends with a description of the additional access logging level content This secti...

Page 177: ...ULT err 0 tag 101 nentries 1 etime 1000 notes U 21 Apr 2001 11 39 51 0700 conn 11 op 2 UNBIND 21 Apr 2001 11 39 51 0700 conn 11 op 2 fd 608 closed U1 21 Apr 2001 11 39 52 0700 conn 12 fd 634 slot 634...

Page 178: ...as file descriptor Ignore this part of the access log 21 Apr 2001 11 39 53 0700 conn 13 op 2 RESULT err 0 tag 105 nentries 0 etime 0 csn 3b4c8cfb000000030000 21 Apr 2001 11 39 53 0700 conn 13 op 3 EXT...

Page 179: ...e possible bind method values 0 no authentication 128 simple bind with user password sasl SASL bind using external authentication mechanism Version Number The version number in this case version 3 ind...

Page 180: ...that were found matching the LDAP client s request Elapsed Time Elapsed time in this case etime 1000 indicates the amount of time in seconds that it took the directory server to perform the LDAP opera...

Page 181: ...xisted or when the index file was not configured in the way required by the search Extended Operation OID An extended operation OID in this case either EXT oid 2 16 840 1 113730 3 5 3 or EXT oid 2 16...

Page 182: ...cation Request Sent to indicate that a replication session is to be terminated 2 16 840 1 113730 3 5 5 Directory Server 5 x Replication Entry Request Carries an entry along with its state information...

Page 183: ...N request being sent then the log will read as follows 21 Apr 2001 11 39 52 0700 conn 12 op 2 ABANDON targetop NOTFOUND msgid 2 where targetop NOTFOUND indicates the operation to be aborted was either...

Page 184: ...ld NOTE Note also that the authenticated DN the DN used for access control decisions is now logged in the BIND result line as opposed to the bind request line as was previously the case 21 Apr 2001 11...

Page 185: ...om 12 Jul 2001 16 43 02 0200 conn 306 op 0 ENTRY dn cn QA Managers ou groups dc example dc com 12 Jul 2001 16 43 02 0200 conn 306 op 0 ENTRY dn cn PD Managers ou groups dc example dc com 12 Jul 2001 1...

Page 186: ...hanges to given configurations as and when changes occur In Code Example 5 4 on page 186 both access logging level 512 and 4 are enabled which results in both internal access operations as well as ent...

Page 187: ...age Size on page 58 B3 Corrupt BER tag encountered B4 Server failed to flush data response back to client P2 Closed or corrupt connection has been detected T1 Client does not receive a result within t...

Page 188: ...CONSTRAINT_VIOLATION 20 ATTRIBUTE_OR_VALUE_EXISTS 21 INVALID_ATTRIBUTE_SYNTAX 32 NO_SUCH_OBJECT 33 ALIAS_PROBLEM 34 INVALID_DN_SYNTAX 35 IS_LEAF 36 ALIAS_DEREFERENCING_PROBLEM 48 INAPPROPRIATE_AUTHEN...

Page 189: ...Log and Connection Code Reference 189 81 SERVER_DOWN 85 LDAP_TIMEOUT 89 PARAM_ERROR 91 CONNECT_ERROR 92 LDAP_NOT_SUPPORTED 93 CONTROL_NOT_FOUND 94 NO_RESULTS_RETURNED 95 MORE_RESULTS_TO_RETURN 96 CLIE...

Page 190: ...LDAP Result Codes 190 Netscape Directory Server Configuration Command and File Reference December 2001...

Page 191: ...t and which ones must be set manually For information on how to run the migrateInstance5 script refer to the Netscape Directory Server Installation Guide This chapter contains the following sections M...

Page 192: ...g accesslog logexpirationtime nsslapd accesslog logexpirationtime accesslog logexpirationtimeunit nsslapd accesslog logexpirationtimeunit accesslog maxlogdiskspace nsslapd accesslog logmaxdiskspace ac...

Page 193: ...erdir idletimeout nsslapd idletimeout ioblocktimeout nsslapd ioblocktimeout lastmod nsslapd ioblocktimeout listenhost nsslapd listenhost maxdescriptors nsslapd maxdescriptors NOTHING nsslapd depends o...

Page 194: ...k passwordUnlock pw_warning passwordWarning localhost nsslapd localhost localuser nsslapd localuser port nsslapd port rootdn nsslapd rootdn rootpw nsslapd rootpw accesslog nsslapd accesslog accesslog...

Page 195: ...shows the mapping of general database configuration parameters between Directory Server 4 x and Directory Server 5 0 or 6 0 Table 6 3 shows the mapping of database specific parameters between Directo...

Page 196: ...ted when you run the migrateInstance5 script Table 6 5 lists the configuration attributes store in the cn config entry that are not automatically migrated when you run the migrateInstance5 script Attr...

Page 197: ...s4 compatible schema nsslapd enquote_sup_oc nsslapd errorlog level nsslapd errorlog logexpirationtime nsslapd errorlog logexpirationtimeunit nsslapd errorlog logmaxdiskspace nsslapd errorlog logminfre...

Page 198: ...cheme nsslapd schemacheck nsslapd securePort nsslapd security nsslapd sizelimit nsslapd SSL3ciphers nsslapd timelimit passwordChange passwordCheckSyntax passwordExp passwordExpirationTime passwordHist...

Page 199: ...atabase It is set up during installation nsslapd accesslog level Read only attribute nsslapd errorlog Path name to the log that records error messages generated by Directory Server It is set up during...

Page 200: ...rated are listed in Table 6 7 the ones that are not migrated are listed in Table 6 8 Table 6 6 General Database Attributes Automatically Migrated nsslapd allidthreshold nsslapd lookthroughlimit nsslap...

Page 201: ...upport Inconsistent settings of this attribute might cause Directory Server crashes nsslapd db durable transactions This attribute is provided only for system modification diagnostics and should be ch...

Page 202: ...nsBindRetryLimit nsHopLimit nsmaxresponsedelay nsmaxtestresponsedelay nsCheckLocalACI nsConcurrentBindLimit nsConcurrentOperationsLimit nsConnectionLife nsOperationConnectionslimit nsProxiedAuthorizat...

Page 203: ...ed into the following sections Finding and Executing Command Line Utilities page 203 Command Line Utilities Quick Reference page 204 Using Special Characters page 205 ldapsearch page 206 ldapmodify pa...

Page 204: ...e 7 1 Commonly Used Command Line Utilities Command line utility Description ldapsearch Allows you to search the directory Returns search results in LDIF format For details on this tool see Appendix B...

Page 205: ...mat where optional_options is a series of command line options These must be specified before the search filter if any filter is an LDAP search filter as described in Netscape Directory Server Adminis...

Page 206: ...b ou groups dc example dc com b Specifies the starting point for the search The value specified here must be a distinguished name that currently exists in the database This option is optional if the L...

Page 207: ...on and all of its descendants That is perform a subtree search starting at the point identified in the b option This is the default w Specifies the password associated with the distinguished name that...

Page 208: ...is required for certificate based client authentication m Specifies the path to the security module database For example usr netscape servers secmodule db You only need to specify this option if the s...

Page 209: ...his option can only be used with o This option allows you to specify a separator other than a colon to separate an attribute name from the corresponding value For example F f Specifies the file contai...

Page 210: ...s You can view the list of supported languages in Table B 1 in the Netscape Directory Server Administrator s Guide When performing the search the server looks in the current working directory However...

Page 211: ...the returned entries T Specifies that no line breaks should be used within individual values in the search results t Specifies that the results be written to a set of temporary files When you use thi...

Page 212: ...on the update statements are read from stdin For information on supplying LDIF update statements from the command line see Chapter 2 Creating Directory Entries in the Netscape Directory Server Adminis...

Page 213: ...r Key N Specifies the certificate name to use for certificate based client authentication For example N Server Cert If this option is specified then the Z and W options are required Also if this optio...

Page 214: ...tolerated For further information on the LDIF format see Chapter 4 Managing Directory Entries in the Netscape Directory Server Administrator s Guide c Specifies that the utility run in continuous ope...

Page 215: ...me with which to authenticate to the server The value must be a DN recognized by the Directory Server and it must also have the authority to delete the entries For example D uid bjensen dc example dc...

Page 216: ...option is specified then the Z and W options are required Also if this option is specified then the D and w options must not be specified or certificate based authentication will not occur and the bi...

Page 217: ...the entry but to instead delete the actual entry containing the smart referral For more information about smart referrals see Chapter 3 Configuring Directory Databases in the Netscape Directory Server...

Page 218: ...hen you use ldif you must enter the command using the following format Options ldif b attrtypes optional options b Specifies that the ldif utility should interpret the entire input as a single binary...

Page 219: ...nd Line Scripts page 219 Command Line Scripts Quick Reference page 220 Shell and Batch Scripts page 222 Perl Scripts page 234 Finding and Executing Command Line Scripts By default all scripts are stor...

Page 220: ...on on these command line utilities see Chapter 7 Command Line Utilities Please also note that when you are running the Perl scripts on NT machines you must make sure that the path environment variable...

Page 221: ...ion using the ldapsearch command line utility Located in usr netscape servers slapd serverID restart slapd Restarts Directory Server Located in usr netscape servers slapd serverID restoreconfig Restor...

Page 222: ...b2ldif pl Exports the contents of the database to LDIF Located in usr netscape servers slapd serverID ldif2db pl Imports LDIF files to database Runs the slapd Windows NT or ns slapd Unix command line...

Page 223: ...ng databases see Chapter 4 Populating Directory Databases in the Netscape Directory Server Administrator s Guide db2bak Create backup of database Creates a backup of the current database contents This...

Page 224: ...her the n or the s option a File name of the output LDIF file n Instance to be exported s Suffix es to be included or to specify the subtree s to be included if n has been used x Suffix es to be exclu...

Page 225: ...TE Please note that by default the output LDIF will be stored in one file Should you want to specify the use of several files then use the option M Shell script UNIX db2dsml n backend_instance s inclu...

Page 226: ...user cannot log in you can use this script to compare the user s password to the password stored in the directory Syntax Options There are no options for this script Shell script UNIX dsml2db n backen...

Page 227: ...requires three the use of one is tolerated For further information on the LDIF format see Chapter 4 Managing Directory Entries in the Netscape Directory Server Administrator s Guide Shell script UNIX...

Page 228: ...specify the namespace you want the server to use as follows g deterministic namespace_id where namespace_id is a string of characters in the following format 00 xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx Us...

Page 229: ...ity see Chapter 7 Command Line Utilities restart slapd Restart the Directory Server Restarts the Directory Server Syntax Options There are no options for this script Exit Status f File name of the fil...

Page 230: ...uration 1 Stop the Directory Server 2 Run the restoreconfig script 3 Restart the Directory Server 4 Restart the Administration Server for the changes to be taken into account Syntax Options There are...

Page 231: ...g in a confusing message Syntax Options There are no options for this script Exit Status stop slapd Stop the Directory Server Stops the Directory Server It might be a good idea to check whether the se...

Page 232: ...xit Status suffix2instance Map Suffix to Backend Name Maps a suffix to a backend name Syntax Options Shell script UNIX stop slapd Batch file NT stop slapd 0 Server stopped successfully 1 Server could...

Page 233: ...use during index creation Debug levels are defined in nsslapd errorlog level Error Log Level on page 50 D Specifies the server configuration directory that contains the configuration information for...

Page 234: ...s Directory Manager The default is the DN of the directory manager which is read from the nsslapd root attribute under cn config w Password associated with the user DN a Directory of the backup files...

Page 235: ...DN a Directory where the backup files will be stored By default it is under usr netscape servers slapd serverID bak The backup file is named according to the year month day hour format YYYY_MM_DD_hhm...

Page 236: ...nerated v Verbose mode NOTE This perl script bak2db pl creates an entry in the directory that launches this dynamic task An entry is generated based upon the values you provide for each option Perl sc...

Page 237: ...one file by default with each instance stored in instance_file name r Export replica u Request that the unique id is not exported C Only the main db file is used N Suppress printing sequential number...

Page 238: ...have a name based unique ID you can also specify the namespace you want the server to use as follows g deterministic namespace_id where namespace_id is a string of characters in the following format 0...

Page 239: ...then executes the migration For complete information on the configuration parameters and attributes that are migrated refer to Chapter 6 Migration from Earlier Versions Before performing the migratio...

Page 240: ...pe servers slapd serverID logs Migration_dd mmyyy_hhmmss log A sample log might read usr netscape servers slapd serverID logs Migration_2 0022001_153604 log for a log created on 20 February 2001 at 15...

Page 241: ...D Directory Server 6 0 userDN with root permissions such as Directory Manager w Password associated with the user DN p Directory Server 6 0 port The default value is the LDAP port of Directory Server...

Page 242: ...ociated with the user DN p Directory Server 6 0 port The default value is the LDAP port of Directory Server 5 0 specified at installation time h Host name of Directory Server 5 0 The default value is...

Page 243: ...nd Executing the ns slapd and slapd exe Command Line Utilities page 244 ns slapd and slapd exe Command Line Utilities for Exporting Databases page 245 ns slapd and slapd exe Command Line Utilities for...

Page 244: ...slapd and slapd exe Command Line Utilities The ns slapd command line utilities are stored under usr netscape servers bin slapd server ns slapd and the slapd exe command line utilities are stored under...

Page 245: ...ckend_instance r s include_suffix x exclude_suffix N u U slapd exe db2ldif D slapd serverID a output_file d debug_level n backend_instance r s include_suffix x exclude_suffix N u U NOTE You must speci...

Page 246: ...LDIF file and you intend to import the LDIF file into your configuration directory do not exclude o NetscapeRoot If you use s to specify a suffix to include and you intend to import the LDIF file into...

Page 247: ...erver4 slapd serverID ldif Enter the full path to the slapd serverID directory Batch file syntax NT Options ns slapd ldif2db D slapd serverID i ldif_file d debug_level g string n backend_instance O s...

Page 248: ...LDIF files in the order in which you specify them from the command line n Specifies the name of the backend to be imported O Specifies that no attribute indexes are created for the imported database...

Page 249: ...u import Do not exclude the suffix o NetscapeRoot using s x or combination of the two The Netscape Administration Server uses this suffix to store information about installed Netscape servers Failure...

Page 250: ...t syntax UNIX Batch file syntax NT slapd db2archive D configdir a archivedir slapd db2archive D configdir a archivedir D Specifies the server configuration directory that contains the configuration in...

Page 251: ...any If you want to specify a matching rule you must specify an index type You cannot use this option with option T T Specifies the VLV tag to use to create VLV indexes You can use the console to speci...

Page 252: ...ns slapd and slapd exe Command Line Utilities for Creating and Regenerating Indexes 252 Netscape Directory Server Configuration Command and File Reference December 2001...

Page 253: ...isables a user account group of accounts or an entire domain so that all authentication attempts are automatically rejected All IDs Threshold A size limit which is globally applied to every index key...

Page 254: ...erform functions or access files and directories based on the permissions granted to that user by the directory administrator 2 Allows a client to make sure they are connected to a secure server preve...

Page 255: ...ct attributes Certificate Authority Company or organization that sells and issues authentication certificates You may purchase an authentication certificate from a Certification Authority that you tru...

Page 256: ...e are to be sorted This information might include the sequence of letters in the alphabet or how to compare letters with accents to letters without accents consumer Server containing replicated direct...

Page 257: ...ree s root point appearing at the top of the hierarchy Also known as DIT Directory Manager The privileged database administrator comparable to the root user in UNIX Access control does not apply to th...

Page 258: ...t equality index Allows you to search efficiently for entries containing a specific attribute value file extension The section of a filename after the period or dot that typically defines the type of...

Page 259: ...of replication a server that holds a replica that is copied from a different server and in turn replicates it to a third server See also cascading replication index key Each index that the directory u...

Page 260: ...es in text form leaf entry An entry under which there are no other entries A leaf entry cannot be a branch point in a directory tree Lightweight Directory Access Protocol See LDAP locale Identifies th...

Page 261: ...named and referenced Also called the directory tree monetary format Specifies the monetary symbol used by specific region whether the symbol goes before or after its value and how monetary units are...

Page 262: ...s or an attribute in an object oriented system Object identifiers are assigned by ANSI IETF or similar organizations OID See object identifier operational attribute Operational attributes contain info...

Page 263: ...a proxy DN proxy DN Used with proxied authorization The proxy DN is the DN of an entry that has access permissions to the target on which the client application is attempting to perform an operation P...

Page 264: ...read write replicas A server can hold any number of read only replicas read write replica A replica that contains a master copy of directory information and can be updated A server can hold any numbe...

Page 265: ...When granted indicates that users have access to their own entries that is if the bind DN matches the targeted entry Server Console Java based application that allows you to perform administrative man...

Page 266: ...s information about the managed device and passes the information to the master agent SSL Secure Sockets Layer A software library establishing a secure connection between two parties client and server...

Page 267: ...IP Transmission Control Protocol Internet Protocol The main network protocol for the Internet and for enterprise company networks template entry See CoS template entry time date format Indicates the...

Page 268: ...ex speeds up the display of entries in the Directory Server Console Virtual list view indexes can be created on any branchpoint in the directory tree to improve display performance X 500 standard The...

Page 269: ...ldif ldif files 106 50ns compass ldif ldif files 106 50ns delegated admin ldif ldif files 106 50ns directory ldif ldif files 106 50ns legacy ldif ldif files 106 50ns mail ldif ldif files 106 50ns mcd...

Page 270: ...guration entries 79 object classes 79 cn config general 23 general configuration entries 33 object classes 33 cn config Directory Information Tree configuration data 24 cn encryption encryption config...

Page 271: ...n to all plug ins 129 132 replication agreement configuration attributes 91 99 replication configuration attributes 86 91 restrictions to modifying 31 retro changelog plug in configuration attributes...

Page 272: ...ir 46 nsslapd backend 85 nsslapd certmap basedn 47 nsslapd changelogdir 79 nsslapd changelogmaxage 80 nsslapd changelogmaxentries 80 nsslapd config 47 nsslapd ds4 compatible schema 47 nsslapd errorlog...

Page 273: ...nsAddCount 166 nsBindConnectionCount 167 nsBindConnectionsLimit 159 nsBindCount 166 nsBindRetryLimit 160 nsBindTimeout 160 nsCheckLocalACI 160 nsCompareCount 167 nsConcurrentBindLimit 161 nsConcurrent...

Page 274: ...pd dbncache 144 nsslapd db page create rate 151 nsslapd db page ro evict rate 151 nsslapd db page rw evict rate 151 nsslapd db pages in use 151 nsslapd db page size 142 nsslapd db page trickle rate 15...

Page 275: ...essent attribute 100 entrydn db3 172 F files containing search filters 209 id2entry db2 172 locating configuration 28 slapd conf 66 G getpwenc command line shell and batch script 226 quick reference 2...

Page 276: ...ch script 227 quick reference 221 ldif2db pl command line perl script 237 quick reference 222 ldif2ldap command line shell and batch script 228 quick reference 221 lock files 173 log files 174 access...

Page 277: ...exorCredentials attribute 165 nsOperationConnectionCount attribute 167 nsOperationConnectionsLimit attribute 162 nsProxiedAuthorization attribute 162 nsReferralOnScopedSearch attribute 163 nsRenameCou...

Page 278: ...apd db log region wait rate attribute 151 nsslapd db log write rate attribute 151 nsslapd db longest chain length attribute 151 nsslapd dbncache attribute 144 nsslapd db page create rate attribute 151...

Page 279: ...nmpcontact attribute 102 nssnmpdescription attribute 102 nssnmpenabled attribute 101 nssnmplocation attribute 102 nssnmpmasterhost attribute 103 nssnmpmasterport attribute 103 nssnmporganization attri...

Page 280: ...35 nsslapd cache autosize split 135 nsslapd cachememsize 147 nsslapd cachesize 146 nsslapd changelogdir 167 nsslapd changelogmaxage 168 nsslapd db abort rate 149 nsslapd db active txns 149 nsslapd db...

Page 281: ...9 readwaiters attribute 100 replication agreement configuration attributes description 92 nsDS50ruv 99 nsDS5ReplicaBindDN 92 nsDS5ReplicaBindMethod 93 nsDS5ReplicaChangesSentSinceStartup 93 nsDS5Repli...

Page 282: ...mart referrals ldapsearch option 210 SNMP configuration attributes nssnmpcontact 102 nssnmpdescription 102 nssnmpenabled 101 nssnmplocation 102 nssnmpmasterhost 103 nssnmpmasterport 103 nssnmporganiza...