Red Hat 8.1 Uživatelský manuál

Red Hat DirectoryServer 8.1Configuration andCommand Reference Ella Deon LackeyPublication date: April 28, 2009, updated on February 11, 2010

About This Referencexmozldap directory on Red Hat Enterprise Linux 5 (32-bit) (or /usr/lib64/mozldap for 64-bitsystems).However, Red Hat Enterprise Li

Chapter 2. Core Server Configuration Reference86empty if certificate-based authentication is used, in which case the DN used is the subject DN of thec

Replication Attributes under cn=ReplicationAgreementName, cn=replica, cn="suffixName", cn=mapping tree, cn=config87Parameter DescriptionVali

Chapter 2. Core Server Configuration Reference88Parameter DescriptionValid Values Any valid host server nameDefault ValueSyntax DirectoryStringExample

Replication Attributes under cn=ReplicationAgreementName, cn=replica, cn="suffixName", cn=mapping tree, cn=config89Parameter DescriptionEntr

Chapter 2. Core Server Configuration Reference902.3.8.14. nsDS5ReplicaLastUpdateStatusThis read-only attribute provides the status for the most recent

Replication Attributes under cn=ReplicationAgreementName, cn=replica, cn="suffixName", cn=mapping tree, cn=config912.3.8.17. nsDS5BeginRepli

Chapter 2. Core Server Configuration Reference92When setting the values, ensure that the nsDS5ReplicaSessionPauseTime interval is at least 1second lon

Replication Attributes under cn=ReplicationAgreementName, cn=replica, cn="suffixName", cn=mapping tree, cn=config93Parameter DescriptionVali

Chapter 2. Core Server Configuration Reference94Parameter DescriptionValid Range Time schedule presented as XXXX-YYYY0123456, where XXXX is the starti

Synchronization Attributes under cn=syncAgreementName, cn=WindowsReplica,cn="suffixName", cn=mapping tree, cn=config952.3.9.1. nsds7Director

Additional Readingxi3. Additional ReadingThe Directory Server Administrator's Guide describes how to set up, configure, and administer RedHat Dir

Chapter 2. Core Server Configuration Reference96Parameter DescriptionEntry DN cn=syncAgreementName, cn=replica,cn=suffixDN, cn=mapping tree, cn=config

cn=monitor97Parameter DescriptionValid Values 1 to the maximum 32-bit integer value(2147483647)Default Value 300Syntax IntegerExample winSyncInterval:

Chapter 2. Core Server Configuration Reference98• E this is the bind DN. This may be empty or have value of NULLDN for anonymous connections.currentCo

cn=replication99threadsThis attribute shows the number of threads used by the Directory Server. This should correspond tonsslapd-threadnumber in cn=co

Chapter 2. Core Server Configuration Reference1002.3.12.2. nsSaslMapFilterTemplateThis attribute contains the search filter template used in SASL iden

cn=SNMP101Parameter DescriptionEntry DN cn=SNMP, cn=configValid Values Organization nameDefault ValueSyntax DirectoryStringExample nssnmporganization:

Chapter 2. Core Server Configuration Reference102Parameter DescriptionEntry DN cn=SNMP, cn=configValid Values machine hostname or localhostDefault Val

SNMP Statistic Attributes103Attribute DescriptionSimpleAuthBinds This shows the number of LDAP simple bindrequests (DN and password).StrongAuthBinds T

Chapter 2. Core Server Configuration Reference104Attribute DescriptionReferralsReturned This provides information on referrals returnedas search resul

cn=tasks105The common attributes for these tasks are listed in Section 2.3.15.1, “Task Invocation Attributes forEntries under cn=tasks”.The cn=tasks e

About This Referencexii4. Giving FeedbackIf there is any error in this Configuration, Command, and File Reference or there is any way to improvethe do

Chapter 2. Core Server Configuration Reference106Parameter DescriptionExample nsTaskStatus: Loading entries...nsTaskLogThis entry contains all of the

cn=tasks107progress bar. When the nsTaskCurrentItem attribute has the same value as nsTaskTotalItems,then the task is completed.This attribute value i

Chapter 2. Core Server Configuration Reference108information without missing the exit code. Setting the ttl attribute to 0 means that the entry is not

cn=tasks109nsFilenameThe nsFilename attribute contains the path and filenames of the LDIF files to import into theDirectory Server instance. To import

Chapter 2. Core Server Configuration Reference110Parameter DescriptionValid Values Any DNDefault ValueSyntax DN, multi-valuedExample nsExcludeSuffix:o

cn=tasks111nsUniqueIdGeneratorNamespaceThis attributes defines how to generate name-based IDs; the attribute sets the namespace to use togenerate the

Chapter 2. Core Server Configuration Reference112• nsUseId2Entry, analogous to the -C option, to set whether to use only the main index, id2entry,to l

cn=tasks113Parameter DescriptionEntry DN cn=task_name, cn=export, cn=tasks, cn=configValid Values Any DNDefault ValueSyntax DN, multi-valuedExample ns

Chapter 2. Core Server Configuration Reference114nsUseId2EntryThe nsUseId2Entry attribute uses the main database index, id2entry, to define the export

cn=tasks115dn: cn=example backup, cn=backup, cn=tasks, cn=configobjectclass: extensibleObjectcn: example backupnsArchiveDir: /export/backups/nsDatabas

Documentation HistoryxiiiRevision 8.1.5 September 9, 2009 Ella Deon Lackey Removing any references to the Directory Server Gateway or Org Chart.Revis

Chapter 2. Core Server Configuration Reference116A restore task entry under cn=restore must contain the location of the directory from which toretriev

cn=tasks117Alternatively, the index task can be used to generate virtual list view (VLV) indexes for an attributeusing the nsIndexVLVAttribute attribu

Chapter 2. Core Server Configuration Reference118Parameter DescriptionDefault ValueSyntax Case-insensitive string, multi-valuedExample nsIndexAttribut

cn=tasks119Parameter DescriptionExample cn: example reload task IDschemadirThis contains the full path to the directory containing the custom schema f

Chapter 2. Core Server Configuration Reference120Parameter DescriptionValid Values Any DNDefault ValueSyntax DNExample basedn: ou=people, dc=example,

directoryServerFeature (Object Class)121To configure Directory Server to maintain a changelog that is compatible with the changelogimplemented in Dire

Chapter 2. Core Server Configuration Reference122Required AttributesAttribute DefinitionobjectClass Gives the object classes assigned to the entry.All

nsContainer (Object Class)123Allowed AttributesAttribute Definitioncn (common Name) Gives the common name of the entry.2.4.5. nsContainer (Object Clas

Chapter 2. Core Server Configuration Reference124nsDS5ReplicaId Specifies the unique ID for suppliers in areplication environment.nsDS5ReplicaRoot Spe

nsDS5ReplicationAgreement (Object Class)125OID2.16.840.1.113730.3.2.103Required AttributesobjectClass Defines the object classes for the entry.cn Used

xiv

Chapter 2. Core Server Configuration Reference126nsDS5ReplicatedAttributeList Specifies any attributes that will not be replicatedto a consumer server

nsDSWindowsReplicationAgreement (Object Class)127nsDS5ReplicaBindMethod Specifies the method (SSL or simpleauthentication) to use for binding.nsDS5Rep

Chapter 2. Core Server Configuration Reference128nsds7DirsyncCookie Contains a cookie set by the sync service thatfunctions as an RUV.nsds7NewWinGroup

nsslapdConfig (Object Class)129Superior ClasstopOID2.16.840.1.113730.3.2.317Required AttributesobjectClass Defines the object classes for the entry.cn

Chapter 2. Core Server Configuration Reference130OID2.16.840.1.113730.3.2.13Required AttributesAttribute DefinitionobjectClass Gives the object classe

Legacy Attributes131Attribute DefinitionpasswordMustChange29Identifies whether or not to change theirpasswords when they first login to the directoryo

Chapter 2. Core Server Configuration Reference1322.5.1. Legacy Server AttributesThese attributes were originally used to configure the server instance

Legacy Server Attributes1332.5.1.3. changeLogMaximumConcurrentWritesThis attribute sets the maximum number of concurrent writes that can be written to

Chapter 2. Core Server Configuration Reference1342.5.2. Legacy Replication AttributesThese attributes were originally used to configure replication fo

Legacy Replication Attributes135Attribute DefinitioncirUpdateFailedAt Stores the timestamp of the last failed updateattempt.cirBeginORC Sets whether t

Chapter 1.1IntroductionDirectory Server is based on an open-systems server protocol called the Lightweight Directory AccessProtocol (LDAP). The Direct

Chapter 2. Core Server Configuration Reference136Multi- or Single-Valued Multi-valuedDefined in Directory Server2.5.2.6. cirLastUpdateAppliedFor consu

Legacy Replication Attributes137Multi- or Single-Valued Multi-valuedDefined in Directory Server2.5.2.11. cirUpdateScheduleFor consumer-initiated repli

Chapter 2. Core Server Configuration Reference138Attribute Definitioncn Specifies the common name of the entry.Allowed AttributesAttribute Definitiond

Legacy Replication Attributes139Defined in Directory Server2.5.2.16. replicaBeginOrcFor online replication creation (ORC), the consumer server can dum

Chapter 2. Core Server Configuration Reference140Multi- or Single-Valued Multi-valuedDefined in Directory Server2.5.2.21. replicaEntryFilterThis attri

Legacy Replication Attributes141Defined in Directory Server2.5.2.26. replicaRootThis attribute sets the DN at the root of a replicated area. This attr

Chapter 2. Core Server Configuration Reference142Defined in Directory Server2.5.2.31. replicaUseSSLThis attribute sets whether to use a secure connect

Chapter 3.143Plug-in Implemented ServerFunctionality ReferenceThis chapter contains reference information on Red Hat Directory Server plug-ins.The con

Chapter 3. Plug-in Implemented Server Functionality Reference144Plug-in Parameter DescriptionConfigurable Arguments List of attributes (uid mail userP

Attribute Uniqueness Plug-in1453.1.4. Attribute Uniqueness Plug-inPlug-in Parameter DescriptionPlug-in Name Attribute Uniqueness Plug-inDN of Configur

2

Chapter 3. Plug-in Implemented Server Functionality Reference146Plug-in Parameter DescriptionDN of Configuration Entry cn=Binary Syntax, cn=plugins, c

Case Ignore String Syntax Plug-in147Plug-in Parameter DescriptionFurther Information3.1.8. Case Ignore String Syntax Plug-inPlug-in Parameter Descript

Chapter 3. Plug-in Implemented Server Functionality Reference148Plug-in Parameter DescriptionDN of Configuration Entry cn=Class of Service, cn=plugins

Distributed Numeric Assignment Plug-in149Plug-in Parameter DescriptionFurther Information3.1.13. Distributed Numeric Assignment Plug-inPlug-in Informa

Chapter 3. Plug-in Implemented Server Functionality Reference1503.1.15. HTTP Client Plug-inPlug-in Parameter DescriptionPlug-in Name HTTP ClientDN of

JPEG Syntax Plug-in151Plug-in Parameter Descriptionspecifies the location of the /etc/dirsrv/config/slapd-collations.conf file. Thisfile stores the co

Chapter 3. Plug-in Implemented Server Functionality Reference152Plug-in Parameter DescriptionFurther Information See the "Configuring Directory D

Multi-master Replication Plug-in1533.1.22. Multi-master Replication Plug-inPlug-in Parameter DescriptionPlug-in Name Multi-master Replication Plug-inD

Chapter 3. Plug-in Implemented Server Functionality Reference154Plug-in Parameter DescriptionDefault Setting onConfigurable Arguments NoneDependencies

Postal Address String Syntax Plug-in155Storage Scheme Name Usage Notescompatibility for any entries stored in thedirectory with passwords encrypted wi

Chapter 2.3Core Server Configuration ReferenceThe configuration information for Red Hat Directory Server is stored as LDAP entries within thedirectory

Chapter 3. Plug-in Implemented Server Functionality Reference156Plug-in Parameter DescriptionFurther Information3.1.27. PTA Plug-inPlug-in Parameter D

Retro Changelog Plug-in157Plug-in Parameter Description-1= no check for referential integrity0= check for referential integrity is performedimmediatel

Chapter 3. Plug-in Implemented Server Functionality Reference158Plug-in Parameter Descriptionso that clients can use this suffix with or withoutpersis

Space Insensitive String Syntax Plug-in159Plug-in Information DescriptionFurther InformationTable 3.4. Details of Schema Reload Plug-in3.1.32. Space I

Chapter 3. Plug-in Implemented Server Functionality Reference160Plug-in Parameter DescriptionPerformance Related InformationFurther Information3.1.34.

List of Attributes Common to All Plug-ins161Plug-in Parameter DescriptionDescription Enables the use of views in the Directory Serverdatabases.Configu

Chapter 3. Plug-in Implemented Server Functionality Reference1623.2.2. nsslapd-pluginPathThis attribute specifies the full path to the plug-in.Plug-in

nsslapd-pluginId163Plug-in Parameter DescriptionExample nsslapd-pluginEnabled: on3.2.6. nsslapd-pluginIdThis attribute specifies the plug-in ID.Plug-i

Chapter 3. Plug-in Implemented Server Functionality Reference164Plug-in Parameter DescriptionSyntax DirectoryStringExample nsslapd-pluginDescription:

nsslapd-plugin-depends-on-named165Plug-in Parameter DescriptionSyntax DirectoryStringExample nsslapd-plugin-depends-on-type: database3.3.4. nsslapd-pl

Chapter 2. Core Server Configuration Reference4if a server identifier is phonebook, then for a Directory Server on Red Hat Enterprise Linux 5 (32-bit)

Chapter 3. Plug-in Implemented Server Functionality Reference1663.4.1.1. nsLookThroughLimitThis performance-related attribute specifies the maximum nu

Database Attributes under cn=config, cn=ldbm database, cn=plugins, cn=config167NOTEIf the nsslapd-cache-autosize attribute and nsslapd-cache-autosize-

Chapter 3. Plug-in Implemented Server Functionality Reference1683.4.1.5. nsslapd-dbcachesizeThis performance tuning-related attribute specifies the da

Database Attributes under cn=config, cn=ldbm database, cn=plugins, cn=config169Parameter DescriptionDefault Value 60Syntax IntegerExample nsslapd-db-c

Chapter 3. Plug-in Implemented Server Functionality Reference170This attribute is provided only for system modification/diagnostics and should be chan

Database Attributes under cn=config, cn=ldbm database, cn=plugins, cn=config171The use of this attribute causes internal Directory Server database fil

Chapter 3. Plug-in Implemented Server Functionality Reference172The nsslapd-db-logbuf-size attribute is only valid if the nsslapd-db-durable-transacti

Database Attributes under cn=config, cn=ldbm database, cn=plugins, cn=config1733.4.1.15. nsslapd-db-page-sizeThis attribute specifies the size of the

Chapter 3. Plug-in Implemented Server Functionality Reference174WARNINGSetting this value will reduce data consistency and may lead to loss of data. T

Database Attributes under cn=config, cn=ldbm database, cn=plugins, cn=config175Parameter DescriptionExample nsslapd-db-trickle-percentage: 403.4.1.19.

LDIF and Schema Configuration Files5Configuration Filename Purpose10rfc2307.ldif Schema from RFC 2307, "An Approach for UsingLDAP as a Network In

Chapter 3. Plug-in Implemented Server Functionality Reference1763.4.1.21. nsslapd-directoryThis attribute specifies absolute path to database instance

Database Attributes under cn=config, cn=ldbm database, cn=plugins, cn=config177In Directory Server, the import operation can be run as a server task o

Chapter 3. Plug-in Implemented Server Functionality Reference1783.4.1.24. nsslapd-modeThis attribute specifies the permissions used for newly created

Database Attributes under cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config and cn=userRoot, cn=ldbm database, cn=plugins, cn=config1793.4.3. D

Chapter 3. Plug-in Implemented Server Functionality Reference1803.4.3.2. nsslapd-cachememsizeThis performance tuning-related attribute specifies the s

Database Attributes under cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config and cn=userRoot, cn=ldbm database, cn=plugins, cn=config181Paramete

Chapter 3. Plug-in Implemented Server Functionality Reference182Parameter DescriptionEntry DN cn=database_name, cn=ldbm database,cn=plugins, cn=config

Database Attributes under cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config and cn=userRoot, cn=ldbm database, cn=plugins, cn=config183Paramete

Chapter 3. Plug-in Implemented Server Functionality Reference184Allowed AttributesAttribute DefinitionvlvEnabled11Stores the availability of the brows

Database Attributes under cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config and cn=userRoot, cn=ldbm database, cn=plugins, cn=config185Attribut

Configuration and Command ReferenceRed Hat Directory Server 8.1 Configuration and CommandReference Edition 8.1.10Author Ella Deon LackeyCopyright ©

Chapter 2. Core Server Configuration Reference62.1.2. How the Server Configuration Is OrganizedThe dse.ldif file contains all configuration informatio

Chapter 3. Plug-in Implemented Server Functionality Reference186Parameter DescriptionEntry DN cn=index_name, cn=userRoot, cn=ldbmdatabase, cn=plugins,

Database Attributes under cn=database, cn=monitor, cn=ldbm database, cn=plugins, cn=config187nsslapd-db-clean-pagesThis attribute shows the clean page

Chapter 3. Plug-in Implemented Server Functionality Reference188nsslapd-db-log-write-rateThis attribute shows the number of megabytes and bytes writte

Database Attributes under cn=default indexes, cn=config, cn=ldbm database, cn=plugins, cn=config189Parameter DescriptionEntry DN cn=default indexes, c

Chapter 3. Plug-in Implemented Server Functionality Reference190Attribute DefinitionnsMatchingRule17Identifies the matching rule.3.4.5.4. nsIndexTypeT

Database Attributes under cn=monitor, cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config191Parameter DescriptionValid Values Any valid collation

Chapter 3. Plug-in Implemented Server Functionality Reference192dbfilepageoutThis attribute gives the number of pages for this file written from cache

Database Attributes under cn=index, cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config and cn=index, cn=UserRoot, cn=ldbm database, cn=plugins,

Chapter 3. Plug-in Implemented Server Functionality Reference194Parameter DescriptionEntry DN cn=attribute_name, cn=index,cn=database_name, cn=ldbm da

Database Link Plug-in Attributes (Chaining Attributes)1953.4.8.1. nsAttributeEncryption (Object Class)This object class is used for core configuration

Accessing and Modifying Server Configuration7Some of these attributes are common to all plug-ins, and some may be particular to a specific plug-in.Che

Chapter 3. Plug-in Implemented Server Functionality Reference196Figure 3.4. Database Link Plug-inAll plug-in technology used by the database link inst

Database Link Attributes under cn=config, cn=chaining database, cn=plugins, cn=config197Parameter DescriptionEntry DN cn=config, cn=chaining database,

Chapter 3. Plug-in Implemented Server Functionality Reference1983.5.2. Database Link Attributes under cn=default instance config,cn=chaining database,

Database Link Attributes under cn=default instance config, cn=chaining database, cn=plugins, cn=config199Parameter DescriptionValid Range 0 to 5Defaul

Chapter 3. Plug-in Implemented Server Functionality Reference2003.5.2.7. nsConcurrentOperationsLimitThis attribute specifies the maximum number of con

Database Link Attributes under cn=default instance config, cn=chaining database, cn=plugins, cn=config201Parameter DescriptionEntry DN cn=default inst

Chapter 3. Plug-in Implemented Server Functionality Reference202Parameter DescriptionSyntax IntegerExample nsslapd-timelimit: 36003.5.3. Database Link

Database Link Attributes under cn=database_link_name, cn=chaining database, cn=plugins, cn=config2033.5.3.2. nsFarmServerURLThis attribute gives the L

Chapter 3. Plug-in Implemented Server Functionality Reference2043.5.3.5. nshoplimitThis attribute specifies the maximum number of times a database is

Retro Changelog Plug-in Attributes205nsRenameCountThis attribute gives the number of rename operations received.nsSearchBaseCountThis attribute gives

Chapter 2. Core Server Configuration Reference8aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow(all) groupdn = &quo

Chapter 3. Plug-in Implemented Server Functionality Reference206• The modification action; that is, exactly how the directory was modified.It is throu

Distributed Numeric Assignment Plug-in Attributes207Parameter DescriptionSyntax DirectoryString Integer AgeIDAgeID is s for seconds, m for minutes, h

Chapter 3. Plug-in Implemented Server Functionality Reference208Parameter DescriptionExample dnaMagicRegen: magic3.7.3. dnaMaxValueThis attribute sets

dnaNextValue209Parameter DescriptionDefault Value NoneSyntax DirectoryStringExample dnaNextRange: 100-5003.7.5. dnaNextValueThis attribute gives the n

Chapter 3. Plug-in Implemented Server Functionality Reference210Parameter DescriptionEntry DN cn=Distributed Numeric Assignment Plugin,cn=plugins, cn=

dnaThreshold211Parameter DescriptionSyntax DNExample dnaSharedCfgDN: cn=range transfer user,cn=config3.7.10. dnaThresholdOne potential situation with

Chapter 3. Plug-in Implemented Server Functionality Reference212membership is not reflected in the member's user entry, so it is impossible to te

Chapter 4.213Server Instance File ReferenceThis chapter provides an overview of the files that are specific to an instance of Red Hat DirectoryServer

Chapter 4. Server Instance File Reference214File or Directory LocationLog files /var/log/dirsrv/slapd-instance_namePID /var/run/dirsrvTools /usr/bin/u

Database Files215__db.001 __db.003 __db.005 NetscapeRoot/__db.002 __db.004 DBVERSION log.0000000007 userRoot/Example 4.1. Database Directory C

Changing Configuration Attributes9The entire configuration, including attributes that always take default values, can be viewed byperforming an ldapse

Chapter 4. Server Instance File Reference2164.5. LDIF FilesSample LDIF files are stored in the /var/lib/dirsrv/slapd-instance_name/ldif directory fors

Log Files217For more information on using LDAP utilities, see the Directory Server Administrator's Guide.4.7. Log FilesEach Directory Server inst

Chapter 4. Server Instance File Reference218ldapcompare ldapdelete-bin ldappasswd ldapsearch-binExample 4.8. LDAP Tool Directory Contents4.10.

Chapter 5.219Log File ReferenceRed Hat Directory Server (Directory Server) provides logs to help monitor directory activity. Monitoringhelps quickly d

Chapter 5. Log File Reference2205.1.1. Access Logging LevelsDifferent levels of access logging generate different amounts of detail and record differe

Default Access Logging Content221[21/Apr/2009:11:39:53 -0700] conn=13 op=3 RESULT err=0 tag=120 nentries=0 etime=0[21/Apr/2009:11:39:53 -0700] conn=13

Chapter 5. Log File Reference222[21/Apr/2009:11:39:51 -0700] conn=11 op=0 RESULT err=0 tag=97 nentries=0 etime=0In Section 5.1.2, “Default Access Logg

Default Access Logging Content223Tag Descriptiontag=107 A result from a delete operation.tag=109 A result from a moddn operation.tag=111 A result from

Chapter 5. Log File Reference224• ABANDON for abandon operationIf the LDAP request resulted in sorting of entries, then the message SORT serialno will

Default Access Logging Content225targetPosition:contentCount (resultCode)The example below highlights the VLV-specific entries:[07/May/2009:11:43:29 -

Chapter 2. Core Server Configuration Reference10nsslapd-tmpdir nsSSL2nsSSL3 nsSSLclientauthnsSSLSessionTimeout nsslapd-conntablesizensslapd-lockdir ns

Chapter 5. Log File Reference226Extended Operation Name Description OIDDirectory Server EndReplication RequestSent to indicate that areplication sessi

Access Log Content for Additional Access Logging Levels227[21/Apr/2009:11:39:52 -0700] conn=12 op=2 ABANDON targetop=NOTFOUND msgid=2NOTEThe Directory

Chapter 5. Log File Reference228[12/Jul/2009:16:45:46 +0200] conn=Internal op=-1 SRCH base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config&

Common Connection Codes2295.1.4. Common Connection CodesA connection code is a code that is added to the closed log message to provide additionalinfor

Chapter 5. Log File Reference2305.2.1. Error Log Logging LevelsThe error log can record different amounts of detail for operations, as well as differe

Error Log Content231Setting Console Name Description4096 Housekeeping Housekeeping threaddebugging.8192 Replication Logs detailed informationabout eve

Chapter 5. Log File Reference232• The plug-in being called, for internal operations.• Functions called by the plug-in, for internal operations.• Messa

Error Log Content for Other Log Levels233[timestamp] NSMMReplicationPlugin - agmt="name" (consumer_host:consumer_port): current_taskFor exam

Chapter 5. Log File Reference234[09/Jan/2009:13:44:48 -0500] NSMMReplicationPlugin - agmt="cn=example2" (alt:13864): replay_update: Consumer

Audit Log Reference235NOTEExample 5.5, “Example ACL Plug-in Error Log Entry with Plug-in Logging” shows bothplug-in logging and search filter processi

cn=config112.3.1.1. nsslapd-accesslog (Access Log)This attribute specifies the path and filename of the log used to record each LDAP access. Thefollow

Chapter 5. Log File Reference236 timestamp: date dn: modified_entry changetype: action action:attribute attribute:new_value - replace: modif

LDAP Result Codes237 - replace: modifytimestamp modifytimestamp: 20090109181810Z -Example 5.8. Audit Log ContentThe audit log does not have any other

Chapter 5. Log File Reference238Result Code Defined Value Result Code Defined Value36 ALIAS_DEREFERENCING_PROBLEMTable 5.5. LDAP Result Codes

Chapter 6.239Command-Line UtilitiesThis chapter contains reference information on command-line utilities used with Red Hat DirectoryServer (Directory

Chapter 6. Command-Line Utilities240-D "cn=Patricia Fuentes, ou=people, dc=example,dc=Bolivia\, S.A."6.3. Command-Line Utilities Quick Refer

ldapsearch241• SSL Options• SASL Options• Additional ldapsearch OptionsSyntax ldapsearch -b basedn -s scope [ optional_options ] "(attribute=filt

Chapter 6. Command-Line Utilities242Option Description-b Specifies the starting point for the search. Thevalue specified here must be a distinguishedn

ldapsearch243Option Descriptioninstalled. If a host is not specified, ldapsearchuses the local host. For example:-h mozilla-l Specifies the maximum nu

Chapter 6. Command-Line Utilities244Option DescriptionIf a dash (-) is used as the password value,the utility prompts for the password after thecomman

ldapsearch245Option Descriptionis useful with the -C for persistent searchesbecause it prints any entry modifications withoutdelay and without the sea

Chapter 2. Core Server Configuration Reference12Parameter DescriptionEntry DN cn=configValid Values • 0 - No access logging• 4 - Logging for internal

Chapter 6. Command-Line Utilities246Option Description-3 Specifies that hostnames should be checked inSSL certificates.-I Specifies the SSL key passwo

ldapsearch247Option Description-Q Specifies the token and certificate name, whichis separated by a semi-colon (:) for PKCS11.-W Specifies the password

Chapter 6. Command-Line Utilities248Option Description• secProp, the security properties• realm, the Kerberos realm• flagsThe expected values depend o

ldapsearch249Required or Optional Option Description Example• noactive — Do notpermit mechanismssusceptible to activeattacks.• nodict — Do notpermit m

Chapter 6. Command-Line Utilities250Required or Optional Option Description Examplewhen using integrityor privacy settings.Table 6.7. Description of C

ldapsearch251Required or Optional Option Description Example• maxssf — Requirea maximum securitystrength; this optionneeds a numericvalue specifyingbi

Chapter 6. Command-Line Utilities252Required or Optional Option Description Example• minssf — Requirea minimum securitystrength; this optionneeds a nu

ldapsearch253Option Description-e Minimizes the base-64 encoding for the values ofreturned entries.-F Specifies a different separator. This option all

Chapter 6. Command-Line Utilities254Option DescriptionThis argument can input the bind DN, base DN,and the search filter pattern in the specifiedchara

ldapsearch255Option Description-O 2-R Specifies that referrals are not to be followedautomatically. By default, referrals are followedautomatically.-S

cn=config13Parameter DescriptionSyntax DirectoryStringExample nsslapd-accesslog-logbuffering: off2.3.1.5. nsslapd-accesslog-logexpirationtime (Access

Chapter 6. Command-Line Utilities256Option Description-X Specifies the getEffectiveRights controlspecific attribute list, where attributes areseparate

ldapmodify257Option Description-D "uid=bjensen, dc=example,dc=com"This option cannot be used with the -N option.-f Option that specifies the

Chapter 6. Command-Line Utilities258Option Description-w Specifies the password associated with thedistinguished name specified in the -D option.For e

ldapmodify259Option Descriptionauthentication credentials specified on -D and -w.-P Specifies the absolute path, including thefilename, of the certifi

Chapter 6. Command-Line Utilities260Option Description-o Specifies SASL options. The format is -osaslOption=value. saslOption can have one ofsix value

ldapmodify261Option Descriptionldapmodify reads the contents of thephoto.jpeg file into the jpegPhoto attributebeing added to the entry.As an alternat

Chapter 6. Command-Line Utilities262Option Description-O 2-R Specifies that referrals are not to be followedautomatically.-v Specifies that the utilit

ldapdelete263Option Description-D "uid=bjensen, dc=example,dc=com"For more information on access control, seethe "Managing Access Contr

Chapter 6. Command-Line Utilities264SSL OptionsUse the following options to specify that ldapdelete use LDAPS when communicating with theDirectory Ser

ldapdelete265Option Descriptionthe -P option calls out a path and filenamesimilar to the following:-P /etc/dirsrv/slapd-instance_name/client-cert.db-Q

Chapter 2. Core Server Configuration Reference14Attribute Value Logging Enabled or Disablednsslapd-accesslog-logging-enablednsslapd-accesslogonempty s

Chapter 6. Command-Line Utilities266Option Description• realm, the Kerberos realm• flagsThe expected values depend on the supportedmechanism. The -o c

ldappasswd267Option Description-R Specifies that referrals are not to be followedautomatically. By default, the server followsreferrals.-v Specifies t

Chapter 6. Command-Line Utilities268Option Description-a Specifies the user's existing password. Forexample:-a old_password-S Specifies that the

ldappasswd269Option DescriptionThe -D option cannot be used with the -N option.For more information on access control, seethe "Managing Access Co

Chapter 6. Command-Line Utilities270Option DescriptionIf this option is specified, then the -D and -woptions must not be specified, or certificate-bas

ldappasswd271Option Description-Z Specifies that SSL is to be used for the searchrequest.-ZZ Specifies the Start TLS request. Use this optionto make a

Chapter 6. Command-Line Utilities272ExamplesThe following examples provide show how to perform various tasks using the ldappasswd command.The Director

ldif273ldappasswd -h myhost -o "mech=GSSAPI" -SExample 6.6. User Already Authenticating by Kerberos Prompts for a New Password6.8. ldifldif

Chapter 6. Command-Line Utilities274Option DescriptionNOTEThe :< URL specifier notationonly works if LDIF statementis version 1 or later, meaningve

dbscan275Option Parameter Description-K entry_id Specifies the entry to ID to lookup.Table 6.24. Entry File OptionsNOTEThe index file options, listed

cn=config152.3.1.9. nsslapd-accesslog-logminfreediskspace (Access Log MinimumFree Disk Space)This attribute sets the minimum allowed free disk space i

Chapter 6. Command-Line Utilities276dbscan -s -f /var/lib/dirsrv/slapd-instance_name/db/userRoot/objectclass.db4Example 6.11. Displaying the Summary o

Chapter 7.277Command-Line ScriptsThis chapter provides information on the scripts for managing Red Hat Directory Server, such asbacking-up and restori

Chapter 7. Command-Line Scripts278Shell Script Descriptionlib/dirsrv/slapd-instance_name/bakdirectory.start-slapd Starts Directory Server.stop-slapd S

Shell Scripts279Script Name Description Perl or Shell Scriptcl-dump.pl Dumps and decodes thechangelog.Perlds_removal Removes a server instance. Shelll

Chapter 7. Command-Line Scripts280• Section 7.3.6, “dbverify (Checks for Corrupt Databases)”• Section 7.3.7, “ds_removal”• Section 7.3.8, “ldif2db (Im

cl-dump (Dumps and Decodes the Changelog)281Option Descriptionto restore a single database; it is not necessaryto use the n option to restore the enti

Chapter 7. Command-Line Scripts282Option Descriptioncommas to separate roots. If the option isomitted, all the replica roots will be dumped.-v Prints

db2index (Reindexes Database Index Files)283Option Description-a outputFile Gives the name of the output LDIF file.-C Uses only the main database file

Chapter 7. Command-Line Scripts284UsageHere are a few sample commands:• Reindex all the database index files:db2index• Reindex cn and givenname in the

ds_removal285IMPORTANTNever run dbverify when a modify operation is in progress. This command callsthe BerkeleyDB utility db_verify and does not perfo

iiiAbout This Reference ix1. Director

Chapter 2. Core Server Configuration Reference16Parameter DescriptionValid Range 0 through 23Default Value 0Syntax IntegerExample nsslapd-accesslog-lo

Chapter 7. Command-Line Scripts286Options Option Parameter Description-f Forces the removal of theinstance. This can be useful ifthe instance is not r

ldif2ldap (Performs Import Operation over LDAP)287Option DescriptionBy default, a time-based unique ID is generated.When using the deterministic gener

Chapter 7. Command-Line Scripts288OptionsOption Description-D rootdn Gives a user DN with root permissions, such asDirectory Manager.-f filename Gives

repl-monitor (Monitors Replication Status)289Option Descriptionreplication information. For more informationabout the configuration file, see Configur

Chapter 7. Command-Line Scripts290lowmark = colorThe connection section defines how this tool may connect to each LDAP server in the replicationtopolo

pwdhash (Prints Encrypted Passwords)29160 = #FFCCCCA shadow port can be set in the replication monitor configuration file. For example:host:port=shado

Chapter 7. Command-Line Scripts292Exit Code Description3 Server could not be stopped.Table 7.13. restart-slapd Exit Status Codes7.3.14. restoreconfig

stop-slapd (Stops the Directory Server)293OptionsThere are no options for this script.Exit Status CodesExit Code Description0 Server started successfu

Chapter 7. Command-Line Scripts2947.3.19. vlvindex (Creates Virtual List View Indexes)To run the vlvindex script, the server must be stopped. The vlvi

bak2db.pl (Restores a Database from Backup)295• Section 7.4.10, “migrate-ds-admin.pl”• Section 7.4.7, “ldif2db.pl (Import)”• Section 7.4.8, “logconv.p

cn=config172.3.1.14. nsslapd-accesslog-logrotationtimeunit (Access Log RotationTime Unit)This attribute sets the units for the nsslapd-accesslog-logro

Chapter 7. Command-Line Scripts296Option Description-t databaseType The database type. The only possible databasetype is ldbm.-v Verbose mode.-w passw

db2bak.pl (Creates a Backup of a Database)297Option Description-P bindCert Specifies the path, including the filename, to thecertificate database that

Chapter 7. Command-Line Scripts2987.4.4. db2index.pl (Creates and Generates Indexes)Creates and generates the new set of indexes to be maintained foll

db2ldif.pl (Exports Database Contents to LDIF)299OptionsTo run this script, the server must be running, and either the -n or -s option is required.Opt

Chapter 7. Command-Line Scripts3007.4.6. fixup-memberof.pl (Regenerate memberOf Attributes)Regenerates and updates memberOf on user entries to coordin

ldif2db.pl (Import)301Option Description-c Merges chunk size.-D rootdn Specifies the user DN with root permissions,such as Directory Manager.-E Decryp

Chapter 7. Command-Line Scripts302Option Description-w password Specifies the password associated with the userDN.-w - Prompts for the password associ

logconv.pl (Log Converter)303• Lists of the most frequently occurring parameters in LDAP requests provide insight into how thedirectory information is

Chapter 7. Command-Line Scripts304Option Descriptionwill list the ten client machines that access theDirectory Server most often. This parameter willa

migrate-ds.pl305Option Descriptionc Lists the number of occurrences for each type ofconnection code.i Lists the IP addresses and connection codesof th

Chapter 2. Core Server Configuration Reference18Parameter DescriptionEntry DN cn=configValid Range 1 to the maximum 32 bit integer value(2147483647)De

Chapter 7. Command-Line Scripts306NOTEThis script only migrates a Directory Server instance, not an Administration Server.Information can be passed wi

migrate-ds.pl307Option Alternate Options Description--instance -i This parameter specifies aspecific instance to migrate.This parameter can be usedmul

Chapter 7. Command-Line Scripts3087.4.10. migrate-ds-admin.plThe migrate-ds-admin.pl script is used to migrate a Directory Server 7.1 instance to Dire

migrate-ds-admin.pl309Option Alternate Options Descriptioncase, the oldsroot parametersets the directory from whichthe migration is run (such asmachin

Chapter 7. Command-Line Scripts310Option Alternate Options DescriptionIf this is not set, then themigration information is writtento a temporary file,

ns-inactivate.pl (Inactivates an Entry or Group of Entries)311Syntaxns-activate.pl [ -D rootdn ] [ -w password | -w - | -j filename ] [ -p port ] [ -h

Chapter 7. Command-Line Scripts312Option Description-j filename Specifies the path, including the filename, to thefile that contains the password asso

register-ds-admin.pl313Option Description-v Verbose mode.-w password Specifies the password associated with the userDN.-? Opens the help page.Table 7.

Chapter 7. Command-Line Scripts314When the instance is removed, it is shutdown and all of its configuration files are removed. Certificatedatabase fil

repl-monitor.pl (Monitors Replication Status)315Option Description-r If specified, causes the routine to be enteredwithout printing the HTML header in

cn=config19/usr/lib/mozldap/ldapsearch -D "cn=directory manager" -b "dc=example,dc=com" -s sub "(objectclass=*)"When una

Chapter 7. Command-Line Scripts316A server may have a dedicated or shared entry in the connection section. The script will find out themost matched en

schema-reload.pl (Reload Schema Files Dynamically)317When the replication monitor finds a replication agreement that uses the specified port, it will

Chapter 7. Command-Line Scripts318NOTEThis script only creates a Directory Server instance, not an Administration Server. Forthe new instance to work,

setup-ds-admin.pl319Option Alternate Options Descriptiontmp/setuprandom.inf, like/tmp/setuplGCZ8H.inf.WARNINGThe cachefile containsthe cleartextpasswo

Chapter 7. Command-Line Scripts320Options Option Alternate Options Description--silent -s This runs the register scriptin silent mode, drawing theconf

verify-db.pl (Check for Corrupt Databases)321Option Alternate Options Description--logfile name -l This parameter specifies alog file to which to writ

Chapter 7. Command-Line Scripts322Option Descriptiondb.pl command, then it uses the defaultdatabase directory, /var/lib/dirsrv/slapd-instance_name/db.

323Appendix A. Using the ns-slapdCommand-Line UtilitiesChapter 7, Command-Line Scripts discussed the scripts for performing routine administration tas

Appendix A. Using the ns-slapd Command-Line Utilities324Option Description-d debugLevel Specifies the debug level to use during thedb2ldif runtime. Fo

Utilities for Restoring and Backing up Databases: ldif2db325Option Descriptionthe configuration directory, do not excludeo=NetscapeRoot.Table A.1. db2

Chapter 2. Core Server Configuration Reference20Attributes in dse.ldif Value Logging enabled or disablednsslapd-auditlog-logging-enablednsslapd-auditl

Appendix A. Using the ns-slapd Command-Line Utilities326Option DescriptionUse this option to import the same LDIF file intotwo different Directory Ser

Utilities for Restoring and Backing up Databases: db2archive327OptionsOption Description-D configDir Specifies the location of the serverconfiguration

Appendix A. Using the ns-slapd Command-Line Utilities328Option DescriptionSection 2.3.1.44, “nsslapd-errorlog-level (ErrorLog Level)”.-D configDir Spe

329GlossaryAaccess control instruction See ACI.access control list See ACL.access rights In the context of access control, specify the level of access

Glossary330authentication (1) Process of proving the identity of the client user to the DirectoryServer. Users must provide a bind DN and either the c

331certificate A collection of data that associates the public keys of a network userwith their DN in the directory. The certificate is stored in the

Glossary332CoS A method for sharing attributes between entries in a way that isinvisible to applications.CoS definition entry Identifies the type of C

333IP address for a hostname from a DNS server, or they look it up intables maintained on their systems.DNS alias A DNS alias is a hostname that the D

Glossary334Hhostname A name for a machine in the form machine.domain.dom, which istranslated into an IP address. For example, www.example.com isthe ma

335LLDAP Lightweight Directory Access Protocol. Directory service protocoldesigned to run over TCP/IP and across multiple platforms.LDAP client Softwa

cn=config212.3.1.23. nsslapd-auditlog-logexpirationtimeunit (Audit Log ExpirationTime Unit)This attribute sets the units for the nsslapd-auditlog-loge

Glossary336master See supplier.master agent See SNMP master agent.matching rule Provides guidelines for how the server compares strings during asearch

337NIS Network Information Service. A system of programs and datafiles that Unix machines use to collect, collate, and share specificinformation about

Glossary338permission In the context of access control, permission states whether access tothe directory information is granted or denied and the leve

339referential integrity Mechanism that ensures that relationships between related entriesare maintained within the directory.referral (1) When a serv

Glossary340schema checking Ensures that entries added or modified in the directory conform to thedefined schema. Schema checking is on by default, and

341SSL A software library establishing a secure connection between twoparties (client and server) used to implement HTTPS, the secureversion of HTTP.

Glossary342topology The way a directory tree is divided among physical servers and howthese servers link with one another.Transport Layer Security See

343IndexSymbols00core.ldifldif files, 401common.ldifldif files, 405rfc2247.ldifldif files, 405rfc2927.ldifldif files, 410presence.ldifldif files, 410r

Index344Cchangelogmulti-master replication changelog, 71changeLog, 73changelog configuration attributeschangelogmaxentries, 72nsslapd-changelogdir, 71

345nsTaskCurrentItem, 106nsTaskExitCode, 106nsTaskLog, 106nsTaskStatus, 105, 107ttl, 107entries, 104task invocation configuration entries, 104cn=backu

Chapter 2. Core Server Configuration Reference222.3.1.25. nsslapd-auditlog-logmaxdiskspace (Audit Log Maximum DiskSpace)This attribute sets the maximu

Index346retro changelog plug-in configurationattributes, 205SASL configuration attributes, 99SNMP configuration attributes, 100suffix configuration at

347nsslapd-accesslog-logexpirationtime, 13nsslapd-accesslog-logexpirationtimeunit, 13nsslapd-accesslog-logging-enabled, 13nsslapd-accesslog-logmaxdisk

Index348nssnmpdescription, 101nssnmpenabled, 100nssnmplocation, 101nssnmpmasterhost, 101nssnmpmasterport, 102nssnmporganization, 100nsSSL2 attribute,

349dbcachetries, 178dbfilecachehit, 191dbfilecachemiss, 191dbfilenamenumber, 191dbfilepagein, 191dbfilepageout, 192description, 189nsIndexType, 190nsL

Index350dbcachepageout attribute, 178dbcacheroevict attribute, 178dbcacherwevict attribute, 178dbcachetries attribute, 178dbfilecachehit attribute, 19

351additional options, 266commonly used options, 262SASL options, 265ssl options, 264syntax, 262ldapmodify command-line utilityadditional options, 260

Index352command-line perl script, 310quick reference, 278ns-inactivate.plcommand-line perl script, 311quick reference, 278ns-newpolicy.plquick referen

353nsOperationConnectionCount attribute, 205nsOperationConnectionsLimit attribute, 200nsPrintKey, 113nsProxiedAuthorization attribute, 200nsReferralOn

Index354nsslapd-db-page-rw-evict-rate attribute, 188nsslapd-db-page-size attribute, 173nsslapd-db-page-trickle-rate attribute, 188nsslapd-db-page-writ

355nssnmpenabled attribute, 100nssnmplocation attribute, 101nssnmpmasterhost attribute, 101nssnmpmasterport attribute, 102nssnmporganization attribute

cn=config23For example, to rotate audit log files every day at midnight, enable this attribute by setting its value toon, and then set the values of t

Index356nsAbandonedSearchCheckInterval, 198nsActiveChainingComponents, 196nsAddCount, 204nsBindConnectionCount, 205nsBindConnectionsLimit, 198nsBindCo

357nsslapd-require-index, 181nsslapd-suffix, 181nsSubStrBegin, 192nsSubStrEnd, 193nsSubStrMiddle, 193nsSystemIndex, 191nsTimeLimit, 201nsTransmittedCo

Index358nsState, 85object classes, 79restart, 291restart-slapdcommand-line shell script, 291quick reference, 277restarting serverrequirement for certa

359nsds7DirectoryReplicaSubtree, 95nsds7DirsyncCookie, 95nsds7NewWinGroupSyncEnabled, 95nsds7NewWinUserSyncEnabled, 95nsds7WindowsDomain, 96nsds7Windo

360

Chapter 2. Core Server Configuration Reference24number of units. The units (day, week, month, and so forth) are given by the nsslapd-auditlog-logrotat

cn=config25Parameter DescriptionValid Range -1 | 1 to the maximum 32 bit integer value(2147483647), where a value of -1 means thelog file is unlimited

Configuration and Command Referenceiv2.4.8. nsDSWindowsReplicationAgreement (Object Class) ... 1262.4.9. nsMapp

Chapter 2. Core Server Configuration Reference26• 7 - Read, write, and executeIn the 3-digit number, the first digit represents the owner's permi

cn=config272.3.1.37. nsslapd-configThis read-only attribute is the config DN.Parameter DescriptionEntry DN cn=configValid Values Any valid configurati

Chapter 2. Core Server Configuration Reference28Parameter DescriptionEntry DN cn=configValid Values on | offDefault Value onSyntax DirectoryStringExam

cn=config29Parameter DescriptionDefault Value offSyntax DirectoryStringExample nsslapd-enquote-sup-oc: off2.3.1.43. nsslapd-errorlog (Error Log)This a

Chapter 2. Core Server Configuration Reference302.3.1.44. nsslapd-errorlog-level (Error Log Level)This attribute sets the level of logging for the Dir

cn=config31Parameter Descriptionneeded. Use 128 for very detailed processingmessages.Default Value 16384Syntax IntegerExample nsslapd-errorlog-level:

Chapter 2. Core Server Configuration Reference32Parameter DescriptionSyntax DirectoryStringExample nsslapd-errorlog-logexpirationtimeunit: week2.3.1.4

cn=config33Parameter DescriptionValid Range -1 (unlimited) | 1 to the maximum 32 bit integervalue (2147483647)Default Value -1Syntax IntegerExample ns

Chapter 2. Core Server Configuration Reference342.3.1.53. nsslapd-errorlog-logrotationsyncmin (Error Log Rotation SyncMinute)This attribute sets the m

cn=config35Parameter DescriptionValid Values month | week | day | hour | minuteDefault Value weekSyntax DirectoryStringExample nsslapd-errorlog-logrot

v3.2.5. nsslapd-pluginEnabled ... 1623.2.6. nsslapd-pluginId ...

Chapter 2. Core Server Configuration Reference362.3.1.58. nsslapd-errorlog-mode (Error Log File Permission)This attribute sets the access mode or file

cn=config37Parameter DescriptionExample nsslapd-groupevalnestlevel: 52.3.1.60. nsslapd-idletimeout (Default Idle Timeout)This attribute sets the amoun

Chapter 2. Core Server Configuration Reference38Parameter DescriptionSyntax IntegerExample nsslapd-ioblocktimeout: 18000002.3.1.63. nsslapd-lastmod (T

cn=config39Parameter DescriptionEntry DN cn=configValid Values on | offDefault Value offSyntax DirectoryStringExample nsslapd-ldapiautobind: off2.3.1.

Chapter 2. Core Server Configuration Reference402.3.1.67. nsslapd-ldapigidnumbertype (Attribute Mapping for SystemGUID Number)Autobind can be used to

cn=config41Parameter DescriptionExample nsslapd-ldapimaprootdn: cn=Directory Manager2.3.1.70. nsslapd-ldapimaptoentries (Enable Autobind Mapping forRe

Chapter 2. Core Server Configuration Reference422.3.1.72. nsslapd-listenhost (Listen to IP Address)This attribute allows multiple Directory Server ins

cn=config43Parameter DescriptionEntry DN cn=configValid Values Any valid userDefault ValueSyntax DirectoryStringExample nsslapd-localuser: nobody2.3.1

Chapter 2. Core Server Configuration Reference442.3.1.77. nsslapd-maxdescriptors (Maximum File Descriptors)This attribute sets the maximum, platform-d

cn=config45Parameter DescriptionExample nsslapd-maxdescriptors: 10242.3.1.78. nsslapd-maxsasliosize (Maximum SASL Packet Size)When a user is authentic

Configuration and Command Referencevi3.7.11. dnaType ...

Chapter 2. Core Server Configuration Reference462.3.1.80. nsslapd-nagleWhen the value of this attribute is off, the TCP_NODELAY option is set so that

cn=config47Parameter DescriptionDefault Value 389Syntax IntegerExample nsslapd-port: 389NOTESet the port number to zero (0) to disable the LDAP port i

Chapter 2. Core Server Configuration Reference48Parameter DescriptionEntry DN cn=configValid Values on | offDefault Value offSyntax DirectoryStringExa

cn=config49Parameter DescriptionEntry DN cn=configValid Values Any valid LDAP URL in the form>ldap://server-locationDefault ValueSyntax DirectorySt

Chapter 2. Core Server Configuration Reference50• ChainingBackendDescriptors is NchainingBackend times the nsOperationConnectionsLimit (achaining or d

cn=config51For information on changing the root DN, see the "Creating Directory Entries" chapter in the DirectoryServer Administrator's

Chapter 2. Core Server Configuration Reference52Parameter DescriptionValid Values Any encryption method as described inSection 2.3.1.142, “passwordSto

cn=config53Parameter DescriptionValid Values on | offDefault Value offSyntax DirectoryStringExample nsslapd-schema-ignore-trailing-spaces: on2.3.1.97.

Chapter 2. Core Server Configuration Reference54be owned by the server user ID, and that user must have read and write permissions to the directory.Th

cn=config55The server has to be restarted for the port number change to be taken into account.Parameter DescriptionEntry DN cn=configValid Range 1 to

vii7.3.9. ldif2ldap (Performs Import Operation over LDAP) ... 2877.3.10. monitor (Retrieves Monitoring Infor

Chapter 2. Core Server Configuration Reference56Parameter DescriptionExample nsslapd-sizelimit: 20002.3.1.104. nsslapd-ssl-check-hostname (Verify Host

cn=config57Parameter DescriptionEntry DN cn=configValid Range 1 to the maximum number of threads supportedby the systemDefault Value 30Syntax IntegerE

Chapter 2. Core Server Configuration Reference58Parameter DescriptionEntry DN cn=configValid Values Any valid server version number.Default ValueSynta

cn=config592.3.1.112. passwordChange (Password Change)Indicates whether users may change their passwords.This can be abbreviated to pwdAllowUserChange

Chapter 2. Core Server Configuration Reference60Parameter DescriptionSyntax DirectoryStringExample passwordCheckSyntax off2.3.1.114. passwordExp (Pass

cn=config61a grace login. The server allows only a certain number of attempts before completely locking out theuser. This attribute is the number of g

Chapter 2. Core Server Configuration Reference62the Directory Server does not store any old passwords, and so users can reuse passwords. Enablepasswor

cn=config63This can be abbreviated to pwdLockOut.For more information on password policies, see the "Managing Users and Passwords" chapter i

Chapter 2. Core Server Configuration Reference64Parameter DescriptionExample passwordMaxAge: 1002.3.1.126. passwordMaxFailure (Maximum Password Failur

cn=config65Parameter DescriptionDefault Value 0Syntax IntegerExample passwordMin8Bit: 02.3.1.129. passwordMinAge (Password Minimum Age)Indicates the n

viii

Chapter 2. Core Server Configuration Reference66Parameter DescriptionValid Range 0 to 5Default Value 0Syntax IntegerExample passwordMinCategories: 22.

cn=config67Parameter DescriptionExample passwordMinLowers: 12.3.1.135. PasswordMinSpecials (Password Syntax)This attribute sets the minimum number of

Chapter 2. Core Server Configuration Reference68For more information on password policies, see the "Managing Users and Passwords" chapter in

cn=config69Parameter DescriptionExample passwordResetFailureCount: 6002.3.1.141. passwordRetryCountThis attribute counts the number of consecutive fai

Chapter 2. Core Server Configuration Reference70against hackers who try to break into the directory by repeatedly trying to guess a user's passwo

cn=changelog5712.3.2. cn=changelog5Multi-master replication changelog configuration entries are stored under the cn=changelog5 entry.The changelog beh

Chapter 2. Core Server Configuration Reference72Parameter DescriptionValid Values Any valid path to the directory storing thechangelogDefault Value No

cn=changelog5732.3.2.4. changesThis attribute contains the changes made to the entry for add and modify operations in LDIF format.OID 2.16.840.1.11373

Chapter 2. Core Server Configuration Reference74Multi- or Single-Valued Multi-valuedDefined in Changelog Internet Draft2.3.2.9. deleteOldRdnIn the cas

cn=encryption75Multi- or Single-Valued Multi-valuedDefined in Changelog Internet Draft2.3.3. cn=encryptionEncryption related attributes are stored und

ixAbout This ReferenceRed Hat Directory Server (Directory Server) is a powerful and scalable distributed directory serverbased on the industry-standar

Chapter 2. Core Server Configuration Reference76Parameter DescriptionEntry DN cn=encryption, cn=configValid Values on | offDefault Value offSyntax Dir

cn=features77Parameter Description• tls_rsa_export1024_with_des_cbc_shaDefault ValueSyntax DirectoryStringUse the plus (+) symbol to enable or minus (

Chapter 2. Core Server Configuration Reference782.3.5. cn=mapping tree• Configuration attributes for suffixes, replication, and Windows synchronizatio

Replication Attributes under cn=replica, cn="suffixDN", cn=mapping tree, cn=config79Parameter DescriptionExample nsslapd-state: backend2.3.6

Chapter 2. Core Server Configuration Reference802.3.7.2. nsds5DebugReplicaTimeoutThis attribute gives an alternate timeout period to use when the repl

Replication Attributes under cn=replica, cn="suffixDN", cn=mapping tree, cn=config81Each value should be the DN of a local entry on the cons

Chapter 2. Core Server Configuration Reference82Parameter DescriptionEntry DN cn=replica, cn=suffixDN, cn=mapping tree,cn=configValid Values true | fa

Replication Attributes under cn=replica, cn="suffixDN", cn=mapping tree, cn=config83This attribute specifies the interval, in seconds, to pe

Chapter 2. Core Server Configuration Reference84Periodically, the server runs an internal housekeeping operation to purge old updateand state informat

Replication Attributes under cn=ReplicationAgreementName, cn=replica, cn="suffixName", cn=mapping tree, cn=config852.3.7.16. nsds5TaskThis a