Sun Microsystems Netscape Enterprise Server Administrator'S Manual Download Page 117 | Manualshive

Page: 117 / 532

background image

Chapter 5, Working with Server Security

117

About Enterprise Server Security

•

The server additionally gathers information from the client certificate and
matches it with a user entry in an LDAP directory. This ensures that the
client has a valid certificate and an entry in the LDAP directory. It can also
ensure that the client certificate matches the one in the LDAP directory.

Note

A Netscape server must have SSL turned on to use client certificates, and the
Enterprise Administration Server must trust the CA that issued the certificate to
the client. For information on trusting CAs, see “Managing Certificates,” on page
126.

You can configure the web server so that it refuses any client that doesn’t have
a client certificate from a trusted CA. This differs from access control in that all
requests must be through SSL connections and they must be from clients who
have certificates from trusted CAs. For details on configuring trusted CAs, see

Managing Servers with Netscape Console.

128-Bit Step-Up Certificates

Enterprise Server 4.0 supports different levels of encryption strengths,
depending on the capability of the client. International versions of
Communicator normally support only 40-bit encryption, but can also support
stronger encryption (up to triple DES, which provides 168-bit encryption) with
servers that have a special “step-up” certificate. For more information about
step-up certificates, visit the following page:

http://developer.netscape.com/tech/security/stepup/stepup.html

For more information about installing certificates in Enterprise Server, see “The
Install a Server Certificate Page,” in the online help.

Configuring Enterprise Server for SSL

This section explains how to get client certificate authentication working with
Netscape Enterprise Server. When you have finished following the procedures
outlined in this chapter, you will have a web server that requires a user to
present a valid client SSL certificate in order to access restricted areas on the
server. The certificate that the user presents must match the certificate that was
published to the LDAP directory when it was issued.

«
...
115
116
117
118
119
...
»

Summary of Contents for Netscape Enterprise Server

Page 1: ...L http www Internet server security news URL HTML mail Inter navigator community system electronic commerce JavaScript Proxy Mozilla certificate ublishing Publishing Cha encryption secure sockets layer SSL Administrator s Guide Netscape Enterprise Server Version 4 0 806 2823 10 September 1999 ...

Page 2: ...LAR PURPOSE OR NON INFRINGEMENT ARE DISCLAIMED EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID Netscape Netscape Navigator Netscape Certificate Server Netscape DevEdge Netscape FastTrack Server Netscape ONE SuiteSpot and the Netscape N and Ship s Wheel logos are registered trademarks of Netscape Communications Corporation in the United States and other countries Other Net...

Page 3: ...ise Server Documentation 26 Further Reading 28 Contacting Technical Support 29 Part 1 Server Basics Chapter 1 Introduction to Enterprise Server 33 Netscape Enterprise Server 33 Enterprise Server Features 34 Administering and Managing Enterprise Servers 35 Netscape Enterprise Server Architecture 36 Content Engines 37 Server Extensions 37 Runtime Environments 38 Application Services 38 How Enterpris...

Page 4: ...inistering Enterprise Servers 57 Accessing Enterprise Administration Server 57 Unix Platforms 58 Windows NT Platforms 58 Adding a Server Running Multiple Servers 60 Hardware Virtual Servers 60 Software Virtual Servers 60 Multiple Server Instances 61 Installing Multiple Instances of the Server 61 Removing a Server 62 Migrating a Server From a Previous Version 63 Part 2 Using Enterprise Administrati...

Page 5: ...1 About Users and Groups 82 Creating Users 83 Guidelines for Creating User Entries 83 How to Create a New User Entry 84 Directory Server User Entries 84 Managing Users 86 Finding User Information 86 Building Custom Search Queries 87 Search Attribute Options 88 Search Type Options 89 Editing User Information 90 Managing a User s Password 91 Managing User Licenses 92 Renaming Users 92 Removing Users...

Page 6: ...5 Removing Groups 105 Renaming Groups 106 Creating Organizational Units 106 Managing Organizational Units 107 Finding Organizational Units 107 The Find all units whose Field 108 Editing Organizational Unit Attributes 109 Renaming Organizational Units 109 Deleting Organizational Units 110 Managing a Preferred Language List 110 Chapter 5 Working with Server Security 113 About Enterprise Server Secur...

Page 7: ...1 Module 131 Using SSL Configuration File Directives 131 Security 131 SSL2 132 SSL3 132 Ciphers 132 SSL3Ciphers 133 SSL3SessionTimeout 133 SSLCacheEntries 133 SSLClientAuth 133 SSLSessionTimeout 133 Using Client Certificates 134 Mapping Client Certificates to LDAP 134 Using the certmap conf File 136 Creating Custom Properties 139 Example Mappings 139 Changing the Trust Database Key Pair File Passw...

Page 8: ...tion 154 Removing Servers from a Cluster 155 Managing Server Clusters 155 Part 3 Configuring and Monitoring Chapter 7 Configuring Server Preferences 159 Starting and Stopping the Server 160 Setting the Termination Timeout 160 Restarting the Server Unix 161 Restarting With Inittab Unix 162 Restarting With the System RC Scripts Unix 162 Restarting the Server Manually Unix 162 Stopping the Server Man...

Page 9: ...3 About Log Files 184 Viewing an Access Log File 184 Viewing the Error Log File 185 Monitoring the Server Using HTTP 186 Archiving Log Files 187 Internal daemon Log Rotation 188 Cron based Log Rotation 188 Setting Log Preferences 189 Easy Cookie Logging 190 Relaxed Logging 190 Flushing the Log Buffer 191 Running the Log Analyzer 191 Using Performance Monitor Windows NT 193 Viewing Events Windows N...

Page 10: ...cation Variables 212 Configuring the SNMP Master Agent 213 Starting the SNMP Master Agent 214 Manually Starting the SNMP Master Agent 214 Starting the SNMP Master Agent Using Enterprise Admin Server 215 Configuring the SNMP Master Agent 215 Configuring the Community String 215 Configuring Trap Destinations 216 Enabling the Subagent 216 Chapter 10 Configuring the Server for Performance 219 About Se...

Page 11: ...its 238 KeepAliveFlushes 238 Cache Information 238 enabled 239 CacheEntries CurrentCacheEntries MaxCacheEntries 239 CacheSize CurrentCacheSize MaxCacheSize 239 Hit Ratio CacheHits CacheLookups Ratio 239 pollInterval 240 maxFileSize 240 DNS Cache Information 240 enabled 240 CacheEntries CurrentCacheEntries MaxCacheEntries 241 HitRatio CacheHits CacheLookups Ratio 241 Native Threads Pool 241 Idle Pe...

Page 12: ...rval 248 SmallFileSizeLimit 248 SmallFileSpace 249 MediumFileSizeLimit Unix 249 MediumFileSpace 249 TransmitFile 249 File Cache Dynamic Control and Monitoring 250 Cache init 251 File Cache Tuning 253 MaxFiles SmallFileSpace and MediumFileSpace 253 MaxAge 254 FlushInterval 254 SmallFileSizeLimit 254 Improving Servlet Performance 254 Thread Pools 255 Common Performance Problems 256 Low Memory Situat...

Page 13: ...s of Server Side Applications That Run on the Server 268 How Server Side Applications are Installed on the Server 269 Java Servlets and JavaServerPages JSP 269 Overview of Servlets and JavaServerPages 270 What Does the Server Need to Run Servlets and JSP 271 Enabling Servlets and JSP 271 Making Servlets Available to Clients 272 Specifying Servlet Directories 272 Configuring Global Attributes 273 C...

Page 14: ...pt Programs 290 Activating Server Side JavaScript 290 Running the Application Manager 291 Securing the Application Manager 293 Installing Server Side JavaScript Applications 294 Application URLs 297 Controlling Access to a Server Side JavaScript Application 298 Modifying Installation Parameters 298 Removing a Server Side JavaScript Application 299 Starting Stopping and Restarting a Server Side Jav...

Page 15: ...18 Setting Up Hardware Virtual Servers for ISPs 319 Migrating Hardware Virtual Server Configuration Files 321 Setting up Software Virtual Servers 322 Changing the Character Set 323 Chapter 14 Controlling Access to Your Server 325 What Is Access Control 326 User Group Authentication 327 Username and Password Authentication 327 Client Certificate Authentication 328 Host IP Authentication 330 Access ...

Page 16: ... 361 Before You Start 361 Server Features That Must Be Enabled 361 Netshare Directory Naming Conventions 362 The Netshare Configuration File 362 Marking Users As Licensed 363 Access Control For Netshare 364 Using the Server Manager 364 The Set Up Netshare Page 365 The Create Netshare Page 365 Using the Netshare Command line Utility 367 Syntax of the Netshare Utility 368 Netshare Utility Examples 3...

Page 17: ...uring Your Pattern Files 398 Configuring Manually 400 The Configuration Files 400 Adjusting the Maximum Number of Attributes 401 Restricting Memory for Indexing 402 Restricting Your Index File Size 402 Removing Access to the Web Publishing Collection 402 Indexing Your Documents 403 About Collections 403 About Collection Attributes 404 Installing Filters 406 Creating a New Collection 407 Configurin...

Page 18: ...426 Canceling Stemming 426 Modifying Operators 427 Determining Which Operators To Use 427 Using Wildcards 431 Non alphanumeric Characters 433 Wildcards as Literals 433 Customizing the Search Interface 434 Dynamically Generated Headers and Footers 434 HTML Pattern Files 435 Search Function Syntax 437 URL Encodings 438 Required Search Arguments 439 Using Pattern Variables 439 User defined Pattern Va...

Page 19: ... C Internationalized Enterprise Server 465 General Information 465 Installing the Server 466 Entering 8 bit Text 466 File or Directory Names 466 LDAP Users and Groups 466 Using the Accept Language Header 467 Language Settings in Configuration Files 468 Server side JavaScript Information 469 Specifying the Character Set for the Compiler 469 Specifying the Character Set With the META Tag 471 Using S...

Page 20: ...rontPage 479 Overview 479 Types of FrontPage Webs 480 Domain Names And Frontpage Webs 481 Security Issues 481 Downloading the Extensions 482 Getting Ready for Installation 483 Space Requirements 483 Preliminary Tasks 483 Some Additional Considerations 484 Installing FrontPage Server Extensions 484 Installing FrontPage Server Extensions on Windows NT Systems 484 Installing FrontPage97 Server Extens...

Page 21: ...ise Server Documentation Further Reading Contacting Technical Support What s In This Guide This guide explains how to install and configure the Netscape Enterprise Server After configuring your server use this guide to help maintain your server After you install the server this guide is available in HTML format in the server root at manual https ag in your server root directory How This Guide Is O...

Page 22: ...he contents and attributes of documents on your servers Finally the appendices address specific reference topics that describe the various topics including HyperText Transfer Protocol HTTP server configuration files ACL files internationalization issues server extensions and the Enterprise Server user interface reference which you may want to review Note that the user interface appendix is availab...

Page 23: ...es the concept of clustering Netscape servers and explains how you can use them to share configurations among servers Part III Configuring and Monitoring This part includes examples of how to use the Server Manager to configure and monitor your Enterprise Servers The following chapters are included Chapter 7 Configuring Server Preferences describes how to configure server preferences for your Nets...

Page 24: ... Enterprise Server content control access to your Enterprise Servers how to use Netscape Web Publisher to collaborate on projects and how to search the contents and attributes of documents on your servers The following chapters are included Chapter 13 Managing Server Content describes how you can configure and manage your server s content Chapter 14 Controlling Access to Your Server describes the ...

Page 25: ...s in the user interface of Enterprise Administration Server and Server Manager of Netscape Enterprise Server 4 0 This appendix is available in the online version only In addition a Glossary is included to define frequently used terms that may be unfamiliar to Netscape Enterprise Server administrators Conventions Used In This Guide The conventions used in this guide are as follows Italic This typef...

Page 26: ...om eng server webserver External web site Installing Netscape Enterprise Server and migrating your data to the new Netscape Enterprise Server 4 0 See http home netscape com eng server webserver 4 0 Installation Migration Guide Administering one or more Enterprise Servers using the Netscape Enterprise Administrator Server to manage and configure your servers and to perform the following tasks Setti...

Page 27: ... the basic directory service concepts and specific guidelines that you will need to deploy a production grade directory service Netscape Directory Server Deployment Manual Using the web publishing system This manual is included with your server in HTML format Netshare and Web Publisher User s Guide An overview of the programming technologies and APIs you can use to extend and modify the Enterprise...

Page 28: ...following URL http home netscape com eng server webserver 4 0 How to enable and implement servlets and JavaServerPages JSP in Enterprise Server 4 0 Programmer s Guide to Servlets in Enterprise Server 4 0 How to use Netscape Server Application Programmer s Interface NSAPI to build plugins to extend and modify the Enterprise Server The book also discusses the purpose and use of the configuration fil...

Page 29: ...ct specific Technical Support assistance please see the Product Support Page for the Netscape Enterprise Server at http help netscape com products server enterprise index html For general Technical Support assistance please see the Netscape Technical Support Page at http help netscape com ...

Page 30: ...Contacting Technical Support 30 Netscape Enterprise Server Administrator s Guide ...

Page 31: ...Part 1 Server Basics 31 1 Server Basics Introduction to Enterprise Server Administering Enterprise Servers ...

Page 32: ...32 Netscape Enterprise Server Administrator s Guide ...

Page 33: ...ludes the following sections Netscape Enterprise Server Netscape Enterprise Server Architecture How Enterprise Server is Configured Enterprise Administration Server Server Manager Netscape Console Sending Error Information to Netscape Netscape Enterprise Server Netscape Enterprise Server is an extremely powerful multi process multi threaded secure web server built on open standards that enables yo...

Page 34: ...ke capabilities via a web publishing applet and index document content in an intelligent way for easier content searching Enterprise wide manageability Including delegated administration cluster management and LDAP Lightweight Directory Access Protocol support LDAP integration with Netscape Directory Server enables you to store users and groups in a centralized directory In addition you can monito...

Page 35: ...rmance Delivers high performance for dynamic and secure content with features such as HTTP1 1 multi threading and support for SSL hardware accelerators Standards based Enterprise Server includes support for a wide range of web software standards including JDK 1 1 6 7 2 0 on Solaris NT Servlets 2 1 JavaServer Pages 92 HTTP 1 1 and various security based standards including PKCS 11 FIPS 140 and 128 ...

Page 36: ...n use the Server Manager For more information see Server Manager If you have other Netscape 4 0 Enterprise Servers you can manage them through the Netscape Console a client based Java application For more information see Netscape Console or Managing Servers with Netscape Console Netscape Enterprise Server Architecture The Netscape Enterprise Server incorporates a modular architecture that integrat...

Page 37: ...he Search engine enables Enterprise Server users to search the contents and attributes of documents on the server As the server administrator you can create a customized text search interface that works with various types of documents formats such as HTML Microsoft Word Adobe PDF and WordPerfect Enterprise Server converts many types of non HTML documents into HTML as it indexes them so that users ...

Page 38: ...erver rather than in a web browser SHTML and Server side JavaScript enable rapid development of dynamic content applications Web Application Interface WAI is a CORBA based programming interface that defines object interfaces to the HTTP request response data and server information Using WAI you can write a web application in C C or Java that accepts an HTTP request from a client processes it and r...

Page 39: ...rise Server reads the configuration files on startup and during client requests to map your choices with the desired server activity For more information about these files see Enterprise Server Configuration Files The server includes a number configuration files which are stored in server_root config when installed on your computer This section includes the following topics How Enterprise Server i...

Page 40: ...information regarding how you can configure a cluster of Enterprise Servers including important guidelines see About Clusters on page 149 in Chapter 6 Managing Server Clusters magnus conf the main Enterprise Server configuration file This file contains global server configuration information such as port security and so on This file sets the values for variables that configure the server during in...

Page 41: ...erver Content Note that you must restart the server every time you make changes to this file admpw the username and password file for the Enterprise Administrator Server superuser For more information see Changing the Superuser Settings on page 70 in Chapter 3 Setting Administration Preferences Single Server Configuration If you have installed Enterprise Server on a single server the installation ...

Page 42: ...fier acl files The file generated server identifier acl contains changes you make using the Server Manager access control forms after saving your changes genwork server identifier acl contains your changes before you save your changes https admserv contains the directories for Enterprise Administration Server This directory has the following subdirectories and files For Unix this directory contain...

Page 43: ...prise Administration Server configuration files logs contains the Enterprise Administration Server log files search contains the following directories admin and collections SessionData contains session database data from MMapSessionManager startsvr bat is the script that starts the Server Manager The Server Manager lets you configure all servers installed in the server root directory stopsvr bat i...

Page 44: ...r server side JavaScript Note that this is available only if JavaScript was installed search contains information for your server s search plugins snmp contains information for your server s SNMP plugins setup contains the various Enterprise Server setup files userdb contains user databases and related information wai contains information and sample code for using the Web Application Interface WAI...

Page 45: ... Server is a web based server that contains the Java and JavaScript forms you use to configure all of your Netscape Enterprise Servers After installing Enterprise Server you use your browser to navigate to the Enterprise Administration Server page and use its forms to configure your Enterprise Servers When you submit the forms the Enterprise Administration Server modifies the configuration for the...

Page 46: ...tion Server provides the following tabs for other administration level tasks Preferences Global Settings Users and Groups Security Cluster Mgmt Cluster Management Note You must enable cookies in your browser to run the CGI programs necessary for configuring your server For more information on using the Enterprise Administration Server including information regarding these administration level task...

Page 47: ...he Enterprise Administration Server Servers page 2 In the Manage Servers area select the desired server and click Manage Enterprise Server displays the Server Manager Preferences page as shown in the following illustration Figure 1 1 The Enterprise Server 4 0 Server Manager Note Note that you must enable cookies in your browser to run the CGI programs necessary for configuring your server You use ...

Page 48: ...additional Enterprise Server managerial tasks Programs Servlets Security Status Styles Content Mgmt Web Publishing Search For more information see Server Manager in the online help Using the Resource Picker Most of the Server Manager pages configure the entire Enterprise Server Some pages can configure either the entire server or files or directories that the server maintains These pages include t...

Page 49: ...racters If you want to use one of these characters without the special meaning precede it with a backslash character Table 1 1 Resource Picker wildcard patterns Wildcard Pattern Description Match zero or more characters Match exactly one occurrence of any character An or expression The substrings used with this operator can contain other special characters such as or The substrings must be enclose...

Page 50: ...tching the second expression netscape com Matches any string ending with the characters netscape com quark energy netscape com Matches either quark netscape com or energy netscape com 198 93 9 23 Matches a numeric string starting with either 198 93 92 or 198 93 93 and ending with any 3 characters Matches any string with a period in it netscape Matches any string except those starting with netscape...

Page 51: ...ned by the set of resources whose configuration information is stored in the same configuration directory That is the maximum set of hosts and servers that can appear in the Console window For a given administrator using Netscape Console the actual number of visible servers and hosts may be fewer depending on the access permissions that administrator has For complete documentation on Netscape Cons...

Page 52: ...d fix errors in the Netscape Enterprise Server The following table summarizes all of the information collected by the agent and the reason why Netscape collects this information Table 1 2 Data Collected by Quality Feedback Agent Data Collected OS specific Data Reason for Data Collection Stack Trace Windows Unix Stack Trace Shows where Enterprise Server failed and what functions were called just be...

Page 53: ...end data through your firewall to Netscape For more information see Editing master ini 2 Edit magnus conf to enable the Quality Feedback Agent plus any optional parameters for your Enterprise server For more information see Editing magnus conf OS Version Windows Windows Version Unix Unix Version Provides the OS version This information is necessary because the way the Enterprise Server interacts w...

Page 54: ...to your master ini file using your proxy host name domain and port UseUserHTTPProxyInfo 1 UserHTTPProxyHost yourproxy yourdomain com UserHTTPProxyPort xxxx If you are using a SOCKS Proxy add the following three lines of code to your master ini file UseUserSOCKSInfo 1 UserSOCKSHost yourproxy yourdomain com UserSOCKSPort xxxx Editing magnus conf To turn on the Quality Feedback Agent for your Enterpr...

Page 55: ...ape TalkbackInterval The interval used by the parameter above in seconds The default is 86400 seconds 24 hours Note that both variables have no effect unless the Quality Feedback Agent is turned on Once you restart the server the counters are reset and the whole process starts over ...

Page 56: ...Sending Error Information to Netscape 56 Netscape Enterprise Server Administrator s Guide ...

Page 57: ...anage servers add and remove servers and migrate servers from a previous release This chapter includes the following sections Accessing Enterprise Administration Server Adding a Server Running Multiple Servers Installing Multiple Instances of the Server Removing a Server Migrating a Server From a Previous Version Accessing Enterprise Administration Server This section describes how to access Enter...

Page 58: ...es the following icons Release Notes Start Enterprise Administration Server Uninstall Enterprise Server 4 0 Note that Enterprise Administration Server runs as a services applet thus you can also use the Control Panel to start this service directly To access Enterprise Administration Server in Windows NT 4 0 perform the following steps 1 Double click the Start Enterprise Administration Server icon ...

Page 59: ... to run the CGI programs necessary for configuring your server You can also access the Enterprise Administration Server from a remote location as long as you have access to client software such as Netscape Navigator Since the Enterprise Administrator Server is accessed through a browser you can access it from any machine that can reach the server over the network For more information see Netscape ...

Page 60: ...on information For example if one hardware virtual server has enabled security features or web publishing they all must have it enabled For more information on hardware virtual servers see Setting Up Hardware Virtual Servers on page 318 in Chapter 13 Managing Server Content Software Virtual Servers Software virtual servers give you the ability to map a single IP address to multiple server names Ea...

Page 61: ...al hardware virtual servers with one Enterprise Server which responds to the various virtual servers independently Configure a number of software virtual servers which enables you to host multiple web sites from one IP address Configure a set of servers that all use the same IP address but different port numbers If you have installed Enterprise Server on multiple servers the installation process p...

Page 62: ...r each IP address For more information see Configuring Network Settings on page 167 in Chapter 7 Configuring Server Preferences To add another server instance perform the following steps 1 Access the Enterprise Administration Server and choose the Servers tab 2 Click the Add Server link 3 Enter the desired information for the specified fields For more information see The Add Server Page in the onl...

Page 63: ...ng a Server From a Previous Version You can migrate an Enterprise Server from 3 6 to 4 0 Your 3 6 server is preserved and a new 4 0 server using the same settings is created You should stop running the 3 6 server before migrating settings Make sure you have Netscape Navigator 3 0 or later installed on your computer before migrating settings For a complete description of how to migrate a server fro...

Page 64: ...Migrating a Server From a Previous Version 64 Netscape Enterprise Server Administrator s Guide ...

Page 65: ...art 2 Using Enterprise Administration Server 65 2 Using Enterprise Administration Server Setting Administration Preferences Managing Users and Groups Working with Server Security Managing Server Clusters ...

Page 66: ...66 Netscape Enterprise Server Administrator s Guide ...

Page 67: ...se to configure your Enterprise Servers Note that you must enable cookies in your browser to run the CGI programs necessary for configuring your server This chapter includes the following sections Shutting Down Enterprise Administration Server Changing Network Settings Changing the Superuser Settings Enabling Distributed Administration Configuring Secure Sockets Layer SSL Specifying Log File Optio...

Page 68: ...references Choose the Preferences tab select the Shut Down option and click Shut down the administration server button For more information see The Shut Down Page in the online help Use the Services window in the Control Panel Windows NT Use stop which shuts down the server completely interrupting service until it is restarted If you set the etc inittab file to automatically restart using respawn ...

Page 69: ...User Manager program located in the Administrative Tools group for your desktop Changing the Port Number You can also change the port number that Enterprise Administration Server listens to The port number can be any number between 1 and 65535 but it is typically a random number greater than 1024 For security reasons consider changing the port number regularly To change the Enterprise Administrati...

Page 70: ... using the Netscape Directory Server s Netscape Console or configuration files To change the superuser settings for Enterprise Administration Server perform the following steps 1 Access the Enterprise Administration Server and choose the Preferences tab 2 Click the Superuser Access Control link 3 Make the desired changes and click OK For more information see The Superuser Access Control Page in th...

Page 71: ...onfig admpw This is the user name and password you specified during installation This user has full access to all forms in Enterprise Administration Server except the Users Groups forms which depend on the superuser having a valid account in an LDAP server such as Netscape Directory Server administrators go directly to the Server Manager forms for a specific server including Enterprise Administrat...

Page 72: ...names of the users you want to have permission to configure Enterprise Administration Server or any of the servers installed in its server root All users in the administrators group have full access to Enterprise Administration Server but you can use access control to limit the servers and forms they will be allowed to configure Warning Once you create an access control list the distributed admini...

Page 73: ...base and requesting and installing an encryption certificate For more information see Configuring Enterprise Server for SSL on page 117 in Chapter 5 Working with Server Security Activating SSL To activate SSL for your Enterprise Administration Server perform the following steps 1 Access the Enterprise Administration Server and choose the Preferences tab 2 Click the Encryption On Off link 3 Make th...

Page 74: ...4 Check the ciphers you want your server to use The ciphers are listed for each version of SSL Some ciphers are more secure or stronger than others Generally speaking the more bits a cipher uses during encryption the harder it is to decrypt the data Ciphers are described after this list 5 Click OK Make sure you restart your server When a client initiates an SSL connection with a server the client ...

Page 75: ...ame where nbits is the minimum number of bits required in the secret key and filename is the name of a file not a URI to be served if the restriction is not met This function returns REQ_NOACTION if SSL is not enabled or if the secret keysize parameter is not specified If the secret keysize for the current session is less than the specified secret keysize the function returns REQ_ABORTED with a st...

Page 76: ...rror Log File Archiving Log Files Viewing the Access Log File The access log located in admin logs in the server root directory records information about requests to the server and the responses from the server You can specify the server log format what is included in the access log file to be the Common Logfile Format a commonly supported format that provides a fixed amount of information about t...

Page 77: ... set up your log files to be automatically archived At a certain time or after a specified interval Enterprise Server rotates your access logs Enterprise Server saves the old log files and stamps the saved file with a name that includes the date and time they were saved For example you can set up your files to rotate every hour and Enterprise Server saves and names the file access 199907152400 whe...

Page 78: ...e computer clock and then spawns processes at certain times These settings are stored in the ns cron conf file The Netscape cron daemon that controls scheduled tasks for your Enterprise Server can be activated and deactivated from Enterprise Administration Server The tasks performed by the Netscape cron process depends on the various Netscape servers Note that on NT platforms the scheduling occurs...

Page 79: ...directories files file types When the server evaluates an incoming request it determines access based on a hierarchy of rules called access control entries ACEs and then it uses the matching entries to determine if the request is allowed or denied Each ACE specifies whether or not the server should continue to the next ACE in the hierarchy The collection of ACEs is called an access control list AC...

Page 80: ...Enterprise Administration Server and choose the Global Settings tab 2 Click the Restrict Access link 3 Select the desired server and click Edit ACL Enterprise Administration Server displays the access control rules for the server you specified 4 Make the desired access control changes and click OK For more information see The Restrict Access Page in the online help ...

Page 81: ...ribes how to use the forms in Enterprise Administration Server Users and Groups tab This chapter includes the following sections About Users and Groups Creating Users Managing Users Creating Groups Managing Groups Creating Organizational Units Managing Organizational Units Managing a Preferred Language List ...

Page 82: ...ate machine and use the Enterprise Administration Server s Global Settings tab to configure Enterprise Server to use that Directory Server The Users and Groups tab of Enterprise Administration Server enables you to create or modify users groups and organizational units Each user and group in your enterprise is represented by a Distinguished Name DN attribute A DN attribute is a text string that co...

Page 83: ... name is Billie Holiday then the user ID is automatically set to bholiday You can replace this user ID with an ID of your own choosing if you wish The user ID must be unique The Enterprise Administration Server ensures that the user ID is unique by searching the entire directory from the search base base DN down to see if the user ID is in use Be aware however that if you use the Directory Server ...

Page 84: ...Administration Server How to Create a New User Entry To create a user entry read the guidelines outlined in Guidelines for Creating User Entries on page 83 and then perform the following steps 1 Access the Enterprise Administration Server and choose the Users Groups tab 2 Click the New User link and add the associated information to the displayed page For more information see The New User Page in ...

Page 85: ... The following fields are also available when editing the user entry Sometimes a user s name can be more accurately represented in characters of a language other than the default language You can select a preferred language for users so that their names will display in the characters of the that language even when the default language is English For more information regarding setting a user s pref...

Page 86: ...ilities This section includes the following topics Finding User Information Editing User Information Managing a User s Password Managing User Licenses Renaming Users Removing Users Finding User Information Before you can edit a user entry you must display the associated information To find the specific user information perform the following steps 1 Access the Enterprise Administration Server and c...

Page 87: ... the results of your search 4 In the Look within field select the organizational unit under which you want to search for entries The default is the directory s root point or top most entry 5 In the Format field choose either On Screen or Printer 6 Click Find All the users in the selected organizational unit are displayed 7 In the resulting table click the name of the entry that you want to edit 8 ...

Page 88: ... as shown in the following illustration Figure 4 2 Search Type For a complete list of the available search type options see Search Type Options In the right most text field enter your search string Figure 4 3 Search String To display all of the users entries contained in the Look Within directory enter either an asterisk or simply leave this text field blank Search Attribute Options The available ...

Page 89: ... unit name Search each entry s name for a match description Search each organizational unit entry s description for a match Table 4 4 Search Type Options Option Name Description contains Causes a substring search to be performed Entries with attribute values containing the specified search string are returned For example if you know an user s name probably contains the word Dylan use this option w...

Page 90: ...n cause an extremely large number of entries to be returned to you sounds like Causes an approximate or phonetic search to be performed Use this option if you know an attribute s value but you are unsure of the spelling For example if you are not sure if a user s name is spelled Sarret Sarette or Sarett use this option starts with Causes a substring search to be performed Returns all the entries w...

Page 91: ...s the Enterprise Administration Server and choose Users Groups tab 2 Display the user entry as described in Finding User Information on page 86 3 Make the desired changes and click OK For more information see The Manage Users Page in the online help Note You can change the Enterprise Administration Server user from root to another user on the operating system to enable multiple users belonging to ...

Page 92: ...fields are left intact In addition the user s old name is still preserved so searches against the old name will still find the new entry When you rename a user entry you can only change the user s name you cannot use the rename feature to move the entry from one organizational unit to another For example suppose you have organizational units for Marketing and Accounting and an entry named Billie H...

Page 93: ... can find this parameter in the following file server_root admin serv config dsgw orgperson conf For more information see The Manage Users Page in the online help Removing Users To delete a user entry perform the following steps 1 Access the Enterprise Administration Server and choose the Users Groups tab 2 Display the user entry as described in Finding User Information on page 86 3 Click Delete U...

Page 94: ...quently contain all objects that have an uid attribute in the tree below the ou Sales o Netscape point thus all the Sales members For static and dynamic groups members can share a common attribute from a certificate if you use the memberCertDescription Note that these will only work if the ACL uses the SSL method Once you create a new group you can add users or members to it This section includes ...

Page 95: ...e Enterprise Administration Server and choose the Users Groups tab 2 Click the New Group link 3 Enter the required information and click OK For more information see The New Group Page in the online help Dynamic Groups A dynamic group has an objectclass of groupOfURLs and has zero or more memberURL attributes each of which is a LDAP URL that describes a set of objects Enterprise Server enables you ...

Page 96: ...s marketing The LDAP URL can contain a search base DN a scope and filter however not a hostname and port This means that you can only refer to objects on the same LDAP server All scopes are supported The DNs are included automatically without your having to add each individual to the group The group changes dynamically because Enterprise Server performs an LDAP server search each time a group look...

Page 97: ... membership and the DN is not a member of a static group Enterprise Server checks all dynamic groups in the database s baseDN Enterprise Server accomplishes this task by checking if each memberURL matches by checking its baseDN and scope against the DN of the user and then performing a base search using the user DN as baseDN and the filter of the memberURL This procedure can amount to a large numb...

Page 98: ... delimit the attributes for example cn mail telephoneNumber if no attributes are specified all attributes are returned Note that this parameter is ignored for dynamic group membership checks scope The scope of the search which can be one of these values base retrieves information only about the distinguished name base_dn specified in the URL one retrieves information about entries one level below ...

Page 99: ...see Editing Group Attributes on page 101 To Create a Dynamic Group To create a dynamic group entry within the directory perform the following steps 1 Access the Enterprise Administration Server and choose the Users Groups tab 2 Click the New Group link 3 Select Dynamic Group from the Type of Group dropdown list 4 Enter the required information and click OK For more information see The New Group Pa...

Page 100: ... contain the search string will be found If no such entries are found any entries that sounds like the search string are found An asterisk to see all of the groups currently residing in your directory You can achieve the same effect by simply leaving the field blank Any LDAP search filter Any string that contains an equal sign is considered to be a search filter As an alternative use the pull down...

Page 101: ...link 3 Locate the group you want to edit and type the desired changes For more information regarding how to find specific entries refer to the concepts outlined in Finding Group Entries on page 100 Note You can change the Enterprise Administration Server user from root to another user on the operating system to enable multiple users belonging to the group to edit manage the configuration files How...

Page 102: ...options A name Enter a full name or a partial name All entries whose name matches the search string is returned If no such entries are found all entries that contain the search string are found If no such entries are found any entries that sounds like the search string are found A user ID if you are searching for user entries A telephone number If you enter only a partial number any entries that h...

Page 103: ...ore information about adding groups members see The Edit Members Page in the online help Adding Groups to the Group Members List You can add groups instead of individual members to the group s members list Doing so causes any users belonging to the included group to become a member of the receiving group For example if Neil Armstrong is a member of the Engineering Managers group and you make the E...

Page 104: ...lternatively you can construct a filter to find the entries you want to remove and click the Find and Remove button For more information on creating a search filter see Adding Group Members on page 102 4 Click Save Changes The entry s are deleted from the group members list Managing Owners You manage a group s owners list the same way as you manage the group members list The following table identi...

Page 105: ...the following steps 1 Access the Enterprise Administration Server and choose the Users Groups tab 2 Click the Manage Groups link locate the group you want to manage as described in Finding Group Entries on page 100 and click Delete Group Note Enterprise Administration Server does not remove the individual members of the group s you remove only the group entry is removed Table 4 7 Additional Inform...

Page 106: ...e following organizations organizational units for Marketing and Product Management a group named Online Sales under the Marketing organizational unit In this example you can rename the group from Online Sales to Internet Investments but you cannot rename the entry such that Online Sales under the Marketing organizational unit becomes Online Sales under the Product Management organizational unit C...

Page 107: ...on called Accounting within the organizational unit West Coast and your Base DN is o Ace Industry c US then the new organization unit s DN is ou Accounting ou West Coast o Ace Industry c US Managing Organizational Units You edit and manage organizational units from the Organizational Unit Edit form This section describes the following tasks Finding Organizational Units Editing Organizational Unit ...

Page 108: ... alternative use the pull down menus in the Find all units whose field to narrow the results of your search 4 In the Look within field select the organizational unit under which you want to search for entries The default is the root point of the directory 5 In the Format field choose either On Screen or Printer 6 Click Find All the organizational units matching your search criteria are displayed 7...

Page 109: ... In this situation use the Directory Server ldapmodify command line utility if available Renaming Organizational Units To rename an organizational unit entry access the Enterprise Administration Server and perform the following steps 1 Make sure no other entries exist in the directory under the organizational unit that you want to rename 2 Locate the organizational unit you want to edit as describ...

Page 110: ...in the resulting confirmation box The organizational unit is immediately deleted Managing a Preferred Language List Enterprise Server enables you to display and maintain the list of preferred languages To manage the preferred language list perform the following steps 1 Access the Enterprise Administration Server and choose the Users Groups tab 2 Click the Manage Preferred Language List link 3 In t...

Page 111: ...r 4 Managing Users and Groups 111 Managing a Preferred Language List 5 Click the Default value for the language you want to specify as the default language in the Preferred Language List 6 Click Save Changes ...

Page 112: ...Managing a Preferred Language List 112 Netscape Enterprise Server Administrator s Guide ...

Page 113: ... reading this chapter you should be familiar with the basic concepts of public key cryptography These concepts include encryption and decryption public and private keys digital certificates and the SSL protocol For more information see Managing Servers with Netscape Console This chapter includes the following sections About Enterprise Server Security Creating a New Server Instance Creating a Certi...

Page 114: ...nction used for encryption or decryption The encryption process alone isn t enough to secure your server s confidential information Once the information has been encrypted and possibly transmitted to another server a number called a key must be used with the encrypting cipher to produce the actual encrypted result or to decrypt previously encrypted information The encryption process uses two keys ...

Page 115: ... the Server Manager by clicking the Preferences tab and the Encryption Preferences link For more information see The Encryption Preferences Page in the online help Certificates Over the Internet and many extranets and intranets identification can take place with the aid of a certificate A certificate consists of digital data that specifies the name of an individual company or other entity and cert...

Page 116: ...cate issued from a company named CertSafe assuring you that this site is the one true news mozilla com If you trust CertSafe s judgment then you can trust that news mozilla com is the site it claims to be Conversely you might be in charge of a company s internal Human Resources server You could use your server s access control features in conjunction with client authentication to allow only Human ...

Page 117: ... Servers with Netscape Console 128 Bit Step Up Certificates Enterprise Server 4 0 supports different levels of encryption strengths depending on the capability of the client International versions of Communicator normally support only 40 bit encryption but can also support stronger encryption up to triple DES which provides 168 bit encryption with servers that have a special step up certificate Fo...

Page 118: ...t either have an existing instance of Enterprise Server 4 0 that you want to be an SSL server or create a new instance to be an SSL server If you have an existing instance of Enterprise Server that you want to simply convert to be an SSL server you can skip this section Otherwise follow the steps described in this section to create a new instance of Enterprise Server and then perform the remaining...

Page 119: ...as key db When you create the key you specify a password that you later use when you request the certificate and when you start a server that is using encrypted communications To create the certificate trust database perform the following steps 1 Access the Enterprise Administration Server and choose the Security tab 2 Select the desired cryptographic module the PKCS 11 cryptographic module is the...

Page 120: ...CA choose a CA and ask for the specific format of the information they require For more information on what some CAs require see Required CA Information Note Not everyone who requests a certificate from a commercial CA is given one Many CAs require you to prove your identity before issuing you a certificate Also it can take anywhere from a day to two months or more to approve a certificate You are...

Page 121: ...e online help 6 Type the password for your key pair file This is the same password you specified when you created the trust database in Creating a Certificate Trust Database The server uses the password to get your private key and encrypt a message to the CA The server then sends both your public key and the encrypted message to the CA The CA uses the public key to decrypt your message 7 Type your...

Page 122: ...e server you may be able to search for the certificate by using the certificate server s forms Once you receive the certificate you can install it In the meantime you can still use your server without SSL Required CA Information Whether you are requesting a server certificate from a commercial CA or an internal CA you need to provide the following information Common Name must be the fully qualifie...

Page 123: ...dditional information they require before they issue a certificate Most CAs require that you prove your identity For example they want to verify your company name and who is authorized by the company to administer the server and they might ask whether you have the legal right to use the information you provide Some commercial CAs offer certificates that indicate a greater level of detail and verac...

Page 124: ...cate in the same email that contains your certificate In this case your server installs both certificates at the same time when you install your certificate For more information on certificate chaining see Appendix D Introduction to Public Key Cryptography in Managing Servers with Netscape Console To install a certificate and associate it with an alias perform the following steps 1 Access the Ente...

Page 125: ...the beginning and ending hyphens Make sure you check the corresponding radio button for either the file or the text 6 Click OK Enterprise Server displays the following page Figure 5 1 The Add Server Certificate Page 7 Click the Add button The certificate is stored in the server s certificate database The filename will be alias cert db For example if your alias is mail the file will be https server...

Page 126: ... Security tab 2 Click the Manage Certificates link Enterprise Server displays the Manage Server Certificates page 3 Select a certificate file alias from the drop down list and then click OK All of the installed certificates associated with the alias appear with their type and expiration date The link text is the name given to the certificate when it was installed The Enterprise Administration Serv...

Page 127: ...ick the Quit button For more information see The Manage Server Certificates Page in the online help Note that trust settings refer specifically to whether a certificate is trusted as a signer of client certs the user does not for example have to trust a CA after the CA issues a server certificate Using Secure Sockets Layer SSL After you have generated a key pair file and installed your certificate...

Page 128: ... don t have to use the port number in the URL Specifying Ciphers A cipher is an algorithm used in encryption Some ciphers are more secure or stronger than others Generally speaking the more bits a cipher uses during encryption the harder it is to decrypt the data When initiating an SSL connection with a server a client lets the server know what ciphers it prefers for encrypting information In any ...

Page 129: ... available on the client side the server will use this and no encryption will occur Finally you can also enforce stronger security requirements via the Stronger Ciphers option on the Server Manager Preferences tab For more information see Setting Encryption Preferences on page 73 in Chapter 3 Setting Administration Preferences For more information regarding specific ciphers see Managing Servers wi...

Page 130: ...r discover you want to use the internal PKCS 11 module you can simply delete the existing database files SERVER_ROOT alias https HOSTNAME SERVERID key3 db SERVER_ROOT alias https HOSTNAME SERVERID cert7 db For example for the server named secure example com installed in usr local netscape the files would be usr local netscape alias https secure example com secure key3 db usr local netscape alias h...

Page 131: ... the following steps 1 Access the Enterprise Administration Server and choose the Security tab 2 Click the Add PKCS 11 Module link 3 Type the path for the jar file in Path to Jar File 4 Click OK For information on using PKCS 11 see The Install a New PKCS 11 Module Page in the online help Using SSL Configuration File Directives Installing an SSL enabled server creates directive entries in the magnu...

Page 132: ...Set the value parameter to on to enable SSL 2 and to off to disable SSL 2 By default security is off SSL3 The SSL3 directive tells the server whether Secure Sockets Layer version 3 security is enabled or disabled The Security directive dominates the SSL3 directive if SSL3 security is enabled but the Security directive is set to off then it is as though SSL3 were disabled Syntax SSL3 value value sp...

Page 133: ...til a cached SSL3 session becomes invalid The default value is 86400 24 hours If the SSL3SessionTimeout directive is specified the value of seconds is silently constrained to be between 5 and 86400 seconds SSLCacheEntries Specifies the number of SSL sessions that can be cached SSLClientAuth The SSLClientAuth directive specifies whether a client must have a certificate in order to communicate with ...

Page 134: ...ling Access to Your Server In addition you can process information from client certificates For more information see the NSAPI Programmer s Guide for Enterprise Server 4 0 Mapping Client Certificates to LDAP This section describes the process Netscape Enterprise Server uses to map a client certificate to an entry in an LDAP directory When the server gets a request from a client it asks for the cli...

Page 135: ...eds to determine where in the LDAP directory it needs to start its search The certificate mapping file also tells the server where to start Once the server knows where to start its search and what it needs to search for step 1 it performs the search in the LDAP directory step 2 If it finds no matching entry or more than one matching entry and the mapping is not set to verify the certificate the se...

Page 136: ...ee the server should begin its search what certificate attributes the server should use as search criteria when searching for the entry in the LDAP directory whether or not the server goes through an additional verification process The certificate mapping file is located in the following location server_root userdb certmap conf The file contains one or more named mappings each applying to a differ...

Page 137: ...r the CmapLdapAttr setting or the entire subject DN in the client certificate that is the end user s information If the DNComps entry is present but has no value the server searches the entire LDAP tree for entries matching the filter FilterComps is a list of comma separated attributes used to create a filter by gathering information from the user s DN in the client certificate The server uses the...

Page 138: ...ins subject DNs from all certificates belonging to the user The default for this property is certSubjectDN This attribute isn t a standard LDAP attribute so to use this property you have to extend the LDAP schema For more information see Managing Servers with Netscape Console If this property exists in the certmap conf file the server searches the entire LDAP directory for an entry whose attribute...

Page 139: ... Custom Properties You can use the client certificate API to create your own properties For information on programming and using the client certificate API see NSAPI Programmer s Guide for Enterprise Server 4 0 Once you have a custom mapping you reference the mapping as follows name library path_to_shared_library name InitFn name_of_init_function For example certmap default1 o Netscape Communicati...

Page 140: ...lt DNComps default FilterComps e uid certmap usps ou United States Postal Service o usps c US usps DNComps ou o c usps FilterComps e usps verifycert on When the server gets a certificate from anyone other than the US Postal Service it uses the default mapping which starts at the top of the LDAP tree and searches for an entry matching the client s email and userid If the certificate is from the US ...

Page 141: ... c US If one or more matching entries are found the server proceeds to verify the entries If no matching entries are found the server will use DNComps and FilterComps to search for matching entries In this example the server would search for uid Henry Jones Junior in all entries under o Ark Inc c US Note This example assumes the LDAP directory contains entries with the attribute certSubjectDN Chan...

Page 142: ...rocess only if your server has security enabled You can also migrate keys and certificates by themselves using the Security tabs in the Enterprise Administration Server page and the Server Manager page In Enterprise Server 3 6 a certificate key pair was referred to by an alias which could be used by multiple server instances The administration server managed all the aliases and their constituent c...

Page 143: ...ion on it So in addition to enabling SSL on your server you should take extra security precautions For example put the server machine into a secure room and don t allow untrusted individuals to upload programs to your server The following sections describe the most important things you can do to make your server more secure Limit Physical Access Limit Administration Access Choose Good Passwords Se...

Page 144: ...ration over an unsecure network Anyone could intercept your administrative password and reconfigure your servers Choose Good Passwords You use a number of passwords with your server the administrative password the private key password database passwords and so on Your administrative password is the most important password of all since anyone with that password can configure any and all servers on ...

Page 145: ...rver stores key pair files in the directory server_root alias Consider making the files and directory readable only to Netscape servers installed on your computer It s also important to know if the file is stored on backup tapes or is otherwise available for someone to intercept If so you must protect your backups as completely as your server Limit Other Applications on the Server Carefully consid...

Page 146: ...rogram designed specifically to subvert your security Always examine programs carefully before you allow them on your server Prevent Clients from Caching SSL Files You can prevent pre encrypted files from being cached by a client by adding the following line inside the HEAD section of a file in HTML meta http equiv pragma content no cache Limit Ports Disable any ports not used on the machine Use r...

Page 147: ...at the protected server and the unprotected server are assigned different port numbers The registered default port numbers are 443 for the protected server and 80 for the unprotected one For Unix enable the chroot feature for the document root directory The unprotected server should have references to its document root redirected using chroot The purpose of chroot is to allow you to create a secon...

Page 148: ...ons 148 Netscape Enterprise Server Administrator s Guide Figure 5 3 Example Chroot Directory Structure For more information regarding how to implement chroot in the magnus conf file see the NSAPI Programmer s Guide for Enterprise Server 4 0 ...

Page 149: ...eliminary Guidelines for Using Server Clusters Setting up a Cluster Adding a Server to the Server List Modifying Cluster Information Removing Servers from a Cluster Managing Server Clusters About Clusters A cluster ia a group of Netscape Enterprise Servers that can be administered from a single Netscape Enterprise Administration Server Each cluster must include one server designated as the adminis...

Page 150: ...hat you designate as the master contains information about all clustered servers and must have access to each cluster s individual Enterprise Administration Server Preliminary Guidelines for Using Server Clusters When you configure a cluster the master Enterprise Administration Server containing the information about all clusters communicates with each individual cluster s Enterprise Administratio...

Page 151: ...alled Enterprise Servers Make sure all cluster specific Enterprise Administration Servers have a username and password that matches one used in the master administration server You can use the distributed administration feature to set up multiple administrators on each Enterprise Administration Server For more information about distributed administration see Enabling Distributed Administration on ...

Page 152: ...ion Server can use for authentication You can do this either by using the default username and password or by setting up distributed administration 2 Install the server that will contain the master Enterprise Administration Server making sure the username and password matches the one set in Step 1 3 Add a server to the cluster list 4 You can administer a remote server by accessing its Server Manag...

Page 153: ... Add Server link 3 Choose the protocol that the remote Enterprise Administration Server uses This is the protocol used when contacting the remote Enterprise Administration Server Choose http for normal Enterprise Administration Server Choose https if the remote Enterprise Administration Server is secure 4 Type the hostname for the remote Enterprise Administration Server If your DNS can resolve hos...

Page 154: ...ter To modify information about a server in a cluster perform the following steps 1 Go to the master Enterprise Administration Server and choose the Cluster Mgmt tab 2 Click the Modify Server link All servers appear listed by their unique server identifier 3 Check the servers you want to modify 1 You can change the information for all servers in the cluster by clicking Select All 2 Click Reset Sel...

Page 155: ...ing the servers are removed from the cluster database and are no longer available for cluster control You can still access the removed servers using their Enterprise Administration Server you just can t access them from the cluster For more information see The Remove Servers from Cluster Database Page in the online help Managing Server Clusters To manage a cluster of servers perform the following ...

Page 156: ...de 4 Configure the servers using the form elements specific to the type of server you selected Most Netscape servers let you start stop or restart the server by clicking the corresponding buttons on the form For more information see The Cluster Control Page in the online help ...

Page 157: ...Part 3 Configuring and Monitoring 157 3 Configuring and Monitoring Configuring Server Preferences Understanding Log Files Using SNMP to Monitor Servers Configuring the Server for Performance ...

Page 158: ...158 Netscape Enterprise Server Administrator s Guide ...

Page 159: ...onfigure server preferences for your Netscape Enterprise Server This chapter contains the following sections Starting and Stopping the Server Viewing Server Settings Configuring Network Settings Customizing Error Responses Working with Dynamic Configuration Files Restricting Symbolic Links Unix Using the Watchdog uxwdog Process Unix ...

Page 160: ...ab before shutting down the server otherwise the server automatically restarts Unix After you shut down the server it may take a few seconds for the server to complete its shut down process and for the status to change to Off If your machine crashes or is taken offline the server stops and any requests it was servicing may be lost Setting the Termination Timeout When the server is off it stops acc...

Page 161: ...e starting Although you can start an SSL enabled server automatically if you keep the password in plain text in a file this is not recommended Warning Leaving the SSL enabled server s password in plain text in the server s start script is a large security risk Anyone who can access the file has access to the SSL enabled server s password Consider the security risks before keeping the SSL enabled s...

Page 162: ...ne in etc rc local server_root type identifier start Replace server_root with the directory where you installed the server Restarting the Server Manually Unix To restart the server from the command line log in as root if the server runs on ports with numbers lower than 1024 otherwise log in as root or with the server s user account At the command line prompt type the following line and press Enter...

Page 163: ...rver manually log in as root or use the server s user account if that is how you started the server and then type the following at the command line server_root type identifier stop Restarting the Server Windows NT You can restart the server by Using the Services Control Panel to restart any server Using the Services Control Panel to configure the operating system to restart the server or the admin...

Page 164: ...abled server s password in a text file on your system is a large security risk In essence you are trading security for convenience Anyone who can access the file has access to your SSL enabled server s password Consider whether you can afford the security risks before keeping your SSL enabled server s password in plain text on your system If the security risk is not a concern for you follow these ...

Page 165: ...I programs WAI or NSAPI programs you can disable the auto start feature by setting a very high timeout value You can also turn off the debugging dialog boxes by using the Registry Editor Changing the Time Interval Windows NT To change the time interval that elapses between startup and the time the server can automatically restart perform the following steps 1 Start the Registry Editor 2 Select you...

Page 166: ... the Registry Editor 2 Select the AeDebug key located in the left side of the Registry window in HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion 3 Double click the Auto value in the right side of the window The String Editor dialog box appears 4 Change the string value to 1 Viewing Server Settings You can see if your server is running and view your server s technical and content se...

Page 167: ...s are After changing the location you must shut down the server and copy the server files and subdirectories to a new location To change the server s location edit the Server Location field in the Network Settings page in the Enterprise Administration Server Changing the Server s User Account Unix The server user specifies a Unix user account that the server uses All the server s processes run as ...

Page 168: ...user account edit the Server User field in the Network Settings page in the Enterprise Administration Server Changing the Server s User Account Windows NT By using a specific user account other than LocalSystem you can restrict or enable system features for the server For example you can use a user account that can mount files from another machine To change the web server user account after instal...

Page 169: ...hange the server name edit the Server Name field in The Network Settings Page in the Enterprise Administration Server Changing the Server Port Number The Server Port Number specifies the TCP port that the server listens to The port number you choose can affect your users if you use a nonstandard port then anyone accessing your server must specify a server name and port number in the URL For exampl...

Page 170: ...etwork Settings page in the Enterprise Administration Server Changing the Server s MTA Host You can change the server s MTA Message Transfer Agent host You must enter a valid MTA host if you want to use the agent email function To change the MTA Host edit the MTA host field in the Network Settings page in the Enterprise Administration Server Customizing Error Responses You can specify a custom err...

Page 171: ...ss files Note There is no support for LDAP or the 3 0 Netscape user databases in the dynamic configuration files You should not use dynamic configuration files if you use LDAP You must use NCSA style user databases to use htaccess files You must use either NCSA style user databases or Enterprise 2 x DBM format user databases with nsconfig files For more information on user databases see Managing N...

Page 172: ... server object which is delimited by Object name default Object Generally the directive to activate htaccess processing should be the last PathCheck directive in the object To activate htaccess file processing for particular server directories place the PathCheck directive in the corresponding object definition in obj conf If you want to name your htaccess files something other than htaccess you m...

Page 173: ...s To convert your files at the command prompt enter the path to Perl on your system the path to the script and the path to your obj conf file For example you might type the following it should all be on one line when you type it server_root install perl server_root plugins htaccess htconvert server_root https server_name config obj conf The script converts all nsconfig files to htaccess files but ...

Page 174: ...upn 2 Revise the AuthGroupFile directive to point to the same file as the AuthUserFile Or alternatively you can perform these steps 1 Remove the AuthGroupFile directive entirely 2 And add this option to the Init fn htaccess init line in the obj conf file groups with users yes Example of an htaccess File The following example shows an htaccess file Limit GET POST order deny allow deny from all allo...

Page 175: ...arts searching from the document root You also specify the name of the configuration file to search for within the base directory If you centralize all of your configuration information for the subdirectories of the base directory in the base directory s configuration file the server is more efficient because it doesn t have to search for configuration files in the subdirectories However you may s...

Page 176: ...ile types you want to disable in directories where dynamic configuration is enabled To disable CGI programs and parsed HTML for example use cgi parsed html To configure nsconfig files perform the following steps 1 From the Enterprise Server choose Server Preferences 2 Click the Dynamic Configuration Files link 3 Choose a resource from the Resource Picker 4 Choose whether to base the directory from...

Page 177: ...ead of the backwards slash otherwise you receive a server path not found error Each directive can take a variable number of parameters all of which must be lowercase The Files directives include AddType exp SHEXP type mime type enc http encoding AddType assigns the give type or encoding to the paths represented by the wildcard pattern SHEXP One or both of type and encoding can appear but only one ...

Page 178: ... optional parameter specifying a wildcard pattern of HTTP methods to protect no method specified means all of them type determines whether the IP address wildcard pattern or hostname wildcard pattern is allowed or denied access If the only RestrictAccess directives in a Files set are of type allow then all hosts not specified by the patterns are denied ip must be typed in lowercase for the directi...

Page 179: ...ard and symbolic links see your Unix system documentation Filesystem links are an easy way to create pointers to documents outside of the primary document directory and anyone can create these links For this reason you might be concerned that people might create pointers to sensitive files for example confidential documents or system password files To restrict symbolic links use the Limit Symbolic...

Page 180: ...stration Server generally runs as root and starts uxwdog as root or else an administrator who is running as root executes the server start script Once uxwdog binds the server listen port s it changes its uid to the server uid often nobody and then starts the server process as that uid One consequence of this behavior is that the NSAPI Init directives always run under the server uid unlike in Enter...

Page 181: ...rise 3 01 and Enterprise 3 5 1 the Administration Server CGIs for Enterprise were changed to actually restart rather than start and stop the server when configuration changes are applied As part of this change these CGIs will create a file wdnotify in the server s logs directory which will contain a TCP port number on which the CGI listens for status from the watchdog During a start or restart ope...

Page 182: ...Using the Watchdog uxwdog Process Unix 182 Netscape Enterprise Server Administrator s Guide ...

Page 183: ...rk Management Protocol SNMP This chapter discusses how to monitor your server by recording and viewing log files or by using the performance monitoring tools provided with your operating system This chapter contains the following sections About Log Files Viewing an Access Log File Monitoring the Server Using HTTP Archiving Log Files Setting Log Preferences Flushing the Log Buffer Running the Log A...

Page 184: ...les by archiving them Viewing an Access Log File You can view the server s active and archived access log files To view the Enterprise Administration Server s access log from the Enterprise Administration Server choose the Preferences tab and then choose the View Access Log page To view an access log from the Server Manager choose the Status tab and then choose the View Access Log page The followi...

Page 185: ...ational messages about the server such as when the server was started Unsuccessful user authentication is also recorded in the error log Use the error log to find broken URL paths or missing files To view the Enterprise Administration Server s error log file from Enterprise Administration Server choose the Preferences tab and choose the View Error Log page Table 8 1 The fields in the last line of ...

Page 186: ...hese examples the first line is an informational message the server started up successfully The second log entry shows that the client wiley a com requested the file report html but the file wasn t in the primary document directory on the server Monitoring the Server Using HTTP You can monitor your server s usage with the interactive server monitor You can see how many requests your server is hand...

Page 187: ...at includes the date and time they were saved For example you can set up your access log files to rotate every hour and Enterprise Server saves and names the file access 199907152400 where name of the log file year month day and 24 hour time is concatenated together into a single character string The exact format of the access log archive file varies depending upon which type of log rotation you s...

Page 188: ...00 a m to 4 00 a m from 4 00 a m to 8 00 a m and so forth If access log rotation is enabled log file rotation starts at server startup The first access log file to be rotated gathers information from the current time until the next rotation time Using the previous example if you set your start time at 12 00 a m and your rotation interval at 240 minutes and the current time is 6 00 a m the first lo...

Page 189: ...ogs can be in Common Logfile Format flexible log format or your own customizable format The Common Logfile Format is a commonly supported format that provides a fixed amount of information about the server The flexible log format allows you to choose from Enterprise Server what to log A customizable format uses parameter blocks that you specify to control what gets logged For a list of customizabl...

Page 190: ...present in the request s headers and logs if it is not present Relaxed Logging There is an unpleasant side effect to logging a variable other than the following standard variables Status Content Length Client Host Full Request Method Protocol Query String URI Referer User Agent Authorization and Auth User Because other variables cannot be provided by the static file accelerator cache the accelerat...

Page 191: ...r size of d is invalid logbuf_size pblock_nvinsert error err args return REQ_ABORTED if logbuf_size REQ_MAX_LINE 2 logbuf_size REQ_MAX_LINE 2 if t buffer flush args logbuf_flush atoi t 1000 if logbuf_flush 0 util_snprintf err MAGNUS_ERROR_LEN flush rate of d seconds is invalid logbuf_flush pblock_nvinsert error err args return REQ_ABORTED return REQ_PROCEED Running the Log Analyzer The server inst...

Page 192: ...from the command line run the tool flexanlg which is in the directory server install extras flex_anlg To run flexanlg type the following command and options at the command prompt flexanlg P n name x r p order i file m metafile o file c opts t opts l opts The following describes the syntax You can get this information online by typing flexanlg h P proxy log format Default no n servername The name o...

Page 193: ...ts Using Performance Monitor Windows NT You can also monitor your server by using the Windows NT Performance Monitor which graphically shows information about your computer s performance Use Performance Monitor to see performance data about Netscape Enterprise Server To monitor Netscape Enterprise performance using Performance Monitor 1 From the Start menu select Programs and then Administrative T...

Page 194: ...s 300 level Number of 300 level status requests handled by the server Status 302 Moved Temporarily Number of Moved Temporarily requests Status 304 Not Modified Number of Not modified requests Status 400 level Number of 400 level status requests handled by the server Status 401 Unauthorized Number of Unauthorized requests Status 500 level Number of 500 level status requests handled by the server To...

Page 195: ...hich can occur before the error log can be opened To use the Event Viewer 1 From the Start menu select Programs and then Administrative Tools Choose Event Viewer in the Administrative Tools program group 2 Choose Application from the Log menu The Application log appears in the Event Viewer Errors from Netscape Enterprise Server has a source label of https admserv or Enterprise4 0 3 Choose Find fro...

Page 196: ...Viewing Events Windows NT 196 Netscape Enterprise Server Administrator s Guide ...

Page 197: ... network management software such as HP OpenView to monitor your servers in real time just as you monitor other devices in your network If you re using Windows NT SNMP is built in and you don t have to take any action to enable it If you re using Unix you must configure your Netscape server for SNMP if you plan to use it This chapter provides the information you need to use SNMP on Unix with your ...

Page 198: ...or the number and type of error messages received When you use SNMP with a Netscape server this information is transferred between the NMS and the sever through the use of two types of agents SNMP Subagent The subagent gathers information about the server and passes the information to the server s master agent Every Netscape server except for the Administration Server has as subagent SNMP Master A...

Page 199: ...ects Managed objects are defined in a tree like hierarchy known as a server s management information base MIB Each Netscape server subagent provides an MIB for use in SNMP communication The MIB is a tree like hierarchy that contains variables pertaining to the server s management The server reports significant events to the network management station NMS by sending messages or traps containing the...

Page 200: ... Figure 9 2 Top level of the MIB tree Figure 9 2 shows the internet object identifier has four subtrees directory 1 mgmt 2 experimental 3 and private 4 The private 4 subtree contains the enterprises 1 node Each subtree in the enterprises 1 node is assigned to an individual enterprise which is an organization that has registered its own specific MIB extensions An enterprise can then create product ...

Page 201: ...bles stored on the managed device These variables also known as managed objects have values and titles that are reported to the NMS as necessary PDUs sent by the server to the NMS are known as traps The following examples best illustrate the use of GET SET and trap messages NMS initiated communication The NMS either requests information from the server or changes the value of a variable store in t...

Page 202: ...es are known as managed objects Using the Enterprise Server MIB and network management software such as HP OpenView you can monitor your web server like all other devices on your network The Enterprise Server MIB has an object identifier of netscape 1 http OBJECT IDENTIFIER netscape 1 and is located in the server_root plugins snmp directory You can see administrative information about your web ser...

Page 203: ...OST PUT httpEntityMaxProcess The maximum number of active processes on the server httpEntityMinProcess The minimum number of active processes on the server httpEntityMaxThread The maximum number of active threads on the server httpEntityMinThread The minimum number of active threads on the server httpStatisticsPort The port number on which this server is listening httpStatisticsAddress The IP addr...

Page 204: ...StatisticsProcessNum The number of running processes httpStatisticsThreadNum The number of running threads httpStatisticsNumBytes The total number of bytes sent by the server httpStatisticsNum2xx The number of 200 level status requests handled by the server httpStatisticsNum3xx The number of 300 level status requests handled by the server httpStatisticsNum4xx The number of 400 level status request...

Page 205: ...follow for different situations The actual procedures are described in detail later in the chapter Before you begin you should verify two things Is your system already running an SNMP agent an agent native to your operating system If so does your native SNMP agent support SMUX communication If you re using the AIX platform your system supports SMUX See your system documentation for information on ...

Page 206: ...o continue using native agent 1 Stop the native agent when you install the master agent for your Administration Server 2 Start the master agent 3 Enable the subagent for each server installed on the system Native agent is currently running No SMUX Needs to continue using native agent 1 Install a proxy SNMP agent 2 Start the proxy SNMP agent 3 Restart the native agent using a port number other than...

Page 207: ...with a Enterprise Server master agent Before you start be sure to stop the native master agent See your system documentation for detailed information Figure 9 3 Using a proxy server when you re running a native SNMP agent Note To use a proxy agent you ll need to install it and then start it You ll also have to restart the native SNMP master agent using a port number other than the one the Enterpri...

Page 208: ...he SNMP Master Agent on page 211 4 Enable the subagent See Enabling the Subagent on page 217 To install the SNMP proxy agent edit the CONFIG file you can give this file a different name located in plugins snmp sagt in the server root directory so that it includes the port that the SNMP daemon will listen to It also needs to include the MIB trees and traps that the proxy SNMP agent will forward Her...

Page 209: ...eed to install a master agent However you do need to change the AIX SNMP daemon configuration AIX uses several configuration files to screen its communications One of them snmpd conf needs to be changed so that the SNMP daemon accepts the incoming messages from the SMUX subagent For more information see the online manual page for snmpd conf You need to add a line to define each subagent For exampl...

Page 210: ...gs tab The Manager Entries page appears 5 Type the name of the system that is running your network management software 6 Type the port number at which your network management system listens for traps The well known port is 162 For more information on traps see Configuring Trap Destinations on page 216 7 Type the community string you want to use in the trap For more information on community strings...

Page 211: ...or restart the master agent multiple times from Enterprise Server CGI scripts will run and try to start the master agent simultaneously and the PID file will be the one from the last CGI to execute which may not be the process holding the SNMP port If you get a bind error similar to System Error Could not bind to port when restarting the master agent use ps ef grep snmp to check if magt is running...

Page 212: ...ning sysContact and sysLocation Variables You can edit the CONFIG file to add initial values for sysContact and sysLocation which specify the sysContact and sysLocation MIB II variables The strings for sysContact and sysLocation in this example are enclosed in quotes Any string that contains spaces line breaks tabs and so on must be in quotes You can also specify the value in hexadecimal notation ...

Page 213: ...tation Enter a valid system name or an IP address for the NMS Trap Port Enter the port number the NMS uses to listen for traps With Community Enter a community string you want to use for authorization A common default string is public 5 Click the SNMP Master Community link The Community Strings page appears Enter the following community information Community Specifies the name of the community you...

Page 214: ...ation and contact information If INIT doesn t already exist starting the master agent for the first time will create it An invalid manager name in the CONFIG file will cause the master agent start up to fail To start a master agent on a nonstandard port use one of two methods Method one In the CONFIG file specify a transport mapping for each interface over which the master agent listens for SNMP r...

Page 215: ... appears 3 Click Start You can also stop and restart the SNMP master agent from the SNMP Master Agent Control page Configuring the SNMP Master Agent Once you ve enabled the master agent and enabled a subagent on a host computer you need to configure the host s Administration Server This entails specifying community strings and trap destinations Configuring the Community String A community string i...

Page 216: ... Configuring Trap Destinations An SNMP trap is a message the SNMP agent sends to a network management station For example an SNMP agent sends a trap when an interface s status has changed from up to down The SNMP agent must know the address of the network management station so it knows where to send traps You can configure this trap destination for the SNMP master agent from Netscape Enterprise Se...

Page 217: ...master agent and the subagent if the master agent terminates the subagent does not terminate with the master agent Instead the subagent consumes the CPU usage and cause the server to dump core If you notice such unusual behavior make sure that the master agent is running To enable the SNMP subagent use the SNMP Configuration page in the Server Manager and start the subagent from the SNMP Subagent ...

Page 218: ...Enabling the Subagent 218 Netscape Enterprise Server Administrator s Guide ...

Page 219: ...your configuration files first Note Some internal Enterprise Server 4 0 tuning parameters are different from those in previous versions of Netscape Enterprise Server This chapter includes the following sections About Server Performance Performance Issues Unix Platform Specific Issues Performance Buckets Miscellaneous magnus conf Directives About RqThrottle The perfdump Utility Using perfdump Stati...

Page 220: ...defining your server workload and sizing a system to meet your performance needs This document addresses miscellaneous configuration and Unix platform specific issues CGI related performance tuning problems and other common situations It also describes the perfdump performance utility and tuning parameters that are built into the Netscape Enterprise Server 4 0 The document concludes with a discuss...

Page 221: ...er delivering mostly static HTML can run much faster than a server that has to execute CGIs for every query Unix Platform Specific Issues The various Unix platforms all have limits on the number of files that can be open in a single process at one time For busy sites increase that number to 1024 Solaris in etc system set rlim_fd_max and reboot SGI run systune i set rlimit_nofile_max rlimit_nofile_...

Page 222: ...g information is stored in a bucket Name of the bucket This name is used for associating the bucket with a function Description A description of the functions that the bucket is associated with Number of requests for this function The total number of times that this function was requested to be invoked Number of times the function was invoked This number may not coincide with the number of request...

Page 223: ... functions add bucket bucket name in front of the function in the obj conf file for which you wish to measure performance PathCheck fn check acl acl default bucket acl bucket Service method GET HEAD POST type magnus internal fn send file bucket file bucket Object name cgi ObjectType fn force type type magnus internal cgi Service fn send cgi bucket cgi bucket Object Performance Report The server st...

Page 224: ... is the total number that the function was invoked This differs from the number of requests in that a function could be called multiple times while processing one request The percentage column for this row is calculated in reference to the total number of invocations for all the buckets Latency in seconds The time Enterprise Server takes to prepare for calling send cgi Function Processing Time in ...

Page 225: ...ests using multiple processes and multiple threads in each process This flexibility provides optimal performance for sites using threads and also provides backward compatibility to sites running legacy applications that are not ready to run in a threaded environment Because applications on Windows NT generally already take advantage of multi process considerations this feature mostly applies to Un...

Page 226: ... one has its own copies of global variables shared libraries caches and other resources Using multiple processes requires more resources from your system Also if you try to install an application which requires shared state it has to synchronize that state across multiple processes NSAPI provides no helper functions for implementing cross process synchronization If you are not running any NSAPI in...

Page 227: ...ecify how many threads you want in accept mode on a listen socket at any time It s a good practice to set this to equal the number of processes You can set this to twice 2x the number of processes but setting it to a number that is too great such as ten 10x or fifty 50x allows too many threads to be created and slows the server down CGIStub Processes Unix You can adjust the CGIStub parameters on U...

Page 228: ...tive in the obj conf file the minimum number of CGIStub processes are spawned at startup MaxCGIStubs controls the maximum number of CGIStub processes the server can spawn This is the maximum concurrent CGIStub processes in execution not the maximum number of pending requests The default value shown should be adequate for most systems Setting this too high may actually reduce throughput The default...

Page 229: ...ing thread that thres to get in the queue is rejected with the result that it reutnrs a busy response to the client It is then free to handle another incoming request instead of being tied up waiting in the queue NativePoolMaxThreads determines the maximum number of threas in the native kernel thread pool NativePoolMinThreads determines the minimum number of threads in the native kernel thread poo...

Page 230: ...s processing many requests that take many seconds you may need to increase the number of maximum simultaneous requests In the 3 0 server the defaults were 48 128 With 4 0 the limits are increased to 48 512 This is because 128 can be a gating factor for performance even on sites with as few as 750 000 hits per day If your site is experiencing slowness and the ActiveThreads count remains close to th...

Page 231: ...un simultaneously which can become a bottleneck for performance The default value is 512 If you use the Server Manager follow these steps 1 Go to the Preferences tab 2 Click the Performance Tuning link 3 Enter the desired value in the Maximum simultaneous requests field For additional information see the online help for the Performace Tuning page The perfdump Utility The perfdump utility is a serv...

Page 232: ... You can request the perfdump statistics and inform the browser to automatically refresh the statistics every n seconds by using this URL which sets the refresh to every 5 seconds http yourhost perf refresh 5 Sample Output ns httpd pid 133 ListenSocket 0 Address https INADDR_ANY 80 ActiveThreads 48 WaitingThreads 47 BusyThreads 1 Thread limits 48 512 KeepAliveInfo KeepAliveCount 0 200 KeepAliveHit...

Page 233: ...This section describes the information available through the perfdump utility and discusses how to tune some parameters to improve your server s performance The default tuning parameters are appropriate for all sites except those with very high volume The only parameter that large sites may regularly need to change is the RqThrottle parameter which is tunable from Server Manager The perfdump utili...

Page 234: ...ctions it cannot handle If your server is overloaded and you increase ListenSocket the server will only fall further behind The first set of perfdump statistics is the ListenSocket information For each hardware virtual server you have enabled in your server there is one ListenSocket structure For most sites only one is listed ListenSocket 0 Address https INADDR_ANY 80 ActiveThreads 48 WaitingThrea...

Page 235: ...hardware virtual servers the URL is http INADDR_ANY 80 The constant value INADDR_ANY is known internally to the server that specifies that this listen socket is listening on all IP addresses for this machine Tuning This setting is not tunable except as described above ActiveThreads The total number of threads HTTP sessions that are in any state for this listen socket This is equal to WaitingThread...

Page 236: ...Hits 0 KeepAliveFlushes 0 KeepAliveTimeout 30 seconds This section reports statistics about the server s HTTP level KeepAlive system Note The name KeepAlive should not be confused with TCP KeepAlives Also note that the name KeepAlive was changed to Persistent Connections in HTTP 1 1 but for clarity this document continues to refer to them as KeepAlive connections Both HTTP 1 0 and HTTP 1 1 support...

Page 237: ...eded Dynamic content such as CGI does not have an HTTP content_length header set or the header is not lowercase Request is not HTTP GET or HEAD HTTP 1 1 pipelined request The request was determined to be bad if have bad client sends only headers no content When SSL is enabled KeepAliveTimeout defaults to 0 which effectively disables persistent connections If you want to use persistent connections ...

Page 238: ... from a connection that had been kept alive This setting is not tunable KeepAliveFlushes The number of times the server had to close a connection because the KeepAliveCount exceeded the KeepAliveMaxCount This setting is not tunable Cache Information CacheInfo enabled yes CacheEntries 0 4096 CacheSize bytes 0 10485760 Hit Ratio 0 1 0 00 pollInterval 5 maxFileSize 537600 This section describes the s...

Page 239: ...he add the following line to the obj conf file Init fn cache init MaxNumberOfCachedFiles xxxxx CacheSize CurrentCacheSize MaxCacheSize The current size of the cache in bytes and the maximum size of the cache in bytes The default size is 10MB and the cache cannot insert new entries once that size is reached Tuning To set the maximum size of the cache in kilobytes add the following line to the obj c...

Page 240: ...ing To set the polling interval in seconds add the following line to the obj conf file Init fn cache init PollInterval xxxxx maxFileSize The maxFileSize is the maximum size of a file that we will cache The default size is 537600 bytes This means that a file which is 600K will not be cached It is recommended that you avoid caching large files unless you have lots of RAM available Tuning To set the ...

Page 241: ...okup Tuning To set the maximum size of the DNS cache add the following line to the obj conf file Init fn dns cache init cache size xxxxx HitRatio CacheHits CacheLookups Ratio The hit ratio is displays the number of cache hits and the number of cache lookups A good hit ratio for the DNS cache is 60 70 This setting is not tunable Native Threads Pool Native Thread Pool Data Idle Peak Limit 1 1 100 Wo...

Page 242: ...API plug ins such as NameTrans Service or PathCheck functions these execute by default on a thread from the native thread pool If your plug in makes use of the NSAPI functions for I O exclusively or does not use the NSAPI I O functions at all then it can execute on a non native thread For this to happen the function must be loaded with a NativeThread no option indicating that it does not require a...

Page 243: ...tarted This value can be viewed as the maximum concurrency for requests requiring a native thread This setting is not tunable Work queue rejections This is the cumulative number of requests that have needed the use of a native thread but that have been rejected due to the work queue being full By default these requests are rejected with a 503 Service Unavailable response This setting is not tunabl...

Page 244: ...e request threads waiting for a native thread In general set this value to be high enough to avoid rejecting requests under normal conditions which would be the anticipated maximum number of concurrent users who would execute requests requiring a native thread The difference between this value and RqThrottle is the number of requests reserved for non native thread requests such as static html gif ...

Page 245: ...that your busy function will apply to all functions that require a native thread to execute when the default thread type is non native To use your own busy function instead of the default busy function for the entire server you can write an NSAPI init function that includes a func_insert call as shown below extern C NSAPI_PUBLIC int my_custom_busy_function pblock pb Session sn Request rq my_init p...

Page 246: ...e server can store hostname information after receiving it If the server needs information about the client in the future the information is cached and available without further querying You can specify the size of the DNS cache and an expiration time for DNS cache entries The DNS cache can contain 32 to 32768 entries the default value is 1024 entries Values for the time it takes for a cache entry...

Page 247: ...celerator or passed to the NSAPI engine for full processing and requests that could not be accelerated did not have the benefit of file caching This prevented many sites with NSAPI plugins customized logs or used server parsed HTML from taking advantage of the accelerator The NSFC module implements an independent file cache used in the NSAPI engine to cache static files that could not be accelerat...

Page 248: ... the same file is referenced through the cache This setting works in conjuctions with FlushInterval By default this is set to 30 MaxAge 30 MaxFiles The maximum number of files that may be in the cache at once By default this is set to 256 MaxFiles 256 FlushInterval The interval in seconds at which a reaper thread looks for cache entries that are older th an MaxAge and deletes them By default this ...

Page 249: ...e files larger than medium are not cached although information about large files is cached By default this is set to 128000 128 KB MediumFileSizeLimit 128000 MediumFileSpace The size in bytes of the virtual memory used to map all medium sized files By default this is set to 4000000 4MB MediumFileSpace 4000000 TransmitFile When TransmitFile is set to true open file descriptors are cached for files ...

Page 250: ...adding a NameTrans directive to the default object NameTrans fn assign name from nsfc name nsfc Then add a new object definition Object name nsfc Service fn service nsfc dump Object This enables the file cache control and monitoring function to be accessed via the URI nsfc By changing the from parameter in the NameTrans directive a different URI can be used Accessing this URI displays the followin...

Page 251: ...s are recognized refresh n Causes the client to reload the page every n seconds restart Causes the cache to be shut down and then started start Starts the cache stop Shuts down the cache For sites with scheduled updates to content consider shutting down the cache while the content is being updated and starting it again after the update is complete Although performance will slow down the server ope...

Page 252: ... the default is 10000KB 10MB To get maximum speed the cache keeps many mmap files open To estimate the optimal value for mmap max on your system approximately compute the total number of bytes of static data on your system For example if you have 200 files that are 10K in size then 2MB should be sufficient for mmax map disable optional Specifies whether the file cache is disabled or not If set to ...

Page 253: ...rprise Server 4 0 this parameter is ignored because it no longers applies to the platform MaxTotalCachedFileSize optional Total size of all files in the cache Default is 10K minimum is 1K maximum is 16M In Enterprise Server 4 0 this parameter is ignored on Unix Use the MediumFileSpace parameter in nsfc conf instead In Enterprise Server 4 0 this parameter is ignored because it no longers applies to...

Page 254: ... SmallFileSizeLimit would typically be a slightly lower value than the VM page size Improving Servlet Performance The use of NSAPI cache will improve servlet performance in cases where the obj conf configuration file has many directives To enable NSAPI cache inlcude the following line in obj conf Init fn nsapi cache init enable true It s advisable to have servlet engine NameTrans NameTrans fn NSSe...

Page 255: ...variables beginning with NSCP_POOL in Enterprise Server 3 6 the following parameters can be added to magnus conf for convenience NativePoolMinThreads Default value is 1 NativePoolMaxThreads Default value is 128 NativePoolQueueSize Default value is unlimited NativePoolStackSize Default value is the same as the default value for the OS Any of the parameters can be omitted to reflect the default beha...

Page 256: ...er will spawn by lowering the value of the MaxProcs value in the magnus conf file Under Throttled Server The server does not allow the number of active threads to exceed the Thread Limit value If the number of simultaneous requests reaches that limit the server stops servicing new connections until the old connections are freed up This can lead to increased response time In Enterprise Server the s...

Page 257: ...or other dynamic sources Dynamic content is generally not cacheable and inherently yields a low cache hit rate Don t be too alarmed if your site has a low cache hit rate The most important thing is that your response time is low You can have a 0 cache hit rate and still have very good response time As long as your response time is good you may not care that the cache hit rate is low Checking Begin...

Page 258: ...y not utilizing the HTTP KeepAlives as well as it could Tuning To reduce KeepAlive flushes increase the MaxKeepAliveConnections value in the magnus conf file The default value is 200 By raising the value you keep more waiting keepalive connections open Warning On Unix systems if you increase the MaxKeepAliveConnections value too high the server can run out of open file descriptors Typically 1024 i...

Page 259: ...virtual machine in Enterprise Server 4 0 implements significant improvements in processing local variables variables declared inside a function Therefore you should minimize the use of global variables variables declared between the server and server tags and write applications to use functions as much as possible This can improve the application performance significantly Benchmarking the Netscape...

Page 260: ...nformation on page 238 1 Calculate the number of files used in the SPECweb96 fileset The SPECweb96 fileset size is based on the number of SPECweb96 OPS requested in the test run The following formula calculates the number of files files int sqrt OPS 5 10 0 0 5 36 fileset size files 142207 5 For an example see Table 10 1 2 Increase the number of files that the web server s cache will hold to the nu...

Page 261: ...s probably the most important for HTTP GET benchmarks It disables some of the daemon statistics gathering in the web server ACLFile is a magnus conf directive to load ACLs Disable all ACLFile directives for maximum performance RqThrottle specifies the maximum number of simultaneous transactions the web server can handle For more information see About RqThrottle on page 229 WebStone Tuning For WebS...

Page 262: ...e BSD sockets API can accomplish These extensions also allow the system to spend more time in the NT kernel where SMP scaling has apparently been better optimized than on Solaris The mixed workload is clearly dominated by static HTML so it scales similarly In the case of NSAPI more time is spent in the NSAPI shared library which is functionally identical on Windows NT and Solaris so the scaling is...

Page 263: ...oncurrent users add an extra 512KB per peak concurrent user Drive Space You need to have enough drive space for your OS document tree and log files In most cases 2GB total is sufficient Put the OS swap paging file Enterprise Server logs and document tree each on separate hard drives Thus if your log files fill up the log drive your OS will not suffer Also you ll be able to tell whether for example...

Page 264: ...kB s or 1920 kbit s So our site needs two T1 lines each 1544 kbit s This allows some overhead for growth too Your server s network interface card should support more than the WAN it s connected to For example if you have up to 3 T1 lines you can get by with a 10BaseT interface Up to a T3 line 45 Mbit s you can use 100BaseT But if you have more than 50 Mbit s of WAN bandwidth consider configuring m...

Page 265: ...Part 4 Using Programs and Objects 265 4 Using Programs and Objects Extending Your Server With Programs Working With Configuration Styles ...

Page 266: ...266 Netscape Enterprise Server Administrator s Guide ...

Page 267: ...from clients These programs are known as server side applications Client side applications which are downloaded to the client run on the client machine This chapter includes the following sections Overview of Server Side Programs Java Servlets and JavaServerPages JSP Installing CGI Programs Installing Windows NT CGI Programs Installing Shell CGI Programs for Windows NT Using the Query Handler Serv...

Page 268: ...Script applications are written in JavaScript an object based scripting language JavaScript is easier to learn than languages such as Java and C and it lends itself to rapid application development Note Enterprise Server 4 0 does not support server side Java applets Types of Server Side Applications That Run on the Server The Enterprise Server can run the following types of server side application...

Page 269: ...e information see Installing CGI Programs Installing Windows NT CGI Programs and Installing Shell CGI Programs for Windows NT For JavaScript applications you must check in each application individually through the Application Manager which you can access from the Enterprise Server For more information see Installing Server Side JavaScript Applications These installation procedures are described in...

Page 270: ... develop servlets use Sun Microsystems Java Servlet API For information about using the Java Servlet API see the documentation provided by Sun Microsystems at http www javasoft com products servlet index html For information about developing servlets for use with Enterprise Server 4 0 see The Programmer s Guide to Servlets in Enterprise Server 4 0 A JavaServerPage JSP is a page much like an HTML p...

Page 271: ...t You can specify it after the server is installed To specify the path to the JDK use the Configure JRE JDK Paths page in the Servlets tab of the Server Manager as discussed in the Configuring JRE JDK Paths on page 276 Whether you specify the path to the JDK during installation or later the path is the folder in which you installed the JDK Enabling Servlets and JSP Before Enterprise Server can run...

Page 272: ...this case the servlet class can be located anywhere in the file system or even reside on a remote machine For more information see Configuring Servlet Virtual Path Translations on page 275 Specifying Servlet Directories One of the ways to make a servlet accessible to clients is to put it into a directory that has been registered with the Enterprise Server as a servlet directory Servlets in registe...

Page 273: ...ory page in the Servlets tab of the Server Manager Set the following fields URL Prefix The prefix for accessing the directory For example if you want the logical URL http servername plans to translate to the directory d netscape es40 docs plans then enter plans in the URL Prefix field Servlet Directory The absolute pathname to the directory to be registered as a servlet directory for example d net...

Page 274: ... servlets properties file in the Enterprise Server s config directory In this page you can specify the following fields Choose Servlet Specifies the servlet to edit Upon choosing the servlet from this drop down list the servlet s information is displayed in the page Ignore this field if you are adding a new virtual path entry Servlet Name Specifies an identifier for the servlet This identifier is ...

Page 275: ...mple you could specify that the URL http poppy my_domain com plans plan1 invokes the servlet defined in server_id docs servlets plans releaseA planP2Version1A class You can set up servlet virtual path translations for servlets that reside anywhere be it on a local or remote file system and be it in or out of a registered servlet directory Before setting up a servlet virtual path translation the se...

Page 276: ... Paths When you install Enterprise Server 4 0 you can choose to install the Java Runtime Environment JRE or you can specify a path to the Java Development Kit JDK The server can run servlets using the JRE but it needs the JDK to run JSP The JDK is not bundled with the Enterprise Server but you can download it for free from Sun Microsystems at http www javasoft com products jdk 1 2 Enterprise Serve...

Page 277: ...ormation for JavaServerPages JSP and servlets ClassCache When the server serves a JSP page it creates a java and a class file associated with the JSP and stores them in the JSP class cache in a directory structure under the ClassCache directory SessionData If the server uses the MMappedSessionManager session manager it stores persistent session information in the SessionData directory Each cache h...

Page 278: ...d recreates the version file The next time the server serves a JSP page or servlet while using the MMappedSessionManager session manager it recreates the session data cache Delete the ClassCache Version File Deletes the class cache version file for JSP pages When you apply this change the version file is deleted immediately The next time the server starts up it deletes the JSP class cache and recr...

Page 279: ...ms written in C or batch files For Windows NT CGI programs written in a Windows based programming language such as Visual Basic use a different mechanism to operate with the server They are called Windows NT CGI programs See Installing Windows NT CGI Programs on page 282 for information about Windows NT CGI Note In order to run the command line utilities you need to manually set the Path variable ...

Page 280: ...type option your server attempts to process any files with the file extensions cgi exe or bat as CGI programs If a file has one of these extensions but is not a CGI program an error occurs when a user attempts to access it Warning Note that you must enable cookies in your browser to run CGI programs Note By default the file extensions for CGI programs are cgi exe and bat However you can change whi...

Page 281: ... of an existing directory click that directory s Edit button Copy your CGI programs into the directories you ve specified Remember that any files in those directories will be processed as a CGI file so don t put HTML files in your CGI directory Specifying CGI as a File Type To specify CGI programs as a file type perform the following steps 1 From the Server Manager choose the Programs tab 2 Click ...

Page 282: ...ble files You can do this through the Server Manager by choosing the Server Preferences tab and clicking the MIME Types link However the disadvantage to this method is that after making this change you cannot use exe files as CGI programs Another solution is to edit your server s obj conf file to set up a download directory where any file in the directory is downloaded automatically The rest of th...

Page 283: ...e it uses the file extension wcg Netscape Enterprise Servers support the Windows NT CGI 1 3a informal specification with the following differences The following keywords have been added to the CGI section to support Netscape security methods HTTPS its value is on or off depending on whether the transaction is conducted through SSL HTTPS Keysize when HTTPS is on this value reports the number of bit...

Page 284: ...x you specify can be different from the real Windows NT CGI directory you specify in Step 5 4 Choose whether you want to enable script tracing Click the Yes or No radio button under Enable Script Tracing CGI parameters are passed from the server to Windows NT CGI programs through files which the server normally deletes after the Windows NT CGI program finishes execution If you enable script tracin...

Page 285: ...rom the Server Manager choose the Server Preferences tab 2 Click the MIME Types link The Global MIME Types window appears For more information on the Global MIME Types see the Specifying a Default MIME Type on page 317 in Chapter 13 Managing Server Content 3 Add a new MIME type with the following settings Type type Content type magnus internal wincgi File Suffix Enter the file suffixes that you wa...

Page 286: ...ociations set in Windows NT For example if the server gets a request for a shell CGI file called hello pl the server uses the Windows NT file associations to run the file using the program associated with the pl extension If the pl extension is associated with the program C bin perl exe the server attempts to execute the hello pl file as follows c bin perl exe hello pl The easiest way to configure...

Page 287: ...I directory For example suppose you store all shell CGI files in a directory called C docs programs cgi shell cgi but you want users to see the directory as http www yourserver com shell In this case you would type shell as the URL prefix 5 In the Shell CGI Directory field enter the absolute path to the directory you created Warning The server must have read and execute permissions to this directo...

Page 288: ...wing steps 1 Create the shell directory on your computer This directory doesn t have to be a subdirectory of your document root directory 2 From the Server Manager choose Server Preferences 3 Click the MIME Types link The Global MIME Types window appears For more information on the Global MIME Types see the Specifying a Default MIME Type on page 317 in Chapter 13 Managing Server Content 4 Add a ne...

Page 289: ...ion in the ISINDEX box is immediately submitted when the user presses Return When you specify your default query handler you tell your server to which program to direct the input For an in depth discussion of the ISINDEX tag see an HTML reference manual To set a query handler perform the following steps 1 From the Server Manager choose the Programs tab 2 Click the Query Handler link The Query Hand...

Page 290: ... Server Side JavaScript Applications Application URLs Controlling Access to a Server Side JavaScript Application Modifying Installation Parameters Removing a Server Side JavaScript Application Starting Stopping and Restarting a Server Side JavaScript Application Running a Server Side JavaScript Application Configuring Default Settings For more information about writing JavaScript applications see ...

Page 291: ...avaScript you can perform many administrative tasks with the server side JavaScript Application Manager Using the Application Manager you can do the following Install a new JavaScript application You must add an application before users can run it Modify any of the attributes of an installed application for example its default home page path to the web file and type of client object maintenance St...

Page 292: ...er displays all applications currently installed on the server in a scrolling list in the left frame 4 Select an application by clicking its name in the scrolling list For the selected application the right frame displays the following information The application name at the top of the frame The path of the application web file on the server The web file is the compiled JavaScript application The ...

Page 293: ...ecuring the Application Manager The Application Manager runs on the Enterprise Server It is installed into the js appmgr directory It can be accessed with the URL http yourserver domain com appmgr Consequently you may want to restrict access to the Application Manager URL and the application URI so that only you and any other trusted administrators can access them If you don t restrict access to t...

Page 294: ...ou are using SSL Installing Server Side JavaScript Applications You can install up to 120 JavaScript applications on one server You must install add an application with the Application Manager before you can run it To install a new application perform the following steps 1 From the Server Manager choose the Programs tab 2 Click the Server Side JavaScript link The Activate Server Side Javascript wi...

Page 295: ...n when the application is first started This page only runs once during the life of the application and is used to initialize values and establish database connections This is an optional field 9 In the Built in Maximum Database Connections field specify the maximum number of database connections that this application can have at one time if you are using the built in database object 10 In the Ext...

Page 296: ...ince the index is based on both the application and the IP address this technique creates a separate index for every application client pair running on the server server cookie Specifies that the server should use a long unique name generated by the runtime engine to index the data structure on the server The runtime engine uses the Netscape cookie protocol to store the generated name as a cookie ...

Page 297: ...s use to access a JavaScript application Application URLs are of the form http server domain appName page html where server is the name of the HTTP server domain is the Internet domain including any subdomains appName is the application name you enter when you install it and page is the name of a page in the application such as the default page name You can also access the application with the URL...

Page 298: ... do this by applying a configuration style to the application For more information see Chapter 12 Working With Configuration Styles For more information on restricting access to part of your server see Chapter 14 Controlling Access to Your Server Modifying Installation Parameters To modify an application s installation parameters open the Application Manager as described in the section Running the...

Page 299: ...that is stopped open the Application Manager as described in Running the Application Manager on page 291 and then click Start If the application starts successfully clients can invoke the application To stop an active application click Stop The application s status changes to stopped and clients can no longer invoke the application You must stop an application if you want to move the web file or u...

Page 300: ...ations open the Application Manager as described in Running the Application Manager on page 291 and then click the Preferences tab When you install a new application the default installation parameters are used for the initial settings You can specify the following default settings Installation parameters web file path default page initial page maximum number of built in database connections exter...

Page 301: ...e using WAI applications you must install Visibroker 3 3 from Inprise You can get Visibroker3 3 from the Inprise web site at http www inprise com products After installing Visibroker 3 3 you will need to install WAI on your Enterprise Server You can do this by running through the installation process and choosing to install only WAI After you have installed WAI the next step is to enable it on you...

Page 302: ...Enabling WAI Services 302 Netscape Enterprise Server Administrator s Guide ...

Page 303: ... can create a configuration style that sets up access logging When you apply that configuration style to the files and directories that you want to log you don t have to individually configure access logging for all the files and directories This chapter includes the following sections Creating a Configuration Style Removing a Configuration Style Editing a Configuration Style Assigning a Configura...

Page 304: ...splays the Edit a Style page 6 From the drop down list choose a configuration style to edit and click Edit this Style 7 From the list of links available click the category you want to configure for your style You can configure the information listed in Table 12 1 8 Fill out the form that appears and click OK 9 Repeat step 4 and step 5 to make any other configuration changes to the configuration st...

Page 305: ... Allows you to add a document footer to a server resource Dynamic Configuration Allows you to give people a subset of configuration options without giving them access to the Server Manager For more information about dynamic configuration see Working with Dynamic Configuration Files on page 171 in Chapter 7 Configuring Server Preferences Error Responses Allows you to customize the error responses t...

Page 306: ... or directories that had the deleted configuration style applied will get a server misconfiguration error message To remove a configuration style perform the following steps 1 Access the Server Manager and choose the Styles tab 2 Click the Remove Style link 3 Select the configuration style you want to remove and click OK For more information see The Remove an Existing Style Page in the online help...

Page 307: ...lick OK 6 Repeat Step 4 and Step 5 to make any other changes to the configuration style Click OK 7 Click Save and Apply to confirm your changes to the configuration style When you choose a style to edit your Resource Picker lists configuration styles instead of other resources After you have finished editing a style click OK and Save and Apply The Resource Picker exits the styles mode You can also...

Page 308: ...plied to the resource apply the None configuration style Click OK For more information see The Apply a Configuration Style Page in the online help Listing Configuration Style Assignments After you have created configuration styles and applied them to files or directories you can get a list of the configuration styles and where you applied them To list the configuration style assignments perform th...

Page 309: ...Part 5 Managing Content and Access 309 5 Managing Content and Access Managing Server Content Controlling Access to Your Server Configuring Web Publishing Using Search ...

Page 310: ...310 Netscape Enterprise Server Administrator s Guide ...

Page 311: ... can view your files provided they have access to them This chapter describes how you can configure and manage your server s content This chapter contains the following sections Changing the Primary Document Directory Setting Additional Document Directories Customizing User Public Information Directories Unix Enabling Remote File Manipulation Configuring Document Preferences Setting Up Hardware Vi...

Page 312: ...ml tells the server to look for the file in C Netscape Server4 docs products info html If you change the document root that is you move all the files and subdirectories you only have to change the document root that the server uses instead of mapping all URLs to the new directory or somehow telling clients to look in the new directory To set your server s primary document directory use the Primary...

Page 313: ...you do not want them to publish to To add additional document directories use the Additional Document Directories page in the Server Manager By default the server has several additional document directories They have the following prefixes help search ui webpub ui publisher You should restrict access to these directories so that users cannot write to them A sample ACL for the publisher directory w...

Page 314: ...tml The server needs to know where to look for a file that lists users on your system The server uses this file to determine valid usernames and to find their home directories If you use the system password file for this purpose the server uses standard library calls to look up users Alternatively you can create another user file to look up users You can specify that user file with an absolute pat...

Page 315: ...s on your server When you use Web Publishing you need to disable remote file manipulation The two sets of functions cannot operate simultaneously You can use both remote file manipulation and web publishing functions by manually setting the function to be called for each individual remote method invocation However proceed with caution as mixing the functions can affect the server s web publishing ...

Page 316: ...ten helpful to let clients access an overview or index of these directories The server indexes directories by searching the directory for an index file called index html or home html which is a file you create and maintain as an overview of the directory s contents Note that these defaults are configurable for the whole server so your server s files may vary For more information see the previous s...

Page 317: ... Default MIME Type When a document is sent to a client the server includes a section that identifies the document s type so the client can present the document in the right way However sometimes the server can t determine the proper type for the document because the document s extension is not defined for the server In those cases a default value is sent For information about maintaining your serv...

Page 318: ...the Accept Language Header on page 467 To parse the accept language header use the Document Preferences page in the Server Manager Setting Up Hardware Virtual Servers A hardware virtual server is a way to have your server respond to multiple IP addresses without installing multiple servers With hardware virtual servers you map multiple IP addresses to multiple document roots For example if you hav...

Page 319: ...that want the server to use less memory can use the ISP version of the hardware virtual server function As with default hardware virtual servers discussed in the previous section ISP version hardware virtual servers allow you to configure your server to respond to multiple IP addresses without installing multiple servers but you can configure your server to support an arbitrary number of IP addres...

Page 320: ...erl virtual Hardware Virtual Servers and comment out the line containing Option multiple Hardware Virtual Servers 2 From the Server Manager choose the Content Management tab Click Content Management even if it s already selected to make sure the file name change is picked up by the server 3 Click Hardware Virtual Servers The Hardware Virtual Servers page appears 4 Enter the server s IP address in ...

Page 321: ...ager and the document root to which they apply You can return to using the default hardware virtual server function by performing the following steps 1 From the Server Manager choose Content Management tab 2 Click Hardware Virtual Servers The Hardware Virtual Servers Page appears 3 Click No to deactivate the ISP version hardware virtual server function 4 Click OK 5 Click Save and Apply Migrating H...

Page 322: ...oth www mozilla com and www netscape com resolve to 192 3 4 5 then set up software virtual servers to handle both server names for example http www mozilla com and http www netscape com The server can respond to requests differently depending upon the URL even though the server only has one IP address For example one server can serve different pages for http www mozilla com and http www netscape c...

Page 323: ...Management tab of the Server Manager Changing the Character Set The character set of a document is determined in part by the language it is written in You can override a client s default character set setting for a document a set of documents or a directory by selecting a resource and entering a character set for that resource Netscape Navigator can use the MIME type charset parameter in HTTP to c...

Page 324: ...e following aliases are recognized for iso_8859 1 To change the character set use the International Characters page in the Server Manager ansi_x3 4 1968 iso ir 6 ansi_x3 4 1986 iso_646 irv 1991 ascii iso646 us us ibm367 cp367 latin1 iso_8859 1 iso_8859 1 1987 iso ir 100 ibm819 cp819 ...

Page 325: ...rs Before you can use access control on Enterprise Administration Server you must enable distributed administration from the Distributed Administration page and set up an administration group in your LDAP database This chapter assumes you have already configured distributed administration and have defined users and groups in your LDAP database You should also ensure the security of the web server ...

Page 326: ...id use the ACLCacheLifetime directive in the magnus conf file Each time an entry in the cache is referenced its age is calculated and checked against ACLCacheLifetime The entry is not used if its age is greater than or equal to the ACLCacheLifetime The default value is 120 seconds If this value is set to 0 the cache is turned off If you use a large number for this value you may need to restart Ent...

Page 327: ...web site you must store the list of users and groups in an LDAP database such as the Netscape Directory Server The directory server can be running on the same machine as the web server or you can use a directory server installed on a remote machine When users attempt to access a resource that has User Group authentication in Enterprise Administration Server or on your web site the web browser disp...

Page 328: ...used to authenticate users by doing an LDAP bind as the specified user The other is permanently bound as the binddn specified in the Configure Directory Service page and is used for locating user entries and checking group memberships Only one HTTP request thread can access the directory server at a time which means that a global lock controls access to both LDAP connections This can be a potentia...

Page 329: ...client authentication with access control choose the SSL authentication methods you want to use from the Encryption Preferences page in the Preferences tab click Encryption Preferences To require client authentication for the entire server select Require Client Certificates regardless of access control in the Encryption Preferences page Note Only the SSL authentication method requires modification...

Page 330: ...ng this message see Responding When Access is Denied on page 347 Note It is possible for more than one person to have access to a particular system For this reason Host IP authentication is more effective when combined with User Group authentication If both methods of authentication are used the end user will have to enter a username and password on a particular computer before getting access IP a...

Page 331: ...ing the files such as restricting access to the server based on the time of day or day of the week Note When server users change ACLs through Web Publisher the ACL configuration files are modified and you receive a JavaScript notification alerting you of the change Also you can manually create and edit acl files to customize access control For example if you want to use an Oracle or Informix datab...

Page 332: ...y that allows users in the admin reduced group to access the Preferences tab in Enterprise Administration Server version 3 0 The following es internal rules protect files such as icons and images related to Enterprise Server These es internal rules should not be modified acl es internal allow read list execute info user anyone deny write delete user anyone The following default rules apply to the ...

Page 333: ...thod basic deny all user anyone allow read execute list info group GroupB The following rule denies everyone not in the directory server and denies everyone in the directory server except user with the ID of SpecificMemberOfGroupB The ACL rule in this setting also has a requirement that the user connect from a specific IP address The IP address setting in the rule is optional it has been added to ...

Page 334: ...the ACE and then moves on to the next directory The server continues traversing the path either until it reaches an ACL that says not to continue or until it reaches the final ACL for the requested URL in this case the file presentation html To set up access control for this example using the Server Manager you could create an ACL for the file only or for each resource leading to the file That is ...

Page 335: ...er choose the Preferences tab 2 Click the Restrict Access link The Access Control List Management Page appears There are three parts to this page Pick a resource allows you to specify a wildcard pattern for files or directories to restrict access to such as html or you can choose a directory or a filename to restrict You can also browse for a file or directory by using the Browse button Pick an ex...

Page 336: ...ss control see Table 14 1 4 Click Edit Access Control The page divides into two frames that you use to set the access control rules If the resource you chose already has access control the rules will appear in the top frame The ACL for Enterprise Administration Server begins with two non editable deny statements by default The following figure briefly describes the page elements To create an ACL y...

Page 337: ...7 Specify User Group authentication by clicking anyone listed under the Users Groups column The bottom frame allows you to configure User Group authentication By default there is no authentication meaning anyone can access the server resource Select the options you want and then click Update 8 Specify the computers you want to include in the rule by clicking anyplace You can enter wildcard pattern...

Page 338: ...options to the rules for the line you re editing 11 If you are familiar with ACL files you can enter a customized ACL entry by clicking X under the Extra column This area is useful if you use the access control API to customize ACLs 12 Select Continue if you want the access control rule to continue in a chain This means the next line is evaluated before the server determines if the user is allowed...

Page 339: ...he list until it reaches either an ACE that doesn t match or that matches but is set to not continue The last ACE that matches is used to determine if access is allowed or Table 14 1 LDAP Attributes Resource wildcard What it means default A named ACL created during installation that restricts write access so only users in the LDAP directory can publish documents for example by using the web publis...

Page 340: ...esting a resource You must define an administrators group the group you set up for distributed administration for access control in Enterprise Administration Server The list of users and the groups they are included in are stored in an LDAP server such as Netscape Directory Server You should make sure the database contains users and groups including the administrators group before you set access c...

Page 341: ...sers and groups to match You can list the users and groups of users individually by separating the entries with commas Or you can enter a wildcard pattern To use this option you must also check Authenticated people only Group matches all users in the groups you specify For Enterprise Administration Server the users in the groups you specify must also be in the administrators group you specified fo...

Page 342: ...ases and LDAP directories in the file server_root userdb dbswitch conf Then you can choose the database you want to use in the ACL by selecting it in the drop down list If you use the access control API to use a custom database for example to use an Oracle or Informix database you can type the name of the database in the Other field in the User Group window Specifying Host Names and IP Addresses Y...

Page 343: ...ample netscape com is acceptable but users com is not Setting Access Rights You can set access rights to files and directories on your web site That is in addition to allowing or denying all access rights you can specify a rule that allows or denies partial access rights For example you can give people read only access rights to your files so they can view the information but not change the files ...

Page 344: ...er 1 Go to the Universal Enterprise Settings for the administration server Choose Restrict Access from Global Settings tab 2 From the drop down list choose the server whose administration access you want to restrict The administration server is labeled https admserv Other servers are labeled with their type and their server id for example https mozilla When you select a server to restrict you are ...

Page 345: ...rver type you selected For example in the administration server there are tabs labeled Preferences Global Settings and so on When an administrator accesses the administration server the server uses their username host and IP to determine what pages they ll see If they have access to only one or two pages they will only see those pages 7 You can control access to a specific page within a tab Type t...

Page 346: ...fday 1700 group critical For more information on valid syntax and ACL files see ACL File Syntax on page 456 and Referencing ACL Files in obj conf on page 462 Selecting Access control on When you uncheck the option labeled Access control on you ll get a prompt asking if you want to erase records in the ACL When you click OK the server deletes the ACL entry for that resource from the ACL file If you...

Page 347: ... perform the following steps 1 In the ACL page click the link called Response when denied 2 In the lower frame check the radio button called Respond with the following file 3 In the text field type a URL or URI to a text or HTML file in your server s document root that you want to send to users when they are denied access The server must have read access to this file so you should consider putting...

Page 348: ...have a server for a department and you only want users to access the server from computers in a specific subdomain of your network To restrict access to the entire server perform the following steps 1 In Enterprise Server choose Server Preferences 2 Click the Restrict Access link The Access Control List Management page appears 3 In the section called Pick a Resource select The entire server from t...

Page 349: ...cond rule In the bottom frame type a wildcard pattern for the host names of the computers you want to allow For example type emp mozilla com in the Host Names field Click Update 8 Unselect Continue in the top frame and then click Submit The frame should look like the one in Figure 14 5 9 Submit your changes Figure 14 5 Restricting access to the entire server Be sure to restart the server for the c...

Page 350: ...blishes status information for the project team to review To restrict access to a directory on the server perform the following steps 1 In Enterprise Server choose Server Preferences 2 Click the Restrict Access link The Access Control List Management page appears 3 In the section called Pick a Resource click the Browse button In the page that appears click the link for the directory you want to re...

Page 351: ...8 Click all in the top frame Uncheck the Write and Delete access rights This means the users in the executives group can t add or remove files but they can view them and run any applications in the directories Click Update 9 Click New Line to create a rule for the ceo user Check Allow for the third rule 10 Click anyone In the bottom frame type ceo in the User field Click Update 11 Uncheck Continue...

Page 352: ...andle access control if you have additional document roots This example gives anyone read access to files and directories in the path specified by the URI my_directory Only one user me in this example has full access to the directories and files You might use this example if you have several users who publish their content on your server The users want to have write access to their content and the...

Page 353: ...Check Allow for the second rule 8 Click the anyone link In the bottom frame type me in the User field Click Update 9 Uncheck Continue for both the first and second rules This means that the server ignores any ACLs for other URIs directories or files under the URI you specified in Step 3 The frame should look like the one in Figure 14 7 Figure 14 7 Restricting access to a URI path in the document r...

Page 354: ...k a resource click Wildcard In the prompt that appears type cgi and click OK This wildcard pattern matches any request that contains a file or directory with the cgi extension 4 Click Edit Access Control The two frame pages appear 5 Click New Line to create the first rule that will allow all users read access 6 Click Deny In the bottom frame that appears check Allow and then click Update 7 Click a...

Page 355: ... or the path The server checks ACLs in this order 1 Pathcheck functions in obj conf For example these could be wildcard patterns for files or directories The entry in the ACL file would appear as follows acl cgi 2 URIs For example a path relative to the document root The entry in the ACL file would appear as follows acl uri my_directory 3 Pathnames For example an absolute path to a file or directo...

Page 356: ...estrict Access link 3 In the section called Pick a Resource select The entire server from the Editing drop down list You can select any resource Click Edit Access Control The two frame pages appear 4 Click New Line 5 Click the Deny link In the bottom frame that appears check Allow and then click Update 6 Click the all link in the top frame Uncheck the Write and Delete access rights This means that...

Page 357: ... a special user called owner When an ACL rule designates the user to be the owner the permissions defined by this rule apply to the owner assigned by Web Publisher for each document Only the owner can modify the access control ACL rules for a file These rules define the actions users can perform on the file such as moving copying renaming or deleting it An owner can reassign ownership of a file to...

Page 358: ...box You can leave this blank and operate as an anonymous user but as soon as you attempt to perform an operation restricted to a valid user you are again prompted for your user name At this point you are also asked to enter your password and only authenticated users can continue with the operation Ownership of Files and Folders Web Publisher files and folders can be owned by individual users Only ...

Page 359: ...provides sophisticated features for server clients such as file management editing and publishing and access control This chapter contains the following sections Using Netshare Setting Access Control For Web Publisher Owners Indexing and Updating Properties Changing the Web Publishing State Maintaining Web Publishing Data Unlocking Files Adding Custom Properties Managing Properties Customizing You...

Page 360: ...rver functions When you create a Netshare home directory for a user the user is assigned as the owner of the directory and all its files By default only the owner can write to the directory although other users can read the files Others cannot make any changes to the files unless the owner explicitly provides such access permissions This section includes the following topics Setting Up the Server ...

Page 361: ...naming conventions operate what the configuration file contains and what it means to mark a user as licensed Server Features That Must Be Enabled In order to use the functions of Netshare fully including Web Publisher and search each of these functions must be turned on for your server By default they are all enabled but you may wish to verify their state To turn on the Web Publisher use The Web P...

Page 362: ... your changes and all home directories added subsequently use the new directory values If however you use the Netshare utility to indicate different directories the configuration file is not changed so only the user directories currently being added are affected One situation in which you might want to change the default directory path is when you want to create a home directory for a user that do...

Page 363: ...ark users as licensed For a new user mark the licensing as part of creating a user by following these steps 1 From the Administration Server choose the Users Groups 2 Click the New User link The New User page appears 3 Enter the user s information 4 Click Create and Edit User 5 Click the Licenses link 6 Check Netscape Enterprise Server and click Save Changes For an existing user mark the licensing...

Page 364: ...id server user to read any Netshare directory but only the designated owner of the Netshare home directory can modify the files This is the default ACL that is applied to the Netshare parent directory allow all user owner When you create a Netshare home directory for a group the server assigns ownership of the files and folders in that directory to the owner s user ID This also gives all users in ...

Page 365: ...tories for an individual user for a specified group or for all users who have been marked as licensed The last choice is particularly useful for server administrators who wish to add Netshare home directories for all existing users Note You must have already set up Netshare for your server before you can create Netshare home directories and Web Publishing must be enabled before your users can use ...

Page 366: ...tshare home directory if you do not want to accept the default of using the group name 7 Click the Create button This restarts the server because you have added a new ACL granting special access to the members of the group When you add a single user s Netshare the default ACL is sufficient This marks the group s owner as a licensed user if not yet marked as such creates the group s Netshare home d...

Page 367: ...rs and display the online help Several values are defined in the configuration file see Syntax of the Netshare Utility on page 368 for details To accept the default values from the configuration file skip these command line options Some examples of how you can use Netshare are provided for your convenience When you enter a different value for an option it only applies to the home directory or dire...

Page 368: ...tory for your server and creates a Netshare home directory for each user who has been marked as licensed but who does not yet have a Netshare directory Syntax of the Netshare Utility netshare u user_ID r server_root s server_name alXxv d dir_name o owner g group Required fields You must provide the name of your server instance and the path for your server root so that the utility can locate the ap...

Page 369: ...ers and deletes user directories v Displays progress information as the operation proceeds d dir_name Specifies a name for the Netshare home directory that overrides the default name which is the user ID or group ID If the directory does not exist Netshare creates it for you o owner Identifies the user ID to assign as the owner of the Netshare home directory that is being created for a group and m...

Page 370: ...ccessing the Web Publisher Home Page When you have configured web publishing for your server you and your users can access the Web Publisher home page at the following URL http ServerID publisher This displays the home page which provides a link for downloading the web publishing plug in appropriate for your browser and the Start Web Publisher button which launches the Web Publisher applet The pag...

Page 371: ...on the file such as moving copying renaming or deleting it An owner can reassign ownership of a file to another user and if a file has no owner anyone with a valid username can identify themselves as its owner Because the username identified as the owner of a file can change any access control that you place on a file should target the owner of a file rather than a specific username Note If you ch...

Page 372: ...arch collection and is created as part of the server installation process Initially it contains no data and must be populated by indexing the documents in the document directories The Web Publisher page lists the files and folders that are in the document directory selected when a user starts up Web Publisher but the data initially is not indexed and therefore is not available for searching and th...

Page 373: ...e index link for a directory you return to the Index and Update Properties page and the directory name appears in the Document Directory field Note You cannot use this function to index files that are larger than 3MB in size You can however do an automatic indexing of such large files through the Property Sheet in Web Publisher through the Web Publisher View Properties menu command by checking Mak...

Page 374: ...ck it or you may leave it checked to index any new documents that have been added to the document directory 7 If you want to make a change to files that have already been indexed you can use the Update previously indexed documents option to do a bulk ownership assignment or to index the content of files that did not have this option set when they were first indexed These options are useful when yo...

Page 375: ...f webpub conf This ensures that maximum logging is generated from Verity and the log messages go into server_root https server id logs nsloader log Note Once you have indexed documents into the web publishing collection you should not change any document directory s URL mapping or the collection s entries will target the URL mapping to the wrong physical file location If you have to change a docum...

Page 376: ...r any such document You can perform these functions to maintain your web publishing data Report on the collection s data You can produce a report on the current logical consistency of the web publishing collection s data This lists all the files in the selected document directory and also lists all the records in the web publishing collection regardless of which directory the collection data corre...

Page 377: ...ink The Maintain Web Publishing Data page appears 3 Choose the directory that contains the web publishing data to be maintained You can define the scope of the Repair and Report functions by choosing the document directory to check through If you want to use a different directory click the View button to see a list of directories You can report on or repair any directory or subdirectory that is li...

Page 378: ...nlocking operation To unlock a file perform the following steps 1 From the Enterprise Server choose Web Publishing 2 Click the Unlock File link The Unlock File page appears 3 Select the file or directory you want to unlock The Choose field displays the currently selected file or directory If you want to unlock a different file or a file from another directory click the View button to see a list of...

Page 379: ...ple if you want to add a numeric property after 5 have already been created you cannot delete one of the existing 5 numeric properties and add another numeric property in its place The only way to use the new property is to remove the entire collection and recreate it with the new property This means that if you extend the maximum settings to add additional attributes you cannot automatically use ...

Page 380: ... this is set to Modifiable Note For modifiable custom properties defined as META tagged attributes the value in the document is extracted only the first time the document is indexed Because users can input a different value in the attribute field through the Web Publisher Services Properties page the server ignores the META tagged value in subsequent indexing In this way the user s value is not ov...

Page 381: ...ated These have active Remove and Edit links in the first two columns To manage file properties perform the following steps 1 From the Enterprise Server choose Web Publishing 2 Click the Manage Properties link 3 The Manage Properties page appears displaying all available properties To remove a custom property perform the following steps 1 Click the Remove link for the property The Remove Custom Pr...

Page 382: ...at other files folders and services are available through the home page and display some navigational links to route other users through the site These are the default files that are installed in a Netshare home directory netshare html The default text that appears in the right frame banner html The banner across the top home html The frameset itself menu html The set of links in the left frame te...

Page 383: ...utes and they follow this standard syntax NS idxattrn CM_attributeName displayName TYPE size where n attribute number attributeName internal attribute name displayName name displayed in Manage Properties page TYPE TXT text NUM numeric or DAT date size size of field Web Publishing attributes listed in order of NS idxattr number Table 15 3 Web Publishing attributes listed in order of NS idxattr numb...

Page 384: ...who is editing the file 14 CM_RECENT_AUTHOR Modified by TXT 9 The user who made the most recent modification to the file or folder 15 CM_RECENT_COMMENT Most Recent Comment TXT 9 The most recent comment added for a file as part of an upload or publish operation 16 CM_VERSIONED Versioned TXT 9 A flag indicating whether the file is under version control 17 CM_AUTHOR Author TXT 13 The author defined f...

Page 385: ...and set of links and buttons displayed for a folder version history is omitted 21 CM_IS_INDEXED Is indexed TXT 9 A flag indicating that the content and metadata of a file has been indexed 22 CM_IS_PERSISTENT Is persistent TXT 9 A flag indicating that the metadata only of a file has been indexed The file s content has not been indexed 23 CM_RES_TYPE Resource type TXT 9 The default file extension de...

Page 386: ... pattern files to point to them There are three kinds of Web Publisher pattern variables those defined in the configuration file dblist ini as an index attribute NS idxattr those defined as pointers to other pages with NS suffix those defined internally by Web Publisher Most modifications to the Web Publisher pattern files involve simply changing which attributes you want displayed in the properti...

Page 387: ...hows the file properties page displayed by the sys prop pat pattern file The fields for Owner Title Author Lock Status URL and so on are all defined in the pattern file Most of the variables are in the dblist ini file but there are a few that are defined by Web Publisher Table 15 4 Pointing pattern variables Variable name Result CM_CUSTOM_FEILD_NS Custom properties page gets data for it CM_HTML_RE...

Page 388: ...and their labels TD B Owner B TD TD input name CM_OWNER value CM_OWNER size 40 TD TR VALIGN BASELINE TD NOWRAP B Title B TD TD Title TD TR TR VALIGN BASELINE TD NOWRAP B Author B TD TD CM_AUTHOR TD TR TR VALIGN BASELINE TD B Lock Status B TD TD CM_LOCK_STAT only lock owner may unlock SPACER type horizontal size 10 SPACER CM_LOCK_VAL SPACER type horizontal size 5 SPACER INPUT TYPE checkbox NAME CM_...

Page 389: ...r fields are read only The lock status information a checkbox with its own associated label that varies depending on whether the file is already locked or unlocked as indicated by the value of CM_LOCK_VAL The Rendition field only appears for files that have renditions available It includes a pattern variable that points to the HTML version of the file and shows it in the right frame ...

Page 390: ...Customizing the Web Publisher User Interface 390 Netscape Enterprise Server Administrator s Guide ...

Page 391: ...e tailored to your user community This chapter contains the following sections About Search Configuring Text Search Indexing Your Documents Performing a Search The Basics Using the Query Operators Customizing the Search Interface About Search Server documents can be in a variety of formats such as HTML Microsoft Excel Adobe PDF and WordPerfect provided that there is a conversion filter available f...

Page 392: ...pared for searching and index the document information into a searchable database called a collection The next several sections discuss the details of configuring search and indexing collections Note Search cannot work if the web publishing collection web_htm does not yet exist or has been deleted If search does not work restart the server with the web publishing function turned on the default and...

Page 393: ...s control definitions You can add users to your server s access control database through the Administration Server s Users Groups function For more information about setting access control see Chapter 14 Controlling Access to Your Server You can set your server to check access permissions before displaying search results by choosing Search and clicking the Search link as described in Configuring t...

Page 394: ...ot which initially maps to server_root docs help the directory for most of the help files search ui the directory for most of the search interface files webpub ui the directory for most of the Web Publisher interface files publisher the directory for most of the Web Publisher files Enterprise Server When you create a collection you must specify which document directory to index You can only choose...

Page 395: ...re sometimes referred to as stop words or drop words and typically include articles conjunctions and prepositions such as at and be for and the To specify stop words you need to edit the file named style stp This file resides in each of the subdirectories html pdf mail and news for each collection type in the directory server_root plugins search common style Each style stp file controls stop words...

Page 396: ...t for the collection type recreate the collection and reindex all the documents in the collection Turning Search On or Off You can turn search capabilities on and off for your server Turning search off for a server where users do not use this function can improve server performance You may also want to turn off the search function at certain times when you know the server will have heavy traffic r...

Page 397: ...rmat of the date time string in Posix format This is how the search results are displayed to users in the search results page For example the format b d y H M produces Oct 1 97 14 24 You can use the symbols listed in Table 16 1 6 Type a default title for the document that is to be used if the document s author has not included a title as part of the document tagged with the HTML Title tag The typi...

Page 398: ...search function and a set of pattern variables to create a specific portion of the interface In the pattern file you define the look feel and function of the text search interface Pattern files use pattern variables that you can use to customize background color help text Table 16 1 Common Posix date and time formats Format Displayed result example a Abbreviated week day for example Wed A Full wee...

Page 399: ... for the directory where you store your pattern files The default start header end footer and query page pattern files are located in this directory 4 Type in the relative pathname for the default pattern file you want to use for the top of the search results page when a collection has no defined header file or when more than one collection is being searched Specify the path relative to the patter...

Page 400: ...uration file contains system settings and file paths In your server s obj conf file the search system initialization is mapped to the webpub conf file When you use the Search Configuration and Search Pattern Files windows the data you input is reflected in the webpub conf file You can customize your server s search configuration by changing some of the settings in the webpub conf file but in gener...

Page 401: ...conf file although larger sets of attributes impact the performance of your server You cannot set the maximums beyond 100 for text and 50 for dates and numbers To do this you need to manually edit the NS loader section of the webpub conf file to define maximum numbers of attributes For example to change all three values you could use these lines NS max text attr 50 NS max numeric attr 10 NS max da...

Page 402: ...t who wish to set aside some memory for other server operations Restricting Your Index File Size You can limit how much disk space an index file can consume To do this you need to manually edit the NS loader section of the webpub conf file to define a maximum index file size For example NS max idx file size 1500000 Typically an indexing operation requires approximately 1 5MB per file and since the...

Page 403: ...bout the documents is stored in a collection Collections contain such information as the format of the documents the language they are in their searchable attributes the number of documents in the collection the collection s status and a brief description of the collection For more details see Displaying Collection Contents on page 424 When you create a collection you indicate the type of files th...

Page 404: ...ore information Complex PDF files such as those that are password protected or that contain graphical navigation elements cannot be correctly converted when they are indexed as part of a multi format collection The file data converts correctly when they are part of a PDF only collection Graphic elements are not converted Certain file formats have a default set of attributes that are indexed for fi...

Page 405: ...s Bonzini or Product contains Comm Date date The date the email was created PDF InstanceID text An internal ID number PermanentID text An internal ID number NumPages integer The number of pages in the document DirID text The directory where the PDF file exists FTS_ModificationDate date The document s last modification date FTS_CreationDate date The document s creation date WXEVersion integer The v...

Page 406: ...nable document conversion you must first purchase and install the document filters 1 Download the filters from Verity at http www verity com netscapefilters 2 Uncompress them and install them into the server_root plugins search directory 3 For each instance of the server for which you want to enable document conversion open the server_root https server id config webpub conf file for editing 4 With...

Page 407: ... not remove the web publishing collection if one exists for your server You can only have entries for a maximum of 16 million documents in your collections A document that is indexed in multiple collections counts as multiple documents It is best to create new collections of over 10 000 documents at low traffic times or the indexing operation may affect your system s performance Note You need to h...

Page 408: ...ex all HTML documents htm html or htm html You can define multiple wildcards in an expression For details of the syntax for wildcard patterns see Using Wildcards on page 431 Note You cannot index a file that includes a semi colon in its name You must rename such files before you can index them 7 To also index the subdirectories within the specified directory click Include Subdirectories 8 In the C...

Page 409: ... non HTML files the server creates the collection with the HTML set of default attributes and does not attempt to convert any non HTML file it indexes If you index HTML files into an ASCII collection even the HTML markup tags are indexed as part of the file s contents and when you display the files the contents are displayed as raw text Regardless of the file type chosen the content of the file is...

Page 410: ... s settings To configure a collection 1 From the Enterprise Server choose Search 2 Click the Configure Collection link The Configure Collection window appears 3 In the optional Description field you can type a description for your collection up to a maximum of 1024 characters 4 In the optional Collection Label field you can type a user defined name for your collection This is what users see when t...

Page 411: ...he name of the pattern file you want to use when displaying a single highlighted document from the list of search results 9 In the Date Format field you can specify how you want input dates to be interpreted when using this collection MM DD YY DD MM YY or YY MM DD 10 Click OK to change the collection configuration Updating a Collection After you have initially created a collection you may want to ...

Page 412: ...re affected You can indicate files within a subdirectory by typing in the pathname as it appears in the list of files For example you could delete all the HTML files in the frenchDocs directory by typing in no slash before the directory name frenchDocs html Note Be careful how you construct wildcard expressions For example if you type in index html you can add or remove the index file from the cur...

Page 413: ...that already has an entry in the collection and reindexes its attributes and contents extracting the META tagged attributes if that option was selected when the files were originally indexed into the collection This does not return to the original criteria for creating the collection say html and add any new documents that fit the original criteria This option also removes collection entries when ...

Page 414: ...g is not done automatically so you must manually optimize after you reindex or update a collection One situation when you might want to optimize a collection is just before publishing it to another site or before putting it onto a read only CD ROM You can reindex a collection which locates each file that has an entry in the collection and reindexes its attributes and contents extracting the META t...

Page 415: ...d MM must be less than 60 You must enter a time 7 In the section labeled Schedule Day s of the Week check one or more of the day checkboxes You can select all days You must select at least one day 8 Click OK to schedule the maintenance For Unix users to make your newly scheduled maintenance take effect you must restart the ns cron process To restart the ns cron process 1 Click the Enterprise Serve...

Page 416: ...sts all your collections for which you have set up regular maintenance 4 Choose an action from the drop down list Reindex or Optimize 5 In the lower part of the frame you can see the time and days of the week when the scheduled maintenance is currently scheduled to take place 6 Click OK to remove the scheduled maintenance For Unix users to make your newly scheduled maintenance take effect you must...

Page 417: ...ults list viewing the contents of a collection you can look at the information that is maintained for each of your collections Note If the search function is turned off these query forms are not available Search Home Page The search home page at http search ui examples provides individual links to each of the three search query interfaces as well as an online QuickStart tutorial on customizing the...

Page 418: ...es through the Web Publishing Add Custom Property form To perform a standard search follow these steps 1 Type this URL in the location field in your web browser http yourServer search 2 In the search query page that appears choose the collection you want to search through from the drop down list in the Search In field 3 Enter the word or phrase for your search query in the For field You can create...

Page 419: ... the standard search query page follow these steps 1 Go to the standard search query page by typing this URL in the location field in your web browser http yourServer search 2 Click Guided Search on the standard search page and the guided Java based query page is displayed 3 Choose the collection you want to search through from the drop down list in the Search In field 4 Use the For drop down list...

Page 420: ...button to execute the search Advanced Search You can choose to use the advanced HTML search interface which helps you construct the query This is especially useful if you want to create a query that searches through more than one collection or that produces results sorted by a specific attribute value There are two ways to obtain the advanced HTML search page through the Search home page or throug...

Page 421: ...you can expand or limit the number of matching documents you want the search to return at a time The Prev and Next buttons allow you access to additional pages of documents if there are too many to fit on a page at once 7 Use the drop down list in the Search In field to choose the collection you want to search through You can select more than one collection by holding down the Ctrl key as you clic...

Page 422: ...e collection s format For example the default results page for email collections give subject to from and date for each entry and news collections give subject from and date for each entry The kind of file format in the collection indicates which default attributes are available for searching For information about the attributes for each format see About Collection Attributes on page 404 For entri...

Page 423: ... a META tagged attribute Displaying a Highlighted Document In the default installation of Netscape Enterprise Server when you obtain a list of the documents that match your search criteria you can select a single document to view in your web browser Depending on how the pattern files are set up the word you entered as your original search query can be highlighted in the displayed document with col...

Page 424: ...d character set input and output date formats To display your collection database contents type this line in the web browser s URL location field http yourServer search NS search page c Using the Query Operators To perform an effective search you need to know how to use the query operators You can only do Boolean searches so all the subsequent information is based on Boolean search rules Note The ...

Page 425: ... the word not just its spelling For example if you want to search on plan the results would include documents that contain planning and plans but not those that contain plane or planet MANY Search considers how often the search word or phrase appear in the found documents and ranks the results for frequency or relevancy PHRASE Search considers words separated by spaces to be part of a phrase For e...

Page 426: ...and Monterey but excludes those that also mention Aquarium Monterey AND Bay NOT CONTAINS Aquarium You can achieve even greater precision by including some implicit phrases as in the following query that finds documents that refer to the Monterey Bay Aquarium by its full name and also mention otters but do not refer to shark Monterey Bay Aquarium AND otter AND NOT shark Using Query Operators as Sea...

Page 427: ...document uses uppercase for clarity only The following table describes some commonly used operators and provides examples of how to use each one All are relevance ranked except where explicitly noted Table 16 3 Deciding which operator to use Type of Search Valid Operators Examples Finding documents by date or numeric value comparison is equal to greater than greater than or equal to less than less...

Page 428: ...the title Ignores documents with profits higher in the title ENDS Finds documents in which a document field ends with a certain string of characters Does not rank documents for relevance Title ENDS draft Finds documents with titles ending in draft equals Finds documents in which a document field matches a specific date or numeric value Created 6 30 96 Finds documents created on June 30 1996 greate...

Page 429: ...core to a document that has stock purchase than to one that has purchase supplies and stock up NEAR N Finds documents in which two or more specified words are within N number of words from each other N can be an integer up to 1000 Also ranks the documents for relevance based on the words proximity to each other stock NEAR 1 purchase Finds documents containing the phrases stock purchase and purchas...

Page 430: ...ocuments with titles starting with Corp such as Corporate and Corporation STEM English only Finds documents that contain the specified word and its variants STEM plan Finds documents that contain plan plans planned planning and other variants with the same meaning stem Ignores similarly spelled words such as planet and plane that don t come from the same stem SUBSTRING Finds documents in which par...

Page 431: ...documents that contain the wildcard characters in the search string You can use this to get words that have some similar spellings but which would not be found by stemming the word Some characters such as and automatically indicate a wildcard based search so you don t have to include the word WILDCARD WILDCARD plan Finds documents that contain plan plane and planet as well as any word that begins ...

Page 432: ...n With this wildcard the WILDCARD operator is implicit An alternative pattern that specifies a series of patterns one for each pattern separated by commas For example WILDCARD Chat s ting ty finds documents that contain chats chatting and chatty You must enclose the entire string in back quotes and you cannot have any embedded spaces A set that specifies a series of characters that can be used to ...

Page 433: ...backslashes For example to search on a magazine with a title of Zine you would type the following string WILDCARDZine Several characters have special meaning for the search engine and require you to use back quotes to be interpreted as literals The special search characters are listed here comma left and right parentheses double quotation mark backslash at sign left curly brace left bracket back q...

Page 434: ...ch ui examples also provides an introduction to the search interface as well as an online QuickStart tutorial on customizing the interface The tutorial discusses the various pattern files and gives examples of how they can be changed to produce different results Dynamically Generated Headers and Footers You can specify dynamically generated headers and footers To accomplish this add the add header...

Page 435: ...c attributes as variables in the dblist ini file There are several general types of pattern files each of which has a particular use query pat displays the standard and advanced query pages tocstart pat displays the header across the top of the search results page tocrec pat displays each document listed on the search results page tocend pat displays the footer across the bottom of the search resu...

Page 436: ...e closely requires looking at the configuration files mentioned in Configuring Manually on page 400 NS max records Defined in the webpub conf file Because this field is hidden users cannot change this value which defines how many matching documents to return at a time In the advanced HTML query pattern file NS advquery pat this is a user modifiable input field NS max records The search generates a...

Page 437: ...Ls You can also embed them in your pattern files with the HREF tag You can create a complete search function as an HREF element within a pattern file The example given is from the HTML descriptions pat file which defined how collection information is displayed The following lines produce a heading for each collection for the label Collection and provides a link to the actual collection file throug...

Page 438: ...ed To do this you would use code like this Title PTitle B Title B URL Encodings When you construct HTML instructions whether in decorated URLs or within a pattern file you need to follow the rules for URL encoding Any character that might be misunderstood as part of an URL should be encoded with a code in the format of nn where nn is a hexadecimal code Blanks are converted to the symbol plus sign ...

Page 439: ...upper or lowercase collection can be specified more than once for multiple collection searches search query Search functions that display a highlighted document require these arguments NS search page document or d in upper or lowercase document path collection can be specified only once search query necessary if you want to highlight the query data Search functions that display the collection cont...

Page 440: ...fy existing definitions When one of these variables is used in a pattern file the prefix is added to it Variable names can have up to 32 characters or digits or combinations of both Characters can be letters A Z in upper or lower case hyphens and underscores _ Names are case sensitive The default userdefs ini file included with Netscape Enterprise Server contains variables that are used to define ...

Page 441: ...e entity nbsp inserts a nonbreaking space and 169 inserts a copyright symbol Some of the more commonly used entities are in the following table Configuration File Variables Some variables are defined in the system configuration and the collection configuration files These use a prefix of NS in the configuration file to differentiate them from other markup tags in an HTML page To use these variable...

Page 442: ...Description NS default html title The name given to HTML documents that do not contain a user defined title Typically set to Untitled NS date time The date and time format to use when displaying results NS date input format The format for inputting dates the default is MMDDYY NS HTML descriptions pat The pattern file to use when displaying the contents of the collections NS largest set The maximum...

Page 443: ...ectory for the documents in the collection NS display select This indicates whether the collection is displayed as part of the collection information listing when NS search page contents The default is YES NS highlight start Begin highlighting at this point in the displayed document Typically this highlights the search query criteria NS highlight end End highlighting at this point in the displayed...

Page 444: ...n a subsequent pattern file or decorated URL are listed the following table Table 16 10 Macros and generated pattern variables Variable Description NS collection list An HTML multiple select list of all the collections in dblist ini where NS display select is set to YES NS collection list dropdown An HTML drop down list version of NS collection list NS collections searched The number of collection...

Page 445: ... document as HTML text with highlights NS get next This variable gets the next set of search results to be displayed The set is equal to NS max records and is positioned by using NS search offset NS get prev This variable gets the previous set of search results that has been displayed The set is equal to NS max records and is positioned by using NS search offset NS host The host name NS insert doc...

Page 446: ...Customizing the Search Interface 446 Netscape Enterprise Server Administrator s Guide ...

Page 447: ...447 Appendixes HyperText Transfer Protocol ACL File Syntax Internationalized Enterprise Server Server Extensions for Microsoft FrontPage ...

Page 448: ...448 Netscape Enterprise Server Administrator s Guide ...

Page 449: ...TTP Requests Responses About HyperText Transfer Protocol HTTP The HyperText Transfer Protocol HTTP is a protocol a set of rules that describe how information is exchanged on a network that allows a web browser and a web server to talk to each other using the ISO Latin1 alphabet which is ASCII with extensions for European languages HTTP is based on a request response model The client connects to th...

Page 450: ... Force IETF HTTP working group For more information on the criteria for being conditionally compliant see the Hypertext Transfer Protocol HTTP 1 1 specification RFC 2068 at http www ietf org html charters http charter html Requests A request from a client to a server includes the following information Request method Request header Request data Request Method A client can request information using ...

Page 451: ...nd the client waits for the server s response Responses The server s response includes the following Status code Response header Response data Table A 1 Common request headers Request header Description Accept The file types the client can accept Authorization Used if the client wants to authenticate itself with a server information such as the username and password are included User agent The nam...

Page 452: ...or an error has occurred Table A 2 contains some common status codes Table A 2 Common HTTP status codes Status code Meaning 200 OK successful transmission This is not an error 302 Found Redirection to a new URL The original URL has moved This is not an error most browsers will get the new page 304 Use a local copy If a browser already has a page in its cache and the page is requested again some br...

Page 453: ...exist 500 Server error A server related error occurred The server administrator should check the server s error log to see what happened Table A 3 Common response headers Response header Description Server The name and version of the web server Date The current date in Greenwich Mean Time Last modified The date when the document was last modified Expires The date when the document expires Content ...

Page 454: ...Responses 454 Netscape Enterprise Server Administrator s Guide ...

Page 455: ...erver However you can create multiple ACL files and reference them in the obj conf file You need to know the syntax and function of ACL files if you plan on customizing access control using the access control API For example you might use the access control API to interface with another database such as an Oracle or Informix database For more information on the API see the DevEdge site at http dev...

Page 456: ...e obj conf file The server comes with a default named resource that allows read access to anyone and write access to users in the local database or LDAP directory Even though you can create a named ACL from the Enterprise Server windows you must manually reference the named ACLs with resources in the obj conf file The type line begins with the letters acl and then includes the type information in ...

Page 457: ...y editing the following line in the magnus conf file Init fn acl set default method method SSL Each authenticate line must specify what list users groups or both the server should use when authenticating users The following authentication statement which would appear after the ACL type line specifies basic authentication with users matched to individual users in the database or directory authentic...

Page 458: ...l directory To prevent this create a rule for the subdirectory that first denies access to anyone and then allows it for the few users who need access However in some cases if you set the default ACL to deny access to everyone then your other ACL rules don t need a deny all rule The following line denies access to everyone deny all user anyone Hierarchy of Authorization Statements ACLs have a hier...

Page 459: ... all user anyone Attribute Expressions Attribute expressions define who is allowed or denied access based on their username group name host name or IP address The following lines are examples of allowing access to different people or computers user anyone user smith group sales dns netscape com dns netscape com mozilla com ip 198 You can also restrict access to your server by time of day based on ...

Page 460: ...ll day on weekends and on weekdays anytime except 8am 4 59pm allow read group discount and dayofweek Sat Sun or group discount and dayofweek mon tue wed thu fri and timeofday 0800 or timeofday 1700 or group premium Operators For Expressions You can use various operators in attribute expressions You can use parentheses to delineate the order of precedence of the operators With user group dns and ip...

Page 461: ...acl agents authenticate user group prompt Enterprise Server deny all user anyone allow absolute all user all acl default allow read execute list info user anyone allow write delete user all The default ACL file is referenced in magnus conf as follows ACLFile absolutepath generated https serverid acl You can reference multiple ACL files in magnus conf and then use their ACLs for resources in obj co...

Page 462: ...braces A list of items must be separated by commas and enclosed in double quotation marks Referencing ACL Files in obj conf If you have named ACLs or separate ACL files you can reference them in the obj conf file You do this in the PathCheck directive using the check acl function The line has the following syntax PathCheck fn check acl acl aclname The aclname is a unique name of an ACL as it appea...

Page 463: ...ine is the object that states which server resource you want to restrict access to The second line is the PathCheck directive that uses the check acl function to bind the name ACL testacl to the object in which the directive appears The testacl ACL can appear in any ACL file referenced in magnus conf ...

Page 464: ...Referencing ACL Files in obj conf 464 Netscape Enterprise Server Administrator s Guide ...

Page 465: ...panese French or German and a choice of search engines that allow you to use text search on a variety of languages This appendix contains the following sections General Information Server side JavaScript Information Search Information Getting Support for Accented Characters in Filenames General Information The following information covers the international considerations for general server capabil...

Page 466: ...aracters LDAP Users and Groups For email addresses use only those characters permitted in RFC 822 ftp ds internic net rfc rfc822 txt User ID and password information must be stored in ASCII If you use a local database you can enter 8 bit and multi byte characters but you should standardize on one character set If you use more than one character set in the same database it can cause display and sea...

Page 467: ...um number of parallel connections in the LDAP session pool Using the Accept Language Header When clients contact a server using HTTP 1 1 they can send header information that describes the various languages they accept You can configure your server to parse this language information For example suppose this feature is set to on and a client configured to send the accept language header sends it wi...

Page 468: ...cifies the language used if a resource cannot be found for the client language or the administration language AcceptLanguage on off Enables or disables the Accept language header parsing Table C 2 International settings in ns admin conf Directive Values Description ClientLanguage en fr de ja If the client does not send an accept language header ClientLanguage defines the language of the Directory ...

Page 469: ...e JavaScript compiler jsac has a l option called charSet This option specifies the character set being used in the input HTML files The value for charSet is one of the following character set names Usage To use this option use the following format jsac cdv l charSet o binaryFile i inputFile1 i inputFile2 jsac cdv o binaryFile f includeFile jsac h Options The following table shows the options for t...

Page 470: ...s Table C 4 Options for the jsac compiler Option Usage c Check only do not generate binaryFile v Enable verbose output d Enable debug output o Name of binaryFile output file i Name of inputFile use if the input filename starts with a switch character f Name of includeFile has input filenames separated by white space l Name of charSet for example iso 8859 1 x sjis euc kr h Display this help Table C...

Page 471: ...is used Using Server side Javascript With Oracle s Japanese Database To use server side JavaScript with Oracle s Japanese database you need to install Oracle and set up your environment verify the connection and verify the language setup follow these overall steps This section discusses these topics Installing Oracle and Setting Up Your Environment Verifying the Connection Verifying the Language S...

Page 472: ...nese_japan JA16EUC This example sets up x euc jp Environment variable for the path setenv PATH server_root bin https ORACLE_HOME bin PATH Restart the web server from the command line Verifying the Connection 1 At the Application Manager select and run dbadmin 2 Click Connect to Database Server 3 Enter the following information in the window and click Connect If your server identifier user ID or pa...

Page 473: ...e 3 At the Application Manager select and run vidoeapp 4 Click Add New Customer and enter data in the character set you specified 5 Click Home to go back to the videoapp home page and then click Save Changes 6 Click Delete a Customer 7 Check to see if the data you entered appears in the table If the data appears in the database in the correct language you ve set up the languages correctly Putting ...

Page 474: ...Add New Customer and enter data in the character set you specified 6 Click Home to go back to the videoapp home page and then click Save Changes 7 Click Delete a Customer 8 Check to see if the data you entered appears in the table If the data appears in the database correctly you ve configured your system properly Search Information Search capabilities are supported for the following languages Eng...

Page 475: ...ion since the text search and auto catalog features work with one character set encoding at a time you might receive inaccurate results when using those features Netscape recommends using one specific character set for all documents Searching in Chinese Japanese and Korean The following information is specific to searching in Japanese Korean and Chinese Query Operators This release supports the fo...

Page 476: ...ching in Japanese The following sections give additional information about searching in the Japanese character set Document Codes This release supports the following document codes for the Japanese language euc sjis jis 7 bit STARTS Yes STEM English only SUBSTRING Yes WILDCARD Yes WILDCARD Yes WILDCARD No WILDCARD No WILDCARD No WILDCARD No WORD Yes Table C 7 Query operators for Japanese Operator ...

Page 477: ...characters for instance elninõ html you can get support for them by specifying the 8859 character set as the internal coding for search collections To specify 8859 you need to modify the file language conf in the directory serverRoot plugins search admin This file is used by the Search Engine Web Publishing and the document indexing features of the server The language conf file contains the follow...

Page 478: ...the language conf file after a collection has been created to support accented characters in filenames for that collection you need to delete the collection make this change to the file recreate the collection choosing English NS 8859 ISO 8859 1 from the Documents are in drop down list and reindex all the documents in the collection ...

Page 479: ...bs This appendix includes the following sections Overview Downloading the Extensions Installing FrontPage Server Extensions Further Information Overview FrontPage server extensions are CGI programs that provide Netscape Enterprise Server support for FrontPage webs Client server communication takes place through standard HTTP POST requests that are forwarded to the appropriate extension s CGI progr...

Page 480: ...lity is available from any computer that is on the Internet or a local Intranet although you need the FrontPage client program for authoring and administrative functions Types of FrontPage Webs There are two kinds of FrontPage webs root webs and sub webs A root web is a FrontPage web that is the top level content directory of a Web server or in a multi hosting environment of a virtual Web server T...

Page 481: ...private virtual server Private virtual server customers on a shared domain each get their own root web and have the option of creating sub webs As a URL on an Internet service provider s server machine as in www myprovider com mycompany URL customers get a single sub web Security Issues FrontPage implements web security on your web server by changing the access control lists ACLs for all files and...

Page 482: ... if you want to install the Unix extensions you can use Ready to Run Software s site which also provides a great deal of information and instruction FrontPage 97 Server Extensions version 2 0 NT You can download an executable file Unix You can download from Ready to Run Software s web site and install script and a set of server extensions Download two tar files for your platform for Solaris they a...

Page 483: ...B and the installed files total 2 5MB On Unix systems you should have at least 32MB available on your server The Unix FrontPage extensions need 9MB of disk space in the usr local frontpage directory If you install the extensions onto your web content you need an extra 5MB per virtual host unless your web content is in the same disk partition as usr local frontpage Preliminary Tasks You need to hav...

Page 484: ... this directory only readable by root so you need to reconfigure this access permission Unix only The document root directory for the Netscape server must be writeable by the steady state server process ID so that FrontPage webs can be created via the NSAPI Installing FrontPage Server Extensions You can install the FrontPage 97 or the FrontPage 98 extensions on Windows NT or Unix platforms This do...

Page 485: ...ss your web server is stopped to make sure that files are not locked by the running web server As soon as the copy is complete the web server is started and remains running for the remainder of the installation process The stub server extensions are installed on each root web and sub web On a single hosted server the FrontPage Server Extensions are automatically installed on the single content roo...

Page 486: ...talling the FrontPage extensions The FrontPage Server Administrator fpsrvwin exe and a command line version fpsrvadm exe are copied to the bin directory The FrontPage Server Administrator is a tool for installing updating verifying or removing the FrontPage Server Extensions For FrontPage98 extensions these components are installed in the C ProgramFiles Microsoft FrontPage version 3 0 directory wh...

Page 487: ...ted under your server s document root _private _vti_bin contains shtml exe _vti_bin _vti_adm contains admin exe _vti_bin _vti_aut contains author exe _vti_cnf _vti_log _vti_pvt _vti_txt images Creates nsconfig files in the _vti_bin _vti_adm _vti_aut directories and the document root directory Once you have completed the installation process you must also perform the following administrative tasks ...

Page 488: ...ur FrontPage web Users can edit the local web that is displayed when FrontPage is started but they must have a valid user ID and password to modify it Installing FrontPage97 Server Extensions on Unix Systems The installation process on a Unix system requires you to have the appropriate file permissions and directories set up beforehand The extensions require a specific directory structure which is...

Page 489: ... the vt20 solaris tar z file tar xvf usr tmp vt20 solaris tar 3 Change directories to usr local frontpage version2 0 cd frontpage version2 0 4 Create a directory named extensions and move the _vti_bin directory into it mv _vti_bin extensions 5 Install the WPP kit to usr local frontpage version2 0 For Solaris use this code tar xvf usr tmp wpp solaris tar 6 Rename the directory executables usr local...

Page 490: ... Web adds a FrontPage administration account password and IP address restriction and reminds the web administrator to restart the server if new ObjectType directives were added to the obj conf file Table D 1 Installation parameter information fpdir dir default FrontPage Directory httpdconfdir dir default Directory where server s configuration file is located web webname required Web where the Serv...

Page 491: ..._vti_log _vti_txt images Creates nsconfig files in the _vti_bin _vti_adm _vti_aut and the document root directories Once you have completed the installation process you must perform the following administrative tasks 1 Execute the fpsrvwin exe file to set the server port test the extensions install the extensions to other virtual servers and update extensions 2 A remote machine must have the Front...

Page 492: ...irectory where you want to install the extensions This is because if you choose not to install the extensions in the usr local directory a soft link is added automatically between usr local and the directory you wish to use To install the extensions perform the following steps 1 Log on to your Enterprise Server user account so you can install the FrontPage Server Extensions from the tar file cd us...

Page 493: ...istration account password and IP address restriction and reminds the web administrator to restart the server if new ObjectType directives were added to the obj conf file During installation the install shell modifies or adds the following files and directories Modifies magnus conf Creates a configuration file named usr local frontpage hostname port cnf Modifies the server s configuration file obj...

Page 494: ... from Ready to Run Software Useful FrontPage 97 information MicrosoftFP97 WPP page MicrosoftFP97 Unix Install Instructions Microsoft s Web Hosting Primer Microsoft s Technical Support for FP97 Ready to Run FP97 Server Extensions Support Ready to Run FP97 Server Extensions for Netscape Useful FrontPage 98 information Microsoft FP98 WPP main page Ready to Run FP98 Server Extensions support page ...

Page 495: ...s on it Authorization can be restricted by criteria including hostnames and IP addresses browser See client cache A copy of original data that is stored locally Cached data doesn t have to be retrieved from a remote server again when requested certification authority A third party organization that issues digital files used for encrypted transactions certificate A nontransferable nonforgeable digi...

Page 496: ...ints to a different host specifically a DNS CNAME record Machines always have one real name but they can have one or more aliases For example an alias such as www yourdomain domain might point to a real machine called realthing yourdomain domain where the server currently exists document root A directory on the server machine that contains the files images and data you want to present to users acc...

Page 497: ...GIF files are usually much smaller in size than other graphic file types BMP TIFF GIF is one of the most common interchange formats GIF images are readily viewable on Unix Microsoft Windows and Apple Macintosh systems hard restart The termination of a process or service and its subsequent restart See also soft restart home page A document that exists on the server and acts as a catalog or entry po...

Page 498: ...g requests that the server fulfills IP address Internet Protocol address A set of numbers separated by dots that specifies the actual location of a machine on the Internet for example 198 93 93 10 ISDN Integrated Services Digital Network ISINDEX An HTML tag that turns on searching in the client Documents can use a network navigator s capabilities to accept a search string and send it to the server...

Page 499: ...y It is mathematically extremely hard to produce a piece of data that produces the same message digest email MD5 signature A message digest produced by the MD5 algorithm MIB Management Information Base MIME Multi Purpose Internet Mail Extensions An emerging standard for multimedia email and messaging mime types The MIME Multi purpose Internet Mail Extension type configuration file This file maps f...

Page 500: ...See document root protocol A set of rules that describes how devices on a network exchange information private key The decryption key used in public key encryption public key The encryption key used in public key encryption public information directories Unix Directories not inside the document root that are in a Unix user s home directory or directories that are under the user s control Quality F...

Page 501: ...irectory listing displays only the names of the files without any graphical elements SNMP Simple Network Management Protocol SOCKS Firewall software that establishes a connection from inside a firewall to the outside when direct connection would otherwise be prevented by the firewall software or hardware for example the router configuration soft restart A way to restart the server that causes the ...

Page 502: ...ization the domain is for example com is a company edu is an educational institution or the country of its origin for example us is the United States jp is Japan au is Australia fi is Finland uid Unix A unique number associated with each user on a Unix system URI Uniform Resource Identifier A file identifier that provides an additional layer of security by using an abbreviated URL The first part o...

Page 503: ...lishing provides document version control link management search access control and agent services to server users Web Application Interface WAI An easy to program mechanism for extending the Enterprise server s functionality with CORBA compliant services that are tightly integrated with the web server WAI can be used to compose services in C C and Java that customize the functionality of the serv...

Page 504: ...504 Netscape Enterprise Server Administrator s Guide ...

Page 505: ...ion list 444 NS collection list dropdown 444 NS collections searched 444 NS display query 444 NS doc href 444 NS doc name 444 NS doc number 444 NS doc path 444 NS doc score 444 NS doc score div10 444 NS doc score div5 444 NS docs found 445 NS doc size 445 NS docs matched 445 NS docs searched 445 NS doc time 445 NS get highlighted doc 445 NS get next 445 NS get prev 445 NS host 445 NS insert doc 44...

Page 506: ... wildcards 26 49 85 89 98 135 261 339 433 433 432 in wildcards 26 49 in wildcards 26 49 85 89 98 135 261 339 Numerics 128 Bit step up certificates 117 200 500 status codes 452 A accented characters support in filenames 477 Accept 451 AcceptLanguage 468 accept language header using 467 AcceptTimeout 237 access 189 delete 344 execute 343 info 344 list 344 programs controlling 344 read 343 restrictin...

Page 507: ...specifying users and groups 340 syntax 456 user group cache 328 verification 96 acl bucket 223 ACLCacheLifetime 326 ACLFile 261 aclname 462 actions ACL setting 339 activating SSL 73 ActiveThreads 235 257 Add Custom Properties Web Publishing link 379 additional document directories 312 AddLog 245 Address 235 address bind to changing 170 AddrLookups 247 AddType 177 admaddr 490 administration distrib...

Page 508: ...idth and half width 477 asynchronous DNS Lookup Unix 245 AttachCurrentThread 254 attribute search options list of 88 attribute expressions ACL 459 operators 460 attributeName 383 attributes adjusting the maximum number of 401 Distinguished Name DN 82 for search collections 404 405 global configuring servlets 273 JVM configuring 277 servlet configuring 274 Web Publisher 383 x509v3 certificates 138 ...

Page 509: ...erver authenticates users 116 installing and managing 123 managing 126 mapping to LDAP entries 134 migrating Enterprise Server 3 X to 4 0 142 trust database creating 119 trusting 124 x509v3 attributes 138 certmap conf 136 139 329 using 136 certSubjectDN 141 CGI 170 181 211 defined 268 downloading executable files 282 file extensions 280 file type specifying shell for Windows NT 288 file types 281 ...

Page 510: ...operties 139 authentication 328 mapping to LDAP 134 using 134 client cookie 296 Client Host 190 ClientLanguage 468 client object maintenance 300 client side applications 267 client url 296 clusters 149 adding a server to 153 configuring 152 definition 149 guidelines for using 150 managing 155 modifying information 154 removing servers 155 setting up 152 CM_AUTHOR 384 CM_CDATE 383 CM_COUNTER 384 CM...

Page 511: ... Enterprise Server installation 39 conditional variables Web Publisher 387 conf_bk directory 42 43 CONFIG 208 211 master agent editing 212 config 166 231 config directory 43 CONFIG file 212 configuration multiple server installation 45 configuration single server files installed 41 configuration files admpw overview 41 dblist ini 400 definition 39 dynamic 171 for search 400 401 hardware virtual se...

Page 512: ... cron using cron controls 78 DaemonStats 261 data request 451 data response 453 database certificate trust creating 119 password changing 141 databases ACLs and 342 Date 453 date and time formats Posix 398 dayofweek 460 dblist ini 383 386 400 434 437 443 dbswitch conf 96 342 debugging dialog box disabling 166 decryption definition 114 default bucket 222 DefaultLanguage 468 default settings Applica...

Page 513: ...tional 312 primary 312 document filters installing 406 document formats search for Japanese Korean and Chinese 476 document preferences 315 default MIME type specifying a 317 directory indexing 316 index filenames 316 parsing the Accept Language Header 318 server home page 317 document root 312 configuring 312 JavaScript applications and 298 documents indexing 403 domain names FrontPage 481 server...

Page 514: ...e 177 error log example 77 viewing 77 error log file 184 185 viewing 77 error responses customizing 170 errors customizing responses 170 euc 476 events viewing NT 195 Event Viewer 195 examples ACL access control 348 restricting access based on time of day 356 restricting access to a directory path 350 restricting access to a file type 354 restricting access to a URI path 352 restricting access to ...

Page 515: ...ion parameters 490 security issues 481 server extensions installing 484 webs types of 480 Full Request 190 func_insert 245 G generated pattern variables 444 GET 201 450 GIF defined 497 givenName 85 global attributes servlets configuring 273 greater than 460 greater than 428 greater than or equal to 428 group 490 groupOfURLs 95 groups adding members to 102 adding to group members list 103 authentic...

Page 516: ...doc 407 HTTP HyperText Transfer Protocol compliance with 1 1 450 defined 497 overview 449 requests 450 responses 451 status codes 452 httpacl directory 42 HTTPD 498 httpdconfdir 490 HTTP engine 37 httpEntityAddress 203 httpEntityContact 203 httpEntityDescr 202 httpEntityId 202 httpEntityLocation 203 httpEntityMaxProcess 203 httpEntityMaxThread 203 httpEntityMethods 203 httpEntityMinProcess 203 htt...

Page 517: ...89 InitFn 139 inittab 68 162 163 defined 498 editing 162 starting the server with 161 installation certificates 123 CGI programs 278 JavaScript applications 294 multiple servers 61 internal daemon log rotation 77 international considerations general information 465 LDAP users and groups 466 IP addresses defined 498 host names specifying 342 restricting access 326 restricting superuser access with ...

Page 518: ... 7 bit 476 JRE configuring paths 276 jsac compiler valid options 470 JSP See JavaServerPages JSPs JVM attributes configuring 277 improving servlet performance 254 jvm conf 254 jvm12 conf 254 jvm1x conf 43 K Kanji 477 katakana full width and half width 477 KeepAlive flushed problem 258 KeepAliveCount 238 258 KeepAliveFlushes 238 258 KeepAliveHits 238 258 KeepAliveMaxCount 238 258 KeepAlive system a...

Page 519: ...from command line 191 log buffer flushing 191 logbufInit 191 log file error viewing 77 log file modes problems 258 log files access 184 common format for 189 error 184 185 flexible format 189 setting preferences for 189 specifying options 75 logging cookie easy 190 indexing engine enabling 375 relaxed 190 log preferences setting 189 log rotation archiving log files 77 logs 181 logs directory 42 43...

Page 520: ...e 237 MaxKeepAliveConnections 238 MaxNumberOfCachedFiles 252 260 MaxNumberOfOpenCachedFiles 253 260 MaxProcs 225 230 256 MaxProcs Unix 227 MaxTotalCachedFileSize 239 253 260 MD5 defined 499 MediumFileSizeLimit Unix 249 MediumFileSpace 249 253 memberCertDescription 94 memberCertDescriptions 94 memberURL filter 94 memberURLs 94 memory sizing issues 263 menu html 382 META tagged attributes adding as ...

Page 521: ...ptions 202 netscape http mib MIB file 202 Netscape MIBs 193 Netscape Server Application Programming Interface NSAPI server extension overview of 38 Netshare access control 364 command line utility set path to run on Enterprise Server 367 command utility 367 create page 365 creating a home directory 366 creating multiple home directories simultaneously 366 default home page 360 directory naming con...

Page 522: ...S highlight end 443 NS highlight start 443 NS HTML descriptions pat 442 NS idxattr 386 NS language 443 NS largest set 442 NS max records 436 442 NS ms tocend 442 NS ms tocstart 442 NSPR 242 NS query 437 NS query pat 436 NS query pat 442 NS record pat 443 NS search type 442 NSServletNameTrans 254 NS tocend pat 443 NS tocrec pat 443 NS tocstart pat 443 NS url base 443 number port changing 69 O o 138...

Page 523: ...6 pblock 190 PC Program Counter 52 Peak 242 perfdump utility 222 230 using statistics to tune the server 233 performance server about 220 buckets 222 common problems 256 dynamic groups impact of 97 issues 220 Unix platform 221 Performance Monitor NT using 193 PHRASE 430 475 pid_masteragt 211 PidLog 180 PKCS 10 certificate request 120 PKCS 11 APIs 114 guidelines for installing 130 importing 131 mod...

Page 524: ...nt SNMP installing 207 starting 208 public directories Unix configuring 313 customizing 313 public key 121 Public Key Cryptography Standard PKCS 11 module adding 129 PUT 450 Q Quality Feedback Agent data collected table of 52 how to enable 53 introduction 52 using automatic proxy configuration 54 queries search building custom 87 language Search default assumptions 425 non alphanumeric characters ...

Page 525: ...Access 175 178 restricting 402 restricting symbolic links 179 rights access setting 343 rlim_fd_max 221 rlimit_nofile_max 221 root defined 501 server and 167 root web 480 rotation access log 78 RqThrottle 225 229 244 256 319 RqThrottleMinPerSocket 231 rules properties 43 runtime environments Java 271 software module Enterprise Server 38 S sagt 208 sam 221 samples js directory 44 scope 98 Search ad...

Page 526: ...yntax basic 437 turning on or off 396 URL encodings 438 URL mapping 393 394 user defined pattern variables 441 using 391 using query operators as search words 426 wildcards using 431 wildcards as literals 433 search filter 87 LDAP 100 search type options list of 89 secret keysize 75 Secure Sockets Layer SSL configuring 73 security feature overview 34 FrontPage 481 increasing 143 Security directive...

Page 527: ...vers lst 42 server side applications 267 how they are installed on Enterprise Server 269 types that run on Enterprise Server 268 server side JavaScript activating 290 server side JavaScript applications controlling 298 server side JavaScript programs 290 Server Throughput Kb sec 194 Server Total Bytes 194 Server Total Errors 194 Server Total Requests 194 server url 296 Service 242 245 service dump...

Page 528: ...tions configuring 216 snmpd 209 snmpd conf 209 SNMP master agent enabling and starting 211 SOCKS defined 501 software modules Enterprise Server 36 software virtual servers introduction 60 setting up 322 SpecWeb 220 259 SPECweb96 260 SSL 118 activating 128 authentication 329 ciphers specifying 128 configuration file directives using magnus conf 131 configuring 73 configuring Enterprise Server for 1...

Page 529: ...webs 480 superuser access control 70 administrator s userid 45 defined 502 distributed administration 71 settings 70 superuser settings changing 70 symbolic soft links definition 179 symbolic links restricting Unix 179 symbolic links restricting 179 syntax ACL files 456 Search function basic 437 sysContact 212 sysLocation 212 sys prop pat 386 system RC scripts restarting the server 162 systerm use...

Page 530: ...anizational creating 106 deleting 110 editing 109 finding 107 renaming 109 Unix platforms accessing Enterprise Administration Server 58 performance issues 221 Unlock File Web Publishing link 378 URI 190 393 defined 502 URLs access to Enterprise Administration Server 45 application 297 application overview 297 defined 502 encodings 438 mapping defined 502 redirected preventing escape 273 SSL enable...

Page 531: ...ility automatic restart NT 165 uxwdog using 179 UXWDOG_NO_AUTOSTART 181 UXWDOG_RESTART_ON_EXIT 181 V variables collection specific 443 conditional Web Publisher 387 file configuration 441 pattern pointer 386 pattern using 439 variables pattern generated 444 user defined 440 Web Publisher 386 verifycert 138 version pat 386 Version Control attribute is obsolete 419 version files deleting JSPs and se...

Page 532: ...operties 372 maintaining data 376 377 managing properties 381 optimizing the collection 377 owner and ACLs 371 ownership of files and folders 358 pattern files 385 pattern variables 386 removing properties 381 repairing the collection 376 reporting on the collection 376 setting access control 371 unlocking files in 378 Web Publishing State Web Publishing link 375 web site restricting access 334 we...

Reviews:

No comments

Related manuals for Netscape Enterprise Server

Brand: IBM Pages: 54

BladeCenter HS22

Brand: IBM Pages: 18

Brand: LaCie Pages: 22

EonServ 5000 Series

Brand: Surveon Pages: 33

eServer 380 xSeries

Brand: IBM Pages: 112

ANR-C62-N1 Series

Brand: Acrosser Technology Pages: 57

SuperServer 7089P-TR4T

Brand: Supermicro Pages: 155

PLATINUM 1500 IR M5

Brand: MAXDATA Pages: 44

Palcare PAL-211401

Brand: PalatiumCare Pages: 64

IP-DECT SERVER 400

Brand: SpectraLink Pages: 221

Brand: Vxl Pages: 2

Brand: Bosanova Pages: 2

Brand: Bosanova Pages: 2

ZXCLOUD iBox CT220

Brand: Zte Pages: 16

Brand: Lantronix Pages: 223

Brand: 3Com Pages: 38

MINISTATION MFA500

Brand: Plustek Pages: 92

Brand: ClearCube Pages: 4

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands