Server User Manual

Manuals Brands Red Hat Manuals Server Version4.1

comp.sys

TCP/IP

directory server

World Wide Web

Personal

IStore

Proxy

merchant system

HTML

http://www

Internet

server

security

news

URL

HTML

mail

Inter

navigator

community system

electronic commerce

JavaScript

Proxy

Mozilla

certificate

ublishing

Publishing

Chat

encryption

secure sockets layer

SSL

Gateway Customization

Guide

Netscape Directory Server

Version 4.1

Summary of content (156 pages)

PAGE 1

security Chat URL merchant system World Wide Web server navigator TCP/IP HTML Publishing community system Gateway Personal ww SSL Customization Guide Inter Proxy Netscape Directory Server Version 4.1 Mozilla Internet encryption HTML Publishing secure sockets layer IStore mail http://www electronic commerce JavaScriptcomp.
PAGE 2

Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement accompanying the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.
PAGE 3

Preface The descriptions, instructions, and examples in this guide can be used to create and modify a gateway instance to suit the needs of users in your organization. Who Needs This Guide This guide is for anyone who needs to implement a simple gateway instance with basic directory lookup functionality. It is also for users who wish to implement a more powerful gateway instance with directory authentication and administration capability.
PAGE 4

Related Information • Chapter 5, Entry Types and Object Class Attributes: Provides examples of entry types (objects) defined in the gateway’s .conf file, provides examples of locations mapped to entry types, and discusses gateway directives. • Chapter 6, Search Attributes, Filters, and Results: Provides examples for modifying search attributes, adding search support for a new object, modifying default search filters, and customizing search results.
PAGE 5

Contents Preface ................................................................................................................ iii Who Needs This Guide ....................................................................................... iii What’s In This Guide ........................................................................................... iii Related Information ..............................................................................................iv Chapter 1 Gateway Features ...
PAGE 6

Gateway Release 4.0 .................................................................................. 12 Gateway Release 3.x .................................................................................. 13 Securing 4.0 Gateway Configuration and Settings ........................................ 13 Protecting Bind DN and Password ........................................................... 13 Protecting Root Processes on UNIX Systems ........................................... 13 Migrating 3.
PAGE 7

Configuring Gateway Clients .............................................................................. 27 Language Support for HTTP Clients .............................................................. 27 Unicode and Latin-1 Character Sets .......................................................... 28 Displaying a Non-English Alphabet ............................................................... 28 Configuring Communicator 4.x for Preferred Language ..............................
PAGE 8

Object Class Templates ....................................................................................... 40 Gateway Script Files ............................................................................................ 41 Gateway Search Result Templates ..................................................................... 42 Banner Files ......................................................................................................... 43 Chapter 5 Entry Types and Object Class Attributes ...
PAGE 9

Specifying Search Attributes for Person ........................................................ 61 Directory Express Search Support for User ID ............................................. 63 Adding Search Support for Additional Attributes ......................................... 63 Adding Search Support for a New Object ......................................................... 64 Extending Search Preferences ........................................................................
PAGE 10

changeHTML ................................................................................................... 81 charset ............................................................................................................. 81 configdir .......................................................................................................... 82 dirmgr .............................................................................................................. 82 gwnametrans ........................
PAGE 11

DS_SAVEBUTTON ................................................................................... 101 DS_EDITASBUTTON ............................................................................... 102 DS_NEWPASSWORD ............................................................................... 102 DS_CONFIRM_NEWPASSWORD ............................................................. 103 DS_OLDPASSWORD ................................................................................ 103 DS_HELPBUTTON ........
PAGE 12

dosearch ................................................................................................... 114 edit ............................................................................................................ 115 lang ........................................................................................................... 115 newentry .................................................................................................. 115 search .............................................
PAGE 13

Adding Entries Using the New Entry Form ..................................................... 128 Adding a Person Entry ................................................................................. 129 Adding an NT Person Entry .................................................................... 130 Adding a Group Entry .................................................................................. 130 Adding an NT Group ...............................................................................
PAGE 14

xiv Netscape Directory Server Gateway Customization Guide
PAGE 15

Tables Location of gateway files for release 4.0 ............................................................12 Location of gateway files for release 3.x ............................................................13 Gateway File Types and Locations ....................................................................38 Default Template Files and Related Object Classes .........................................41 Gateway Forms and Corresponding Script Files ................................................
PAGE 16

xvi Gateway Customization Guide
PAGE 17

Examples HTML and configuration directories specified in pb.conf ...................................6 Embedding GCONTEXT in a Link ........................................................................6 Specifying PCONTEXT in an HTML Form ............................................................7 Setting up .conf file and directories for new gateway instance ........................22 Changing LDAP port in the baseurl parameter ..................................................
PAGE 18

xviii Writer’s Guide
PAGE 19

Chapter 1 Chapter 1 Gateway Features This chapter describes the gateway features introduced with release 4.0 of the Directory Server. Topics include: • What Is a Gateway? • HTTP Server Requirements for Gateways • Gateways Installed with Directory Server 4.0 • Non-Anonymous Searching • Compatibility with Existing Gateways • Automatic Updates to Directory Configuration What Is a Gateway? A gateway is an HTTP-to-LDAP client that lives on an HTTP server.
PAGE 20

HTTP Server Requirements for Gateways In Version 4.0 of Netscape Directory Server, many gateway instances can be defined on one HTTP server, providing access to any number of Directory Servers. A gateway instance consists of: • a .conf file, stored in /dsgw/context, defining the context for a gateway instance (for instance, dsgw.conf defines the dsgw gateway instance).
PAGE 21

Gateways Installed with Directory Server 4.0 See Also “Location of Gateway Files” on page 12 Default Gateway (dsgw.conf) In addition to the standard search form, the default Gateway provides an advanced search form, a Directory Server authentication form, and a form for adding and modifying entries. The configuration file for the default gateway is at /dsgw/context/ dsgw.conf. During Netscape Directory Server 4.
PAGE 22

Gateways Installed with Directory Server 4.0 During Netscape Directory Server 4.0 installation, Directory Express is configured to use as its HTTP server the Netscape Administration server installed with the directory. Following Directory Server installation, Directory Express can be accessed from http://adminhost:adminport/ or directly using this URL: http://adminhost:adminport/dsgw/bin/lang?context=pb Figure 1.
PAGE 23

Support for Multiple Gateway Instances Figure 1.3 Directory Express Extended Search Results Support for Multiple Gateway Instances Release 4.0 of the Directory Server supports multiple gateway instances. Many gateways can access directory data from the same HTTP server without conflict.
PAGE 24

Support for Multiple Gateway Instances The .conf files defining the configuration of gateway instances are stored in /dsgw/context. Within the .conf file are two parameters specifying the path names for the HTML and template files for the gateway (see Example 1.1). Example 1.1 HTML and configuration directories specified in pb.conf htmldir../pbhtml configdir ../pbconfig Specifying Gateway Configuration to Gateway CGIs Information about which .
PAGE 25

Support for Multiple Gateway Instances POST Operations (PCONTEXT) In a POST operation, the CGI posts to the gateway instance specified by a hidden variable on an HTML form. Each POST operation to a gateway CGI in an HTML form must use the PCONTEXT directive so that CGIs can pass the gateway instance to the next page and maintain the state. For CGI invocations using a POST, put at the beginning of a line, as shown in Example 1.3. Example 1.
PAGE 26

Gateway Localization Gateway Localization The gateway is designed to allow support for clients in multiple locales. Gateway Locales Release 4.0 of the Directory gateway is localized for English, Japanese, French, and German. Language files are stored in /dsgw/html/ and dsgw/config/, where is defined in RFC1766 (for example, language files for Japanese are stored in /usr/netscape/dsgw/html/ja and /usr/netscsape/dgw/config/ja[true]).
PAGE 27

Non-Anonymous Searching Non-Anonymous Searching Release 3.0 of the gateway allows anonymous searching only. This provides only the most basic permissions for accessing information in the user directory. The release 4.0 gateway provides the same functionality but in addition supports non-anonymous searching. A bind DN and bind password, stored in a file named binddnfile, can be set up for users to authenticate to the Directory Server.
PAGE 28

Compatibility with Existing Gateways Compatibility with Existing Gateways Release 4.0 of the Directory Server is compatible with previous versions of the gateway, including release 3.x. Although the HTML files and gateway CGIs are not interchangeable, a 3.x gateway can access a 4.0 Directory Server, and a 4.0 gateway can access a 3.x Directory Server. It is not necessary to upgrade a 3.x gateway to release 4.0, however a script is available to complete this task.
PAGE 29

Chapter 2 Chapter 2 Setting Up the Gateway This chapter describes the planning decisions and tasks required to install and initially configure a gateway for access by end users. Topics include: • Gateway Installation Planning • HTTP Server Configuration • Creating a New Gateway Instance (4.0 only) • Gateway .
PAGE 30

Gateway Installation Planning • whether to migrate existing gateways to release 4.1 gateways or to let them co-exist • how changes to Directory Server configuration and user directory will be updated on the gateway • which type of HTTP server best suits the needs of your enterprise Location of Gateway Files Table 2.1 and Table 2.2 show the locations of gateway files for release 4.0 and release 3.x. Gateway Release 4.0 Two gateway instances are installed during Directory Server 4.
PAGE 31

Gateway Installation Planning See Also “Gateway Cloning” on page 23 Gateway Release 3.x One gateway is installed for each instantiation of the Directory Server. The .conf file is stored in /dsgw (under slapd-). Table 2.2 Location of gateway files for release 3.x File Type Location default gateway .conf file /slapd-/dsgw/dsgw.conf default gateway HTML and template files /slapd-/html /slapd-/config Securing 4.
PAGE 32

Gateway Installation Planning Migrating 3.x default Gateways to Release 4.0 Release 4.0 of the Netscape Directory server supports 3.x gateways, so it is not necessary to modify a 3.x gateway in order for it to access a 4.0 directory. However, a 3.x gateway can not co-exist with 4.0 gateways unless it is first migrated to the 4.0 gateway structure. An upgrade script, dsgwmig, is available which completes the migration of dsgw.conf and its relevant files. The script does not overwrite the existing 3.
PAGE 33

Gateway Installation Planning Running the Gateway Migration Script The dsgwmig script runs automatically during the 3.x -> 4.0 Directory Server migration process. Directory server migration is described in the Release Notes for Directory Server 4.0. Updating the Gateway with Changes to Directory Server Configuration Release 4.
PAGE 34

Gateway Installation Planning • the number of users accessing the gateway at a given time • the complexity of the directory searches performed and the search results required • whether the gateway is additionally to be used for authentication and login • the load from other processes managed by the host machine • the speed and performance of the computer hardware selected for the host computer • the speed and capacity of the network (network hardware and software) In general, gateway performance on the Net
PAGE 35

HTTP Server Configuration HTTP Server Configuration Name Translation Mapping The HTTP server uses Name Translation mapping to translate a virtual path provided by a gateway client to a physical path used by an HTTP server. This Name Translation mapping specifies the gateway’s HTML directory. The gateway’s CGIs use this information to output the correct URL (HTTP redirection). In release 4.0 of the gateway, the NameTrans mapping is specified in the gateway’s .conf file using the gwnametrans parameter.
PAGE 36

HTTP Server Configuration In release 3.x, to access a different suffix, another HTTP server and another gateway must be configured on the host where the Directory Server is installed. Note When the root suffix, directory manager, or port change, the gateway settings in dsgw.conf must be updated to reflect the changes (if they haven’t been updated through the Netscape Console).
PAGE 37

HTTP Server Configuration Figure 2.1 Configuring an Additional Document Directory Figure 2.
PAGE 38

HTTP Server Configuration Add an Additional Document Directory (4.0 Gateways) Adding an additional document directory is necessary to establish access to the gateway files. From the server manager for the FastTrack or Enterprise Server: 1. Go to Content Mgmt | Additional Document Directories. 2. In the URL prefix field, enter dsgw 3. In the Map to Directory field, enter /dsgw/ where is the Directory Server’s installation directory. 4. Click OK, then Save and Apply.
PAGE 39

HTTP Server Configuration Adding an additional CGI directory is necessary to make the gateway’s CGI programs available. From the server manager for the HTTP server: 1. Go to Programs | CGI Directory. 2. In the URL prefix field, enter /dsgw/bin 3. In the CGI directory field, enter: /dsgw/bin 4. Click OK, then Save and Apply. Add an Additional CGI Directory (for 3.x Gateways) Adding an additional CGI directory is necessary to make the gateway’s CGI programs available.
PAGE 40

Creating a New Gateway Instance (4.0 only) The process listed identifies the name under which the HTTP process is running. 2. Log into the machine as root. 3. Go to the /dsgw and enter: # chown authck where is the user name determined in step 1. 4. Verify that the directory is accessible by opening the URL: http://:/ds/search where is the HTTP server’s host name, and is the port number used by the server.
PAGE 41

Gateway .conf File Configuration 4. Create an HTML directory for the new gateway: For example, to provide an HTML directory for airius.conf, copy and rename an existing HTML directory (dsgw/html or dsgw/pbhtml) to /dsgw/airiushtml. 5. Create a template directory containing object class templates and other configuration files. For example, to provide a template directory for airius.conf, copy and rename an existing template directory (/dsgw/config or /dsgw/pbconfig) to /dsgw/airiusconfig. 6.
PAGE 42

Gateway .conf File Configuration Setting Up the Directory Manager When the Directory server is installed, the Directory Manager is by default set to the root DN. The Directory Server 4.0 installation requires a root DN. If no root DN was configured when the Directory server was installed, then no default Directory Manager is configured for the gateway. Note For security reasons, Netscape recommends setting the Directory Manager to an entry other than the root DN.
PAGE 43

Gateway .conf File Configuration Figure 2.3 Authenticating as Directory Manager Setting up the Suffix for Adding Entries The location-suffix parameter is defined in dsgw.conf, and identifies the suffix under which the gateway creates new entries in the directory. The locationsuffix parameter can point to any suffix in a directory. Setting the location-suffix parameter is described in “include” on page 84.
PAGE 44

Gateway .conf File Configuration Configuring the gateway to use SSL when communicating with the Directory server requires modification of the securitypath and baseurl parameters in dsgw.conf. Enabling SSL communications on the Directory Server is described in the Netscape Directory Server Administrator’s Guide. Information about managing key and certificate databases is provided in Managing Netscape Servers. Configuring the Gateway to Use SSL The syntax in Example 2.
PAGE 45

Configuring Gateway Clients If a single character set works well for most gateway users, define it using the charset parameter in the gateway’s .conf file. For users who require a character set that supports another language, create the appropriate ../dsgw/LANG/ dsgwcharset.conf file (where LANG represents a language, such as “en” or “fr”) and configure the HTTP clients for these users to specify their language in the HTTP Accept-language header.
PAGE 46

Configuring Gateway Clients Unicode and Latin-1 Character Sets When the user is using Netscape Communicator 4.x, the Directory server sends Unicode characters. Netscape Navigator 2.x and 3.x clients are not capable of displaying Unicode characters. When the user is using Netscape Navigator 3.x and lower, the Directory server sends Latin-1 characters unless the charset parameter has been configured in the gateway’s .conf file.
PAGE 47

Configuring Gateway Clients 6. Go to Edit | Preferences | Navigator | Languages and configure the list of languages so that the best description of the user’s language is first, followed by other acceptable languages. For example, a speaker of British English who also reads Spanish might list English/United Kingdom [en-GB] first, followed by English [en] and then Spanish [es]. Configuring Navigator 3.01 for Preferred Language 1. Install a font that supports Unicode. 2.
PAGE 48

Configuring Gateway Clients • In the Search Directory dialog, users can enter more complex query expressions to search an LDAP directory using native LDAP searches. • Users can enter LDAP URLs (beginning with the “ldap://” prefix) in Navigator (web browser) windows to search an LDAP directory. See Also Customizing LDAP Settings for Communicator 4.
PAGE 49

Chapter 3 Chapter 3 Gateway Localization This chapter describes gateway localization and identifies the tasks required to set up additional gateway locales. Topics include: • Unicode and Netscape Support for UTF-8 • How the Gateway Selects a Character Set • Special Characters • Gateway Locales • Setting Up Locales for Translation Unicode and Netscape Support for UTF-8 Unicode is a character set containing all the characters of all the world’s major languages.
PAGE 50

How the Gateway Selects a Character Set The NT Synchronization Server, installed with the Directory Server, converts UTF-8 to and from NT’s Unicode representation (UCS-2). Note Netscape Communicator 4.x supports UTF-8. Netscape Navigator 3.x does not. How the Gateway Selects a Character Set The gateway can output web pages in many character sets. The gateway selects a character set for each HTTP client based on a combination of input from the client and from the gateway’s configuration files. Releases 3.
PAGE 51

How the Gateway Selects a Character Set HTTP Clients that Request UTF-8 Browsers designed for localization are configured to request the UTF-8 character set by default. To support localization, the gateway is preconfigured to transmit the UTF-8 character set to these clients: Netscape Communicator version 4.0 and greater and to Internet Explorer version 4.0 and greater. Release 4.0 of the gateway allows this preconfiguration to be overridden using the ignoreAcceptCharsetFrom parameter.
PAGE 52

Special Characters Special Characters Non-breaking Space If the client’s character set lacks a character for non-breaking space, but has ideographic space, non-breaking spaces are converted to ideographic spaces before character set conversion. See the changeHTML directive, in the Gateway configuration file dsgw.conf. Query Strings When the Gateway needs to embed a UTF-8 string in an URL, it encodes it in a query string (the query string is the part of the URL that follows the question mark).
PAGE 53

Setting Up Locales for Translation Support for multiple locales is accomplished by translating documentation (including online help), the string resource database, and the configuration and HTML template files. A single copy of the compiled code handles all supported locales. Locale-dependent information is stored in translated files stored in subdirectories identifying the locale name. These editable files are stored separately from the Gateway code. For example, the German translation of config/search.
PAGE 54

Setting Up Locales for Translation include “../config/dsgw-l10n.conf” Note 4. create a “zh” directory in NS-HOME/dsgw/config 5. Copy or create the file dsgw-l10n.conf, stored during Gateway installation in NS-HOME/dsgw/config/, to NS_HOME/dsgw/config/zh If you are using the US version of the Gateway, dsgw.conf contains a sample of dsgw-l10n.conf.
PAGE 55

Chapter 4 Chapter 4 Files Controlling Gateway Functionality This chapter describes gateway components. Topics covered include: • An Overview of Gateway File Types • Gateway .
PAGE 56

An Overview of Gateway File Types • create new gateway instances • edit the object class attributes that define the entries users can add to the Directory • edit the search object class attributes that define how people search for and view entries in the LDAP directory • change the appearance of gateway forms • update the gateway with changes to Directory Server configuration Files that control gateway functionality are described in Table 4.1. Table 4.
PAGE 57

Gateway .conf Files Gateway .conf Files A gateway’s .conf file describes the gateway’s instance. A gateway’s .conf file controls the host, port, root suffix, and Directory Manager to use when communicating with the Directory Server. It also controls • the localization settings for the gateway • the locations where new entries can be created within the directory • the types of entries that can be created • the search base • whether the gateway uses SSL communications dsgw.
PAGE 58

Object Class Templates dsgwsearchprefs.conf The object classes and object class attributes than can be searched are specified in dsgwsearchprefs.conf. See Also dsgwsearchprefs.conf is discussed in Chapter 6, “Search Attributes, Filters, and Results.” dsgwfilter.conf The search filters used to search for a particular object class are specified in dsgwfilter.conf. The gateway uses this file when performing a standard search operation. See Also dsgwfilter.
PAGE 59

Gateway Script Files Table 4.2 Default Template Files and Related Object Classes Template File Related Object Class display-country.html country display-group.html groupOfNames display-groupun.html groupOfUniqueNames display-ntgroup.html ntGroup display-ntperson.html ntUser display-org.html organization display-orgperperson.html inetOrgPerson display-orgunit.html organizationalUnit display-person.
PAGE 60

Gateway Search Result Templates Table 4.3 Gateway Forms and Corresponding Script Files Set of forms Corresponding script files authentication forms authPassword.html authSearch.html standard search forms searchString.html advanced search forms csearchAttr.html csearchBase.html csearchMatch.html csearchString.html csearchType.html newentry forms newentryType.html newentryName.
PAGE 61

Banner Files See Also Chapter 6, “Search Attributes, Filters, and Results,” describes how search result templates can be edited to modify the display of search results. Banner Files Banner files identified in Table 4.5 are used to specify the banner and button images that appear in gateway forms. Table 4.5 Banner Files Controlling Appearance of Gateway Forms Banner Files Controls Appearance of Banner and Buttons in maintitle.html main form authtitle.html authentication form csearchtitle.
PAGE 62

Banner Files 44 Netscape Directory Server Gateway Customization Guide
PAGE 63

Chapter 5 Chapter 5 Entry Types and Object Class Attributes This chapter describes how entry type formats—defined by object classes and their attributes—are controlled by parameters in the dsgw.conf file. Topics include: • Entry Types (Object Classes) • Mapping Locations and Entry Types • Object Class Attributes in Template Files Entry Types (Object Classes) Parameters Controlling Entry Types The functionality of entry types appearing on gateway forms are controlled by parameters stored in dsgw.
PAGE 64

Entry Types (Object Classes) • location parameter settings that determine where in the directory new entries reside. See Also Parameters in the dsgw.conf file are described in Appendix A, “.conf Parameters.” template The template parameter maps the gateway’s HTML templates for entry types to the Directory Server’s LDAP object classes. location The location parameter defines points in the directory tree where new entries can be added.
PAGE 65

Entry Types (Object Classes) Figure 5.1 New Entry Form Considerations for Adding New Entry Types Before adding support for a new entry type (object class), decide where in the directory tree the entry type should appear and how the entry type should be formatted. Deciding where the new entry appears If a location parameter is not set up to point to the location where the new entry type appears, add a new location parameter to the dsgw.conf file.
PAGE 66

Mapping Locations and Entry Types Deciding how the new entry is formatted When the new object class has many attributes in common with an existing entry type, update the corresponding template line in dsgw.conf to support the new object class. When a new object class requires a new template, add a new template parameter to dsgw.conf. See Also The newtype and location parameters are described in Appendix A, “.
PAGE 67

Mapping Locations and Entry Types newtype newtype newtype newtype newtype orgperson NTperson groupun orgunit org "Person" cn "NT Person" cn "Group" cn "Organizational Unit"ou "Organization" o acct hr pay pd test acct hr pay pd test groups org country In Example 5.1, locations defined in the newtype parameter (boldfaced) correspond to handles defined in the location parameter (also boldfaced).
PAGE 68

Object Class Attributes in Template Files Note UID-based DN formats are recommended because they are by nature unique and can prevent naming collisions within the directory. Modifying the Default DN format The default DN format can be modified by editing the rdnattr variable within the newtype parameter. To change the gateway configuration so that person entries are created using common name-based DNs rather than user ID-based DNs, edit the following line in the dsgw.
PAGE 69

Object Class Attributes in Template Files Templates and Directives Object class attributes associated with an entry type are defined by directives contained in gateway template files. Directives are instructions, written as HTML comments, that are interpreted by the gateway’s CGI scripts. Each directive is an independent, single line of HTML in a template file (with the exception of , which is embedded within an URL).
PAGE 70

Object Class Attributes in Template Files To complete the row, two null cells are added. This maintains the HTML table format. For Asian character sets, substitute an ideograhpic space for the nonbreaking space ( ) shown in Example 5.2 Note Attribute values are added in pairs. When adding a single attribute to an object class, remember to complete the table row.
PAGE 71

Object Class Attributes in Template Files Note When deleting a single attribute-value pair from a row, replace the two deleted cells with two cells containing the non-breaking space character. This maintains the table width and ensures that the background colors are rendered correctly. Extending Object Classes The gateway can be extended to support additional object classes.
PAGE 72

Object Class Attributes in Template Files to 4. Add the value for airiusperson to the input type.
PAGE 73

Object Class Attributes in Template Files template Airiusperson person inetorgperson airiusperson This instructs the gateway to display the Airiusperson entry type according to the template defined for the airiusPerson object class (displayairiusperson.html). 7. Update the Directory Server schema to include the airiusPerson object class. 8. To allow users to add entries for Airiusperson using the gateway, add an additional newtype parameter to the dsgw.conf file.
PAGE 74

Object Class Attributes in Template Files Note Netscape recommends modifying an existing search result form to create a new search results form. See Also See “Adding Information to Search Results” on page 69 and “Removing Information from Search Results” on page 70.
PAGE 75

Chapter 6 Chapter 6 Search Attributes, Filters, and Results This chapter describes the files that control how the gateway searches for objects and how to add search support for a new object.
PAGE 76

Search Configuration Files dsgwsearchprefs.conf Preferences for searching object classes defined in the gateway are specified in dsgwsearchprefs.conf. Each entry contains • the scope of the search within the Directory Server • the search filter to append to the search string (corresponding to the search filter entry defined in dsgwfilter.
PAGE 77

Changing Search Scope Changing Search Scope Search object entries in dsgwsearchprefs.conf define the search scope used in searches for the corresponding object class. The default scope for gateway search objects, subtree, specifies the baseurl and all its children. The scope of a search object can be changed by editing the corresponding line in dsgwsearchprefs.conf. Valid search scopes are shown in Table 6.1. Table 6.
PAGE 78

Modifying Search Attributes for Advanced Searches Figure 6.1 Entry Type Pull-Down Menu for Advanced Search Form Figure 6.
PAGE 79

Modifying Search Attributes for Advanced Searches Figure 6.3 Matching Type Pull-Down on Advanced Search Form Specifying Search Attributes for Person The dsgwsearchprefs.conf syntax in Example 6.1 specifies that the cn, sn, telephoneNumber, mail, uid, and title attributes are used in a search for person entries. Example 6.
PAGE 80

Modifying Search Attributes for Advanced Searches The first column in Example 6.1 specifies how the LDAP attribute shown in the second column appears in the pull-down menu on the Advanced Search form. Choose one term form menu, or leave out. The third column contains a string of six bits. Each bit position in the string maps to a match type, as shown in Table 6.2. A value of 1 in the bit position indicates that the match type is valid for the associated attribute.
PAGE 81

Modifying Search Attributes for Advanced Searches Directory Express Search Support for User ID Directory Express looks for matches for user ID strings. It does not attempt to match user ID substrings. To configure substring matching for user IDs, substring index the uid attribute and uncomment the appropriate lines in pbconfig/dsgwfilter.conf. Adding Search Support for Additional Attributes The boldface syntax in Example 6.
PAGE 82

Adding Search Support for a New Object Adding Search Support for a New Object There are two ways to add search support for a new object: • Update entries in dsgwsearchprefs.conf and dsgwfilter.conf with definitions of search attributes for the new object. Use this method to add search support for an object that is a child of another object. • Create new entries in dsgwsearchprefs.conf and desgwfilter.conf for a new object class.
PAGE 83

Adding Search Support for a New Object The syntax added to dsgwfilter.conf in Example 6.4 defines the search values for the dateOfBirth attribute. Example 6.4 dsgw-people entry configured to search for dateofBirth values “[0-9][0-9]/[0-9][0-9]/[0-9]0-9]” “ “ “ (dateOfBirth=%v))” “date of birth is” (dateOfBirth=%v*))” “date of birth starts with” Creating a New Search Object To add a new search object that differs from existing search objects: • add a new entry in dsgwsearchprefs.
PAGE 84

Modifying Default Search Filters The syntax in Example 6.6 specifies a list of filters for searching attributes in the orgRole object class. Example 6.6 Creating a new dsgwfilter.conf entry for orgrole dsgwfilter.conf: dsgw-orgrole" "=" " " "(%v))" "^[+]*[0-9][ 0-9-]*$" " " with" "^\*$" " " "(cn=*))" ".*" ".
PAGE 85

Modifying Default Search Filters Example 6.7 Search Filter for Email Address Searches "@" Note " ""(mail=%v))" "email address is" "(mail=%v*))" "email address starts with" Standard searches use the filters associated with the first matching pattern only. Advanced searches use all filters defined for the entry. Specifying a Search Filter for a New Object The syntax in Example 6.8 allows users to search person entries by birthday or birth month. Example 6.
PAGE 86

Customizing Search Result Templates Customizing Search Result Templates How the Gateway Displays Search Results When a user submits a standard search or advanced search from the gateway, the gateway constructs a search string and filter for the corresponding search object and queries the Directory Server. The Directory Server responds with matching entries in the LDAP database. The gateway uses a search result template to display the entries returned by the Directory Server.
PAGE 87

Customizing Search Result Templates Table 6.3 lists the default gateway search objects and the information displayed on the search results list. Search results templates are stored in the dsgw/config directory and use the list-
.html file naming convention. Table 6.3 Default Search Results for Search Objects Search object Search result template used Search results displayed people list-People.html name, phone number, e-mail address, and title NT-people list-NT-People.
PAGE 88

Customizing Search Result Templates NamePhone NumberE-Mail AddressTitleOrganizational Unit onMouseOver="window.
PAGE 89

Chapter 7 Chapter 7 Customizing Graphics and Color This chapter describes how to change the appearance of default gateway forms. Topics include: • Updating the Banner Image • Updating Button Images • Color Schemes • Changing Table Colors Appearance of Gateway Forms The default gateway installed during Directory Server installation matches the standard appearance of Netscape products.
PAGE 90

Updating the Banner Image • link color Updating the Banner Image The default gateway banner image that appears at the top of the gateway forms is title.gif. This image can be replaced by a different banner image stored as dsgw/html/title.gif. Changing Dimensions of Banner Image The default Netscape banner image has a height of 40 pixels and a width of 530 pixels.
PAGE 91

Updating Button Images Updating Button Images Buttons on gateway forms can be replaced by updating button image files stored in the dsgw/html directory. Table x describes the button image files stored in the dsgw/html directory: Table 7.1 Button Images Button Image Description stsearch_off.gif used in the maintitle.html, authtitle.html, csearchtitle.html, and newentrytitle.html pages stsearch_on.gif used on the searchtitle.html page adsearch_off.gif used in the maintitle.html, authtitle.
PAGE 92

Color Schemes • newentrytitle.html Changing the default filename of a button .gif file requires updating the filename in all files where the image is referenced. Any image used to replace a button image must be a true gif image. Images in other formats (PICT, EPS, BPX, TIFF) will not appear as intended. Color Schemes Changing the color schemes for a form requires editing the files that make up a gateway form. The procedure for changing colors depends on the gateway file type.
PAGE 93

Color Schemes Table 7.2 Files Controlling Appearance of Gateway Forms To Change Colors on the Edit File Type authentication forms authtitle.html banner authPassword.html script authSearch.html script searchtitle.html banner searchString.html script greeting.html HTML list-*.html search result csearchtitle.html banner csearchAttr.html script csearchBase.html script csearchMatch.html script csearchString.html script csearchType.html script emptyFrame.html HTML list-*.
PAGE 94

Color Schemes Changing Colors Using BODY Tag Table 7.3 lists the five standard color attributes that can be changed. Table 7.
PAGE 95

Changing Table Colors Changing Table Colors Specifying Color Names and Color Codes There are two ways to specify colors: • Use a color value, a six-digit hexadecimal number known as the red-greenblue (RGB) triplet. The RGB triplet always begins with a hash mark (#) followed by 3 2-digit codes that represent the amount of red, green, and blue that make up the color (#rrggbb). There are over 16 million RGB color codes. • Use a color name. There are sixteen standard case-insensitive color names. Table 7.
PAGE 96

Changing Table Colors Table 7.
PAGE 97

Appendix A .conf Parameters This appendix describes, in alphabetical order, gateway configuration parameters. Parameters are defined in dsgw.conf and pb.conf, installed during Directory Server installation. Associated directives are described in Appendix B, “Gateway Directives Reference.” authlifetime Description Format Example Specifies the amount of time in seconds before a user’s authentication expires in the gateway.
PAGE 98

baseurl Description Format Specifies the host name and port number used to contact the Directory Server. This parameter also determines the search base used for searches performed from the gateway, and whether the gateway uses SSL to communicate with the Directory Server. baseurl [ldap | ldaps]://:/
ldap | ldaps . Use ldap to have the gateway communicate the Directory Server without using SSL. Use ldaps to have the gateway communicate with the Directory Server using SSL. .
PAGE 99

binddnfile Description Specifies the location of the file where the bind DN and bind password are stored. This file is used to authenticate to the server for non-anonymous searching. The binddnfile contains two lines, the first specifying the dn with which to bind, and the second specifying the bind password. For example: binddn “” bindpw This file should be stored separately of the .conf file for the gateway instance.
PAGE 100

For compatibility with HTTP clients that can’t handle an HTTP response with a charset parameter in the content-type, comment out this parameter in the.conf file. this prevents the gateway from sending an explicit charset to gateway clients. When no charset parameter is defined, the gateway by default transmits ISO-8859-1 (Latin-1). The charset parameter is ignored by Netscape Communicator 4.0 and Internet Explorer 4.0 and greater clients, which request the UTF-8 charset by default.
PAGE 101

Example dirmgr “cn=Directory Manager, o=airius.com” For information on the root DN and on setting permissions for the directory, see the Netscape Directory Server Administrator’s Guide. gwnametrans Description Used by gateway CGIs to specify the URL to output for HTTP redirection. This needs to be specified as "/dsgw/" and should be the same as the NameTrans set in the HTTP server, if any is being used.
PAGE 102

include Description Format Example Specifies the location of another config file that should be read by the gateway. include “” include “../config/dsgw-l10n.conf” location Description Format Defines the location choices for adding new entries to the gateway. Each location parameter represents a branch point in the directory tree below which new entries can be added. location “” “” .
PAGE 103

location-suffix Description Identifies the directory suffix used to create new entries in the directory. This value is appended to the DN field of the NLS parameter when the gateway is used to create new entries in the directory. Format Example location-suffix “” location-suffix “o=airius.com” newtype Description Format Defines the types of entries that can be added to the directory using the gateway.
PAGE 104

. The attribute used to name entries of this type. For example, the default value for the rdnattr field for people entries is uid. This means that any people entries created using the gateway will have DNs of the following format: uid= The rdnattr field can be modified so that entries are named using a different attribute.
PAGE 105

template Description Format Example Maps specific object classes to internal gateway templates. These templates define how a specific object class such as a person, a group, or an organizational unit is displayed in the gateway. The templatename identified has a corresponding HTML template stored in dsgw/conf/.
PAGE 106

• ADR;WORK—The work address of the of the person or resource described by the vCard. By default, ADR;WORK is mapped to the postalAddress attribute. • ADR;HOME—The home address of the of the person or resource described by the vCard. By default, ADR;HOME is mapped to the homePostalAddress attribute. • EMAIL;INTERNET—The email address of the person or resource described by the vCard. By default, EMAIL;INTERNET is mapped to the mail attribute.
PAGE 107

Example The following example changes the mapping of the NOTE property from the default description attribute to a custom attribute named hobbies: vcard-property NOTE mls hobbies Appendix A, .
PAGE 108

90 Netscape Directory Server Gateway Customization Guide
PAGE 109

Introduction Appendix B Gateway Directives Reference This appendix describes directives used in Gateway HTML object class and search result templates. Contents include: • Introduction • Context-Related Directives • Entry-Related Directives • Miscellaneous Directives Introduction The display of LDAP directory information is controlled by HTML template files containing directives. Directives are HTML comments that can be interpreted by the gateway CGIs.
PAGE 110

Introduction Note With the exception of GCONTEXT, each directive must start at the beginning of a line and be contained on a single line in the HTML file. Most of the directory server gateway directives begin with DS_, although some do not.
PAGE 111

Context-Related Directives Context-Related Directives The context-related directives GCONTEXT and PCONTEXT appear within a line, and are not required to appear at the beginning of a line. This is an exception to the rule. All other directives must appear at the beginning of a line, to be recognized by the directory server. GCONTEXT Description The directive appears within an URL and is used in the invocation of CGIs through GET operations.
PAGE 112

Entry-Related Directives
Entry-Related Directives Entry-related directives are supported by the dosearch and edit CGIs. DS_ENTRYBEGIN Description Delimits the beginning of an entry. The DS_ENTRYBEGIN directive is used in display or edit templates to mark the start of an LDAP entry and in list templates to mark the beginning of a section which should be repeated for each entry which is returned by the search. Always paired with DS_ENTRYBEGIN. Arguments None.
PAGE 113

Entry-Related Directives Arguments attr=attribute-name . Displays the named attribute. Any attribute may be displayed. The special attribute "dn" is recognized and causes the distinguished name of the entry to be displayed. syntax=syntax-type . Displays the attribute as if it were of syntax syntax-type. If no syntax= argument is given, syntax=cis is assumed. Legal values are described in Table 7.5. Table 7.
PAGE 114

Entry-Related Directives options=option. Modifies how the attribute is displayed. Legal values are described in Table 7.7. Table 7.7 DS_ATTRIBUTE: Display of options Argument Options Display sort sorted attribute values nolink do not attempt to display the attribute as a hyperlink dntags only applies when using syntax=dn - tags are displayed when showing DNs.
PAGE 115

Entry-Related Directives rows=number, rows=+number, rows=>number. Controls the number of rows used to display the entry. For type=text, this controls the number of editable HTML INPUT fields. For type=textarea, this controls the number of rows in the textarea. If number is preceded by a plus (+) sign, then number extra rows are included. If number is preceded by a greater-than sign, then at least number rows are included. cols=number, cols=+number, cols=>number.
PAGE 116

Entry-Related Directives "options=readonly" --> DS_OBJECTCLASS Description Describes the type of directory entries a given template should be used for. Arguments value=value1,value2,...valueN. specifies a list of objectclass values.
PAGE 117

Entry-Related Directives Arguments prefix=text. HTML text to emit before view elements (optional) suffix=text. HTML text to emit after view elements (optional) curprefix=text. HTML text to emit before the link to the current (active) view element (optional) cursuffix=text. HTML text to emit after the link to the current view element (optional) altprefix=text. HTML text to emit before each link to an alternative view element (optional) altsuffix=text.
PAGE 118

Entry-Related Directives DS_SEARCHDESC Description Specifies that text describing the type of search done should be displayed. For example, "Found 14 entries where the phone number ends with ’25’". Arguments None. DS_POSTEDVALUE Description Echoes the contents of an arbitrary posted form variable within a VALUE= parameter. Arguments name=varname. The name of the form variable.
PAGE 119

Entry-Related Directives Arguments label=text. Use "text" as the label on the button. If not provided, the text "Edit" is used. Example DS_DELETEBUTTON Description Displays a button which, when clicked, allows deletion of an entry. This directive must appear within a DS_ENTRYBEGIN...DS_ENTRY_END block. Typically used in edit templates. Arguments label=text. Use "text" as the label on the button. If not provided, the text "Delete" is used.
PAGE 120

Entry-Related Directives Examples DS_EDITASBUTTON Description Displays a button which, when clicked, allows editing of an entry using a nondefault template. This directive must appear within a DS_ENTRYBEGIN...DS_ENTRY_END block. Arguments label=text. Use "text" as the label on the button. If not provided, the text "Edit As" is used. template=template-name. use the template name template-name when editing.
PAGE 121

Entry-Related Directives DS_CONFIRM_NEWPASSWORD Description Displays an HTML password INPUT field. The gateway compares the value supplied by the user in this field to the value in the DS_NEWPASSWORD field, and only saves the new password value if the two match. This directive must appear within a DS_ENTRYBEGIN...DS_ENTRY_END block. Arguments None. DS_OLDPASSWORD Description Displays an HTML password field for the old password. This directive must appear within a DS_ENTRYBEGIN...DS_ENTRY_END block.
PAGE 122

Entry-Related Directives DS_CLOSEBUTTON Description Displays a Close button, which causes the containing window to be closed. Arguments label=text. Use "text" as the label on the button. If not provided, the text "Close Window" is used. Example DS_BEGIN_ENTRYFORM Description Causes the gateway to emit an HTML FORM directive, and several hidden form elements which are required for proper operation of the gateway. This directive must appear within a DS_ENTRYBEGIN...
PAGE 123

Entry-Related Directives DS_EMIT_BASE_HREF Description Emit a tag that contains the base URL for the CGI that was executed. (Not supported in DS 1.0) Arguments None. DS_DNEDITBUTTON Description Used to edit DN-valued attributes, such as group member. Arguments label= . template= . attr= . desc= . DS_BEGIN_DNSEARCHFORM Description Used to edit DN-valued attributes, such as group member. Arguments None.
PAGE 124

Entry-Related Directives DS_END_DNSEARCHFORM Description XXX (Not supported in DS 1.0) Arguments None. DS_ATTRVAL_SET Description display an attribute based on an "attrvset" as defined in the dsgw.conf file. Arguments set=name. use information from attribute value set name prefix=text. HTML text to emit before each attribute value element (optional) suffix=text.
PAGE 125

Entry-Related Directives Arguments for ELSE and ENDIF None. Table 7.
PAGE 126

Miscellaneous Directives // this entry is a mail recipient... do something special here Miscellaneous Directives BODY Description Emit HTML element that includes color information. (Not supported in DS 1.0). Arguments extrahtml. Examples COLORS Description Set color information to be used in subsequent BODY directives.
PAGE 127

Miscellaneous Directives TITLE Description Emit HTML , , and <BODY> elements. Supported by all directory gateway CGIs. Arguments title-string. Example  ENDHTML Description Emit </BODY></HTML> sequence Arguments None. HELPBUTTON Description Display a Help button (same effect as DS_HELPBUTTON directive, but can be used from any gateway CGI) (Not supported in DS 1.0) Arguments topic.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-128.html">PAGE 128</a></h6> <p>Miscellaneous Directives INCLUDE Description Include the contents of another HTML file. Note that you cannot nest include directives. (Not supported in DS 1.0) Arguments filename. the name of the file to include. This is relative to the html/ directory where files such as display-inetorgperson.html are located. Example  INCLUDECONFIG Description include the contents of an HTML-based configuration file. Note that you cannot nest include directives.(Not supported in DS 1.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-129.html">PAGE 129</a></h6> <p>Miscellaneous Directives Arguments prefix=prefix-text. text displayed before the last operation info. suffix=suffix-text. text displayed after the last operation info. Example  DS_LOCATIONPOPUP Description Emit an HTML form element that contains a list of all the o’s and ou’s that are in the directory. If there is only one, a hidden field is produced; otherwise an HTML select field is produced. (Not supported in DS 1.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-130.html">PAGE 130</a></h6> <p>Miscellaneous Directives Example  IF/ ELSE/ ELIF/ ENDIF Same as those supported by the dosearch and edit CGIs, except that only conditionals marked with an asterix (*) are supported.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-131.html">PAGE 131</a></h6> <p>Appendix C CGI Usage This appendix provides regular expression-type descriptions of the ways to invoke the CGIs in script files. Each regular expression is followed by the variables the expression can take on a POST. Uppercase words are variables. Lowercase words are literals.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-132.html">PAGE 132</a></h6> <p>dnedit dnedit?CONTEXT=context&TEMPLATE=tmplname&DN=dn& ATTR=attrname&DESC=description doauth escapedbinddn = DN authdesturl = AUTHDESTURL password = PASSWORD domodify changetype = CHANGETYPE dn = DN newrdn = RDN completion_javascript = COMPL_JS newpasswd = NEW_PASSWD passwd = PASSWD newpasswdconfirm = NPCONFIRM dosearch dosearch?context=BLAH[&hp=host[:port]][&dn=baseDN][&ld q=LDAPquery]] mode = MODE searchstring = SEARCH STRING type = TYPE base = BASE attr = ATTR match = MATCH attr = ATTR filterpattern =</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-133.html">PAGE 133</a></h6> <p>filtersuffix = FILTERSUFFIX scope = SCOPE searchdesc = SEARCHDESC edit edit?template&context=CONTEXT[&info=INFOSTRING] [&ADD][&dn=DN][&dnattr=ATTRNAME&dndesc=DESCRIPT ION] (GETs only. No POSTs.) lang lang?context=CONTEXT[&file=FILE] newentry newentry[?context=CONTEXT[&file=FILE]] entrytype = ET entryname = EN rdntag = RDNTAG selectLocation = SL dnsuffix = DNSUFFIX search search?context=CONTEXT[&file=string] (GETs only. No POSTs.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-134.html">PAGE 134</a></h6> <p>116 Netscape Directory Server Gateway Customization Guide</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-135.html">PAGE 135</a></h6> <p>Appendix D Gateway User Help This appendix provides instructions for using the Directory Server 4.0 gateway interface. The information supplied here is intended to be repurposed as help topics that can be made available to gateway users from the Help button on gateway forms. Topics include: • Directory Tree Structure • Searching the Directory • Authentication • Adding Entries Using the New Entry Form Directory Tree Structure The hierarchy of data in the directory can be represented by a tree.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-136.html">PAGE 136</a></h6> <p>Searching the Directory ou=Marketing, o=Airius.com ou=Accounting, o=Airius.com Entries for people and resources within the organization appear below the organizational branches. Distinguished Name Syntax A directory entry is uniquely identified by its distinguished name (DN). The DN for an entry is represented as a series of comma-separated attributes and attribute values. The left-most value represents the entry’s name. Each subsequent attribute represents a branch point above the entry.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-137.html">PAGE 137</a></h6> <p>Searching the Directory Both types of searches permit searching for any of the entry types described in Table 7.9. Table 7.9 Entry Types That Can Be Specified Type of Entry Description People Entries that describe a person NT People Entries that describes an NT user. Groups Entries that describe a group. Groups may be defined System Administrators, Tech Writers, or all the people interested in Fishing, or all the Color Printers at the site. Groups can also contain other groups.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-138.html">PAGE 138</a></h6> <p>Searching the Directory To perform a standard search: 1. Select the Standard Search tab. The Standard Search form appears. 2. Enter the value to find in the Search for field. This field is not case sensitive. Any of the following values can be entered: • A name or part of a name • a person’s initials • some or all of a phone number • some or all of an email address • an LDAP search filter 3. Click Submit.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-139.html">PAGE 139</a></h6> <p>Searching the Directory • a character space, a period, or a space and a period together • one or more characters For example, specifying the string “P.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-140.html">PAGE 140</a></h6> <p>Searching the Directory Searching for Email Addresses Standard search searches for matching email addresses if an at (@) symbol is provided. Standard Search first searches for any email addresses that exactly match the value entered. For example, specifying the string “rafi@” could return the exact match: • rafi@ or, if no match exists for “rafi@” in the directory, the search could return: • rafi@aardvark.com • rafi@acme.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-141.html">PAGE 141</a></h6> <p>Searching the Directory The options for the first three of these fields are provided in pull-down menus. The fourth field contains the actual search string. For example: Find: [People] where the: [Last Name] [is] [Supriya] Find: [People] where the: [Full Name] [sounds like] [Lloyd Daniels] Performing an Advanced Search 1. Select the Advanced Search tab. the The Advanced Search form appears. 2. Select the type of entry to search for. 3.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-142.html">PAGE 142</a></h6> <p>Searching the Directory No matches A search result that returns no matches means one of the following has occurred: • No entries in the directory match the search criteria. • You did not authenticate before performing the search. • The access control for the directory subtree does not permit viewing of matching entries, regardless of authentication privileges. A Single match When a single match is returned in a response to an “is” search, the gateway displays all details for the entry.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-143.html">PAGE 143</a></h6> <p>Authentication Authentication Authentication is the process of enabling users to perform operations on the directory. By default, access to the directory is denied to all users with the exception of the directory administrator. The directory administrator defines the user permissions that grant or restrict access to information in the directory.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-144.html">PAGE 144</a></h6> <p>Authentication • allow or deny access based on the physical machine being used. The interface prompts the user to authenticate before allowing modifications to the directory. A user who does not authenticate is allowed those permissions enabled for anonymous access. For more information, see the Netscape Directory Server Administrator’s Guide and the Netscape Directory Server Deployment Guide.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-145.html">PAGE 145</a></h6> <p>Authentication Logging Out of the Directory To unauthenticate: 1. Click on the authentication tab. The Authentication form appears. 2. Click the Discard Authentication Credentials button. The user is returned to anonymous access privileges. Troubleshooting Authentication Problems The following table lists common authentication problems, possible causes, and actions that may be taken to resolve the problem.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-146.html">PAGE 146</a></h6> <p>Adding Entries Using the New Entry Form Table 7.11 Authentication Problems Problem Possible Cause Possible Action Search results are empty. No entries match the search string entered, or user authentication required. Try a different search operation or authenticate to the directory. Search results in missing entries or attribute information.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-147.html">PAGE 147</a></h6> <p>Adding Entries Using the New Entry Form • an NT person • a group • an NT group • an organizational unit • an organization Directory authentication is required before entries can be added to the directory using the gateway’s New Entry form. Adding a Person Entry 1. Click on the New Entry tab to bring up the New Entry form. 2. For type of entry, select Person. 3. Enter a user name for the person. 4. Specify a directory location for the entry. ou=People is the most common location for a new user.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-148.html">PAGE 148</a></h6> <p>Adding Entries Using the New Entry Form Adding an NT Person Entry When creating an NT Person entry, make sure that the subtree where the entry is placed is the subtree used by the directory’s NT Synchronization Service to synchronize entries. When an NT Person entry is placed in another location, it is not synchronized with the Windows network Required fields for an NT Person entry include: • Last name • Full Name • NT Domain Name • NT User ID Adding a Group Entry 1.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-149.html">PAGE 149</a></h6> <p>Adding Entries Using the New Entry Form Adding an NT Group Required fields for an NT Group include: • Name • NT Group Name • NT Group Domain Adding an Organizational Unit Entry 1. Click on the New Entry tab to bring up the New Entry form. 2. For type of entry, select Organizational Unit. 3. Enter a name for the organizational unit. 4. Specify a directory location for the entry. ou=People is a common location for adding new organizational units.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-150.html">PAGE 150</a></h6> <p>Adding Entries Using the New Entry Form Adding an Organization Entry An organization can only be added when the directory is initially populated. Organizations added must match the directory tree structure specified during directory server installation. The New Entry form can not be used to create a new root entry. 1. Click the New Entry tab to bring up the New Entry form. 2. For type of entry, select Organization. 3. Enter a name for the organization. 4. Specify a directory location for the entry.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-151.html">PAGE 151</a></h6> <p>Index A C Additional CGI directory 19 Additional document directory 19 Advanced search attributes for 59 example of pop-up menu 60 Attributes adding to object classes 51 deleting from object classes 52 auth CGI 113 Authentication access control 125 and non-anonymous searching 9 as directory manager 24 procedures for 126 troubleshooting problems 127 authlifetime parameter 79 Certificate database 26 CGIs auth 113 csearch 113 dnedit 114 dosearch 115 edit 114 invocation using a GET 6 lang 115 newentry 115 se</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-152.html">PAGE 152</a></h6> <p>DS_DELETEBUTTON 101 DS_DNEDITBUTTON 105 DS_EDITASBUTTON 102 DS_EDITBUTTON 100 DS_EMIT_BASE_HREF 105 DS_END_DNSEARCHFORM 106 DS_END_ENTRYFORM 104 DS_ENTRYBEGIN 94 DS_ENTRYEND 94 DS_GATEWAY_VERSION 111 DS_HELPBUTTON 103 DS_LAST_OP_INFO 110 DS_LOCATIONPOPUP 111 DS_NEWPASSWORD 102 DS_OBJECTCLASS 98 DS_OLDPASSWORD 103 DS_POSTEDVALUE 100 DS_SAVEBUTTON 101 DS_SEARCHDESC 100 DS_SORTENTRIES 99 DS_VIEW_SWITCHER 98 ENDHTML 109 entry related 94 entry-related 51 GCONTEXT 93 HELPBUTTON 109 IF/ ELSE/ ELIF/ ENDIF 106, 112</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-153.html">PAGE 153</a></h6> <p>what is 1 Gateway CGIs 6 Gateway clients, see HTTP clients Gateway cloning 12, 23 Gateway configuration .conf file 23 changing LDAP port using baseurl parameter 23 configuring Communicator 4.x for preferred language 28 configuring gateway clients 27 configuring Navigator 3.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-154.html">PAGE 154</a></h6> <p>HTTP server configuration add additional CGI directory (3.x) 21 add additional CGI directory (4.0) 20 add additional document directory (3.x) 20 add additional document directory (4.0) 20 and gateway root suffix 17 change permissions of cookie directory 21 name translation mapping 17 HTTP server recommendations for release 4.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-155.html">PAGE 155</a></h6> <p>vcard-property 87 pb.conf, see Directory Express Port setting 23 POST operation specifying in an HTML form 7 using PCONTEXT 7 R Root processes 13 Root suffix 17 S Script files expressions for invoking CGIs in 113 for Gateway forms 42 Search attributes 59 adding 63 adding search support 63 search match types 62 specifying 61 search CGI 115 Search configuration files dsgwfilter.conf 40, 58 dsgwsearchprefs.</p> </li> <li> <h6><a class="text-decoration-none text-link fw-bold" href="/manual/red-hat/version4-1/server-user-manual/page-156.html">PAGE 156</a></h6> <p>138 Netscape Directory Server Gateway Customization Guide</p> </li> </ul> </nav> </div> </section> </section> </main> <footer class="page-footer"> <div class="container flex-column py-3 py-sm-4"> <div class="row mb-1 mb-sm-2 mb-md-5"> <a href="/" class="brand offset-sm-0 col-sm-4 col-md-3 col-lg-2 offset-2 col-8 text-center text-md-start"><img class="logo-small" src="/assets/img/brand-large.png" alt="Manualshelf"/></a> </div> <div class="row"> <dl class="text-center text-sm-start col-sm-3"> <dt class="fw-bold">Who We Are</dt> <dd><a class="text-decoration-none" href="/about">About Us</a></dd> <dd><a class="text-decoration-none" href="/company">Company</a></dd> <dd><a class="text-decoration-none" href="/careers">Careers</a></dd> <dd><a class="text-decoration-none" href="/terms">Terms & Privacy</a></dd> </dl> <dl class="text-center text-sm-start col-sm-3"> <dt class="fw-bold">Resources</dt> <dd><a class="text-decoration-none" href="/brands">List of Manufacturers</a></dd> <dd><a class="text-decoration-none" href="/">Support</a></dd> <dd><a class="text-decoration-none" href="/press">For the Press</a></dd> <dd><a class="text-decoration-none" href="/press#assets">Media assets</a></dd> <dd><a class="text-decoration-none" href="/faq">FAQ</a></dd> </dl> <dl class="text-center text-sm-start col-sm-3"> <dt class="fw-bold">Get in touch</dt> <dd><a class="text-decoration-none" href="#">Blog</a></dd> <dd><a class="text-decoration-none" href="#">Email</a></dd> <dd><a class="text-decoration-none" href="/dmca">DMCA</a></dd> </dl> </div> <div class="row"> <div class="text-center text-sm-start col-sm-4 pe-sm-0"> <a href="https://www.facebook.com/pages/ManualShelf/1488826334681423" class="fs-5 text-center d-inline-block social rounded-2 align-middle text-decoration-none me-2"><i class="fab fa-facebook-f"></i></a> <a href="https://www.twitter.com/ManualShelf" class="fs-5 text-center d-inline-block social rounded-2 align-middle text-decoration-none me-2"><i class="fab fa-twitter"></i></a> <a href="https://plus.google.com/+ManualShelf" class="fs-5 text-center d-inline-block social rounded-2 align-middle text-decoration-none me-2"><i class="fab fa-google-plus-g"></i></a> <a href="http://www.pinterest.com/ManualShelf" class="fs-5 text-center d-inline-block social rounded-2 align-middle text-decoration-none"><i class="fab fa-pinterest-p"></i></a> </div> <div class="col col-sm-8 d-flex flex-column align-items-center flex-sm-row flex-wrap flex-sm-nowrap justify-content-center justify-content-sm-end"> <div class="copy w-auto d-flex align-items-center justify-content-center justify-content-sm-end mt-2 mt-sm-0 me-2">ManualShelf © 2013-2025</div> <select class="form-select form-select-sm w-auto mt-2 mt-sm-0"> <option value="usa">USA</option> </select> <div> </div> </div>  <div id='pixel'> <script> googletag.cmd.push(function() { googletag.display('pixel'); }); </script> </div> </footer>  <script src="/assets/js/jquery-3.3.1.min.js"></script> <script src="/assets/js/bootstrap.bundle.min.js"></script> <script src="/assets/js/jquery.autocomplete.min.js"></script>  <script type="text/javascript"> $.extend({ redirectPost: function(location, args) { var form = ''; $.each(args, function(key, value) { form += '<input type="hidden" name="' + key + '" value="' + value + '">'; }); form = '<form id="s1" action="' + location + '" method="POST">' + form + '</form>'; $(document.body).append(form); $("#s1").submit(); } }); $(document).ready(function(){ $("#query").autocomplete({ minChars: 3, groupBy: 'type', paramName: 'q', dataType: 'json', serviceUrl: '/autocomplete', noCache: true, showNoSuggestionNotice: true, noSuggestionNotice: 'Zarro results found', onSelect: function (suggestion) { $.redirectPost(suggestion.data.url, {highlight: encodeURIComponent(JSON.stringify(suggestion.data.hls))}); } }); var toc = $('.toc-selector'); if (toc.length) { var slideParams = { duration: 800, easing: 'linear' }; toc.click(function() { $(this).toggleClass('open'); var section = $('.toc-content'); var isCollapsed = section.attr('data-collapsed') === 'true'; if (isCollapsed) { section.slideDown(slideParams) section.attr('data-collapsed', 'false') } else { section.slideUp(slideParams); section.attr('data-collapsed', 'true') } }); } }); var lastSmall = $(window).width() < 576; $(window).resize(function() { var newSmall = $(window).width() < 576; if (lastSmall != newSmall) { lastSmall = newSmall; window.location.href = window.location.href; } }); </script> </body> </html>