Red Hat DIRECTORY SERVER 7.1 Installation Manual Download Page 9

Page: 9 / 96

Chapter 1. Preparing for a Directory Server Installation

•

The directory must not already exist or must be empty.

•

When using tarballs, the server root directory must not be the same as the directory from which you

are running the setup program.

By default, the server root directory is /opt/redhat-ds/servers.

1.2.3. Deciding the User and Group for Your Servers

For security reasons, it is always best to run production servers with normal user privileges. That is,

you do not want to run Directory Server with root privileges. However, you will have to run Directory

Server with root privileges if you are using the default Directory Server ports. If Directory Server is

to be started by Administration Server, Administration Server must run either as root or as the same

user as Directory Server.
You must therefore decide which user accounts you will use for the following purposes:

•

The user and group under which you will run Directory Server.

Note

If you will not be running the Directory Server as root, it is strongly recommended that you create a

user account for all directory services. You should not use any existing operating system account

and must not use the nobody account. Also, you should create a common group for the directory

server files; again, you must not use the nobody group.

•

The user and group under which you will run Administration Server.
For installations that use the default port numbers, this must be root. However, if you use ports over

1024, then you should create a user account for all directory services and run Administration Server

as this account.
As a security precaution, when Administration Server is being run as root, it should be shut down

when it is not in use.

Note

On Linux, the group names must not contain spaces.

You should use a common group for all directory services, such as gid

DirectoryServer

, to ensure

that files can be shared between servers when necessary, and this GID should be the same across

all servers that will be running Directory Server since the Directory Server uses this GID to check

permissions. Also the UID of the users as whom the Directory Server will run should be the same on

all systems.
Before you can install Directory Server and Administration Server, you must make sure that the user

and group accounts you will use exist on your system.

1.2.4. Defining Authentication Entities

As you install Directory Server and Administration Server, you will be asked for various user names,

distinguished names (DN), and passwords. This list of login and bind entities will differ depending on

the type of installation that you are performing:

Summary of Contents for DIRECTORY SERVER 7.1

Page 1: ...Red Hat Directory Server 7 1 Red Hat Directory Server Installation Guide ...

Page 2: ...se V1 0 or later the latest version is presently available at http www opencontent org openpub Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder Distribution of the work or derivative of the work in any standard paper book form for commercial purposes is prohibited unless prior permission is obtained from the copy...

Page 3: ... Supported Platforms 9 2 1 1 32 bit Process 9 2 1 2 64 bit Process 10 2 2 Hardware Requirements 11 2 3 Operating System Requirements 12 2 3 1 dsktune Utility 12 2 3 2 Red Hat Enterprise Linux Server Operating System 12 2 3 3 HP UX 11i Operating System 15 2 3 4 Sun Solaris 9 Operating System 17 2 3 5 DNS and NIS Requirements 20 2 3 6 Installing the JRE 20 3 Using Express and Typical Installation 23...

Page 4: ...ver 47 6 3 2 Migrating a 6 x Replicated Site 53 6 3 3 Migrating a 6 x Multi Master Deployment 54 6 3 4 Managing Console Failover 55 6 4 Upgrading from Directory Server 7 x Versions 56 6 4 1 Before You Begin 56 6 4 2 Upgrading 57 6 4 3 After You Upgrade 57 7 Troubleshooting 59 7 1 Running dsktune 59 7 2 Common Installation Problems 61 Glossary 65 Index 89 ...

Page 5: ... dramatically reduces the effort of setting up and maintaining your directory service The directory console is part of Red Hat Console the common management framework for LDAP directory services SNMP Agent Permits you to monitor your directory server in real time using the Simple Network Management Protocol SNMP Online backup and restore Allows you to create backups and restore from backups while ...

Page 6: ...Directory Server Org Chart applica tion and explains how to integrate it with an instance of Directory Server Red Hat Directory Server DSML Gateway Guide Introduces the Red Hat Directory Server DSML Gateway function and explains how to customize it for use as an independent gateway For a list of documentation installed with Directory Server open this file ServerRoot manual en slapd index htm For t...

Page 7: ...tration functions such as stopping and starting servers installing new server instances and managing user and group information Red Hat Console can be installed as a stand alone application on any machine You can also install it on your network and use it to manage remote servers Red Hat Administration Server Administration Server is a common front end to all Directory Servers It receives communic...

Page 8: ...SL LDAPS for Directory Server see the Red Hat Directory Server Administration Guide Port numbers between 1 and 1024 have been assigned to various services by the Internet Assigned Numbers Authority Do not use port numbers below 1024 other than 389 or 636 for directory services as they will conflict with other services Directory Server must be run as root if it will listen on either port 389 or 636...

Page 9: ... create a common group for the directory server files again you must not use the nobody group The user and group under which you will run Administration Server For installations that use the default port numbers this must be root However if you use ports over 1024 then you should create a user account for all directory services and run Administration Server as this account As a security precaution...

Page 10: ... to log in as the configuration directory administrator The existence of this user ID means that you can access Administration Server and perform disaster recovery activities such as starting Directory Server reading log files and so forth Normally Adminis tration Server user and password should be identical to the configuration directory administrator ID and password 1 2 5 Determining Your Direct...

Page 11: ...rupting the configuration directory tree can result in the necessity of reinstalling all other Directory Servers that are registered in that configuration directory Remember the following guidelines when dealing with the configuration directory Always back up your configuration directory after you install a new Directory Server Never change the host name or port number used by the configuration di...

Page 12: ... the demands at your site In the latter case try to name your administration domains after the organizations that will control the servers in that domain For example if you are an ISP and you have three customers for whom you are installing and man aging Directory Server instances create three administration domains each named after a different customer 1 3 Installation Process Overview You can us...

Page 13: ...ual 3 Create the directory suffixes and databases You do not have to populate your directory now however you should create the basic structure for your tree including all major roots and branch points For information about the different methods of creating a directory entry refer to the Red Hat Directory Server Administration Guide 4 Create additional Directory Server instances and set up replicat...

Page 14: ...binaries file using the following command gzip dc filename tar gz tar xvof where filename corresponds to the product binaries that you want to unpack 1 3 4 Starting the ns slapd Process You will need to write an rc script to start the ns slapd process as it does not start automatically when the system boots 1 4 Installation Privileges You must install as root if you choose to run the server on a p...

Page 15: ...mary of Supported Platforms This release of Directory Server is supported on the platforms listed in Table 2 1 and Table 2 3 The sections that follow provide information that is specific to each of the supported platforms Section 2 1 1 32 bit Process Section 2 1 2 64 bit Process Before you install Directory Server check the required patches and kernel parameter settings as described in the section...

Page 16: ...r than 2 GB the machine must be configured to support large files you can do this by choosing largefile Other Requirements You must install as root in order to use well known port numbers such as 389 that are less than 1024 If you do not plan to use port numbers less than 1024 you do not need to install as root If you plan to run as root you should also install as root and specify nobody as the de...

Page 17: ...files you can do this by choosing largefile Other Requirements You must install as root in order to use well known port numbers such as 389 that are less than 1024 If you do not plan to use port numbers less than 1024 you do not need to install as root If you plan to run as root you should also install as root and specify nobody as the default run as user and group Table 2 4 Sun Solaris Platform R...

Page 18: ...erver the utility is placed along with the setup program in the directory where you unpack product binaries The setup program allows specifying of a pre pre installation program to be run before the Directory Server installation begins in the slapd inf file a new field named PrePreInstall is defined for specifying the path to the executable which must be relative to the setup program By default th...

Page 19: ...l Pentium series processors i686 The default kernel glibc revisions that comes along with Red Hat Enterprise Linux and the other kernel revisions with their corresponding glibc revisions as mentioned below Red Hat Enterprise Linux 3 Default kernel kernel 2 4 21 3 EL Kernel used for certification kernel 2 4 21 27 0 2 EL Default glibc glibc 2 3 2 95 3 glibc used for certification glibc 2 3 2 95 33 R...

Page 20: ... x x If the machine is a multi CPU machine the corresponding kernel would be of the form kernel smp x x x x You can get the list of software installed on your system including patches by running rpm qa 2 3 2 4 Tuning the System This section contains some basic system tuning information Changing any of the following kernel tuning parameters requires a system reboot NFS Tuning This tuning is recomme...

Page 21: ...hes Section 2 3 3 4 Tuning the System Section 2 3 3 5 Installing Third Party Utilities 2 3 3 1 Verifying Disk Space Requirements Ensure that you have sufficient disk space before downloading the software Download drive 120 MB Installation drive 2 GB 2 3 3 2 Verifying Required System Modules Directory Server is not supported on HP UX 10 or earlier versions The minimum system module required is HP U...

Page 22: ...uning the System Set your kernel parameters as follows Set maxfiles to 1024 Set nkthread to 1328 nkthread is a computed value NPROC 7 4 16 Set max_thread_proc to 512 Set maxusers to 64 Set maxuprc to 512 Set nproc to 750 Typically client applications that do not properly shut down the socket cause it to linger in a TIME_WAIT state To prevent this you should consider changing the TIME_WAIT setting ...

Page 23: ... Section 2 3 4 5 Setting File Descriptors Section 2 3 4 6 Tuning TCP Parameters In addition to these recommendations be sure to check Sun s website for the latest information per taining to your operating system version For example you should read the Solaris Operating En vironment Security Sun Blueprint at http www sun com blueprints 0100 security pdf for advice on guarding against potential secu...

Page 24: ...le 2 5 and the patches identified by the dsktune utility we recommend that you check the operating system vendor s web site for information on installing the latest version of the patch clusters to benefit from the latest fixes You must reboot your machine after installing the patches 112998 03 SunOS 5 9 patch usr sbin syslogd 112875 01 SunOS 5 9 patch usr lib netsvc rwall rpc rwalld 113146 04 Sun...

Page 25: ...ent the maximum is 1024 It can be raised to 4096 by adding a line such as set rlim_fd_max 4096 to etc system and rebooting the system Caution This parameter should not be raised above 4096 without first consulting your Sun Solaris support representative since it may affect the stability of the system You should also set the soft limit for file descriptors ulimit n in csh limit desc 1024 Use the ds...

Page 26: ...ould be decreased by adding a line to the etc init d inetinit file similar to the following ndd set dev tcp tcp_smallest_anon_port 8192 2 3 5 DNS and NIS Requirements Prior to installation it is necessary to have configured the DNS resolver or NIS domain name The DNS resolver is typically set by the file etc resolv conf However also check the file etc nsswitch conf and on Solaris etc netconfig to ...

Page 27: ... j2re 1_4_2_05 solaris sparc sh This extracts a new JRE directory called j2re 1 4 2_05 When you first run setup you are asked for the JRE path Fill in the absolute path as follows export redhat jre j2re1 4 2_04 If you are doing a silent installation set the JRE path as an environment variable before running setup export NSJRE tmp java jre j2re1 4 2_04 ...

Page 28: ...22 Chapter 2 Computer System Requirements ...

Page 29: ...file using the following command gunzip dc filename tar gz tar xvof where filename corresponds to the product binaries you want to unpack 5 Run the setup program You can find it in the directory in which you untarred or unzipped the binary files 6 Issue the following command setup 7 You will need to download a copy of the JRE for use with Directory Server When asked for the location of the unpacka...

Page 30: ... not modify the contents of the directory under the o NetscapeRoot suffix Either create data under the first suffix or create a new suffix to be used for this purpose For details on how to create new suffixes for your Directory Server see the Red Hat Directory Server Administration Guide 3 2 Installing on Solaris and HP UX using a Typical Installation Most first time installations of Directory Ser...

Page 31: ... hostname is not a fully qualified host and domain name installation will fail Refer to Section 7 2 Common Installation Problems for more information about entering a fully qualified domain name 16 The setup program then asks you for the System User and the System Group names Enter the identity under which you want the servers to run For more information on the user and group names that you should...

Page 32: ...N can be short and does not have to conform to any suffix configured for your directory However it should not correspond to an actual entry stored in your directory For the Directory Manager password enter a value that is at least 8 characters long 24 For Administration Domain enter the domain to which you want this server to belong The name you enter should be a unique string that is descriptive ...

Page 33: ... qualified host and domain name installation will fail Refer to Section 7 2 Common Installation Problems for more information about entering a fully qualified domain name 9 The setup program then asks you for the System User and the System Group names Enter the identity under which you want the servers to run For more information on the user and group names that you should use when running your se...

Page 34: ... for the System User and the System Group names Enter the identity under which you want the servers to run For more information on the user and group names that you should use when running your servers refer to Section 1 2 3 Deciding the User and Group for Your Servers 9 For the configuration directory select the default if this directory will host your o NetscapeRoot tree Otherwise enter yes You ...

Page 35: ...DN can be short and does not have to conform to any suffix configured for your directory However it should not correspond to an actual entry stored in your directory For the Directory Manager password enter a value that is at least 8 characters long 16 For Administration Domain enter the domain to which you want this server to belong The name you enter should be a unique string that is descriptive...

Page 36: ...30 Chapter 3 Using Express and Typical Installation ...

Page 37: ...pply values for the appropriate instal lation directives and run the setup program with the s and f command line options The procedure below explains how to use silent installation 1 Log in as root 2 Create a new directory mkdir ds cd ds 3 If you have not already done so download the product binaries file to the installation directory 4 Unpack the product binaries file using the following command ...

Page 38: ... type that you want to duplicate To do this run setup with the k flag The setup program creates the following file serverRoot setup install inf This file contains all the directives that you would use with silent installation to create the server instance You can then use this file to create other server instances of that type You have to make some modifications to this file before you use it Spec...

Page 39: ...ith the Directory Server is merely a template an example of how to write your own For the file to work many of the parameters host name ports paths and so on in the file must be replaced with appropriate values It is also easy to generate your own silent installation file using the setup k option and modifying the resulting install inf file as needed 4 1 2 1 Sample File for Typical Installation Th...

Page 40: ...tion and you choose to use an existing Directory Server as the configuration directory General FullMachineName dir example com SuiteSpotUserID nobody SuiteSpotGroup nobody ServerRoot opt redhat ds servers AdminDomain example com ConfigDirectoryAdminID admin ConfigDirectoryAdminPwd admin ConfigDirectoryLdapURL ldap dir example com 25389 o NetscapeRoot UserDirectoryLdapURL ldap dir example com 18257...

Page 41: ... example com 389 o NetscapeRoot SuiteSpotUserID nobody SuiteSpotGroup nobody ConfigDirectoryAdminID admin ConfigDirectoryAdminPwd admin ServerRoot opt redhat ds servers Components svrcore base slapd admin base Components base client slapd Components slapd client admin Components admin client base jre 4 1 3 Specifying Silent Installation Directives This section describes the basic format of the fil...

Page 42: ...rective value directive value directive value Base directive value directive value directive value The keywords General slapd and admin are required They indicate that the directives that follow are meant for a specific aspect of the installation They must be provided in the file in the order indicated above 4 1 3 2 General Installation Directives General installation directives specify informatio...

Page 43: ...deployments ConfigDirectoryLdapURL Specifies the LDAP URL that is used to connect to your configuration directory LDAP URLs are described in the Red Hat Directory Server Administration Guide This directive is required AdminDomain Specifies the administration domain that this server is registered under Refer to Section 1 2 8 Determining the Administration Domain for more information about administr...

Page 44: ...ple if your machine s host name is phonebook then this name is the default and selecting it causes the Directory Server instance to be installed into a directory labeled slapd phonebook Suffix Specifies the suffix that you store your directory data under For information on suffixes see Section 1 2 5 Determining Your Directory Suffix This directive is required RootDN Specifies the distinguished nam...

Page 45: ... do remotely manage your servers and Red Hat Console is installed somewhere else on your network SysUser Specifies the user the Administration Server runs as For default installations that use the default port numbers this user must be root which is the default For information as to what users your servers should run refer to Section 1 2 3 Deciding the User and Group for Your Servers Port Specifie...

Page 46: ...ere is only one nsperl installation directive and it allows you to determine whether nsPerl is to be installed Table 4 6 lists the directive Directive Description Components Specifies whether nsperl that is bundled with Directory Server is to be installed This nsPerl is a CPAN perl built and maintained for use by Red Hat server products The nsperl561 Install nsPerl version 5 6 1 directive is requi...

Page 47: ... just want to create additional instances of the server from the commandline To create a new instance of Directory Server run this command from the ServerRoot bin slapd admin bin directory ds_create f filename Where filename is the silent instance creation file which must be similar to the file used with the setup program refer to Section 4 1 2 Preparing Silent Installation Files except that the f...

Page 48: ...42 Chapter 4 Silent Installation and Instance Creation DisableSchemaChecking No ...

Page 49: ...lick the Configuration tab then click the Network tab 3 In the Connection Restrictions Settings select IP Addresses to Allow from the pull down menu Click Edit 4 Change the IP Addresses field to the following This allows all clients access to Administration Server 5 Restart Administration Server You can now launch the online help by clicking any of the Help buttons in the Directory Server Console ...

Page 50: ... entries from another directory via LDIF or if you have more than a few entries to add at once For more information about LDIF refer to the Red Hat Directory Server Administration Guide Start your Directory Server with an empty database and import data over LDAP This method requires you to populate your directory using an LDAP client such as Directory Server Gateway or the ldapmodify command line ...

Page 51: ...n the system where your Directory Server is installed You must shut down your directory service before running the migration script if you do not the script shuts down the server The migration script performs the following tasks in sequence Checks the schema configuration files and notifies you of any changes between the standard con figuration files and the ones present on your system Creates a d...

Page 52: ...be stored in an LDIF file in the serverRoot slapd serverID config schema directory Before performing the migration check that the user defined variables contain the following associ ated values where server7Root is the path to where your new Directory Server 7 x is installed Set the following environment variables PERL5LIB server7Root bin slapd admin bin PATH server7Root bin slapd admin bin PATH W...

Page 53: ...ord for Directory Manager in Directory Server 7 x port is the LDAP port number assigned to Directory Server 7 x oldInstancePath is the path to the installation directory of the legacy Directory Server for example opt redhat ds server6 slapd serverID newInstancePath is the path to the installation directory of Directory Server 7 x for example opt redhat ds servers slapd serverID The following is an...

Page 54: ...r621 slapd marmot n export server71 slapd marmot Migration from 6 21 to 7 1 Directory Server Shutdown the legacy Directory Server instance export server621 slapd marmot Shutting down server slapd marmot Backup export server71 slapd marmot config on export server71 slapd marmot config_backup Where do you want to back up your configuration directory export server71 slapd marmot config_backup Migrate...

Page 55: ...No No y Do you want to export the existing data Yes No Yes y Enter the full pathname of the file export server71 slapd marmot db_backup backend1 ldif Existing data will be exported under export server71 slapd marmot db_backup backend1 ldif Continue Yes No No y Now backing up database backend1 in export server71 slapd marmot db_backup backend1 ldif Shutting down server slapd marmot ldiffile export ...

Page 56: ...M_BACKEND_INSTANCE cn userroot cn ldbm database cn plugins cn config already exists Migration will overwrite existing database Do you want to continue Yes No No n Migration will not update it Migrate mapping tree MAPPING_TREE cn dc example dc com cn mapping tree cn config already exists Migration will not add the suffix Migrate default indexes Migrate indexes Migrate replicas Migrate replication a...

Page 57: ...pages 1037 14 Apr 2005 17 57 26 0600 cache autosizing import cache 204800k 14 Apr 2005 17 57 26 0600 li_import_cache_autosize 50 import_pages 51200 pagesize 4096 14 Apr 2005 17 57 26 0600 WARNING Import is running with nsslapd db private import mem on No other process is allowed to access the database 14 Apr 2005 17 57 26 0600 dblayer_instance_start pagesize 4096 pages 524288 procpages 1041 14 Apr...

Page 58: ...r_instance_start pagesize 4096 pages 524288 procpages 1037 14 Apr 2005 17 57 30 0600 cache autosizing import cache 204800k 14 Apr 2005 17 57 30 0600 li_import_cache_autosize 50 import_pages 51200 pagesize 4096 14 Apr 2005 17 57 30 0600 WARNING Import is running with nsslapd db private import mem on No other process is allowed to access the database 14 Apr 2005 17 57 30 0600 dblayer_instance_start ...

Page 59: ...o to build ancestorid index 14 Apr 2005 17 57 31 0600 import backend2 Flushing caches 14 Apr 2005 17 57 31 0600 import backend2 Closing files 14 Apr 2005 17 57 32 0600 import backend2 Import complete Processed 0 entries in 1 seconds 0 00 entries sec Migrate Changelog Migrate ReplicaBindDN entries Migrate MultiplexorBindDN entries End of migration Migration started at Thu Apr 14 23 49 02 2005 Migra...

Page 60: ...u must use the same port numbers in your new installations that you used in your legacy servers The instructions are written with these assumptions Your deployment consists of separate configuration and standard access instances of Directory Server You are migrating to Directory Server 7 x The migration process can be summarized into these steps 1 Stop directory writes on both masters Warning It i...

Page 61: ...er is migrated test replication to make sure that it is working correctly 6 After you finish this process for the first master repeat the steps for the other masters You may wish to set up multi master replication for o NetscapeRoot between the instances on the masters 6 3 3 2 Hub Migration To migrate a 6 x hub 1 Stop your Directory Server 6 x 2 Install Directory Server 7 x registering against the...

Page 62: ...t ldap configHostname configPort o 3DNetscapeRoot serverRoot slapd serverID config dse ldif nsslapd pluginarg0 ldap configHostname configPort o 3DnetscapeRoot 3 Turn off the Pass through Authentication PTA Plug in on server2 by editing its dse ldif file a In a text editor open this file serverRoot slapd serverID config dse ldif b Locate the entry for the PTA plug in dn cn Pass Through Authenticati...

Page 63: ...tion directory setup The setup program asks if you would like to proceed with the setup 8 Press Enter to respond with the default the default for this prompt is Yes or press n if you would like to exit the setup program 9 Next the setup program asks you if you agree to the license terms Press y to agree with the license terms 10 When you are asked what you would like to install press Enter to sele...

Page 64: ...58 Chapter 6 Migrating from Previous Versions ...

Page 65: ...ot installed To run dsktune 1 Change to the installation directory for your Directory Server By default this directory is opt redhat ds servers 2 Change to the bin slapd server subdirectory 3 As root enter the following command dsktune The following is an example of output that dsktune generates dsktune does not itself make any changes to the system Executing tmp redhat dsktune Red Hat Directory S...

Page 66: ...ctions if the destination server is down NOTICE If the directory service is intended only for LAN or private high speed WAN environment this interval can be reduced by adding an entry similar to the following to etc rc config d nddconf file TRANSPORT_NAME 10 tcp NDD_NAME 10 tcp_ip_abort_cinterval NDD_VALUE 10 10000 NOTICE The NDD tcp_ip_abort_interval is currently set to 75000 milliseconds 75 seco...

Page 67: ...ry using the host name If that does not work use the fully qualified name such as www domain com and make sure the server is listed in the DNS If that does not work use the IP address If your NIS domain is different from your DNS domain the fully qualified host and domain name presented by the installer may be incorrect These values must be corrected to use the DNS domain name The port is in use Y...

Page 68: ...en running the server on Red Hat Enter prise Linux The package may or may not be installed depending on the options that were chosen when the operating system was installed If the package is not installed you get an error similar to the one in Example 7 2 18 Jun 2002 10 56 39 failure 4322 Configuration initialization failed Error running init function load modules dlopen of export dstest bin https...

Page 69: ...Directory Server Administration Guide Is there a way to debug Directory Server installation and uninstallation problems Some problems may develop when you uninstall Directory Server and then reinstall Logging has been enhanced to report setup and uninstall problems with detailed error messages to provide you with enough information to fix the problem The setup log file is located in the following ...

Page 70: ...64 Chapter 7 Troubleshooting ...

Page 71: ...hts can be granted or denied read write add delete search compare selfwrite proxy and all account inactivation Disables a user account group of accounts or an entire domain so that all authentication attempts are automatically rejected All IDs Threshold A size limit which is globally applied to every index key managed by the server When the size of an individual ID list reaches this limit the serv...

Page 72: ...receives from clients to the host authentication 1 Process of proving the identity of the client user to the Directory Server Users must provide a bind DN and either the corresponding password or certificate in order to be granted access to the directory Directory Server allows the user to perform functions or access files and directories based on the permissions granted to that user by the direct...

Page 73: ...iew World Wide Web material stored as HTML files The browser uses the HTTP protocol to communicate with the host server browsing index Also virtual view index Speeds up the display of entries in the Directory Server Console Brows ing indexes can be created on any branchpoint in the directory tree to improve display perfor mance C CA See Certificate Authority cascading replication In a cascading re...

Page 74: ... server itself chaining A method for relaying requests to another server Results for the request are collected compiled and then returned to the client changelog A changelog is a record that describes the modifications that have occurred on a replica The supplier server then replays these modifications on the replicas stored on consumer servers or on other masters in the case of multi master repli...

Page 75: ...ormation might include the sequence of letters in the alphabet or how to compare letters with accents to letters without accents consumer Server containing replicated directory trees or subtrees from a supplier server consumer initiated replication Replication configuration where consumer servers pull directory data from supplier servers consumer server In the context of replication a server that ...

Page 76: ...ta database link An implementation of chaining The database link behaves like a database but has no persistent storage Instead it points to data stored remotely default index One of a set of default indexes created per database instance Default indexes can be modified although care should be taken before removing them as certain plug ins may depend on them definition entry See CoS definition entry...

Page 77: ...y s name and location in an LDAP directory DIT See directory tree DN See distinguished name DM See Directory Manager DNS Domain Name System The system used by machines on a network to associate standard IP ad dresses such as 198 93 93 10 with hostnames such as www example com Machines normally get the IP address for a hostname from a DNS server or they look it up in tables maintained on their syst...

Page 78: ...ries that may match the client application s search request equality index Allows you to search efficiently for entries containing a specific attribute value F file extension The section of a filename after the period or dot that typically defines the type of file for example GIF and HTML In the filename index html the file extension is html file type The format of a given file For example graphic...

Page 79: ...tion H hostname A name for a machine in the form machine domain dom which is translated into an IP address For example www example com is the machine www in the subdomain example and com do main HTML Hypertext Markup Language The formatting language used for documents on the World Wide Web HTML files are plain text files with formatting codes that tell browsers such as the Mozilla Firefox how to d...

Page 80: ...irectory uses is composed of a table of index keys and matching entry ID lists indirect CoS An indirect CoS identifies the template entry using the value of one of the target entry s attributes international index Speeds up searches for information in international directories IP address Also Internet Protocol address A set of numbers separated by dots that specifies the actual location of a machi...

Page 81: ... Format LDAP URL Provides the means of locating Directory Servers using DNS and then completing the query via LDAP A sample LDAP URL is ldap ldap example com LDBM database A high performance disk based database consisting of a set of large files that contain all of the data assigned to it The primary data store in Directory Server LDIF LDAP Data Interchange Format Format used to represent Director...

Page 82: ...ntified with an official name and a numeric identifier expressed in dot notation managed role Allows creation of an explicit enumerated list of members management information base See MIB mapping tree A data structure that associates the names of suffixes subtrees with databases master agent See SNMP master agent master server The server that contains the master copy of the directory trees or subt...

Page 83: ...e Management Information Base namespace The means for directory data to be named and refer enced Also called the directory tree monetary format Specifies the monetary symbol used by specific region whether the symbol goes before or after its value and how monetary units are represented multi master replication An advanced replication scenario in which two servers each hold a copy of the same read ...

Page 84: ... NIS Network Information Service A system of programs and data files that UNIX machines use to collect collate and share specific information about machines users filesystems and network parameters throughout a network of computers NMS Also Network Management Station Powerful workstation with one or more network manage ment applications installed ns slapd Red Hat s LDAP Directory Server daemon or ...

Page 85: ... unless explicitly requested P parent access When granted indicates that users have access to entries below their own in the directory tree if the bind DN is the parent of the targeted entry pass through authentication See PTA pass through subtree In pass through authentication the PTA directory server will pass through bind requests to the authenticating directory server from all clients whose DN...

Page 86: ...how devices on a network exchange information protocol data unit See PDU proxy authentication A special form of authentication where the user requesting access to the directory does not bind with its own DN but with a proxy DN proxy DN Used with proxied authorization The proxy DN is the DN of an entry that has access permissions to the target on which the client application is attempting to perfor...

Page 87: ...pended to the string to form the full distinguished name referential integrity Mechanism that ensures that relationships between related entries are maintained within the di rectory referral 1 When a server receives a search or update request from an LDAP client that it cannot process it usually sends back to the client a pointer to the LDAP sever that can process the request 2 In the context of r...

Page 88: ...d credentials used by the supplier to bind to the consumer and how the connection is secured RFC Request for Comments Procedures or standards documents submitted to the Internet community People can send comments on the technologies before they become accepted standards role An entry grouping mechanism Each role has members which are the entries that possess the role role based attributes Attribut...

Page 89: ...is on by default and users will receive an error if they try to save an entry that does not conform to the schema Secure Sockets Layer See SSL self access When granted indicates that users have access to their own entries if the bind DN matches the targeted entry Server Console Java based application that allows you to perform administrative management of your Directory Server from a GUI server da...

Page 90: ... read write replicas to consumer servers In a single master replication scenario the supplier server maintains a changelog SIR See supplier initiated replication slapd LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication See also ns slapd SNMP Also Simple Network Management Protocol Used to monitor and manage application processes running...

Page 91: ...he top of the directory tree below which data is stored Multiple suffixes are possible within the same directory Each database only has one suffix superuser The most privileged user available on UNIX machines The superuser has complete access priv ileges to all files on the machine Also called root supplier Server containing the master copy of directory trees or subtrees that are replicated to con...

Page 92: ...rtic ular ACI applies target entry The entries within the scope of a CoS TCP IP Transmission Control Protocol Internet Protocol The main network protocol for the Internet and for enterprise company networks template entry See CoS template entry time date format Indicates the customary formatting for times and dates in a specific region TLS Also Transport Layer Security The new standard for secure ...

Page 93: ...er is necessary only on selected servers and it is often assigned by the server freeing the user of having to place it in the URL V virtual list view index Also browsing index Speeds up the display of entries in the Directory Server Console Virtual list view indexes can be created on any branchpoint in the directory tree to improve display performance X X 500 standard The set of ISO ITU T document...

Page 94: ...88 Glossary ...

Page 95: ... i 1 directory suffix 4 dsktune utility 12 ds_create creates new DS instance 41 E express install defined 6 express install using 23 H help launching 43 I install inf 32 installation components 1 configuration decisions 1 preparing for 1 process overview new installations 7 requirements 9 installation overview Red Hat Enterprise Linux 12 installation process selecting 6 installation process overvi...

Page 96: ...x 13 disk space Solaris 17 DNS and NIS 20 operating system 12 system modules Red Hat Enterprise Linux 13 system patches Red Hat Enterprise Linux 14 root directory tree 4 root DN directory manager 4 S server root 2 setup program using from command line 31 silent install defined 7 silent install creating install files 32 directives admin 39 base 40 general 36 nsperl 40 perldap 40 slapd 37 typical in...

Search results

Summary of Contents for DIRECTORY SERVER 7.1

Reviews:

Related manuals for DIRECTORY SERVER 7.1

Brands by name

Popular brands

Red Hat DIRECTORY SERVER 7.1, Installation Manual

Search results

Summary of Contents for DIRECTORY SERVER 7.1

Reviews:

Related manuals for DIRECTORY SERVER 7.1

Brands by name

Popular brands