HP-UX Directory Server Version
Page
Table of Contents
Table of Contents
Table of Contents
Nsssl3ciphers
3.3
3.4
Nsslapd-state Nsslapd-backend
113
Nsslapd-pluginEnabled
Password Storage Schemes
Schema reload plug-in
Nsslapd-idl-switch
NsMaxResponseDelay
Cn=userRoot, cn=ldbm database, cn=plugins, cn=config
Cn=ldbm database, cn=plugins, cn=config
NsMaxTestResponseDelay
169
173
189
Finding and executing command-line scripts 215
215
239
243
247
257
Page
Directory Server configuration
Directory Server configuration
Using Directory Server command-line utilities
Directory Server instance file reference
Using Directory Server command-line scripts
Introduction
Overview of the Directory Server configuration
Ldif and schema configuration files
Directory Server Ldif configuration files
Configuration of plug-in functionality
How the server configuration is organized
Configuration attributes
Directory Server Ldif configuration files
Configuration of databases
Accessing and modifying server configuration
Access control for configuration entries
Configuration of indexes
Changing configuration attributes
Modifying configuration entries using Ldap
Where
Core server configuration attributes reference
Configuration changes requiring server restart
1 cn=config
Nsslapd-accesslog Access log
Nsslapd-accesslog-logbuffering Log buffering
Nsslapd-accesslog-level Access log level
Nsslapd-accesslog-list List of access log files
Attribute values for enabling or disabling access logging
Valid Values
Nsslapd-accesslog-logging-enabled Access log enable logging
Default Value Syntax Directory String Example
Valid Range
EntryDN Cn=config Valid Range
Disk space allowed to the access log is unlimited in size
SyntaxDirectoryString Example
Syntax DirectoryString Example
Nsslapd-accesslog-logrotationtime Access log rotation time
Nsslapd-accesslog-maxlogsize Access log maximum log size
Nsslapd-accesslog-mode Access log file permission
SyntaxInteger Example
Nsslapd-attribute-name-exceptions
ValidRange Through Default Value 600 Syntax Integer Example
Default Value Off Syntax DirectoryString Example
Nsslapd-auditlog Audit log
Provides a list of audit log files
Nsslapd-auditlog-list
Attribute values for enabling or disabling audit logging
EntryDN
Turns audit logging on and off
Nsslapd-auditlog-logging-enabled Audit log enable logging
Entry DN Cn=config Valid Values
Disk space allowed to the audit log is unlimited in size
Valid Range Through Default Value
Syntax Integer Example Nsslapd-auditlog-logrotationsynchour
Nsslapd-auditlog-logrotationtime Audit log rotation time
Syntax Integer Example Nsslapd-auditlog-logrotationsyncmin
Time between audit log file rotation is unlimited
Nsslapd-auditlog-maxlogsize Audit log maximum log size
Nsslapd-auditlog-mode Audit log file permission
None Read only Execute only
Nsslapd-certmap-basedn Certificate map search base
Write access to the server user ID
Nsslapd-certdir Certificate and key database directory
Write only Read and write Write and execute
Nsslapd-conntablesize
Nsslapd-config
This read-only attribute is the config DN
Nsslapd-counters
Default Value Off Core server configuration reference
Nsslapd-ds4-compatible-schema
Default Value Syntax DirectoryString Example
Nsslapd-csnlogging
Nsslapd-errorlog Error log
Nsslapd-errorlog-level Error log level
Attribute values for enabling or disabling error logging
Nsslapd-errorlog-list
This read-only attribute provides a list of error log files
Nsslapd-errorlog-logging-enabled Enable error logging
Turns error logging on and off
Disk space allowed to the error log is unlimited in size
Nsslapd-errorlog-logrotationtime Error log rotation time
Time between error log file rotation is unlimited
Nsslapd-errorlog-maxlogsize Maximum error log size
Nsslapd-errorlog-mode Error log file permission
Nsslapd-idletimeout Default idle timeout
Nsslapd-groupevalnestlevel
Nsslapd-instancedir Instance directory
Nsslapd-ioblocktimeout IO block time out
Default Value Syntax Integer Example Nsslapd-idletimeout
Nsslapd-lastmod Track modification time
Nsslapd-ldapilisten Enable Ldapi socket
Nsslapd-ldapifilepath Ldapi socket file path
Nsslapd-listenhost Listen to IP address
Nsslapd-localuser Local user
Default Value SyntaxDirectoryString Example
Nsslapd-localhost Local host
Nsslapd-lockdir Server lock file directory
Nsslapd-maxbersize Maximum message size
Nsslapd-maxdescriptors Maximum file descriptors
Nsslapd-maxsasliosize Maximum Sasl packet size
Nsslapd-maxthreadsperconn Maximum threads per connection
Nsslapd-nagle
This attribute value is specified in bytes
Nsslapd-plugin
Nsslapd-outbound-ldap-io-timeout
Default Value Core server configuration reference
Nsslapd-port Port number
Nsslapd-readonly Read only
Nsslapd-referral Referral
But the request is for this entry
Nsslapd-referralmode Referral mode
Nsslapd-reservedescriptors Reserved file descriptors
Nsslapd-return-exact-case Return exact case
Nsslapd-rewrite-rfc1274
Nsslapd-rootpw Root password
Default Value Syntax
Nsslapd-rootdn Manager DN
Nsslapd-rootpwstoragescheme Root password storage scheme
Nsslapd-saslpath
Nsslapd-schemacheck Schema checking
Nsslapd-schemadir
Nsslapd-schemareplace
Nsslapd-securelistenhost
Nsslapd-securePort Encrypted port number
Nsslapd-security Security
Nsslapd-sizelimit Size limit
Default Value Syntax Integer Example Nsslapd-threadnumber
Nsslapd-threadnumber Thread number
Nsslapd-timelimit Time limit
Nsslapd-tmpdir
PasswordChange Password change
Indicates whether users may change their passwords
Nsslapd-versionstring
PasswordCheckSyntax Check password syntax
PasswordExp Password expiration
PasswordInHistory Number of passwords to remember
PasswordGraceLimit Password expiration
PasswordHistory Password history
Default Value Syntax Integer Example PasswordGraceLimit
PasswordIsGlobalPolicy Password policy and replication
PasswordLockout Account lockout
PasswordLockoutDuration Lockout duration
PasswordMaxRepeats Password syntax
PasswordMaxAge Password maximum age
PasswordMaxFailure Maximum password failures
Default Value Syntax Integer Example PasswordMaxFailure
PasswordMin8Bit Password syntax
PasswordMinAge Password minimum age
Default Value Syntax Integer Example PasswordMinAge
PasswordMinDigits Password syntax
PasswordMinAlphas Password syntax
PasswordMinCategories Password syntax
PasswordMinLength Password minimum length
PasswordMinLowers Password syntax
PasswordMinSpecials Password syntax
PasswordMinTokenLength Password syntax
PasswordMinUppers Password syntax
PasswordMustChange Password must change
PasswordStorageScheme Password storage scheme
PasswordUnlock Unlock account
PasswordWarning Send warning
2 cn=changelog5,cn=config
Nsslapd-changelogdir
Nsslapd-changelogmaxage Max changelog age
3 cn=encryption,cn=config
Nssslsessiontimeout
Nsslapd-changelogmaxentries Max changelog records
Nssslclientauth
Means disallow certificate-based authentication
Default Value Off Syntax DirectoryString Example Nsssl2 off
NsSSL2
Suffix configuration attributes under cn=suffixName
4 cn=features,cn=config
5 cn=mapping tree,cn=config
Nsssl3ciphers
Determines how the suffix handles operations
Nsslapd-state
Nsslapd-backend
To requests made by client applications
NsDS5Flags
NsDS5ReplicaBindDN
NsDS5ReplicaChangeCount
NsDS5ReplicaLegacyConsumer
NsDS5ReplicaPurgeDelay
NsDS5ReplicaId
NsDS5ReplicaName
NsDS5ReplicaReferral
NsDS5ReplicaRoot
NsDS5ReplicaTombstonePurgeInterval
NsDS5ReplicaType
NsDS5ReplicaReapActive
NsState
NsDS5ReplConflict
8.1 cn
Description
NsDS5ReplicaBindMethod
NsDS5ReplicaBusyWaitTime
NsDS5ReplicaCredentials
Schema
NsDS5ReplicaChangesSentSinceStartup
NsDS5ReplicaHost
NsDS5ReplicaLastInitStatus
NsDS5ReplicaLastInitEnd
NsDS5ReplicaLastInitStart
Time
NsDS5ReplicaLastUpdateStatus
NsDS5ReplicaLastUpdateEnd
NsDS5ReplicaLastUpdateStart
NsDS5ReplicaPort
Default Value SyntaxInteger ExamplensDS5ReplicaPort389
NsDS5ReplicaPriority
NsDS5BeginReplicaRefresh
NsDS5ReplicaSessionPauseTime
NsDS5ReplicaTimeout
Valid Range Default Value SyntaxDirectoryString Example
NsDS5ReplicatedAttributeList
NsDS5ReplicaUpdateInProgress
NsDS5ReplicaUpdateSchedule
NsDS5ReplicaTransportInfo
NsDS5ReplicaLastUpdateEnd
NsDS50ruv
Sunday
Nsds7DirectoryReplicaSubtree
Nsds7NewWinGroupSyncEnabled
Nsds7NewWinUserSyncEnabled
Nsds7DirsyncCookie
Nsds7WindowsReplicaSubtree
10 cn=monitor
Nsds7WindowsDomain
WinSyncInterval
Greenwich Mean Time
For example
Connection table
This is the number of completed operations
This attribute sets whether Snmp is enabled
12 cn=SNMP,cn=config
Nssnmpenabled
11 cn=replication
Nssnmpcontact
Nssnmporganization
Nssnmplocation
Nssnmpdescription
Nssnmpmasterport
Snmp statistic attributes
Nssnmpmasterhost
Snmp statistic attributes
14 cn=tasks,cn=config
Snmp statistic attributes
Task invocation attributes for entries under cn=tasks
Entry DN
14.2 cn=import,cn=tasks,cn=config
Default Value Syntax DirectoryString Example Ttl
NsFilename file1.ldif NsFilename file2.ldif
Default Value Syntax Integer Example NsImportChunkSize
14.3 cn=export,cn=tasks,cn=config
Valid Values Any DN Core server configuration reference
Syntax Case-insensitive string Example NsExportReplica true
Default Value Syntax DN, multi-valued Example
Syntax Case-insensitive string Example NsUseOneFile true
Syntax Case-insensitive string Example NsPrintKey false
Syntax Case-insensitive string Example NsNoWrap false
14.4 cn=backup,cn=tasks,cn=config
Syntax Case-insensitive string Example NsUseId2Entry true
Syntax Case-insensitive string Example NsDumpUniqId true
14.5 cn=restore,cn=tasks,cn=config
14.6 cn=index,cn=tasks,cn=config
Syntax Case-exact string Example
14.7 cn=schema reload task,cn=tasks,cn=config
NsIndexAttribute attributeindex1,index2
14.8 cn=memberof task,cn=tasks,cn=config
15 cn=uniqueid generator,cn=config
112
Server plug-in functionality reference
1 7-bit check plug-in
Server plug-in functionality reference
ACL plug-in
ACL preoperation plug-in
Attribute uniqueness plug-in
Binary syntax plug-in
Boolean syntax plug-in
Case exact string syntax plug-in
Plug-in Name Chaining Database DN of Configuration Entry
Description Syntax for handling DNs Configurable Options
Case ignore string syntax plug-in
Distinguished name syntax plug-in
Class of service plug-in
Country string syntax plug-in
Dependencies None Performance Related
Details of distributed numeric assignment plug-in
Distributed numeric assignment plug-in
Generalized time syntax plug-in
Plug-in Name
Http client plug-in
Internationalization plug-in
Legacy replication plug-in
Jpeg syntax plug-in
Ldbm database plug-in
Information Further Information
MemberOf plug-in
Multi-master replication plug-in
Details of MemberOf plug-in
Password Storage Schemes
Octet string syntax plug-in
OID syntax plug-in
Password storage plugins
Postal address string syntax plug-in
PTA plug-in
Referential integrity postoperation plug-in
Both presence and equality
Retro Changelog plug-in
Roles plug-in
Applications
Schema reload plug-in
Details of schema reload plug-in
Space insensitive string syntax plug-in
Views plug-in
Telephone syntax plug-in
URI syntax plug-in
Resource Locators
Nsslapd-pluginPath
List of attributes common to all plug-ins
Account policy plug-in
This attribute specifies the full path to the plug-in
Nsslapd-pluginType
Nsslapd-pluginEnabled
Nsslapd-pluginInitfunc
Nsslapd-pluginId
Nsslapd-pluginVendor
Attributes allowed by certain plug-ins
Nsslapd-pluginVersion
Nsslapd-pluginDescription
Nsslapd-pluginLoadGlobal
Nsslapd-plugin-depends-on-type
Nsslapd-plugin-depends-on-named
Database plug-in attributes
NsLookthroughLimit
Nsslapd-cache-autosize
Nsslapd-cache-autosize-split
Nsslapd-dbcachesize
Nsslapd-db-checkpoint-interval
Platforms
Nsslapd-db-debug
Default Value Database plug-in attributes
Nsslapd-db-circular-logging
Nsslapd-db-durable-transactions
Nsslapd-db-home-directory
Nsslapd-db-idl-divisor
Automatically adjusted to the minimum value
Nsslapd-db-logbuf-size
Nsslapd-db-logdirectory
Nsslapd-db-page-size
Valid Range Bytes to 64 kilobytes Default Value
Nsslapd-db-logfile-size
Nsslapd-db-private-import-mem
Nsslapd-db-spin-count
Nsslapd-db-transaction-batch-val
Nsslapd-db-trickle-percentage
Nsslapd-db-verbose
Nsslapd-dbncache
Nsslapd-idl-switch
Nsslapd-directory
Nsslapd-exclude-from-export
Nsslapd-idlistscanlimit
Nsslapd-import-cachesize
Nsslapd-import-cache-autosize
Nsslapd-mode
No access for other users
Default Value 600 Database plug-in attributes
Memory to importCache
Nsslapd-search-bypass-filter-test
Nsslapd-search-use-vlv-index
Nsslapd-serial-lock
Nsslapd-cachesize
Nsslapd-cachememsize
Nsslapd-readonly
Nsslapd-require-index
Nsslapd-suffix
Database plug-in attributes
5.1 cn
NsSystemIndex
This attribute provides the name of the attribute to index
NsIndexType
NsMatchingRule
NsSubStrBegin
Indexed attribute representing a subentry
NsSubStrEnd
NsSubStrMiddle
Encrypted attributes under the cn=config node
NsActiveChainingComponents
Database link plug-in attributes chaining attributes
NsEncryptionAlgorithm
Database link plug-in attributes chaining attributes
NsMaxResponseDelay
NsMaxTestResponseDelay
Nspossiblechainingcomponents
NsTransmittedControls
NsAbandonedSearchCheckInterval
NsBindConnectionsLimit
NsBindRetryLimit
NsBindTimeout
Default Value Syntax Integer Example
NsCheckLocalACI
NsConnectionLife
NsConcurrentBindLimit
NsConcurrentOperationsLimit
NsOperationConnectionsLimit
NsProxiedAuthorization
NsReferralOnScopedSearch
NsSizeLimit
NsTimeLimit
NsBindMechanism
NsFarmServerURL
NsMultiplexorBindDN
Valid Values Empty
Nshoplimit
Encryption schema
NsMultiplexorCredentials
NsUseStartTLS
Retro changelog plug-in attributes
Nsslapd-changelogdir
DnaFilter
Distributed numeric assignment plug-in attributes
Nsslapd-changelogmaxage Max changelog age
DnaMagicRegen
DnaMaxValue
DnaNextRange
DnaNextValue
DnaPrefix
DnaRangeRequestTimeout
Default Value Syntax Integer Example DnaNextValue
Bit systems
DnaScope
DnaSharedCfgDN
DnaThreshold
Memberofattr
MemberOf plug-in attributes
DnaType
Memberofgroupattr
Account policy plug-in attributes
Overview of Directory Server files
Backup files
Configuration files
Database files
Used internally by the database and should not be moved
Setup-ds-admin.plscript is run
At setup for example, dc=example,dc=com
Deleted, or modified in any way
Log files
Ldif files
Lock files
PID files
Tools
Scripts
Access log reference
Access logging levels
Connection number
Default access logging content
Example 5-1 Example access log
File descriptor
Operation number
Error number
Slot number
Method type
Number of entries
Elapsed time
Ldap request type
VLV-related entries
Unindexed search indicator
Ldap response type
Search scope
Abandon message
Extended operation OID
Change sequence number
LDAPv3 extended operations supported by Directory Server
Access log content for additional access logging levels
Message ID
Sasl multi-stage bind logging
Common connection codes
Connection description
Options description
Error log levels
Error log reference
Error log logging levels
Common connection codes
Error log content
Error log levels
Error log content for other log levels
Example 5-3 Error log excerpt
Example 5-4 Replication error log entry
Into pending list
Timestamp Pluginname message Timestamp function message
Example 5-6 Config file processing log entry
Example 5-7 Access control summary logging
Audit log reference
Audit log does not have any other log level to set
Example 5-8 Audit log content
Ldap result codes
Ldap result codes
Referral Ldap
Adminlimitexceeded Ldap
Ldap result codes
Ldap
Command-line utilities quick reference
Finding and executing command-line utilities
Using special characters
Commonly-used command-line utilities
Commonly-used ldapsearch options
Ldapsearch
Ldapsearch syntax
Ldapsearch syntax
Commonly-used ldapsearch options
Commonly-used ldapsearch options
Persistent search options
Ldapsearch SSL options
Persistent search options
Ldapsearch Sasl options
Additional SSL ldapsearch options
Sasl options
Description of CRAM-MD5 mechanism options
Do not permit mechanisms susceptible to active attacks
Do not permit mechanisms that allow anonymous access
Description of CRAM-MD5 mechanism options
Require forward secrecy
Maxbufsize
Description of DIGEST-MD5 Sasl mechanism options
Required Mech=DIGEST-MD5 Gives the Sasl Mechanism
Following UID. For example
Additional ldapsearch options
Description of Gssapi Sasl mechanism options
10 Additional ldapsearch options
10 Additional ldapsearch options
Commonly-used ldapmodify options
Ldapmodify
Ldapmodify syntax
11 Commonly-used ldapmodify options
Ldapmodify SSL options
11 Commonly-used ldapmodify options
12 ldapmodify SSL options
Ldapmodify Sasl options
12 ldapmodify SSL options
13 Sasl options
Ldapdelete
Additional ldapmodify options
14 Additional ldapmodify options
Ldapdelete SSL options
Ldapdelete syntax
Commonly-used ldapdelete options
15 Commonly-used ldapdelete options
Ldapdelete Sasl options
16 ldapdelete SSL options
17 Sasl options
Ldappasswd syntax
Ldappasswd
Additional ldapdelete options
18 Additional ldapdelete options
19 ldappasswd-specific options
Ldappasswd-specific options
General ldappasswd options
20 General ldappasswd options
Ldappasswd Sasl options
20 General ldappasswd options
Ldappasswd examples
21 Sasl options
Six values
Ldif
Example 6-2 Directory Manager generating a users password
Example 6-3 User changing his own password
Ldif
Ldif syntax
Ldif command has the following format
Dbscan
Ldif options
23 Common options
Dbscan options
Dbscan examples
24 Entry file options
Example 6-14 Dumping the index file uid.db4 with raw mode
Example 6-8 Displaying VLV index file contents
Example 6-13 Displaying the changelog file contents
Example 6-7 Dumping the entry file
Saveconfig
Finding and executing command-line scripts
Command-line scripts quick reference
Shell scripts in /opt/dirsrv/slapd-instancename
Scripts in /opt/dirsrv/bin
Shell scripts
Perl scripts in /opt/dirsrv/slapd-instancename
This section covers the following scripts
Syntax
1 bak2db Restores a database from backup
Cl-dump Dumps and decodes the changelog
Bak2db options
Options
Dbverify Checks for corrupt databases
Cl-dump options
Dbverify options
4 db2bak Creates a backup of a database
5 db2ldif Exports database contents to Ldif
Reindex cn and givenname in the database instance userRoot
6 db2index Reindexes database index files
Ldif2db Import
Db2index options
Ldif2db options
Pwdhash Prints encrypted passwords
Ldif2ldap Performs import operation over Ldap
10 ldif2ldap options
11 pwdhash options
Monitor Retrieves monitoring information
Repl-monitor Monitors replication status
Syntax monitor
Hostportbinddnbindpwdbindcert
Restoreconfig Restores Administration Server configuration
Saveconfig Saves Administration Server configuration
Restart-slapd Restarts the Directory Server
Suffix2instance Maps a suffix to a backend name
Start-slapd Starts the Directory Server
Stop-slapd Stops the Directory Server
Vlvindex Creates virtual list view indexes
Perl scripts
1 bak2db.pl Restores a database from backup
Restores a database from a backup
Options Either the -nor the -soption must be specified
Creates a backup of the database
3 db2bak.pl Creates a backup of a database
19 cl-dump.pl command options
Cl-dump.pl Dumps and decodes the changelog
5 db2ldif.pl Exports database contents to Ldif
4 db2index.pl Creates and generates indexes
Fixup-memberof.pl Regenerate memberOf attributes
22 db2ldif.pl options
Ldif2db.pl Import
23 fixup-memberof.pl options
24 ldif2db.pl options
25 Information extracted from access logs
Logconv.pl Log converter
24 ldif2db.pl options
26 logconv.pl options
Ns-accountstatus.pl Establishes account status
27 logconv.pl options to display occurrences
28 ns-accountstatus.pl options
Activates an entry or group of entries
Ns-activate.pl Activates an entry or group of entries
Ns-inactivate.pl Inactivates an entry or group of entries
29 ns-activate.pl options
Shows in-progress status of replication
Repl-monitor.pl Monitors replication status
31 ns-newpwdpolicy.pl options
32 repl-monitor.pl options
Where
Schemadirectory script uses the default schema directory
Schema-reload.pl Reload schema files dynamically
33 schema-reload.pl options
Verify-db.pl Check for corrupt databases
Command, then it uses the default database directory
34 verify-db.pl option
Usage information
Information to collect before contacting HP
How to contact HP technical support
Contacting HP
HP authorized resellers
Related information
HP-UX Directory Server documentation set
Support and other resources
HP-UX documentation set
Troubleshooting resources
Typographic conventions
This document uses the following typographical conventions
TIP
Overview of ns-slapd
Finding and executing the ns-slapd command-line utilities
Exports the contents of the database to Ldif
Utilities for exporting databases db2ldif
Imports Ldif files to the database
Utilities for restoring and backing up databases ldif2db
Table A-1 db2ldif options
Table A-2 ldif2db options
Utilities for restoring and backing up databases archive2db
Utilities for restoring and backing up databases db2archive
Utilities for creating and regenerating indexes db2index
Table A-5 db2index options
Glossary
247
Bind rule
Glossary
CoS definition
249
GSS-API
Ldap
251
NIS
Proxy
253
Sasl
Superuser
255
256
Symbols
Statistics for monitoring and optimizing directory
257
Suffix and replication configuration entries
Read-only monitoring configuration entries
259
Index
Database link plug-in configuration attributes
261
Distributed numeric assignment plug-in configuration
Ldap
263
NsDS5ReplicaChangesSentSinceStartup attribute
265
Page
267
Index
269
Index
271
