Service manual
Using Available System Resources
156 Sun ONE Directory Server Installation and Tuning Guide • June 2003
resource targeted for the resulting operation. If a macro matches, Directory Server
replacesitwith the valueof theactual DN.Directory Server then evaluatesthe ACI
normally. For more information on ACIs, refer to the Sun ONE Directory Server
Administration Guide.
Testing has demonstrated that Directory Server can support more than 50,000
ACIs. The impact on performance for various deployment scenarios is currently
under analysis. Keep the number of ACIs as small as possible to limit negative
impact on performance, and to reduce the complexity of managing access controls.
For deployments involving complex ACI environments, consider using Sun ONE
Directory Proxy Server to provide some access control features.
Configuring Server Plug-Ins
DirectoryServer implements many key features such as accesscontrol, replication,
syntax checking, and attribute uniqueness using plug-ins. In the context of a
particular deployment, you may find it useful to reconfigure some plug-ins. The
recommendations in Table 9-3 address settings for some standard plug-ins.
Table 9-3 Tuning Recommendations for Some Standard Plug-Ins
Name and DN Short Description and Tuning Recommendations
7-Bit Check Plug-In
dn: cn=7-bit
check,cn=plugins,cn=config
Allows Directory Server to check that attribute values
are 7-bit clean. That is, that attribute values provided
contain only those characters that fit in 7-bit encoding.
You may choose to disable this plug-in (default on)if
the infrastructure is designed to support wider
encodings such as Japanese characters, for example.
Legacy Replication Plug-In
dn: cn=Legacy Replication
Plugin,cn=plugins,cn=config
Allows Directory Server to function as a consumer of a
4.x supplier.
Unless you intend to use DirectoryServer as a consumer
of a 4.x supplierduring an upgrade for example, turn
this plug-in off (on by default in case 4.x replication
capabilities arerequired).