User manual REDHAT NETSCAPE DIRECTORY SERVER 7.0 CONFIGURATION

[. . . ] Configuration, Command, and File Reference Netscape Directory Server Version 7. 0 October 2004 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law. Making unauthorized copies, adaptations or compilation works is prohibited and constitutes a punishable violation of the law. [. . . ] Each desired index type has to be entered on a separate line. Entry DN: cn=default indexes, cn=config, cn=ldbm database, cn=plugins, cn=config 174 Netscape Directory Server Configuration, Command, and File Reference · October 2004 Database Plug-in Attributes Valid Values: pres = presence index eq = equality index approx = approximate index sub = substring index matching rule = international index index browse = browsing index Default Value: Syntax: Example: N/A DirectoryString nsindextype: eq nsMatchingRule This optional, multivalued attribute specifies the collation order object identifier (OID) required for the Directory Server to operate international indexing. Entry DN: Valid Values: Default Value: Syntax: Example: cn=default indexes, cn=monitor, cn=ldbm database, cn=plugins, cn=config Any valid collation order object identifier (OID) None DirectoryString cn=2. 16. 840. 1. 113730. 3. 3. 2. 3. 1 (For Bulgarian) cn Provides the name of the attribute you want to index. Entry DN: Valid Values: Default Value: Syntax: Example: cn=default indexes, cn=monitor, cn=ldbm database, cn=plugins, cn=config Any valid index cn None DirectoryString cn: aci Chapter 3 Plug-in Implemented Server Functionality Reference 175 Database Plug-in Attributes description This non-mandatory attribute provides a free-hand text description of what the index actually performs. Entry DN: Valid Values: Default Value: Syntax: Example: cn=default indexes, cn=monitor, cn=ldbm database, cn=plugins, cn=config N/A None DirectoryString description:substring index Database Attributes under cn=monitor, cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config Global, read-only entries for monitoring activity on the NetscapeRoot database. These attributes containing database statistics are given for each file that makes up your database. For further information, see chapter 12, "Monitoring Server and Database Activity, " in the Netscape Directory Server Administrator's Guide. dbfilenamenumber This attribute indicates the name of the file and provides a sequential integer identifier (starting at 0) for the file. All associated statistics for the file are given this same numerical identifier. dbfilecachehit Number of times that a search requiring data from this file was performed and that the data was successfully obtained from the cache. dbfilecachemiss Number of times that a search requiring data from this file was performed and that the data could not be obtained from the cache. dbfilepagein Number of pages brought to the cache from this file. 176 Netscape Directory Server Configuration, Command, and File Reference · October 2004 Database Plug-in Attributes dbfilepageout Number of pages for this file written from cache to disk. Database Attributes under cn=index, cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config and cn=index, cn=UserRoot, cn=ldbm database, cn=plugins, cn=config In addition to the set of default indexes that are stored under cn=default indexes, cn=config, cn=ldbm database, cn=plugins, cn=config, custom indexes can be created for o=NetscapeRoot and o=UserRoot and are stored under cn=index, cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config and cn=index, cn=UserRoot, cn=ldbm database, cn=plugins, cn=config, respectively. Each indexed attribute represents a subentry under the above cn=config information tree nodes, as shown in Figure 3-2. Figure 3-2 Indexed Attribute Representing a Subentry For example, the index file for the aci attribute under o=UserRoot will appear in the Directory Server as follows: Chapter 3 Plug-in Implemented Server Functionality Reference 177 Database Plug-in Attributes dn:cn=aci, cn=index, cn=UserRoot, cn=ldbm database, cn=plugins, cn=confi objectclass:top objectclass:nsIndex cn=aci nssystemindex:true nsindextype:pres For details regarding the five possible indexing attributes, see the section "Database Attributes under cn=default indexes, cn=config, cn=ldbm database, cn=plugins, cn=config, " on page 174. For further information about indexes, see chapter 10, "Managing Indexes, " in the Netscape Directory Server Administrator's Guide. Database Attributes under cn=attributeName, cn=encrypted attributes, cn=database_name, cn=ldbm database, cn=plugins, cn=config The nsAttributeEncryption object class allows encryption of attributes, within a database, that the Directory Manager selects manually. Extremely sensitive information such as credit card numbers and government identification numbers may not be protected enough by routine access control measures and can be encrypted within the database by using database encryption. This object class has one attribute, nsEncryptionAlgorithm, which sets the type of encryption used for the attribute. Each encrypted attribute represents a subentry under the above cn=config information tree nodes, as shown in Figure 3-3. 178 Netscape Directory Server Configuration, Command, and File Reference · October 2004 Database Plug-in Attributes Figure 3-3 Encrypted Attributes under the cn=config Node For example, the database encryption file for the userPassword attribute under o=UserRoot would appear in the Directory Server as follows: dn:cn=userPassword, cn=encrypted attributes, o=UserRoot, cn=ldbm database, cn=plugins, cn=config objectclass:top objectclass:nsAttributeEncryption cn=userPassword nsEncryptionAlgorithm:AES To configure database encryption, see "Database Encryption, " in chapter 3, "Configuring Directory Databases, " in the Netscape Directory Server Administrator's Guide. For more information about indexes, see in chapter 10, "Managing Indexes, " in the Netscape Directory Server Administrator's Guide. nsEncryptionAlgorithm nsEncryptionAlgorithm selects the cipher used by nsAttributeEncryption. The algorithm can be set per encrypted attribute. Entry DN: Valid Values: cn=attributeName, cn=encrypted attributes, cn=databaseName, cn=ldbm database, cn=plugins, cn=config The following are supported ciphers: · · Adavanced Encryption Standard Block Cipher -- AES Triple Data Encryption Standard Block Cipher -- 3DES Chapter 3 Plug-in Implemented Server Functionality Reference 179 Database Link Plug-in Attributes (chaining attributes) Default Value: Syntax: Example: N/A DirectoryString nsEncryptionAlgorithm: AES Database Link Plug-in Attributes (chaining attributes) The Database Link Plug-in is also organized in an information tree, as shown in Figure 3-4. Figure 3-4 Database Link Plug-in All plug-in technology used by the database link instances is stored in the cn=chaining database plug-in node. This section presents the additional attribute information for the three nodes marked in bold in the cn=chaining database, cn=plugins, cn=config information tree. Database Link Attributes under cn=config, cn=chaining database, cn=plugins, cn=config Global configuration attributes common to all instances are stored in the cn=config, cn=chaining database, cn=plugins, cn=config tree node. 180 Netscape Directory Server Configuration, Command, and File Reference · October 2004 Database Link Plug-in Attributes (chaining attributes) nsActiveChainingComponents Lists the components using chaining. A component is any functional unit in the server. The value of this attribute overrides the value in the global configuration attribute. To disable chaining on a particular database instance, use the value None. This attribute also allows you to alter the components used to chain. By default, no components are allowed to chain, which explains why this attribute will probably not appear in a list of cn=config, cn=chaining database, cn=config attributes, as LDAP considers empty attributes to be non-existent. Entry DN: Valid Values: Default Value: Syntax: Example: cn=config, cn=chaining database, cn=plugins, cn=config Any valid component entry None DirectoryString nsActiveChainingComponents: cn=uid uniqueness, cn=plugins, cn=config nsMaxResponseDelay This error detection, performance-related attribute specifies the maximum amount of time it can take a remote server to respond to an LDAP operation request made by a database link before an error is suspected. Once this delay period has been met, the database link tests the connection with the remote server. Entry DN: Valid Values: Default Value: Syntax: Example: cn=config, cn=chaining database, cn=plugins, cn=config Any valid delay period in seconds 60 seconds Integer nsMaxResponseDelay: 60 nsMaxTestResponseDelay This error detection, performance-related attribute specifies the duration of the test issued by the database link to check whether the remote server is responding. If a response from the remote server is not returned before this period has passed, the database link assumes the remote server is down, and the connection is not used for subsequent operations. Chapter 3 Plug-in Implemented Server Functionality Reference 181 Database Link Plug-in Attributes (chaining attributes) Entry DN: Valid Values: Default Value: Syntax: Example: cn=config, cn=chaining database, cn=plugins, cn=config Any valid delay period in seconds 15 seconds Integer nsMaxTestResponseDelay: 15 nsTransmittedControls This attribute, which can be both a global (and thus dynamic) configuration or an instance (i. e. , cn=database link instance, cn=chaining database, cn=plugins, cn=config) configuration attribute, allows you to alter the controls the database link forwards. The following controls are forwarded by default by the database link: · · · Managed DSA, object identifier: 2. 16. 840. 1. 113730. 3. 4. 2. Virtual list view (VLV), object identifier:2. 16. 840. 1. 113730. 3. 4. 9 Server side sorting, object identifier: 1. 2. 840. 113556. 1. 4. 473 cn=config, cn=chaining database, cn=plugins, cn=config Any valid OID or the above listed controls forwarded by the database link. [. . . ] Substring indexes are limited to a minimum of two characters for each entry. 308 Netscape Directory Server Configuration, Command, and File Reference · October 2004 suffix The name of the entry at the top of the directory tree, below which data is stored. Multiple suffixes are possible within the same directory. superuser The most privileged user available on Unix machines. The superuser has complete access privileges to all files on the machine. [. . . ]