Red Hat Directory Server 7.
Red Hat Directory Server 7.1: Red Hat Directory Server Installation Guide Copyright © 2005 Red Hat, Inc. Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA rhds-ig(EN)-7.1-Print-RHI (2005-11-17T16:20-0800) Copyright © 2001 Sun Microsystems, Inc. Used by permission. Copyright © 2005 by Red Hat, Inc. All rights reserved.
Table of Contents About This Guide................................................................................................................................. i 1. Prerequisite Reading .............................................................................................................. i 2. Directory Server Overview .................................................................................................... i 3. Related Information ......................................................
6. Migrating from Previous Versions............................................................................................... 45 6.1. Migration Overview ......................................................................................................... 45 6.2. Migration Prerequisites .................................................................................................... 46 6.3. Migration Procedure .......................................................................................
About This Guide Welcome to Red Hat Directory Server (Directory Server). This manual provides a high-level overview of design and planning decisions you need to make before installing the Directory Server and describes the different installation methods that you can use. This preface contains the following sections: • Section 1 Prerequisite Reading • Section 2 Directory Server Overview • Section 3 Related Information 1.
ii About This Guide • Red Hat Directory Server Gateway Customization Guide. Introduces Directory Server Gateway and explains how to implement a gateway instance with basic directory look-up functionality. Also contains information useful for implementing a more powerful gateway instance with directory authentication and administration capability. • Red Hat Directory Server Org Chart.
Chapter 1. Preparing for a Directory Server Installation Before you begin installing Red Hat Directory Server (Directory Server), you should have an understanding of the various Directory Server components and the design and configuration decisions you need to make. To help you prepare for your Directory Server installation, you should be familiar with the concepts contained in the following sections: • Section 1.1 Installation Components • Section 1.2 Configuration Decisions • Section 1.
2 Chapter 1. Preparing for a Directory Server Installation are prompted for some or all of following information, depending on the type of installation that you decide to perform: • Port number; refer to Section 1.2.1 Choosing Unique Port Numbers. • Server root; refer to Section 1.2.2 Creating a New Server Root. • Which users and groups you want to run Directory Section 1.2.3 Deciding the User and Group for Your Servers. Server as; • Your directory suffix; refer to Section 1.2.
Chapter 1. Preparing for a Directory Server Installation 3 • The directory must not already exist or must be empty. • When using tarballs, the server root directory must not be the same as the directory from which you are running the setup program. By default, the server root directory is /opt/redhat-ds/servers. 1.2.3. Deciding the User and Group for Your Servers For security reasons, it is always best to run production servers with normal user privileges.
4 Chapter 1. Preparing for a Directory Server Installation Directory Manager DN and password. The Directory Manager DN is the special directory entry to which access control does not apply. Think of the directory manager as your directory’s superuser. (In former releases of Directory Server, the Directory Manager DN was known as the root DN). The default Directory Manager DN is cn=Directory Manager.
Chapter 1. Preparing for a Directory Server Installation 5 must decide which one will host the configuration directory tree, o=NetscapeRoot. You must make this decision before you install any compatible server applications, including Directory Server. For ease of upgrades, you should use a Directory Server instance that is dedicated to supporting the o=NetscapeRoot tree; this server instance should perform no other function with regard to managing your enterprise’s directory data.
6 Chapter 1. Preparing for a Directory Server Installation want control of their individual servers. However, you may still want some centralized control of all the servers in your enterprise. Administration domains allow you to meet these conflicting goals. Administration domains have the following qualities: • All servers share the same configuration directory, regardless of the domain to which they belong.
Chapter 1. Preparing for a Directory Server Installation 7 Custom Installation In Directory Server, the custom installation process is very similar to the typical installation process. The main difference is that the custom installation process allows you to import an LDIF file to initialize the user directory database that is created by default. Silent Installation Use a silent installation if you want to script your installation process.
8 Chapter 1. Preparing for a Directory Server Installation 1.3.3.2. For tarballs... If you have obtained Directory Server tarball from the website, you will need to unpack it before beginning installation. 1. Create a new directory for the installation: mkdir ds cd ds 2. Download the product binaries file to the installation directory. 3. Unpack the product binaries file using the following command: gzip -dc filename.tar.
Chapter 2. Computer System Requirements Before you can install Red Hat Directory Server (Directory Server), you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements. Directory Server is compiled as a 64-bit application for some platforms, meaning Directory Server supports deployments with memory cache sizes larger than 4 GB and limited only by available memory.
10 Other Requirements Chapter 2. Computer System Requirements You must install as root in order to use well-known port numbers (such as 389) that are less than 1024. If you do not plan to use port numbers less than 1024, you do not need to install as root. If you plan to run as root, you should also install as root and specify nobody as the default run-as user and group. Table 2-1. Red Hat Enterprise Linux - 32-bit OS Version Solaris 9 with relevant patches. For details, see Section 2.3.
Chapter 2. Computer System Requirements Other Requirements 11 You must install as root in order to use well-known port numbers (such as 389) that are less than 1024. If you do not plan to use port numbers less than 1024, you do not need to install as root. If you plan to run as root, you should also install as root and specify nobody as the default run-as user and group. Table 2-3. HP-UX - 64-bit OS Version Solaris 9 with relevant patches. For details, see Section 2.3.
12 Chapter 2. Computer System Requirements Number of Entries Disk Space and Memory Required 250,000 - 1,000,000 entries Free disk space: 4 GB Free memory: 512 MB Over 1,000,000 entries Free disk space: 8 GB Free memory: 1 GB 2.3. Operating System Requirements This section contains information on operating-system versions and patches required for installing Directory Server: • Section 2.3.1 dsktune Utility • Section 2.3.2 Red Hat Enterprise Linux Server Operating System • Section 2.3.
Chapter 2. Computer System Requirements • 13 Section 2.3.2.1 Verifying Disk Space Requirements • Section 2.3.2.2 Verifying Required System Modules • Section 2.3.2.3 Installing System Patches • Section 2.3.2.4 Tuning the System • Section 2.3.2.5 Installing Third-Party Utilities. In addition to these recommendations, be sure to check the Red Hat website for the latest information pertaining to your Linux version: http://www.redhat.com/apps/support/ 2.3.2.1.
14 Chapter 2. Computer System Requirements Tip Red Hat Enterprise Linux is distributed with two RPM packages for glibc, one for 386 processors and higher, the other for 486 or Pentium processors and higher. The 386 package has no NPTL support. If the 386 package is installed on a machine, you lose NPTL support. Once this has happened, it is very hard to detect because rpm -q reports the package name and version without the architecture tag.
Chapter 2. Computer System Requirements • 15 Lastly, edit the file /etc/pam.d/system-auth to include this line if it does not already exist: session required /lib/security/$ISA/pam_limits.so You must log out and then log back in for changes in the limits.conf file to take effect. 2.3.2.5. Installing Third-Party Utilities You need the gunzip utility to unpack the Directory Server software. The GNU gzip and gunzip programs are described in more detail at http://www.gnu.org/software/gzip/gzip.
16 Chapter 2. Computer System Requirements • For HP-UX 11i, install the latest HP-UX 11i Quality Pack (GOLDQPK11i) patch from June 2004 or later. For details, refer to http://www.software.hp.com/SUPPORT_PLUS/qpk.html. • The PHSS_30966: ld(1) and linker tools cumulative patch is critical before installation of Directory Server. • The following patches are recommended: • GOLDAPPS11i: B.11.11.0406.5 Gold Applications Patches for HP-UX 11i v1, June 2004 GOLDBASE11i: B.11.11.0406.
Chapter 2. Computer System Requirements 17 2.3.3.5. Installing Third-Party Utilities You need the gunzip utility to unpack the Directory Server software. The GNU gzip and gunzip programs are described in more detail at http://www.gnu.org/software/gzip/gzip.html and can be obtained from many software distribution sites. You may need Adobe Acrobat Reader to read the documentation. If you do not have it installed, you can download it from http://www.adobe.com/products/acrobat/readstep2.html. 2.3.4.
18 Chapter 2. Computer System Requirements 2.3.4.3. Installing Patches You must use Solaris 9 with the Sun recommended patches. The Sun recommended patch clusters can be obtained from your Solaris support representative or from the http://sunsolve.sun.com site. Solaris patches are identified by two numbers; for example, 112233-04. The first number (112233) identifies the patch itself. The second number identifies the version of the patch; in the example above, the patch is version number 04.
Chapter 2. Computer System Requirements 112785-43: X11 6.6.1: Xsun Patch 112970-07: SunOS 5.9: patch libresolv 112951-09: SunOS 5.9: patchadd and patchrm Patch 113277-24: SunOS 5.9: st, sd, and ssd Patch 113579-06: SunOS 5.9: ypserv/ypxfrd Patch 112908-14: SunOS 5.9: krb5 shared object Patch 113073-14: SunOS 5.9: ufs and fsck Patch 19 Table 2-5. Solaris 9 Patch List 2.3.4.4.
20 Chapter 2. Computer System Requirements ndd -set /dev/tcp tcp_time_wait_interval 30000 The tcp_conn_req_max_q0 and tcp_conn_req_max_q parameters control the maximum backlog of connections that the kernel accepts on behalf of the Directory Server process. If the directory is expected to be used by a large number of client hosts simultaneously, these values should be raised to at least 1024 by adding a line to the /etc/init.
Chapter 2. Computer System Requirements 21 Make sure the JRE package is executable, then run the file. For example: chmod a+x j2re-1_4_2_04-solaris-sparc.sh ./j2re-1_4_2_05-solaris-sparc.sh This extracts a new JRE directory called j2re.1.4.2_05. When you first run setup, you are asked for the JRE path. Fill in the absolute path as follows: /export/redhat/jre/j2re1.4.
22 Chapter 2.
Chapter 3. Using Express and Typical Installation This chapter describes how to perform basic installation activities. This chapter contains the following sections: • Section 3.1 Installing on Solaris and HP-UX using an Express Installation • Section 3.2 Installing on Solaris and HP-UX using a Typical Installation • Section 3.4 Installing on Red Hat Enterprise Linux Using a Typical Installation. 3.1.
24 Chapter 3. Using Express and Typical Installation contain any space characters. If the directory that you specify does not exist, the setup program creates it for you. 13. Choose All to install all components. 14. For the user and group to run the servers, enter the identity as whom you want this server to run. For more information on the user and groups that you should use when running your servers, see Section 1.2.3 Deciding the User and Group for Your Servers. 15.
Chapter 3. Using Express and Typical Installation 25 8. When you are asked what you would like to install, press [Enter] to select the default, Red Hat Servers. 9. When you are asked what type of installation you would like to perform, press [Enter] to select the default, Typical Installation. 10. For server root, enter a full path to the location where you want to install your server. The location that you enter must be some directory other than the directory from which you are running setup.
26 Chapter 3. Using Express and Typical Installation Caution The Directory Server identifier must not contain a period. For example, example.server.com is not a valid server identifier name. 21. For configuration directory administrator ID and password, enter the name and password as whom you will log in when you want to authenticate to the Console with full privileges. 22. For a directory suffix, enter a distinguished name (DN) meaningful to your enterprise.
Chapter 3. Using Express and Typical Installation 27 3.3. Installing on Red Hat Enterprise Linux using an Express Installation 1. Log in as root. 2. If you have not already done so, download the product binaries file to the installation directory. 3. Use the rpm tool to install the server components, as follows: rpm -ivh package.rpm The server components are then installed in the default location: /opt/redhat-ds/ . 4.
28 Chapter 3. Using Express and Typical Installation 3.4. Installing on Red Hat Enterprise Linux Using a Typical Installation To install Directory Server on Red Hat Enterprise Linux, do the following: 1. Log in as root. 2. If you have not already done so, download the product binaries file to the installation directory. 3. Use the rpm tool to install the server components, as follows: rpm -ivh package.rpm The server components are then installed in the default location: /opt/redhat-ds/. 4.
Chapter 3. Using Express and Typical Installation 29 Caution The Directory Server identifier must not contain a period. For example, example.server.com is not a valid server identifier name. 13. For the configuration directory administrator ID and password, enter the name and password as whom you will log in when you want to authenticate to the Console with full privileges. 14. For a directory suffix, enter a distinguished name (DN) meaningful to your enterprise.
30 Chapter 3.
Chapter 4. Silent Installation and Instance Creation Silent installation allows you to use a file to predefine all the answers that you would normally supply to the setup program interactively; this provides you with the ability to script the installation of multiple instances of Red Hat Directory Server (Directory Server). Instance creation enables you to use an existing Directory Server instance to create additional instances of the server under the same server root.
32 Chapter 4. Silent Installation and Instance Creation 4.1.1. Silent Installation on Red Hat Enterprise Linux It is possible to use silent instance creation on Red Hat Enterprise Linux servers. 1. Log in as root. 2. Create a new directory: mkdir ds cd ds 3. If you have not already done so, download the product binaries file to the installation directory. 4. Install the Directory Server as normal, using the command or the Red Hat RPM tool, system-config-packages (refer Section 3.
Chapter 4. Silent Installation and Instance Creation • 33 SuiteSpotUserID and SuiteSpotGroup - The SuiteSpotUserID and SuiteSpotGroup directives determine under what user and group a server runs when installed. Note Be sure to protect your install.inf files because they contain passwords in clear. Also ensure that any DNs in these files are in the UTF-8 character set encoding.
34 Chapter 4. Silent Installation and Instance Creation RootDN= cn=Directory Manager UseReplication= No AddSampleEntries= No InstallLdifFile= suggest AddOrgEntries= Yes DisableSchemaChecking= No RootDNPwd= admin123 Components= slapd,slapd-client [admin] SysUser= root Port= 23611 ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin Components= admin,admin-client [base] Components= base,base-client,base-jre [nsperl] Components= nsperl561 [perldap] Components= perldap14 4.1.2.2.
Chapter 4. Silent Installation and Instance Creation 35 Components= slapd,slapd-client [admin] SysUser= root Port= 33646 ServerIpAddress= 111.11.11.11 ServerAdminID= admin ServerAdminPwd= admin Components= admin,admin-client [base] Components= base,base-client,base-jre [nsperl] Components= nsperl561 [perldap] Components= perldap14 4.1.2.3. Sample File for Installing the Standalone Red Hat Console The following is an example of the install.
36 Chapter 4. Silent Installation and Instance Creation • Section 4.1.3.6 [nsperl] Installation Directives • Section 4.1.3.7 [perldap] Installation Directives. 4.1.3.1. Silent Installation File Format When you use silent installation, you provide all the installation information in a file. This file is formatted as follows: [General] directive=value directive=value directive=value ... [slapd] directive=value directive=value directive=value ... [admin] directive=value directive=value directive=value ..
Chapter 4. Silent Installation and Instance Creation 37 Directive Description Components Specifies components to be installed. The list of available components differs depending on the servers available on your installation media. For stand-alone directory installation, the list of components is: svrcore - Uninstallation binaries base - The base installation package admin - The Administration Server binaries slapd - The Directory Server binaries This directive is required.
38 Chapter 4. Silent Installation and Instance Creation Required [slapd] Installation Directives You must provide these directives when you use silent installation with Directory Server. Optional [slapd] Installation Directives You may provide these directives when you use silent installation with Directory Server. Table 4-2 and Table 4-3 list the directives. Required Directive Description Components Specifies the slapd components to be installed.
Chapter 4. Silent Installation and Instance Creation Optional Directive Description InstallLdifFile Causes the contents of the LDIF file to be used to populate your directory. 39 Table 4-3. Optional [slapd] Installation Directives 4.1.3.4. [admin] Installation Directives [admin] installation directives specify information of interest only to your Directory Server’s Ad- ministration Server.
40 Chapter 4. Silent Installation and Instance Creation 4.1.3.5. [Base] Installation Directive There is only one [Base] installation directive, and it allows you to determine whether Red Hat Console is installed. Table 4-5 the directive. Directive Description Components Specifies the base components to be installed. The base components are: base - Install the shared libraries used by all Server Consoles.
Chapter 4. Silent Installation and Instance Creation 41 4.2. Using Silent Instance Creation If you have Directory Server installed in a server root, you can create additional instances of Directory Server under the same server root without having to run the setup program. You can create additional instances of the server either by using Red Hat Console or from the command-line.
42 DisableSchemaChecking= No Chapter 4.
Chapter 5. Post Installation This chapter describes the post-installation procedures for launching the online help and populating the directory tree. This chapter has the following sections: • Section 5.1 Launching the Help System • Section 5.2 Populating the Directory Tree 5.1. Launching the Help System The help system for Directory Server is dependent upon Red Hat Administration Server.
44 Chapter 5. Post Installation 5.2. Populating the Directory Tree During installation, a simple directory database was created for you. In addition, a simple directory structure was placed in the database for you to use. This directory structure contained basic access control and the major branch points for the recommended directory structure. Now you need to populate your database with user entries. There are several ways you can create and populate your directory suffixes.
Chapter 6. Migrating from Previous Versions If you have a previous installation of Directory Server, depending on its version, you can migrate to Red Hat Directory Server 7.x. Migration refers to the process of moving Directory Server 6.x files to Directory Server 7.x. This chapter covers the migration process in these sections: • Section 6.1 Migration Overview • Section 6.2 Migration Prerequisites • Section 6.3 Migration Procedure • Section 6.4 Upgrading from Directory Server 7.x Versions. 6.1.
46 Chapter 6. Migrating from Previous Versions 6.2. Migration Prerequisites This section lists the prerequisites that your system must meet before you can consider beginning the migration process. • You must be using Directory Server 6.x. When you run the migration script, the legacy server process ns-slapd should be stopped. (If you do not stop the server, the migration script stops it.
Chapter 6. Migrating from Previous Versions • Section 6.3.1 Migrating a Standalone Server • Section 6.3.2 Migrating a 6.x Replicated Site • Section 6.3.3 Migrating a 6.x Multi-Master Deployment • Section 6.3.4 Managing Console Failover. 47 6.3.1. Migrating a Standalone Server Once you have backed up your critical configuration information, do the following to migrate a server: 1. Stop your legacy Directory Server. If you do not stop the legacy Directory Server, the migration script does it for you.
48 Chapter 6. Migrating from Previous Versions the legacy server as well as in the new server instances. To demonstrate the various options, for each backend a different option was chosen: for backend1, the choice was to continue with the migration and export processes; for backend2, the choice was to continue with the migration process only, without exporting; and, for userRoot, the choice was to skip the migration process.
Chapter 6. Migrating from Previous Versions Parse the old DSE ldif file: /export/server621/slapd-marmot/ config/dse.ldif ***** This may take a while ... Migrate DSE entries... SECURITY - Update successfull: cn=encryption,cn=config SNMP - Update successfull: cn=snmp,cn=config ----------------------------------------------------------------Migrate LDBM backend instances...
50 Chapter 6.
Chapter 6. Migrating from Previous Versions 51 [/export/server71/shared/config/certmap.conf_backup] ? ***** Close the LDAP connection to the new Directory Server instance ***** Shutting down server slapd-marmot . . . . . . ----------------------------------------------------------------Data processing... ldiffile: /export/server621/slapd-marmot/config/ldif/backend1.
52 Chapter 6. Migrating from Previous Versions "/export/server621/slapd-marmot/config/ldif/backend1.ldif" (1230 entries) [14/Apr/2005:17:57:27 -0600] - import backend1: Workers finished; cleaning up... [14/Apr/2005:17:57:28 -0600] - import backend1: Workers cleaned up. [14/Apr/2005:17:57:28 -0600] - import backend1: Cleaning up producer thread... [14/Apr/2005:17:57:28 -0600] - import backend1: Indexing complete. Post-processing...
Chapter 6. Migrating from Previous Versions "/export/server621/slapd-marmot/config/ldif/backend2.ldif" (0 entries) [14/Apr/2005:17:57:31 -0600] - import backend2: Workers finished; cleaning up... [14/Apr/2005:17:57:31 -0600] - import backend2: Workers cleaned up. [14/Apr/2005:17:57:31 -0600] - import backend2: Cleaning up producer thread... [14/Apr/2005:17:57:31 -0600] - import backend2: Indexing complete. Post-processing...
54 Chapter 6. Migrating from Previous Versions 6.3.2. Migrating a 6.x Replicated Site If you are upgrading from Directory Server 6.x to Directory Server 7.x, your replication configuration is automatically migrated when you run the migrateInstance7 script. To migrate a 6.x replicated site: 1. Stop your Directory Server 6.x. 2. Install Directory Server 7.x. 3. Run the migration script as shown in Section 6.3.1 Migrating a Standalone Server. 4. Once your 6.
Chapter 6. Migrating from Previous Versions 55 7. Migrate the hubs (if any); refer to Section 6.3.3.2 Hub Migration. 8. Verify that writes and changes are being replicated through the servers. 9. Migrate the replicas; refer to Section 6.3.3.3 Replica Migration. 10. Verify that writes and changes are being replicated through the servers. 6.3.3.1. Master Migration Follow these steps for the first master, and then repeat the steps for the others, up to four masters. 1. Stop the 6.x Directory Server. 2.
56 Chapter 6. Migrating from Previous Versions 6.3.4. Managing Console Failover If you have a multi-master installation with o=NetscapeRoot replicated between your two masters, server1 and server2, you can modify the Console on the second server (server2) so that it uses server2’s instance instead of server1’s. (By default, writes with server2’s Console would be made to server1 then replicated over.) To accomplish this, you must: 1. Shut down the Administration Server and Directory Server. 2.
Chapter 6. Migrating from Previous Versions 57 6.4.1. Before You Begin Before you begin the upgrade process, back up your entire 7.0 Directory Server. For instructions, check backing up and exporting in "Populating Directory Databases" in the Red Hat Directory Server Administration Guide. 6.4.2. Upgrading The steps below show how to perform an upgrade using Typical installation: 1. On your Directory Server 7.0 host machine, log in as root or superuser (su). 2. Stop the server.
58 Chapter 6.
Chapter 7. Troubleshooting This chapter describes the most common installation problems and how to solve them. It also provides some tips on checking patch levels and kernel parameter settings for your system. This chapter has the following sections: • Section 7.1 Running dsktune • Section 7.2 Common Installation Problems 7.1. Running dsktune The dsktune utility provides an easy and reliable way of checking the patch levels and kernel parameter settings for your system.
60 Chapter 7. Troubleshooting TRANSPORT_NAME[10]=tcp NDD_NAME[10]=tcp_keepalive_interval NDD_VALUE[10]=600000 NOTICE : The NDD tcp_rexmit_interval_initial is currently set to 3000 milliseconds (3 seconds). This may cause packet loss for clients on Solaris 2.5.1 due to a bug in that version of Solaris. If the clients are not using Solaris 2.5.1, no problems should occur.
Chapter 7. Troubleshooting 61 TRANSPORT_NAME[10]=tcp NDD_NAME[10]=tcp_smallest_anon_port NDD_VALUE[10]=8192 WARNING: tcp_deferred_ack_interval is currently 50 milliseconds. This will cause the operating system to insert artificial delays in the LDAP protocol. It should be reduced during load testing. An entry similar to the following can be added to the /etc/rc.config.
62 Chapter 7. Troubleshooting user id admin (151:Unknown error.) Fatal Slapd Did not add Directory Server information to Configuration Server. ERROR. Failure installing Red Hat Directory Server. Do you want to continue [y/n]? This error occurs when a machine is not correctly configured to use DNS naming. The default fully qualified host and domain name presented during installation is not correct. If you accept the defaults, you receive the LDAP authentication error.
Chapter 7. Troubleshooting 63 then your Directory Manager DN password is now my_password. 3. Restart your Directory Server. 4. Once your server has restarted, login as the Directory Manager and change the password. Make sure you select an encryption scheme when you do so. For information on changing a Directory Manager password, refer to the Red Hat Directory Server Administration Guide.
64 Chapter 7.
Glossary A access control instruction See ACI. ACI Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list See ACL. ACL Access Control List. The mechanism for controlling access to your directory. access rights In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory.
66 Glossary anonymous access When granted, allows anyone to access directory information without providing credentials, and regardless of the conditions of the bind. approximate index Allows for efficient approximate or "sounds-like" searches. attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value.
Glossary 67 base distinguished name See base DN. bind DN Distinguished name used to authenticate to Directory Server when performing an operation. bind distinguished name See bind DN. bind rule In the context of access control, the bind rule specifies the credentials and conditions that a particular user or client must satisfy in order to get access to directory information. branch entry An entry that represents the top of a subtree in the directory.
68 Glossary certificate A collection of data that associates the public keys of a network user with their DN in the directory. The certificate is stored in the directory as user object attributes. Certificate Authority Company or organization that sells and issues authentication certificates. You may purchase an authentication certificate from a Certification Auth CGI Common Gateway Interface. An interface for external programs to communicate with the HTTP server.
Glossary 69 class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes. client See LDAP client. code page An internal table used by a locale in the context of the internationalization plug-in that the operating system uses to relate keyboard keys to character font screen displays. collation order Provides language and cultural-specific information about how the characters of a given language are to be sorted.
70 Glossary CoS template entry Contains a list of the shared attribute values. Also template entry. D daemon A background process on a UNIX machine that is responsible for a particular system task. Daemon processes do not need human intervention to continue functioning. DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. data master The server that is the master source of a particular piece of data. database link An implementation of chaining.
Glossary 71 Directory Manager The privileged database administrator, comparable to the root user in UNIX. Access control does not apply to the Directory Manager. Directory Server Gateway Also DSGW. A collection of CGI forms that allows a browser to perform LDAP client functions, such as querying and accessing a Directory Server, from a web browser. directory service A database application designed to manage descriptive, attribute-based information about people and resources within an organization.
72 Glossary DSGW See Directory Server Gateway. E entry A group of lines in the LDIF file that contains information about an object. entry distribution Method of distributing directory entries across more than one server in order to scale to support large numbers of entries. entry ID list Each index that the directory uses is composed of a table of index keys and matching entry ID lists.
Glossary 73 filtered role Allows you to assign entries to the role depending upon the attribute contained by each entry. You do this by specifying an LDAP filter. Entries that match the filter are said to possess the role. G gateway See Directory Server Gateway. general access When granted, indicates that all authenticated users can access directory information. GSS-API Generic Security Services.
74 Glossary HTTP-NG The next generation of Hypertext Transfer Protocol. HTTPS A secure version of HTTP, implemented using the Secure Sockets Layer, SSL. hub supplier In the context of replication, a server that holds a replica that is copied from a different server, and, in turn, replicates it to a third server. See also cascading replication. I index key Each index that the directory uses is composed of a table of index keys and matching entry ID lists.
Glossary 75 L LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms. LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format. LDAP client Software used to request and view LDAP entries from an LDAP Directory Server. See also browser. LDAP Data Interchange Format See LDAP Data Interchange Format.
76 Glossary locale Identifies the collation order, character type, monetary format and time / date format used to present data for users of a specific region, culture, and/or custom. This includes information on how data of a given language is interpreted, stored, or collated. The locale also indicates which code page should be used to represent a given language. M managed object A standard value which the SNMP agent can access and send to the NMS.
Glossary 77 MD5 A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data that is unique with high probability and is mathematically extremely hard to produce; a piece of data that will produce the same message digest. MD5 signature A message digest produced by the MD5 algorithm. MIB Management Information Base. All data, or any portion thereof, associated with the SNMP network.
78 Glossary name collisions Multiple entries with the same distinguished name. nested role Allows the creation of roles that contain other roles. network management application Network Management Station component that graphically displays information about SNMP managed devices (which device is up or down, which and how many error messages were received, etc.). network management station See NMS. NIS Network Information Service.
Glossary 79 object identifier Also OID. A string, usually of decimal numbers, that uniquely identifies a schema element, such as an object class or an attribute, in an object-oriented system. Object identifiers are assigned by ANSI, IETF or similar organizations. OID See object identifier. operational attribute Contains information used internally by the directory to keep track of modifications and subtree properties.
80 Glossary permission In the context of access control, permission states whether access to the directory information is granted or denied and the level of access that is granted or denied. See access rights. PDU Also Protocol Data Unit. Encoded messages which form the basis of data exchanges between SNMP devices. pointer CoS A pointer CoS identifies the template entry using the template DN only. presence index Allows searches for entries that contain a specific indexed attribute.
Glossary 81 PTA LDAP URL In pass-through authentication, the URL that defines the authenticating directory server, passthrough subtree(s), and optional parameters. R RAM Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down. rc.local A file on UNIX machines that describes programs that are run when the machine starts. It is also called /etc/rc.local because of its location. RDN Also Relative Distinguished Name.
82 Glossary read-write replica A replica that contains a master copy of directory information and can be updated. A server can hold any number of read-write replicas. relative distinguished name See RDN. replication Act of copying directory trees or subtrees from supplier servers to consumer servers.
Glossary 83 S SASL Also Simple Authentication and Security Layer. An authentication framework for clients as they attempt to bind to a directory. schema Definitions describing what types of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results.
84 Glossary service A background process on a Windows machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning. SIE Server Instance Entry. The ID assigned to an instance of Directory Server during installation. Simple Authentication and Security Layer See SASL. Simple Network Management Protocol See SNMP.
Glossary 85 SSL Also Secure Sockets Layer. A software library establishing a secure connection between two parties (client and server) used to implement HTTPS, the secure version of HTTP. standard index index maintained by default. sub suffix A branch underneath a root suffix. subagent See SNMP subagent. substring index Allows for efficient searching against substrings within entries. Substring indexes are limited to a minimum of two characters for each entry.
86 Glossary symmetric encryption Encryption that uses the same key for both encrypting and decrypting. DES is an example of a symmetric encryption algorithm. system index Cannot be deleted or modified as it is essential to Directory Server operations. T target In the context of access control, the target identifies the directory information to which a particular ACI applies. target entry The entries within the scope of a CoS. TCP/IP Transmission Control Protocol/Internet Protocol.
Glossary 87 Transport Layer Security See TLS. U uid A unique number associated with each user on a UNIX system. URL Uniform Resource Locator. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is protocol://machine:port/document. The port number is necessary only on selected servers, and it is often assigned by the server, freeing the user of having to place it in the URL. V virtual list view index Also browsing index.
88 Glossary
Index Symbols 32-bit OS requirements, 9 32-bit process, 9 64-bit OS requirements, 10 64-bit process, 10 A administration domain, defined, 5 administration port number, setting, 26, 29 administration server, 1 administration server user, 4 authentication entities, 3 B browsing index, 67 C classic CoS, 69 configuration decisions, 1 configuration directory administrator, 4 configuration directory, defined, 4 Console, 1 creating instances under the same server root, 31 custom install, defined, 7 D default s
90 N new server root creating, 2 nobody user account, 3 ns-slapd process write an rc script for, 8 nsperl, 40 perldap, 40 slapd, 37 typical install example, 33 using, 31 supported platforms, 9 system tuning, Red Hat Enterprise Linux, 14 O T operating systems, supported, 9 third-party utilities installing, Red Hat Enterprise Linux, 15 typical install defined, 6 P port numbers choosing unique, 2 troubleshooting, 61 PrePreInstall field, 12 prerequisites migration, 46 R Red Hat Administration Server, 1
