HP UX Direry Server manuals
Computer Equipment > Software
When we buy new device such as HP UX Direry Server we often through away most of the documentation but the warranty.
Very often issues with HP UX Direry Server begin only after the warranty period ends and you may want to find how to repair it or just do some service work.
Even oftener it is hard to remember what does each function in Software HP UX Direry Server is responsible for and what options to choose for expected result.
Fortunately you can find all manuals for Software on our side using links below.
HP UX Direry Server Manual
68 pages 1.59 Mb
1 HP-UXDirectory Server Version3 Table of Contents5 1 Introduction to HP-UXDirectory Server7 2 Admin Server configuration33 3 Admin express3.1 Managing servers in Admin Express3.1.1Opening Admin Express 3.1.2 Starting and stopping servers 3.1.3 Viewing server logs 34 3.1.4 Viewing server information3.1.5 Monitoring replication from Admin Express35 supplierconsumer nobody grep \^User /etc/opt/dirsrv/admin-serv/console.conf chmod 0400 filename To view in-progressstatus of replication in Admin Express: 2.In the Admin Server web page, click the Admin Express link, and log in 3.Click the Replication Status link by the supplier server name Type the path to the configuration file in the Configuration file 36 Figure 3-4Viewing replication statusFigure 3-5Viewing replication status 37 3.2 Configuring Admin Express45 4 Admin Server command-linetools4.1 sec-activate 4.2 modutil46 task“Task commands for modutil” option “Options for modutil” Tasks and options Each modutil command can take one task and one option Table “Task commands for modutil” modutil “Options for modutil” Table 4-1Task commands for modutil 47 Table 4-1Task commands for modutil (continued)Table 4-2Options for modutil 48 Table 4-2Options for modutil (continued)JAR information file JAR (Java Archive) is a platform-independent file format that aggregates many files into one. JAR files are used by to install PKCS #11 modules. When command METAINFO MANIFEST http://docs.sun.com source/816-6164-10/contents.htm pk11install +Pkcs11_install_script: pk11install Examples of using modutil •“Creating database files” •“Displaying module information” •“Setting a default provider” 49 •“Enabling a slot”•“Enabling FIPS compliance” •“Adding a cryptographic module” •“Changing the password on a token” Creating database files Displaying module information Setting a default provider Enabling a slot To enable a particular slot in a module: Enabling FIPS compliance 50 modutil -fipstrueFIPS mode enabled Adding a cryptographic module Module "Cryptorific Module" added to database Changing the password on a token 51 5 Support and other resources5.1 Contacting HP5.1.1 Information to collect before contacting HP 5.1.2How to contact HP technical support 5.1.3HP authorized resellers 5.1.4Documentation feedback 5.2 Related information 53 5.3 Typographic conventions55 Glossary56 bindSee bind DN bind DN bind rule branch entry An entry that represents the top of a subtree in the directory browser browsing index See also virtual list view index See Certificate Authority cascading replication and in turn supplies those updates to the consumer Certificate Authority CGI output parsing that is not done by the server itself chaining then returned to the client changelog other masters, in the case of multi-masterreplication character type upper-caseto lower-caseletters ciphertext information class definition how the object works in relation to other objects in the directory class of service See CoS CoS classic CoS entry's attributes client See LDAP client code page operating system uses to relate keyboard keys to character font displays collation order or how to compare letters with accents to letters without accents consumer server is called a consumer for that replica CoS 57 CoS definitionentry affects CoS template Contains a list of the shared attribute values See also template entry daemon Daemon processes do not need human intervention to continue functioning DAP directory data master The server that is the master source of a particular piece of data database link storage. Instead, it points to data stored remotely default index definition entry See CoS definition entry Directory Access See DAP DAP Protocol Directory Manager does not apply to the Directory Manager directory service people and resources within an organization directory tree known as DIT String representation of an entry's name and location in an LDAP directory DIT See directory tree See Directory Manager See distinguished name DNS www.example.com maintained on their systems DNS alias called realthing.yourdomain.domain where the server currently exists A group of lines in the LDIF file that contains information about an object entry distribution large numbers of entries entry ID list the client application's search request equality index file extension index.html html 58 file typeextension (for example, .GIF or .HTML) filter filtered role role general access GSS-API host name machine dom www example and com domain HTML pages HTTP and clients HTTPD HTTP protocol. The daemon or service is often called an httpd HTTPS A secure version of HTTP, implemented using the Secure Sockets Layer, SSL hub and, in turn, replicates it to a third server See also cascading replication ID list scan limit index key lists indirect CoS international Speeds up searches for information in international directories International See ISO ISO Standards Organization IP address of a machine on the Internet (for example, 198.93.93.10) ISO International Standards Organization knowledge Pointers to directory information stored in different databases reference 59 LDAPand across multiple platforms LDAP client Software used to request and view LDAP entries from an LDAP Directory Server See also browser browser LDAP Data See LDAP Data Interchange Format Interchange Format LDAP URL LDAP. A sample LDAP URL is ldap://ldap.example.com LDAPv3 LDBM database data assigned to it. The primary data store in Directory Server LDIF leaf entry directory tree Lightweight See LDAP locale which code page should be used to represent a given language managed object managed role Allows creation of an explicit enumerated list of members management See MIB MIB information base mapping tree master See supplier master agent See SNMP master agent matching rule MD5 produce; a piece of data that will produce the same message digest MD5 signature A message digest produced by the MD5 algorithm MIB areas MIB namespace referenced. Also called the directory tree monetary format its value, and how monetary units are represented multi-master 60 determine which server holds the most recent versionmultiplexor n + 1 directory problem resulting in increased hardware and personnel costs name collisions Multiple entries with the same distinguished name nested role Allows the creation of roles that contain other roles network application were received See NMS NMS station NIS parameters throughout a network of computers NMS network management station ns-slapd Directory Server See also slapd slapd object class object identifier IETF or similar organizations See also OID OID OID See object identifier operational requested parent access if the bind DN is the parent of the targeted entry pass-through See PTA PTA PTA directory server subtree authenticating directory server password file It is also known as /etc/passwd because of where it is kept password policy A set of rules that governs how passwords are used in a given directory PDU data unit permission is granted or denied and the level of access that is granted or denied See also access rights pointer CoS A pointer CoS identifies the template entry using the template DN only 61 presence indexAllows searches for entries that contain a specific indexed attribute protocol A set of rules that describes how devices on a network exchange information protocol data unit See PDU PDU proxy with its own DN but with a proxy DN proxy DN PTA pass-throughauthentication PTA directory server through) bind requests it receives to the authenticating directory server PTA LDAP URL pass-throughsubtree(s), and optional parameters RAM stored in RAM is lost when the computer is shut down RDN to form the full distinguished name. Also relative distinguished name read-onlyreplica of read-onlyreplicas read-writereplica can hold any number of read-writereplicas referential integrity referral called a referral relative See RDN RDN replica A database that participates in replication replica-initiated agreement connection is secured RFC standards role role-based attributes CoS template root privileges to all files on the machine root suffix 62 SASLSimple Authentication and Security Layer schema access the directory may be unable to display the proper results schema checking not conform to the schema Secure Sockets See SSL SSL Layer self access targeted entry Server Console Server from a GUI server daemon Server Selector Interface that allows you select and configure servers using a browser server service the SMB server on Windows NT service Service processes do not need human intervention to continue functioning SIE Simple See SASL Authentication and Security Simple Network See SNMP Management single-master supplier server maintains a changelog SIR See supplier-initiatedreplication slapd except replication See also ns-slapd ns-slapd SNMP about network activity. Also Simple Network Management Protocol SNMP master Software that exchanges information between the various subagents and the NMS agent SNMP subagent master agent. Also called a subagent SSL Secure Sockets Layer standard index index maintained by default sub suffix A branch underneath a root suffix subagent See SNMP subagent substring index to a minimum of two characters for each entry suffix 63 superuserprivileges to all files on the machine. Also called root servers supplier server called a supplier for that replica supplier-initiated symmetric encryption a symmetric encryption algorithm system index target particular ACI applies target entry The entries within the scope of a CoS TCP/IP and for enterprise (company) networks template entry See CoS template entry time/date format Indicates the customary formatting for times and dates in a specific region TLS Security topology one another Transport Layer See TLS TLS Security uid A unique number associated with each user on a Unix system URL documents. It is often called a location. The format of a URL is protocol://machine:port/document. The port number is necessary only on selected virtual list view See also browsing index X.500 standard and attributes used by directory server implementation 65 Index
160 pages 6.11 Mb
1 HP-UXDirectory Server Version3 Table of Contents9 1 Introduction to directory services17 2 Planning the directory data2.1 Introduction to directory data 18 2.2 Defining directory needs2.3Performing a site survey•Determine data ownership •Determine data access •Document the site survey 19 2.3.1 Identifying the applications that use the directory•Directory browser applications, such as online telephone books •Email applications, especially email servers •Directory-enabledhuman resources applications •Microsoft Active Directory Table 2-1Example application data needs •The data required by various legacy applications and users •The ability of legacy applications to communicate with an LDAP directory 20 2.3.2Identifying data sources•Identify organizations that provide information •Identify the tools and processes that are information sources •Determine how centralizing each piece of data affects the management of data Table “ Example information sources” Table 2-2Example information sources 2.3.3 Characterizing the directory data•Format •Size •Number of occurrences in various applications •Data owner •Relationship to other directory data “Directory data characteristics” Table 2-3Directory data characteristics 21 2.3.4 Determining level of service2.3.5 Considering a data master•Replication among Directory Servers •Synchronization between Directory Server and Active Directory •Independent client applications which access the Directory Server data There are different ways to implement data mastering: Chapter 6 “Designing the replication process” 22 2.3.6 Determining data ownershipAllow •Create roles that give groups of people read or write access privileges “Grouping directory entries” 23 2.3.7 Determining data accessFor each piece of information stored in the directory, decide the following: •Can the data be read anonymously •Can the data be read widely across the enterprise For more information about access controls, see “Designing access control” 24 2.4 Documenting the site survey25 2.5Repeating the site survey27 3 Designing the directory schema3.1 Schema design process overview 3.2 Standard schema This schema entry states the object identifier, or OID, for the class ), the name of the object class ), a description of the class ), then lists the required attributes , and ) and the allowed attributes 28 3.2.2 Standard attributescn: Babs Jensen In the schema, each attribute definition contains the following information: •A unique name •An object identifier (OID) for the attribute •A text description of the attribute •The OID of the attribute syntax Indications of whether the attribute is For example, the cn attribute definition appears in the schema as follows: Table 3-1Syntaxes support in Directory Server 29 3.2.3 Standard object classesDirectory Server Schema Reference Object class definitions contain the following information: •An object identifier (OID) that names the object •A set of mandatory attributes •A set of allowed (or optional) attributes 30 3.3 Mapping the data to the default schema31 3.4 Customizing the schema32 3.4.1 When to extend the schema3.4.2 Getting and assigning object identifiers 3.4.3Naming attributes and object classes 3.4.4 Strategies for defining new object classes33 For example, suppose an administrator wants to create the attributes, and One object class , is created and allows and . The parent of A second object class , allows is the object class The new object classes appear in LDAPv3 schema format as follows: exampleEntry AUXILIARY “Getting and assigning object identifiers” •Multiple object classes result in more schema elements to create and maintain •Multiple object classes require a more careful and rigid data design preferredOS •Avoid required attributes for new object classes require allow 34 3.4.5 Strategies for defining new attributesDirectory Server Schema Guide dateOfBirth 3.4.6 Deleting schema elements 3.4.7 Creating custom schema files 35 3.4.8.1 Naming schema files3.4.8.2Using 'user defined' as the origin 3.4.8.3Defining attributes before object classes 3.4.8.4Defining schema in a single file 36 3.5 Maintaining consistent schema37 3.5.1 Schema checkingFor example, if an entry is defined to use the object class, then the common name ) and surname 3.5.2 Selecting consistent data formatsITU-TRecommendation E.123 ITU-T postalAddress 3.5.3 Maintaining consistency in replicated schema 38 3.6Other schema resources39 4 Designing the directory tree59 5 Designing the directory topology73 6 Designing the replication process93 7 Designing synchronization103 8 Designing a secure directory125 9 Directory design examples141 10 Support and other resources10.1 Contacting HP 10.2 Related information •HP-UXDirectory Server administration server guide •HP-UXDirectory Server configuration, command, and file reference •HP-UXDirectory Server console guide •HP-UXDirectory Server deployment guide •HP-UXDirectory Server installation guide •HP-UXDirectory Server plug-inreference •HP-UXDirectory Server schema reference http://docs.hp.com/en/internet.html 142 10.2.2 HP-UXdocumentation set•HP-UX11i v3 Operating Environments: http://docs.hp.com/en/oshpux11iv3.html •HP-UX11i v2 Operating Environments: http://docs.hp.com/en/oshpux11iv2.html 143 10.3 Typographic conventions145 Glossary146 bindSee bind DN bind DN bind rule branch entry An entry that represents the top of a subtree in the directory browser browsing index See also virtual list view index See Certificate Authority cascading replication and in turn supplies those updates to the consumer Certificate Authority CGI output parsing that is not done by the server itself chaining then returned to the client changelog other masters, in the case of multi-masterreplication character type upper-caseto lower-caseletters ciphertext information class definition how the object works in relation to other objects in the directory class of service See CoS CoS classic CoS entry's attributes client See LDAP client code page collation order or how to compare letters with accents to letters without accents consumer consumer server is called a consumer for that replica CoS 147 CoS definitionentry affects CoS template Contains a list of the shared attribute values See also template entry daemon Daemon processes do not need human intervention to continue functioning DAP directory data master The server that is the master source of a particular piece of data database link storage. Instead, it points to data stored remotely default index definition entry See CoS definition entry Directory Access See DAP DAP Protocol Directory Manager does not apply to the Directory Manager directory service people and resources within an organization directory tree known as DIT String representation of an entry's name and location in an LDAP directory DIT See directory tree See Directory Manager See distinguished name DNS www.example.com maintained on their systems DNS alias called realthing.yourdomain.domain where the server currently exists A group of lines in the LDIF file that contains information about an object entry distribution large numbers of entries entry ID list the client application's search request equality index file extension index.html html 148 file typeextension (for example, .GIF or .HTML) filter filtered role role general access GSS-API host name www example com domain HTML pages HTTP and clients HTTPD HTTP protocol. The daemon or service is often called an httpd HTTPS A secure version of HTTP, implemented using the Secure Sockets Layer, SSL hub and, in turn, replicates it to a third server See also cascading replication ID list scan limit index key lists indirect CoS international Speeds up searches for information in international directories International See ISO ISO Standards Organization IP address Also Internet Protocol address location of a machine on the Internet (for example, 198.93.93.10) ISO International Standards Organization knowledge Pointers to directory information stored in different databases reference 149 LDAPand across multiple platforms LDAP client Software used to request and view LDAP entries from an LDAP Directory Server See also browser browser LDAP Data See LDAP Data Interchange Format Interchange Format LDAP URL LDAP. A sample LDAP URL is ldap://ldap.example.com LDAPv3 LDBM database data assigned to it. The primary data store in Directory Server LDIF leaf entry directory tree Lightweight See LDAP locale which code page should be used to represent a given language managed object managed role Allows creation of an explicit enumerated list of members management See MIB MIB information base mapping tree master See supplier master agent See SNMP master agent matching rule MD5 produce; a piece of data that will produce the same message digest MD5 signature A message digest produced by the MD5 algorithm MIB areas MIB namespace referenced. Also called the directory tree monetary format its value, and how monetary units are represented multi-master 150 determine which server holds the most recent versionmultiplexor n+1 directory problem resulting in increased hardware and personnel costs name collisions Multiple entries with the same distinguished name nested role Allows the creation of roles that contain other roles network application were received See NMS NMS station NIS parameters throughout a network of computers NMS network management station ns-slapd Directory Server See also slapd slapd object class object identifier IETF or similar organizations See also OID OID OID See object identifier operational requested parent access if the bind DN is the parent of the targeted entry pass-through See PTA PTA PTA directory server subtree authenticating directory server password file It is also known as /etc/passwd because of where it is kept password policy A set of rules that governs how passwords are used in a given directory PDU data unit permission is granted or denied and the level of access that is granted or denied See also access rights pointer CoS A pointer CoS identifies the template entry using the template DN only 151 presence indexAllows searches for entries that contain a specific indexed attribute protocol A set of rules that describes how devices on a network exchange information protocol data unit See PDU PDU proxy with its own DN but with a proxy DN proxy DN PTA pass-throughauthentication PTA directory server through) bind requests it receives to the authenticating directory server PTA LDAP URL pass-throughsubtree(s), and optional parameters RAM stored in RAM is lost when the computer is shut down RDN to form the full distinguished name. Also relative distinguished name read-onlyreplica of read-onlyreplicas read-writereplica can hold any number of read-writereplicas referential integrity referral called a referral relative See RDN RDN replica A database that participates in replication replica-initiated agreement connection is secured RFC standards role role-based attributes CoS template root privileges to all files on the machine root suffix 152 SASLSimple Authentication and Security Layer schema access the directory may be unable to display the proper results schema checking not conform to the schema Secure Sockets See SSL SSL Layer self access targeted entry Server Console Server from a GUI server daemon Server Selector Interface that allows you select and configure servers using a browser server service the SMB server on Windows NT service Service processes do not need human intervention to continue functioning SIE Simple See SASL Authentication and Security Simple Network See SNMP Management single-master supplier server maintains a changelog SIR See supplier-initiatedreplication slapd except replication See also ns-slapd ns-slapd SNMP about network activity. Also Simple Network Management Protocol SNMP master Software that exchanges information between the various subagents and the NMS agent SNMP subagent master agent. Also called a subagent SSL Secure Sockets Layer standard index index maintained by default sub suffix A branch underneath a root suffix subagent See SNMP subagent substring index to a minimum of two characters for each entry suffix 153 superuserprivileges to all files on the machine. Also called root supplier servers supplier server called a supplier for that replica supplier-initiated symmetric encryption a symmetric encryption algorithm system index target particular ACI applies target entry The entries within the scope of a CoS TCP/IP and for enterprise (company) networks template entry See CoS template entry time/date format Indicates the customary formatting for times and dates in a specific region TLS Security topology one another Transport Layer See TLS TLS Security uid A unique number associated with each user on a Unix system URL documents. It is often called a location. The format of a URL is protocol://machine:port/document. The port number is necessary only on selected virtual list view See also browsing index X.500 standard and attributes used by directory server implementation 155 Index
18 pages 259.79 Kb
72 pages 846.95 Kb
3 1 Preparing for a Directory Server installation2 System requirements 3 Setting up HP-UXDirectory Server 3 Setting up HP-UX 4 5 General usage information6 Migrating or upgrading to HP-UXDirectory Server from Netscape or Red Hat Migrating from Netscape Directory Server 6.x, or from Red Hat Directory Server Upgrading from Red Hat Directory Server 6.2.2 Performing the upgrade to HP-UXDirectory Server 7 Support and other resources Glossary 5 Index7 Directory Server administrator guideDirectory Server 8.1 is comprised of several components, which work in tandem: •Directory Server •Directory Server Console •Administration Server 1.2.1 Port numbers 8 NOTE:netstat setup-ds-admin.pl init setuid (2) “Directory Server user and group” (page 8) 1.2.2 Directory Server user and group Even though port numbers less than are restricted, the LDAP server can listen to port (and any port number less than ), as long as the server is started by the root user or by init , then immediately drops privileges to the non-root server UID. For more detailed technical information, see the setuid (2) manpage For more information on port numbers, see “Port numbers” (page 7) 1.2.3 Directory manager 9 1.2.4 Directory administratorldapadd Password policies do apply to the administrator, but you can set a 1.2.5 Administration Server user 1.2.6 Directory suffix dc=example,dc=com 10 setup file (see1.2.7 Configuration directory o=NetscapeRoot o=NetscapeRoot •Always back up the configuration directory after setting up a new instance Do not modify the configuration directory tree; only the setup 1.2.8Administration domain When setting up the administration domain, consider the following: 11 •DNS must be properly configured on the target system•The host server must have a static IP address Table 2-1detailsthe hardware requirements for HP-UXDirectory Server: Table 2-1Hardware requirements 12 Table 2-1Hardware requirements (continued)Directory Server runs on a 64-bit HP-UX11i environment as a 64-bitprocess “HP-UX system configuration” (page 13) •http://www.software.hp.com/SUPPORT_PLUS/qpk.html •http://welcome.hp.com/country/us/eng/support.htm The following list describes patch and OS patch recommendations: •HP-UX11i PHCO_37940 13 http://itrc.hp.com/service/home/home.doSelect patch database under maintenance and support (hp products) Select under •“Perl prerequisites” •“Kernel parameters” (page 13) •“TIME_WAIT setting” (page 14) •“Large file support” (page 14) 2.4.1Perl prerequisites /opt/ perl_64/bin/perl 2.4.2 Kernel parameters sysdef 14 2.4.3 TIME_WAIT settingTIME_WAIT #ndd -set /dev/tcptcp_time_wait_interval This limits the socket TIME_WAIT state to 60 seconds 2.4.4 Large file support /var/opt/dirsrv fsadm /var/opt/ dirsrv /var #fsadm -Fvxfs -olargefiles /var 15 Installing and configuring HP-UXDirectory Server on HP-UXhas four major steps:Ensure that you have the required version of 2.Install the required version of the Java® Runtime Environment (JRE) 4.Install the Directory Server package CAUTION: Chapter 6 (page 47) Chapter 2 (page 11) The HP-UX Apache-basedWeb Server is available for download at: http://www.hp.com/go/softwaredepot HP-UX Apache-based Web Server swinstall 16 To download and install JRE for Java 2 platform1.Go to the following web site: http://www.hp.com/go/java •Itanium® JRE 5.0.11 - Nov •PA-RISCJRE 5.0.11 - Nov 2.Complete the form and choose Download 3.Install the depot on your machine Install the Directory Server package from the following location: 3.6.1 Setup overview /opt/dirsrv/sbin/setup-ds-admin.pl •Express •Typical •Custom 17 Responding to prompts and navigating between screen prompts18 Specifying parameter values or a setup file at the command line19 Setup script command line options20 Table 3-1 setup-ds-adminoptions (continued)3.6.3 Interactive setup modes only, not for production deployments. Also, express setups can fail if default The default and most common setup mode. This prompts you to supply more The most detailed setup mode. This provides more control over Administration setup, so that entries are already populated in the databases when the setup is complete TIP: “Setup file directives” (page 31) 21 Table 3-2Comparison of setup types22 Table 3-2Comparison of setup types (continued)3.6.4Performing express setup Chapter 6 “Migrating or upgrading to Directory Server from Netscape or Red Hat Directory Server” /etc/resolv.conf /etc/hosts ldap.example.com 1.Launch the setup-ds-admin.pl script using the following command Run the setup-ds-admin.pl script as root Run the script as # /opt/dirsrv/sbin/setup-ds-admin.pl 2.When asked to choose the setup type, enter 1 to perform an express setup 23 yesldap://ldap.example.com:389/o=NetscapeRoot To use TLS/SSL, set the protocol as ldaps:// instead of ldap: The Configuration Directory Server administrator's user DN; by default, this is •The administrator user's password •The Configuration Directory Server Admin domain, such as example.com Set the administrator user name. The default is admin 5.Set the administrator password and confirm it Set the Directory Manager user name (DN). The default is 7.Set the Directory Manager password and confirm it The last prompt asks if you are ready to set up your servers. Answer dc=example, dc=com 24 Get the Administration Server port number from theListen console.conf 2.Using the Administration Server port number, launch the Console hpds-idm-console 3.6.5 Performing typical setup The typical setup has the following steps: 1.Launch the setup-ds-admin.pl script: When asked to choose the setup type, accept the default (option /etc/resolv.conf /etc/ hosts /etc/ resolv.conf www:other 25 7.Set the administrator password and confirm itSet the administration domain. This defaults to the host's domain. For example: Administration Domain [example.com]: Enter the Directory Server port number. The default is Directory server network port [30860]: 10.Enter the Directory Server identifier; this defaults to the host name Directory server identifier [example]: Enter the directory suffix. This defaults to dc domain name Suffix [dc=example, dc=com]: 26 13.Set the Directory Manager password and confirm itEnter the Administration Server port number. The default is Administration port [9830]: 3.6.6 Performing custom setup 27 The custom setup has the following steps:2.When asked to choose the setup type, enter 3 to perform a custom setup /etc/ hosts /etc/ resolv.conf 28 SchemaFile.inf The default option is none, which does not import any data 29 Set the user that the Administration Server process will run as. The default isRun Administration Server as [www]: 3.6.7 Performing silent setup setup.inf 1.Install the Directory Server package 2.Create the setup file. It must specify the following directives: 30 3.6.7.1 Setup file structure31 3.6.7.2 Setup file directives32 Table 3-3[General] directives (continued)Table 3-4 describes the directives for the [slapd] section of the .setup file Table 3-4[slapd] directives 33 Table 3-4[slapd] directives (continued)Table 3-5 describes the directives for the [admin] section of the .setup file Table 3-5[admin] directives 34 3.6.7.3 Sample setup files35 Example 3-2Example of setup file for a typical setupConfigDirectoryLdapURL= ldap://dir.example.com:25389/o=NetscapeRoot 3.6.8 Sending parameters in the command line •General (host server) •slapd (LDAP server) •admin (Administration Server) section.parameter=value 36 ConfigDirectoryLdapURLServerIdentifier #/opt/dirsrv/sbin/setup-ds-admin.pl -s The ConfigFile parameter is set in the [slapd] section of the setup file replica.ldif For more information on LDIF, see the 37 4.1.1 Configuring IP authorization on the Administration ServerEdit IP Addresses 38 This allows all IP addresses to access the Administration Server6.Restart the Administration Server 4.1.2Configuring proxy servers for the Administration Server 39 4.2.1 Creating a new Directory Server instance interactivelyChapter 3 “Setting up Directory Server ” itsasecret 4.2.2Creating a new Directory Server instance silently To run a silent setup of a Directory Server instance, do the following: 1.Create the setup file. It must specify the following directives: FullMachineName= dir.example.com SuiteSpotUserID= www SuiteSpotGroup= other [Admin] 2.Run the setup-ds-admin.pl script with the -s and -f options In this command example, the option runs the script in silent mode, and the option specifies the setup file 40 /opt/dirsrv/sbin/setup-ds.plsetup-ds-admin setup-ds register-ds-admin #/opt/dirsrv/sbin/register-ds-admin.pl register-ds-admin 4.4.1 Removing a single Directory Server instance #/opt/dirsrv/sbin/ds_removal -s server_id -w admin_password ds_removal key cert instance-name .removed 41 4.4.2 Uninstalling the HP-UXDirectory ServerTo uninstall HP-UXDirectory Server entirely, perform the following steps: and actual Directory Server instances (for o=netscapeRoot cd /opt/dirsrv/ ADMINPASS="admin-password #Specify the instance names here. Important, if one of these #servers holds the o=netscapeRoot suffix, make sure it is the #last one on the list, and that no other servers on other hosts are managed by this configuration directory. instanceNames instance1 instance2 instance3 for instanceName in $instanceNames do done 2.Stop the Administration Server #/opt/dirsrv/sbin/stop-ds-admin 3.Use swremove to uninstall the product bundle: #/usr/sbin/swremove HPDirSvr Use the following script to clean up any remaining for path in /opt/dirsrv /var/opt/dirsrv /etc/opt/dirsrv do find $path -typef | xargs ll -ddone #WARNING: Validate no unexpected files exist before #running the rm command below cd rm -rf /opt/dirsrv /var/opt/dirsrv /etc/opt/dirsrv 43 Table 5-1File and directory locations•/opt/dirsrv/bin/ldapsearch •/opt/dirsrv/bin/ldapmodify •/opt/dirsrv/bin/ldapdelete 44 To launch the Directory Server Console, use the hpds-idm-console script :#/opt/dirsrv/bin/hpds-idm-console http://hostname:9830 If the Administration Server is using TLS/SSL, the URL begins with https://) “Getting the Administration Server port number” (page 44) #grep \^Listen /etc/opt/dirsrv/admin-serv/console.conf Listen 0.0.0.0:port The command displays the port port ) after the colon in the Administration Server URL. .If the command reveals that the port is , the Administration Server URL would be 5.5.1 Starting and stopping the Directory Server •/opt/dirsrv/slapd-instance/start-slapd •/opt/dirsrv/slapd-instance/restart-slapd •/opt/dirsrv/slapd-instance/stop-slapd start-slapd stop-slapd restart-slapd 5.5.2 Starting and stopping the Administration Server Use the following scripts to start, stop, or restart the Administration Server: •/opt/dirsrv/sbin/start-ds-admin •/opt/dirsrv/sbin/stop-ds-admin •/opt/dirsrv/sbin/restart-ds-admin ldapmodify 45 1.Stop the Directory Server#/opt/dirsrv/slapd-instance/stop-slapd Generate a new, hashed password using pwdhash /opt/dirsrv/bin /opt/dirsrv/bin/pwdhash newpassword {SSHA}nbR/ZeVTwZLw6aJH6oE4obbDbL0OaeleUoT21w In the configuration directory, open the dse.ldif #cd /etc/opt/dirsrv/slapd-instance #vi dse.ldif 4.Locate the nsslapd-rootpw parameter nsslapd-rootpw: {SSHA}x03lZLMyOPaGH5VB8fcys1IV+TVNbBIOwZEYoQ Delete the old password, and enter in the new hashed password, for example: 5.Save the change 6.Start the Directory Server. For example: #/opt/dirsrv/slapd-instance/start-slapd 5.7.1 Problem: Clients cannot locate the server Solution www.domain.com 5.7.2 Problem: The port is in use Solution 5.7.3 Problem: Forgotten directory manager DN and password Solution By default, the Directory Manager DN is . If you forget the Directory Manager DN, you can determine it by checking the attribute in the file, in the instance_name directory 47 6.1.1.1 Configuring the Directory Server Console48 1.Shut down the Administration Server and Directory ServerChange the adm.conf ldapurl: ldap://server2.example.com:389/o=NetscapeRoot serverRoot serverID Turn off the nsslapd-pluginEnabled serverRoot/slapd-serverID/config/dse.ldif dn: cn=Pass Through Authentication,cn=plugins,cn=config nsslapd-pluginEnabled: off 5.Restart the Directory Server and Administration Server 6.1.2Migration script /opt/dirsrv/sbin/migrate-ds-admin.pl Table 6-1 migrate-ds-adminOptions and Argument 49 Table 6-1 migrate-ds-adminOptions and Argument (continued)oldsroot General.ConfigDirectoryAdminPwd The following is an example using the required option and argument: #/opt/dirsrv/sbin/migrate-ds-admin.pl --oldsroot /var/opt/netscape/server7General.\ ConfigDirectoryAdminPwd=password migrate-ds-admin.pl --file .inf The .inf file would have the following two lines: [General] ConfigDirectoryAdminPwd=password --oldsroot inf 6.1.3 Migration scenarios 50 6.1.3.1Migrating a server or single instance6.1.3.2Migrating replicated servers 51 6.1.3.3Migrating a Directory Server from one machine to another52 6.1.3.4Migrating a Directory Server from one platform to another53 .ldifRun the migration script as --actualsroot option option /etc/opt/ dirsrv #/opt/dirsrv/slapd-instance_name/stop-slapd #cd /etc/opt/dirsrv #tar cvf /home/files/rhds80cfg.tar db2bak 54 /etc/opt/dirsrvbak2db #/opt/dirsrv/slapd-instance_name/stop-slapd #cd /etc/opt/dirsrv #tar xvf /home/files/rhds80cfg.tar #/opt/dirsrv/slapd-instance_name/bak2db \ /home/files/bak/slapd-instance_name /home/files/bak/slapd 6.2.2Performing the upgrade to HP-UXDirectory Server To perform the upgrade to HP-UXDirectory Server 8.1, perform these steps: 2.Use swinstall to install the HP-UXDirectory Server 8.1 depot 55 7.1.1 Information to collect before contacting HP7.1.2How to contact HP technical support 7.1.3HP authorized resellers 7.1.4Documentation feedback docsfeedback@hp.com 7.2.1HP-UXDirectory Server documentation set 56 •HP-UXDirectory Server administration server guide•HP-UXDirectory Server configuration, command, and file reference •HP-UXDirectory Server console guide •HP-UXDirectory Server deployment guide •HP-UXDirectory Server installation guide •HP-UXDirectory Server plug-inreference •HP-UXDirectory Server schema reference •HP-UXDirectory Server web applications guide http://docs.hp.com/en/internet.html 7.2.2 HP-UXdocumentation set •HP-UX11i v3 Operating Environments: http://docs.hp.com/en/oshpux11iv3.html •HP-UX11i v2 Operating Environments: http://docs.hp.com/en/oshpux11iv2.html 57 7.2.3Troubleshooting resourceshttp://itrc.hp.com Areas of peer problem solving http://forums.itrc.hp.com •“Troubleshooting” (page 45) This document uses the following typographical conventions: Book title The title of a book. On the web, this can be a hyperlink to the book itself Command A command name or command phrase, for example ls -a Computer output Information displayed by the computer Ctrl+x or Ctrl-x key labeled Ctrl while you press the letter ENVIRONMENT VARIABLE The name of an environment variable, for example, PATH Key same key Term not in a glossary User input Indicates commands and text that you type exactly as shown Replaceable content The character that separates items in a linear list of choices times WARNING understood or followed, results in personal injury CAUTION damage to hardware or software IMPORTANT An alert that calls attention to essential information NOTE TIP An alert that provides helpful information 59 access controlSee ACI ACI instruction access control list See ACL ACL access rights account inactivation attempts are automatically rejected ACI An instruction that grants or denies permissions to entries in the directory See also access control instruction ACL The mechanism for controlling access to your directory See also access control list All IDs Threshold A size limit which is globally this limit, the server replaces that ID list with an All IDs token See also ID list scan limit All IDs token request anonymous access and regardless of the conditions of the bind approximate Allows for efficient approximate or "sounds-like"searches index attribute value attribute list authenticating directory server host sends PTA requests it receives from clients to the host authentication client certificate the other party base See base DN distinguished base DN and all entries below it in the directory tree 60 bindSee bind DN bind DN bind rule branch entry An entry that represents the top of a subtree in the directory browser browsing index See also virtual list view index See Certificate Authority cascading replication and in turn supplies those updates to the consumer Certificate Authority CGI output parsing that is not done by the server itself chaining and then returned to the client changelog other masters, in the case of multi-masterreplication character type upper-caseto lower-caseletters ciphertext information class definition how the object works in relation to other objects in the directory class of service See CoS CoS classic CoS entry's attributes client See LDAP client code page collation order or how to compare letters with accents to letters without accents consumer consumer server is called a consumer for that replica CoS 61 CoS definitionentry affects CoS template Contains a list of the shared attribute values See also template entry daemon Daemon processes do not need human intervention to continue functioning DAP directory data master The server that is the master source of a particular piece of data database link storage. Instead, it points to data stored remotely default index definition entry See CoS definition entry Directory Access See DAP DAP Protocol Directory Manager does not apply to the Directory Manager directory service people and resources within an organization directory tree known as DIT String representation of an entry's name and location in an LDAP directory DIT See directory tree See Directory Manager See distinguished name DNS on their systems DNS alias www yourdomain domain called realthing.yourdomain.domain where the server currently exists A group of lines in the LDIF file that contains information about an object entry distribution large numbers of entries entry ID list the client application's search request equality index file extension index.html html 62 file typeextension (for example, .GIF or .HTML) filter filtered role role general access GSS-API host name machine domain dom com domain HTML pages HTTP and clients HTTPD HTTP protocol. The daemon or service is often called an httpd HTTPS A secure version of HTTP, implemented using the Secure Sockets Layer, SSL hub and, in turn, replicates it to a third server See also cascading replication ID list scan limit index key lists indirect CoS international Speeds up searches for information in international directories International See ISO ISO Standards Organization IP address Also Internet Protocol address location of a machine on the Internet (for example, 192.0.2.10) ISO International Standards Organization knowledge Pointers to directory information stored in different databases reference 63 LDAPand across multiple platforms LDAP client Software used to request and view LDAP entries from an LDAP Directory Server See also browser browser LDAP Data See LDAP Data Interchange Format Interchange Format LDAP URL via LDAP. A sample LDAP URL is ldap://ldap.example.com LDAPv3 LDBM database data assigned to it. The primary data store in Directory Server LDIF leaf entry directory tree Lightweight See LDAP locale which code page should be used to represent a given language managed object managed role Allows creation of an explicit enumerated list of members management See MIB MIB information base mapping tree master See supplier master agent See SNMP master agent matching rule MD5 produce; a piece of data that will produce the same message digest MD5 signature A message digest produced by the MD5 algorithm MIB areas MIB namespace referenced. Also called the directory tree monetary format its value, and how monetary units are represented multi-master 64 determine which server holds the most recent versionmultiplexor n + 1 directory problem resulting in increased hardware and personnel costs name collisions Multiple entries with the same distinguished name nested role Allows the creation of roles that contain other roles network application were received See NMS NMS station NIS parameters throughout a network of computers NMS network management station ns-slapd Server See also slapd slapd object class object identifier IETF or similar organizations See also OID OID OID See object identifier operational requested parent access if the bind DN is the parent of the targeted entry pass-through See PTA PTA PTA directory server subtree authenticating directory server password file It is also known as /etc/passwd because of where it is kept password policy A set of rules that governs how passwords are used in a given directory PDU data unit permission is granted or denied and the level of access that is granted or denied See also access rights pointer CoS A pointer CoS identifies the template entry using the template DN only 65 presence indexAllows searches for entries that contain a specific indexed attribute protocol A set of rules that describes how devices on a network exchange information protocol data unit See PDU PDU proxy with its own DN but with a proxy DN proxy DN PTA pass-throughauthentication PTA directory server through) bind requests it receives to the authenticating directory server PTA LDAP URL pass-throughsubtree(s), and optional parameters RAM stored in RAM is lost when the computer is shut down RDN to form the full distinguished name. Also relative distinguished name read-onlyreplica of read-onlyreplicas read-writereplica can hold any number of read-writereplicas referential integrity referral called a referral relative See RDN RDN replica A database that participates in replication replica-initiated agreement connection is secured RFC standards role members role-based attributes CoS template root privileges to all files on the machine root suffix 66 SASLSimple Authentication and Security Layer schema access the directory may be unable to display the proper results schema checking not conform to the schema Secure Sockets See SSL SSL Layer self access targeted entry Server Console Server from a GUI server daemon Server Selector Interface that allows you select and configure servers using a browser server service the SMB server on Windows NT service Service processes do not need human intervention to continue functioning SIE Simple See SASL Authentication and Security Simple Network See SNMP Management single-master supplier server maintains a changelog SIR See supplier-initiatedreplication slapd except replication See also ns-slapd ns-slapd SNMP about network activity. Also Simple Network Management Protocol SNMP master Software that exchanges information between the various subagents and the NMS agent SNMP subagent master agent. Also called a subagent SSL Secure Sockets Layer standard index index maintained by default sub suffix A branch underneath a root suffix subagent See SNMP subagent substring index to a minimum of two characters for each entry suffix 67 superuserprivileges to all files on the machine. Also called root supplier servers supplier server called a supplier for that replica supplier-initiated symmetric encryption a symmetric encryption algorithm system index target particular ACI applies target entry The entries within the scope of a CoS TCP/IP and for enterprise (company) networks template entry See CoS template entry time/date format Indicates the customary formatting for times and dates in a specific region TLS Security topology one another Transport Layer See TLS TLS Security uid A unique number associated with each user on a Unix system URL protocol machine port document freeing the user of having to place it in the URL virtual list view See also browsing index X.500 standard and attributes used by directory server implementation 69 Symbols
96 pages 2.34 Mb
1 HP-UXDirectory Server Version3 Table of Contents5 1 Overview of the console13 2 Basic Console tasks29 3 Managing server instances35 4 Managing Directory Server users and groups53 5 Setting access controls61 6 Using SSL/TLS with the Console79 7 Support and other resources83 Glossary84 bindSee bind DN bind DN bind rule branch entry An entry that represents the top of a subtree in the directory browser browsing index See also virtual list view index See Certificate Authority cascading replication and in turn supplies those updates to the consumer Certificate Authority CGI output parsing that is not done by the server itself chaining then returned to the client changelog other masters, in the case of multi-masterreplication character type upper-caseto lower-caseletters ciphertext information class definition how the object works in relation to other objects in the directory class of service See CoS CoS classic CoS entry's attributes client See LDAP client code page collation order or how to compare letters with accents to letters without accents consumer consumer server is called a consumer for that replica CoS 85 CoS definitionentry affects CoS template Contains a list of the shared attribute values See also template entry daemon Daemon processes do not need human intervention to continue functioning DAP directory data master The server that is the master source of a particular piece of data database link storage. Instead, it points to data stored remotely default index definition entry See CoS definition entry Directory Access See DAP DAP Protocol Directory Manager does not apply to the Directory Manager directory service people and resources within an organization directory tree known as DIT String representation of an entry's name and location in an LDAP directory DIT See directory tree See Directory Manager See distinguished name DNS www.example.com maintained on their systems DNS alias called realthing.yourdomain.domain where the server currently exists A group of lines in the LDIF file that contains information about an object entry distribution large numbers of entries entry ID list the client application's search request equality index file extension index.html html 86 file typeextension (for example, .GIF or .HTML) filter filtered role role general access GSS-API host name www example com domain HTML pages HTTP and clients HTTPD HTTP protocol. The daemon or service is often called an httpd HTTPS A secure version of HTTP, implemented using the Secure Sockets Layer, SSL hub and, in turn, replicates it to a third server See also cascading replication ID list scan limit index key lists indirect CoS international Speeds up searches for information in international directories International See ISO ISO Standards Organization IP address location of a machine on the Internet (for example, 198.93.93.10) ISO International Standards Organization knowledge Pointers to directory information stored in different databases reference 87 LDAPand across multiple platforms LDAP client Software used to request and view LDAP entries from an LDAP Directory Server See also browser browser LDAP Data See LDAP Data Interchange Format Interchange Format LDAP URL LDAP. A sample LDAP URL is ldap://ldap.example.com LDAPv3 LDBM database data assigned to it. The primary data store in Directory Server LDIF leaf entry directory tree Lightweight See LDAP locale which code page should be used to represent a given language managed object managed role Allows creation of an explicit enumerated list of members management See MIB MIB information base mapping tree master See supplier master agent See SNMP master agent matching rule MD5 produce; a piece of data that will produce the same message digest MD5 signature A message digest produced by the MD5 algorithm MIB areas MIB namespace referenced. Also called the directory tree monetary format its value, and how monetary units are represented multi-master 88 determine which server holds the most recent versionmultiplexor n + 1 directory problem resulting in increased hardware and personnel costs name collisions Multiple entries with the same distinguished name nested role Allows the creation of roles that contain other roles network application were received See NMS NMS station NIS parameters throughout a network of computers NMS network management station ns-slapd Server See also slapd slapd object class object identifier IETF or similar organizations See also OID OID OID See object identifier operational requested parent access if the bind DN is the parent of the targeted entry pass-through See PTA PTA PTA directory server subtree authenticating directory server password file It is also known as /etc/passwd because of where it is kept password policy A set of rules that governs how passwords are used in a given directory PDU data unit permission is granted or denied and the level of access that is granted or denied See also access rights pointer CoS A pointer CoS identifies the template entry using the template DN only 89 presence indexAllows searches for entries that contain a specific indexed attribute protocol A set of rules that describes how devices on a network exchange information protocol data unit See PDU PDU proxy with its own DN but with a proxy DN proxy DN PTA pass-throughauthentication PTA directory server through) bind requests it receives to the authenticating directory server PTA LDAP URL pass-throughsubtree(s), and optional parameters RAM stored in RAM is lost when the computer is shut down RDN to form the full distinguished name. Also relative distinguished name read-onlyreplica of read-onlyreplicas read-writereplica can hold any number of read-writereplicas referential integrity referral called a referral relative See RDN RDN replica A database that participates in replication replica-initiated agreement connection is secured RFC standards role role-based attributes CoS template root privileges to all files on the machine root suffix 90 SASLSimple Authentication and Security Layer schema access the directory may be unable to display the proper results schema checking not conform to the schema Secure Sockets See SSL SSL Layer self access targeted entry Server Console Server from a GUI server daemon Server Selector Interface that allows you select and configure servers using a browser server service the SMB server on Windows NT service Service processes do not need human intervention to continue functioning SIE Simple See SASL Authentication and Security Simple Network See SNMP Management single-master supplier server maintains a changelog SIR See supplier-initiatedreplication slapd except replication See also ns-slapd ns-slapd SNMP about network activity. Also Simple Network Management Protocol SNMP master Software that exchanges information between the various subagents and the NMS agent SNMP subagent master agent. Also called a subagent SSL Secure Sockets Layer standard index index maintained by default sub suffix A branch underneath a root suffix subagent See SNMP subagent substring index to a minimum of two characters for each entry suffix 91 superuserprivileges to all files on the machine. Also called root supplier servers supplier server called a supplier for that replica supplier-initiated symmetric encryption a symmetric encryption algorithm system index target particular ACI applies target entry The entries within the scope of a CoS TCP/IP and for enterprise (company) networks template entry See CoS template entry time/date format Indicates the customary formatting for times and dates in a specific region TLS Security topology one another Transport Layer See TLS TLS Security uid A unique number associated with each user on a Unix system URL documents. It is often called a location. The format of a URL is protocol://machine:port/document. The port number is necessary only on selected virtual list view See also browsing index X.500 standard and attributes used by directory server implementation 93 Index
Also you can find more HP manuals or manuals for other Computer Equipment.