HP-UX Directory Server Version
Page
Table of Contents
Table of Contents
Table of Contents
3.4
3.3
Nsssl3ciphers
Nsslapd-state Nsslapd-backend
113
Schema reload plug-in
Password Storage Schemes
Nsslapd-pluginEnabled
Nsslapd-idl-switch
Cn=ldbm database, cn=plugins, cn=config
Cn=userRoot, cn=ldbm database, cn=plugins, cn=config
NsMaxResponseDelay
NsMaxTestResponseDelay
173
169
189
215
Finding and executing command-line scripts 215
239
247
243
257
Page
Using Directory Server command-line utilities
Directory Server configuration
Directory Server configuration
Directory Server instance file reference
Introduction
Using Directory Server command-line scripts
Ldif and schema configuration files
Overview of the Directory Server configuration
Directory Server Ldif configuration files
Configuration attributes
How the server configuration is organized
Configuration of plug-in functionality
Directory Server Ldif configuration files
Access control for configuration entries
Accessing and modifying server configuration
Configuration of databases
Configuration of indexes
Modifying configuration entries using Ldap
Changing configuration attributes
Where
Configuration changes requiring server restart
Core server configuration attributes reference
Nsslapd-accesslog Access log
1 cn=config
Nsslapd-accesslog-list List of access log files
Nsslapd-accesslog-level Access log level
Nsslapd-accesslog-logbuffering Log buffering
Attribute values for enabling or disabling access logging
Default Value Syntax Directory String Example
Nsslapd-accesslog-logging-enabled Access log enable logging
Valid Values
Valid Range
Disk space allowed to the access log is unlimited in size
EntryDN Cn=config Valid Range
SyntaxDirectoryString Example
Syntax DirectoryString Example
Nsslapd-accesslog-maxlogsize Access log maximum log size
Nsslapd-accesslog-logrotationtime Access log rotation time
SyntaxInteger Example
Nsslapd-accesslog-mode Access log file permission
Default Value Off Syntax DirectoryString Example
ValidRange Through Default Value 600 Syntax Integer Example
Nsslapd-attribute-name-exceptions
Nsslapd-auditlog Audit log
Attribute values for enabling or disabling audit logging
Nsslapd-auditlog-list
Provides a list of audit log files
EntryDN
Entry DN Cn=config Valid Values
Nsslapd-auditlog-logging-enabled Audit log enable logging
Turns audit logging on and off
Disk space allowed to the audit log is unlimited in size
Syntax Integer Example Nsslapd-auditlog-logrotationsynchour
Valid Range Through Default Value
Syntax Integer Example Nsslapd-auditlog-logrotationsyncmin
Nsslapd-auditlog-logrotationtime Audit log rotation time
Time between audit log file rotation is unlimited
Nsslapd-auditlog-mode Audit log file permission
Nsslapd-auditlog-maxlogsize Audit log maximum log size
None Read only Execute only
Nsslapd-certdir Certificate and key database directory
Write access to the server user ID
Nsslapd-certmap-basedn Certificate map search base
Write only Read and write Write and execute
This read-only attribute is the config DN
Nsslapd-config
Nsslapd-conntablesize
Nsslapd-counters
Default Value Syntax DirectoryString Example
Nsslapd-ds4-compatible-schema
Default Value Off Core server configuration reference
Nsslapd-csnlogging
Nsslapd-errorlog-level Error log level
Nsslapd-errorlog Error log
Attribute values for enabling or disabling error logging
This read-only attribute provides a list of error log files
Nsslapd-errorlog-list
Turns error logging on and off
Nsslapd-errorlog-logging-enabled Enable error logging
Disk space allowed to the error log is unlimited in size
Time between error log file rotation is unlimited
Nsslapd-errorlog-logrotationtime Error log rotation time
Nsslapd-errorlog-maxlogsize Maximum error log size
Nsslapd-idletimeout Default idle timeout
Nsslapd-errorlog-mode Error log file permission
Nsslapd-groupevalnestlevel
Default Value Syntax Integer Example Nsslapd-idletimeout
Nsslapd-ioblocktimeout IO block time out
Nsslapd-instancedir Instance directory
Nsslapd-lastmod Track modification time
Nsslapd-ldapifilepath Ldapi socket file path
Nsslapd-ldapilisten Enable Ldapi socket
Nsslapd-listenhost Listen to IP address
Nsslapd-localhost Local host
Default Value SyntaxDirectoryString Example
Nsslapd-localuser Local user
Nsslapd-lockdir Server lock file directory
Nsslapd-maxdescriptors Maximum file descriptors
Nsslapd-maxbersize Maximum message size
Nsslapd-maxsasliosize Maximum Sasl packet size
Nsslapd-nagle
Nsslapd-maxthreadsperconn Maximum threads per connection
This attribute value is specified in bytes
Default Value Core server configuration reference
Nsslapd-outbound-ldap-io-timeout
Nsslapd-plugin
Nsslapd-port Port number
Nsslapd-referral Referral
Nsslapd-readonly Read only
But the request is for this entry
Nsslapd-reservedescriptors Reserved file descriptors
Nsslapd-referralmode Referral mode
Nsslapd-rewrite-rfc1274
Nsslapd-return-exact-case Return exact case
Default Value Syntax
Nsslapd-rootpw Root password
Nsslapd-rootdn Manager DN
Nsslapd-saslpath
Nsslapd-rootpwstoragescheme Root password storage scheme
Nsslapd-schemadir
Nsslapd-schemacheck Schema checking
Nsslapd-securelistenhost
Nsslapd-schemareplace
Nsslapd-securePort Encrypted port number
Nsslapd-sizelimit Size limit
Nsslapd-security Security
Nsslapd-threadnumber Thread number
Default Value Syntax Integer Example Nsslapd-threadnumber
Nsslapd-timelimit Time limit
Indicates whether users may change their passwords
PasswordChange Password change
Nsslapd-tmpdir
Nsslapd-versionstring
PasswordExp Password expiration
PasswordCheckSyntax Check password syntax
PasswordHistory Password history
PasswordGraceLimit Password expiration
PasswordInHistory Number of passwords to remember
Default Value Syntax Integer Example PasswordGraceLimit
PasswordLockout Account lockout
PasswordIsGlobalPolicy Password policy and replication
PasswordLockoutDuration Lockout duration
PasswordMaxFailure Maximum password failures
PasswordMaxAge Password maximum age
PasswordMaxRepeats Password syntax
Default Value Syntax Integer Example PasswordMaxFailure
PasswordMinAge Password minimum age
PasswordMin8Bit Password syntax
Default Value Syntax Integer Example PasswordMinAge
PasswordMinCategories Password syntax
PasswordMinAlphas Password syntax
PasswordMinDigits Password syntax
PasswordMinLength Password minimum length
PasswordMinSpecials Password syntax
PasswordMinLowers Password syntax
PasswordMinTokenLength Password syntax
PasswordMustChange Password must change
PasswordMinUppers Password syntax
PasswordStorageScheme Password storage scheme
PasswordWarning Send warning
PasswordUnlock Unlock account
Nsslapd-changelogdir
2 cn=changelog5,cn=config
Nssslsessiontimeout
3 cn=encryption,cn=config
Nsslapd-changelogmaxage Max changelog age
Nsslapd-changelogmaxentries Max changelog records
Default Value Off Syntax DirectoryString Example Nsssl2 off
Means disallow certificate-based authentication
Nssslclientauth
NsSSL2
5 cn=mapping tree,cn=config
4 cn=features,cn=config
Suffix configuration attributes under cn=suffixName
Nsssl3ciphers
Nsslapd-backend
Nsslapd-state
Determines how the suffix handles operations
To requests made by client applications
NsDS5ReplicaBindDN
NsDS5Flags
NsDS5ReplicaChangeCount
NsDS5ReplicaId
NsDS5ReplicaPurgeDelay
NsDS5ReplicaLegacyConsumer
NsDS5ReplicaName
NsDS5ReplicaRoot
NsDS5ReplicaReferral
NsDS5ReplicaTombstonePurgeInterval
NsDS5ReplicaReapActive
NsDS5ReplicaType
NsState
8.1 cn
NsDS5ReplConflict
Description
NsDS5ReplicaBusyWaitTime
NsDS5ReplicaBindMethod
NsDS5ReplicaChangesSentSinceStartup
Schema
NsDS5ReplicaCredentials
NsDS5ReplicaHost
NsDS5ReplicaLastInitStart
NsDS5ReplicaLastInitEnd
NsDS5ReplicaLastInitStatus
Time
NsDS5ReplicaLastUpdateStart
NsDS5ReplicaLastUpdateEnd
NsDS5ReplicaLastUpdateStatus
NsDS5ReplicaPort
NsDS5ReplicaPriority
Default Value SyntaxInteger ExamplensDS5ReplicaPort389
NsDS5ReplicaSessionPauseTime
NsDS5BeginReplicaRefresh
Valid Range Default Value SyntaxDirectoryString Example
NsDS5ReplicaTimeout
NsDS5ReplicatedAttributeList
NsDS5ReplicaUpdateSchedule
NsDS5ReplicaUpdateInProgress
NsDS5ReplicaTransportInfo
NsDS50ruv
NsDS5ReplicaLastUpdateEnd
Sunday
Nsds7NewWinUserSyncEnabled
Nsds7NewWinGroupSyncEnabled
Nsds7DirectoryReplicaSubtree
Nsds7DirsyncCookie
Nsds7WindowsDomain
10 cn=monitor
Nsds7WindowsReplicaSubtree
WinSyncInterval
Connection table
For example
Greenwich Mean Time
This is the number of completed operations
Nssnmpenabled
12 cn=SNMP,cn=config
This attribute sets whether Snmp is enabled
11 cn=replication
Nssnmplocation
Nssnmporganization
Nssnmpcontact
Nssnmpdescription
Nssnmpmasterhost
Snmp statistic attributes
Nssnmpmasterport
Snmp statistic attributes
Snmp statistic attributes
14 cn=tasks,cn=config
Task invocation attributes for entries under cn=tasks
Entry DN
Default Value Syntax DirectoryString Example Ttl
14.2 cn=import,cn=tasks,cn=config
NsFilename file1.ldif NsFilename file2.ldif
Default Value Syntax Integer Example NsImportChunkSize
14.3 cn=export,cn=tasks,cn=config
Valid Values Any DN Core server configuration reference
Syntax Case-insensitive string Example NsUseOneFile true
Default Value Syntax DN, multi-valued Example
Syntax Case-insensitive string Example NsExportReplica true
Syntax Case-insensitive string Example NsPrintKey false
Syntax Case-insensitive string Example NsUseId2Entry true
14.4 cn=backup,cn=tasks,cn=config
Syntax Case-insensitive string Example NsNoWrap false
Syntax Case-insensitive string Example NsDumpUniqId true
14.5 cn=restore,cn=tasks,cn=config
Syntax Case-exact string Example
14.6 cn=index,cn=tasks,cn=config
NsIndexAttribute attributeindex1,index2
14.7 cn=schema reload task,cn=tasks,cn=config
14.8 cn=memberof task,cn=tasks,cn=config
15 cn=uniqueid generator,cn=config
112
1 7-bit check plug-in
Server plug-in functionality reference
Server plug-in functionality reference
ACL preoperation plug-in
ACL plug-in
Attribute uniqueness plug-in
Boolean syntax plug-in
Binary syntax plug-in
Description Syntax for handling DNs Configurable Options
Plug-in Name Chaining Database DN of Configuration Entry
Case exact string syntax plug-in
Case ignore string syntax plug-in
Country string syntax plug-in
Class of service plug-in
Distinguished name syntax plug-in
Dependencies None Performance Related
Generalized time syntax plug-in
Distributed numeric assignment plug-in
Details of distributed numeric assignment plug-in
Plug-in Name
Internationalization plug-in
Http client plug-in
Ldbm database plug-in
Jpeg syntax plug-in
Legacy replication plug-in
Information Further Information
Multi-master replication plug-in
MemberOf plug-in
Details of MemberOf plug-in
Octet string syntax plug-in
Password Storage Schemes
OID syntax plug-in
Postal address string syntax plug-in
Password storage plugins
Referential integrity postoperation plug-in
PTA plug-in
Roles plug-in
Retro Changelog plug-in
Both presence and equality
Applications
Details of schema reload plug-in
Schema reload plug-in
Space insensitive string syntax plug-in
URI syntax plug-in
Telephone syntax plug-in
Views plug-in
Resource Locators
Account policy plug-in
List of attributes common to all plug-ins
Nsslapd-pluginPath
This attribute specifies the full path to the plug-in
Nsslapd-pluginInitfunc
Nsslapd-pluginEnabled
Nsslapd-pluginType
Nsslapd-pluginId
Nsslapd-pluginVersion
Attributes allowed by certain plug-ins
Nsslapd-pluginVendor
Nsslapd-pluginDescription
Nsslapd-plugin-depends-on-type
Nsslapd-pluginLoadGlobal
Nsslapd-plugin-depends-on-named
NsLookthroughLimit
Database plug-in attributes
Nsslapd-cache-autosize-split
Nsslapd-cache-autosize
Nsslapd-db-checkpoint-interval
Nsslapd-dbcachesize
Platforms
Nsslapd-db-circular-logging
Default Value Database plug-in attributes
Nsslapd-db-debug
Nsslapd-db-durable-transactions
Nsslapd-db-idl-divisor
Nsslapd-db-home-directory
Nsslapd-db-logbuf-size
Automatically adjusted to the minimum value
Nsslapd-db-logdirectory
Nsslapd-db-logfile-size
Valid Range Bytes to 64 kilobytes Default Value
Nsslapd-db-page-size
Nsslapd-db-private-import-mem
Nsslapd-db-transaction-batch-val
Nsslapd-db-spin-count
Nsslapd-db-verbose
Nsslapd-db-trickle-percentage
Nsslapd-dbncache
Nsslapd-directory
Nsslapd-idl-switch
Nsslapd-exclude-from-export
Nsslapd-import-cachesize
Nsslapd-idlistscanlimit
Nsslapd-import-cache-autosize
Default Value 600 Database plug-in attributes
No access for other users
Nsslapd-mode
Memory to importCache
Nsslapd-search-use-vlv-index
Nsslapd-search-bypass-filter-test
Nsslapd-serial-lock
Nsslapd-cachememsize
Nsslapd-cachesize
Nsslapd-require-index
Nsslapd-readonly
Nsslapd-suffix
Database plug-in attributes
NsSystemIndex
5.1 cn
This attribute provides the name of the attribute to index
NsMatchingRule
NsIndexType
Indexed attribute representing a subentry
NsSubStrBegin
NsSubStrMiddle
NsSubStrEnd
Encrypted attributes under the cn=config node
NsEncryptionAlgorithm
Database link plug-in attributes chaining attributes
NsActiveChainingComponents
Database link plug-in attributes chaining attributes
NsMaxTestResponseDelay
NsMaxResponseDelay
Nspossiblechainingcomponents
NsAbandonedSearchCheckInterval
NsTransmittedControls
NsBindConnectionsLimit
Default Value Syntax Integer Example
NsBindTimeout
NsBindRetryLimit
NsCheckLocalACI
NsConcurrentOperationsLimit
NsConcurrentBindLimit
NsConnectionLife
NsOperationConnectionsLimit
NsReferralOnScopedSearch
NsProxiedAuthorization
NsSizeLimit
NsBindMechanism
NsTimeLimit
NsMultiplexorBindDN
NsFarmServerURL
Valid Values Empty
NsMultiplexorCredentials
Encryption schema
Nshoplimit
NsUseStartTLS
Nsslapd-changelogdir
Retro changelog plug-in attributes
Nsslapd-changelogmaxage Max changelog age
Distributed numeric assignment plug-in attributes
DnaFilter
DnaMagicRegen
DnaNextRange
DnaMaxValue
DnaNextValue
Default Value Syntax Integer Example DnaNextValue
DnaRangeRequestTimeout
DnaPrefix
Bit systems
DnaSharedCfgDN
DnaScope
DnaThreshold
DnaType
MemberOf plug-in attributes
Memberofattr
Memberofgroupattr
Account policy plug-in attributes
Configuration files
Backup files
Overview of Directory Server files
Database files
At setup for example, dc=example,dc=com
Setup-ds-admin.plscript is run
Used internally by the database and should not be moved
Deleted, or modified in any way
Lock files
Ldif files
Log files
PID files
Scripts
Tools
Access logging levels
Access log reference
Example 5-1 Example access log
Default access logging content
Connection number
File descriptor
Slot number
Error number
Operation number
Method type
Elapsed time
Number of entries
Ldap request type
Ldap response type
Unindexed search indicator
VLV-related entries
Search scope
Change sequence number
Extended operation OID
Abandon message
LDAPv3 extended operations supported by Directory Server
Message ID
Access log content for additional access logging levels
Sasl multi-stage bind logging
Connection description
Common connection codes
Options description
Error log logging levels
Error log reference
Error log levels
Common connection codes
Error log levels
Error log content
Example 5-3 Error log excerpt
Error log content for other log levels
Into pending list
Example 5-4 Replication error log entry
Timestamp Pluginname message Timestamp function message
Example 5-7 Access control summary logging
Example 5-6 Config file processing log entry
Audit log reference
Ldap result codes
Example 5-8 Audit log content
Audit log does not have any other log level to set
Ldap result codes
Ldap result codes
Adminlimitexceeded Ldap
Referral Ldap
Ldap
Using special characters
Finding and executing command-line utilities
Command-line utilities quick reference
Commonly-used command-line utilities
Ldapsearch syntax
Ldapsearch
Commonly-used ldapsearch options
Ldapsearch syntax
Commonly-used ldapsearch options
Ldapsearch SSL options
Persistent search options
Commonly-used ldapsearch options
Persistent search options
Additional SSL ldapsearch options
Ldapsearch Sasl options
Sasl options
Description of CRAM-MD5 mechanism options
Description of CRAM-MD5 mechanism options
Do not permit mechanisms that allow anonymous access
Do not permit mechanisms susceptible to active attacks
Require forward secrecy
Maxbufsize
Required Mech=DIGEST-MD5 Gives the Sasl Mechanism
Description of DIGEST-MD5 Sasl mechanism options
Following UID. For example
Description of Gssapi Sasl mechanism options
Additional ldapsearch options
10 Additional ldapsearch options
10 Additional ldapsearch options
Ldapmodify syntax
Ldapmodify
Commonly-used ldapmodify options
11 Commonly-used ldapmodify options
11 Commonly-used ldapmodify options
Ldapmodify SSL options
12 ldapmodify SSL options
12 ldapmodify SSL options
Ldapmodify Sasl options
13 Sasl options
Additional ldapmodify options
Ldapdelete
14 Additional ldapmodify options
Commonly-used ldapdelete options
Ldapdelete syntax
Ldapdelete SSL options
15 Commonly-used ldapdelete options
16 ldapdelete SSL options
Ldapdelete Sasl options
17 Sasl options
Additional ldapdelete options
Ldappasswd
Ldappasswd syntax
18 Additional ldapdelete options
General ldappasswd options
Ldappasswd-specific options
19 ldappasswd-specific options
20 General ldappasswd options
20 General ldappasswd options
Ldappasswd Sasl options
21 Sasl options
Ldappasswd examples
Six values
Example 6-3 User changing his own password
Example 6-2 Directory Manager generating a users password
Ldif
Ldif
Dbscan
Ldif command has the following format
Ldif syntax
Ldif options
Dbscan examples
Dbscan options
23 Common options
24 Entry file options
Example 6-13 Displaying the changelog file contents
Example 6-8 Displaying VLV index file contents
Example 6-14 Dumping the index file uid.db4 with raw mode
Example 6-7 Dumping the entry file
Command-line scripts quick reference
Finding and executing command-line scripts
Saveconfig
Shell scripts in /opt/dirsrv/slapd-instancename
Perl scripts in /opt/dirsrv/slapd-instancename
Shell scripts
Scripts in /opt/dirsrv/bin
This section covers the following scripts
Cl-dump Dumps and decodes the changelog
1 bak2db Restores a database from backup
Syntax
Bak2db options
Cl-dump options
Dbverify Checks for corrupt databases
Options
Dbverify options
5 db2ldif Exports database contents to Ldif
4 db2bak Creates a backup of a database
Ldif2db Import
6 db2index Reindexes database index files
Reindex cn and givenname in the database instance userRoot
Db2index options
Ldif2ldap Performs import operation over Ldap
Pwdhash Prints encrypted passwords
Ldif2db options
10 ldif2ldap options
Repl-monitor Monitors replication status
Monitor Retrieves monitoring information
11 pwdhash options
Syntax monitor
Hostportbinddnbindpwdbindcert
Saveconfig Saves Administration Server configuration
Restoreconfig Restores Administration Server configuration
Restart-slapd Restarts the Directory Server
Stop-slapd Stops the Directory Server
Start-slapd Starts the Directory Server
Suffix2instance Maps a suffix to a backend name
Vlvindex Creates virtual list view indexes
Restores a database from a backup
1 bak2db.pl Restores a database from backup
Perl scripts
Options Either the -nor the -soption must be specified
19 cl-dump.pl command options
3 db2bak.pl Creates a backup of a database
Creates a backup of the database
Cl-dump.pl Dumps and decodes the changelog
4 db2index.pl Creates and generates indexes
5 db2ldif.pl Exports database contents to Ldif
22 db2ldif.pl options
Fixup-memberof.pl Regenerate memberOf attributes
23 fixup-memberof.pl options
Ldif2db.pl Import
24 ldif2db.pl options
Logconv.pl Log converter
25 Information extracted from access logs
24 ldif2db.pl options
26 logconv.pl options
27 logconv.pl options to display occurrences
Ns-accountstatus.pl Establishes account status
28 ns-accountstatus.pl options
Ns-inactivate.pl Inactivates an entry or group of entries
Ns-activate.pl Activates an entry or group of entries
Activates an entry or group of entries
29 ns-activate.pl options
31 ns-newpwdpolicy.pl options
Repl-monitor.pl Monitors replication status
Shows in-progress status of replication
32 repl-monitor.pl options
Where
33 schema-reload.pl options
Schema-reload.pl Reload schema files dynamically
Schemadirectory script uses the default schema directory
Verify-db.pl Check for corrupt databases
34 verify-db.pl option
Command, then it uses the default database directory
Usage information
Contacting HP
How to contact HP technical support
Information to collect before contacting HP
HP authorized resellers
HP-UX Directory Server documentation set
Related information
Support and other resources
Typographic conventions
Troubleshooting resources
HP-UX documentation set
This document uses the following typographical conventions
TIP
Exports the contents of the database to Ldif
Finding and executing the ns-slapd command-line utilities
Overview of ns-slapd
Utilities for exporting databases db2ldif
Table A-1 db2ldif options
Utilities for restoring and backing up databases ldif2db
Imports Ldif files to the database
Table A-2 ldif2db options
Utilities for restoring and backing up databases db2archive
Utilities for restoring and backing up databases archive2db
Utilities for creating and regenerating indexes db2index
Table A-5 db2index options
247
Glossary
Glossary
Bind rule
249
CoS definition
GSS-API
251
Ldap
NIS
253
Proxy
Sasl
255
Superuser
256
Statistics for monitoring and optimizing directory
Symbols
257
Read-only monitoring configuration entries
Suffix and replication configuration entries
259
Index
261
Database link plug-in configuration attributes
Distributed numeric assignment plug-in configuration
263
Ldap
NsDS5ReplicaChangesSentSinceStartup attribute
265
Page
267
Index
269
Index
271