HP-UX Directory Server Version
Page
Table of Contents
Table of Contents
Table of Contents
Nsslapd-state Nsslapd-backend
3.3
3.4
Nsssl3ciphers
113
Nsslapd-idl-switch
Password Storage Schemes
Schema reload plug-in
Nsslapd-pluginEnabled
NsMaxTestResponseDelay
Cn=userRoot, cn=ldbm database, cn=plugins, cn=config
Cn=ldbm database, cn=plugins, cn=config
NsMaxResponseDelay
173
169
189
239
Finding and executing command-line scripts 215
215
257
243
247
Page
Directory Server instance file reference
Directory Server configuration
Using Directory Server command-line utilities
Directory Server configuration
Introduction
Using Directory Server command-line scripts
Ldif and schema configuration files
Overview of the Directory Server configuration
Directory Server Ldif configuration files
Directory Server Ldif configuration files
How the server configuration is organized
Configuration attributes
Configuration of plug-in functionality
Configuration of indexes
Accessing and modifying server configuration
Access control for configuration entries
Configuration of databases
Where
Changing configuration attributes
Modifying configuration entries using Ldap
Configuration changes requiring server restart
Core server configuration attributes reference
Nsslapd-accesslog Access log
1 cn=config
Attribute values for enabling or disabling access logging
Nsslapd-accesslog-level Access log level
Nsslapd-accesslog-list List of access log files
Nsslapd-accesslog-logbuffering Log buffering
Valid Range
Nsslapd-accesslog-logging-enabled Access log enable logging
Default Value Syntax Directory String Example
Valid Values
SyntaxDirectoryString Example
EntryDN Cn=config Valid Range
Disk space allowed to the access log is unlimited in size
Syntax DirectoryString Example
Nsslapd-accesslog-maxlogsize Access log maximum log size
Nsslapd-accesslog-logrotationtime Access log rotation time
SyntaxInteger Example
Nsslapd-accesslog-mode Access log file permission
Nsslapd-auditlog Audit log
ValidRange Through Default Value 600 Syntax Integer Example
Default Value Off Syntax DirectoryString Example
Nsslapd-attribute-name-exceptions
EntryDN
Nsslapd-auditlog-list
Attribute values for enabling or disabling audit logging
Provides a list of audit log files
Disk space allowed to the audit log is unlimited in size
Nsslapd-auditlog-logging-enabled Audit log enable logging
Entry DN Cn=config Valid Values
Turns audit logging on and off
Syntax Integer Example Nsslapd-auditlog-logrotationsynchour
Valid Range Through Default Value
Time between audit log file rotation is unlimited
Nsslapd-auditlog-logrotationtime Audit log rotation time
Syntax Integer Example Nsslapd-auditlog-logrotationsyncmin
None Read only Execute only
Nsslapd-auditlog-maxlogsize Audit log maximum log size
Nsslapd-auditlog-mode Audit log file permission
Write only Read and write Write and execute
Write access to the server user ID
Nsslapd-certdir Certificate and key database directory
Nsslapd-certmap-basedn Certificate map search base
Nsslapd-counters
Nsslapd-config
This read-only attribute is the config DN
Nsslapd-conntablesize
Nsslapd-csnlogging
Nsslapd-ds4-compatible-schema
Default Value Syntax DirectoryString Example
Default Value Off Core server configuration reference
Attribute values for enabling or disabling error logging
Nsslapd-errorlog Error log
Nsslapd-errorlog-level Error log level
This read-only attribute provides a list of error log files
Nsslapd-errorlog-list
Turns error logging on and off
Nsslapd-errorlog-logging-enabled Enable error logging
Disk space allowed to the error log is unlimited in size
Time between error log file rotation is unlimited
Nsslapd-errorlog-logrotationtime Error log rotation time
Nsslapd-errorlog-maxlogsize Maximum error log size
Nsslapd-groupevalnestlevel
Nsslapd-errorlog-mode Error log file permission
Nsslapd-idletimeout Default idle timeout
Nsslapd-lastmod Track modification time
Nsslapd-ioblocktimeout IO block time out
Default Value Syntax Integer Example Nsslapd-idletimeout
Nsslapd-instancedir Instance directory
Nsslapd-listenhost Listen to IP address
Nsslapd-ldapilisten Enable Ldapi socket
Nsslapd-ldapifilepath Ldapi socket file path
Nsslapd-lockdir Server lock file directory
Default Value SyntaxDirectoryString Example
Nsslapd-localhost Local host
Nsslapd-localuser Local user
Nsslapd-maxdescriptors Maximum file descriptors
Nsslapd-maxbersize Maximum message size
Nsslapd-maxsasliosize Maximum Sasl packet size
This attribute value is specified in bytes
Nsslapd-maxthreadsperconn Maximum threads per connection
Nsslapd-nagle
Nsslapd-port Port number
Nsslapd-outbound-ldap-io-timeout
Default Value Core server configuration reference
Nsslapd-plugin
But the request is for this entry
Nsslapd-readonly Read only
Nsslapd-referral Referral
Nsslapd-reservedescriptors Reserved file descriptors
Nsslapd-referralmode Referral mode
Nsslapd-rewrite-rfc1274
Nsslapd-return-exact-case Return exact case
Nsslapd-rootdn Manager DN
Nsslapd-rootpw Root password
Default Value Syntax
Nsslapd-saslpath
Nsslapd-rootpwstoragescheme Root password storage scheme
Nsslapd-schemadir
Nsslapd-schemacheck Schema checking
Nsslapd-securePort Encrypted port number
Nsslapd-schemareplace
Nsslapd-securelistenhost
Nsslapd-sizelimit Size limit
Nsslapd-security Security
Nsslapd-timelimit Time limit
Default Value Syntax Integer Example Nsslapd-threadnumber
Nsslapd-threadnumber Thread number
Nsslapd-versionstring
PasswordChange Password change
Indicates whether users may change their passwords
Nsslapd-tmpdir
PasswordExp Password expiration
PasswordCheckSyntax Check password syntax
Default Value Syntax Integer Example PasswordGraceLimit
PasswordGraceLimit Password expiration
PasswordHistory Password history
PasswordInHistory Number of passwords to remember
PasswordLockoutDuration Lockout duration
PasswordIsGlobalPolicy Password policy and replication
PasswordLockout Account lockout
Default Value Syntax Integer Example PasswordMaxFailure
PasswordMaxAge Password maximum age
PasswordMaxFailure Maximum password failures
PasswordMaxRepeats Password syntax
Default Value Syntax Integer Example PasswordMinAge
PasswordMin8Bit Password syntax
PasswordMinAge Password minimum age
PasswordMinLength Password minimum length
PasswordMinAlphas Password syntax
PasswordMinCategories Password syntax
PasswordMinDigits Password syntax
PasswordMinTokenLength Password syntax
PasswordMinLowers Password syntax
PasswordMinSpecials Password syntax
PasswordStorageScheme Password storage scheme
PasswordMinUppers Password syntax
PasswordMustChange Password must change
PasswordWarning Send warning
PasswordUnlock Unlock account
Nsslapd-changelogdir
2 cn=changelog5,cn=config
Nsslapd-changelogmaxentries Max changelog records
3 cn=encryption,cn=config
Nssslsessiontimeout
Nsslapd-changelogmaxage Max changelog age
NsSSL2
Means disallow certificate-based authentication
Default Value Off Syntax DirectoryString Example Nsssl2 off
Nssslclientauth
Nsssl3ciphers
4 cn=features,cn=config
5 cn=mapping tree,cn=config
Suffix configuration attributes under cn=suffixName
To requests made by client applications
Nsslapd-state
Nsslapd-backend
Determines how the suffix handles operations
NsDS5ReplicaChangeCount
NsDS5Flags
NsDS5ReplicaBindDN
NsDS5ReplicaName
NsDS5ReplicaPurgeDelay
NsDS5ReplicaId
NsDS5ReplicaLegacyConsumer
NsDS5ReplicaTombstonePurgeInterval
NsDS5ReplicaReferral
NsDS5ReplicaRoot
NsState
NsDS5ReplicaType
NsDS5ReplicaReapActive
Description
NsDS5ReplConflict
8.1 cn
NsDS5ReplicaBusyWaitTime
NsDS5ReplicaBindMethod
NsDS5ReplicaHost
Schema
NsDS5ReplicaChangesSentSinceStartup
NsDS5ReplicaCredentials
Time
NsDS5ReplicaLastInitEnd
NsDS5ReplicaLastInitStart
NsDS5ReplicaLastInitStatus
NsDS5ReplicaPort
NsDS5ReplicaLastUpdateEnd
NsDS5ReplicaLastUpdateStart
NsDS5ReplicaLastUpdateStatus
NsDS5ReplicaPriority
Default Value SyntaxInteger ExamplensDS5ReplicaPort389
NsDS5ReplicaSessionPauseTime
NsDS5BeginReplicaRefresh
NsDS5ReplicatedAttributeList
NsDS5ReplicaTimeout
Valid Range Default Value SyntaxDirectoryString Example
NsDS5ReplicaTransportInfo
NsDS5ReplicaUpdateInProgress
NsDS5ReplicaUpdateSchedule
Sunday
NsDS5ReplicaLastUpdateEnd
NsDS50ruv
Nsds7DirsyncCookie
Nsds7NewWinGroupSyncEnabled
Nsds7NewWinUserSyncEnabled
Nsds7DirectoryReplicaSubtree
WinSyncInterval
10 cn=monitor
Nsds7WindowsDomain
Nsds7WindowsReplicaSubtree
This is the number of completed operations
For example
Connection table
Greenwich Mean Time
11 cn=replication
12 cn=SNMP,cn=config
Nssnmpenabled
This attribute sets whether Snmp is enabled
Nssnmpdescription
Nssnmporganization
Nssnmplocation
Nssnmpcontact
Snmp statistic attributes
Snmp statistic attributes
Nssnmpmasterhost
Nssnmpmasterport
Snmp statistic attributes
14 cn=tasks,cn=config
Task invocation attributes for entries under cn=tasks
Entry DN
Default Value Syntax DirectoryString Example Ttl
14.2 cn=import,cn=tasks,cn=config
NsFilename file1.ldif NsFilename file2.ldif
Default Value Syntax Integer Example NsImportChunkSize
14.3 cn=export,cn=tasks,cn=config
Valid Values Any DN Core server configuration reference
Syntax Case-insensitive string Example NsPrintKey false
Default Value Syntax DN, multi-valued Example
Syntax Case-insensitive string Example NsUseOneFile true
Syntax Case-insensitive string Example NsExportReplica true
Syntax Case-insensitive string Example NsDumpUniqId true
14.4 cn=backup,cn=tasks,cn=config
Syntax Case-insensitive string Example NsUseId2Entry true
Syntax Case-insensitive string Example NsNoWrap false
14.5 cn=restore,cn=tasks,cn=config
Syntax Case-exact string Example
14.6 cn=index,cn=tasks,cn=config
NsIndexAttribute attributeindex1,index2
14.7 cn=schema reload task,cn=tasks,cn=config
14.8 cn=memberof task,cn=tasks,cn=config
15 cn=uniqueid generator,cn=config
112
Server plug-in functionality reference
Server plug-in functionality reference
1 7-bit check plug-in
Attribute uniqueness plug-in
ACL plug-in
ACL preoperation plug-in
Boolean syntax plug-in
Binary syntax plug-in
Case ignore string syntax plug-in
Plug-in Name Chaining Database DN of Configuration Entry
Description Syntax for handling DNs Configurable Options
Case exact string syntax plug-in
Dependencies None Performance Related
Class of service plug-in
Country string syntax plug-in
Distinguished name syntax plug-in
Plug-in Name
Distributed numeric assignment plug-in
Generalized time syntax plug-in
Details of distributed numeric assignment plug-in
Internationalization plug-in
Http client plug-in
Information Further Information
Jpeg syntax plug-in
Ldbm database plug-in
Legacy replication plug-in
Details of MemberOf plug-in
MemberOf plug-in
Multi-master replication plug-in
OID syntax plug-in
Password Storage Schemes
Octet string syntax plug-in
Postal address string syntax plug-in
Password storage plugins
Referential integrity postoperation plug-in
PTA plug-in
Applications
Retro Changelog plug-in
Roles plug-in
Both presence and equality
Space insensitive string syntax plug-in
Schema reload plug-in
Details of schema reload plug-in
Resource Locators
Telephone syntax plug-in
URI syntax plug-in
Views plug-in
This attribute specifies the full path to the plug-in
List of attributes common to all plug-ins
Account policy plug-in
Nsslapd-pluginPath
Nsslapd-pluginId
Nsslapd-pluginEnabled
Nsslapd-pluginInitfunc
Nsslapd-pluginType
Nsslapd-pluginDescription
Attributes allowed by certain plug-ins
Nsslapd-pluginVersion
Nsslapd-pluginVendor
Nsslapd-plugin-depends-on-named
Nsslapd-pluginLoadGlobal
Nsslapd-plugin-depends-on-type
NsLookthroughLimit
Database plug-in attributes
Nsslapd-cache-autosize-split
Nsslapd-cache-autosize
Platforms
Nsslapd-dbcachesize
Nsslapd-db-checkpoint-interval
Nsslapd-db-durable-transactions
Default Value Database plug-in attributes
Nsslapd-db-circular-logging
Nsslapd-db-debug
Nsslapd-db-idl-divisor
Nsslapd-db-home-directory
Nsslapd-db-logdirectory
Automatically adjusted to the minimum value
Nsslapd-db-logbuf-size
Nsslapd-db-private-import-mem
Valid Range Bytes to 64 kilobytes Default Value
Nsslapd-db-logfile-size
Nsslapd-db-page-size
Nsslapd-db-transaction-batch-val
Nsslapd-db-spin-count
Nsslapd-dbncache
Nsslapd-db-trickle-percentage
Nsslapd-db-verbose
Nsslapd-exclude-from-export
Nsslapd-idl-switch
Nsslapd-directory
Nsslapd-import-cache-autosize
Nsslapd-idlistscanlimit
Nsslapd-import-cachesize
Memory to importCache
No access for other users
Default Value 600 Database plug-in attributes
Nsslapd-mode
Nsslapd-serial-lock
Nsslapd-search-bypass-filter-test
Nsslapd-search-use-vlv-index
Nsslapd-cachememsize
Nsslapd-cachesize
Nsslapd-suffix
Nsslapd-readonly
Nsslapd-require-index
Database plug-in attributes
This attribute provides the name of the attribute to index
5.1 cn
NsSystemIndex
NsMatchingRule
NsIndexType
Indexed attribute representing a subentry
NsSubStrBegin
NsSubStrMiddle
NsSubStrEnd
Encrypted attributes under the cn=config node
Database link plug-in attributes chaining attributes
Database link plug-in attributes chaining attributes
NsEncryptionAlgorithm
NsActiveChainingComponents
Nspossiblechainingcomponents
NsMaxResponseDelay
NsMaxTestResponseDelay
NsBindConnectionsLimit
NsTransmittedControls
NsAbandonedSearchCheckInterval
NsCheckLocalACI
NsBindTimeout
Default Value Syntax Integer Example
NsBindRetryLimit
NsOperationConnectionsLimit
NsConcurrentBindLimit
NsConcurrentOperationsLimit
NsConnectionLife
NsSizeLimit
NsProxiedAuthorization
NsReferralOnScopedSearch
NsBindMechanism
NsTimeLimit
Valid Values Empty
NsFarmServerURL
NsMultiplexorBindDN
NsUseStartTLS
Encryption schema
NsMultiplexorCredentials
Nshoplimit
Nsslapd-changelogdir
Retro changelog plug-in attributes
DnaMagicRegen
Distributed numeric assignment plug-in attributes
Nsslapd-changelogmaxage Max changelog age
DnaFilter
DnaNextValue
DnaMaxValue
DnaNextRange
Bit systems
DnaRangeRequestTimeout
Default Value Syntax Integer Example DnaNextValue
DnaPrefix
DnaThreshold
DnaScope
DnaSharedCfgDN
Memberofgroupattr
MemberOf plug-in attributes
DnaType
Memberofattr
Account policy plug-in attributes
Database files
Backup files
Configuration files
Overview of Directory Server files
Deleted, or modified in any way
Setup-ds-admin.plscript is run
At setup for example, dc=example,dc=com
Used internally by the database and should not be moved
PID files
Ldif files
Lock files
Log files
Scripts
Tools
Access logging levels
Access log reference
File descriptor
Default access logging content
Example 5-1 Example access log
Connection number
Method type
Error number
Slot number
Operation number
Ldap request type
Number of entries
Elapsed time
Search scope
Unindexed search indicator
Ldap response type
VLV-related entries
LDAPv3 extended operations supported by Directory Server
Extended operation OID
Change sequence number
Abandon message
Sasl multi-stage bind logging
Access log content for additional access logging levels
Message ID
Options description
Common connection codes
Connection description
Common connection codes
Error log reference
Error log logging levels
Error log levels
Error log levels
Error log content
Example 5-3 Error log excerpt
Error log content for other log levels
Into pending list
Example 5-4 Replication error log entry
Timestamp Pluginname message Timestamp function message
Audit log reference
Example 5-6 Config file processing log entry
Example 5-7 Access control summary logging
Ldap result codes
Example 5-8 Audit log content
Ldap result codes
Audit log does not have any other log level to set
Ldap
Adminlimitexceeded Ldap
Ldap result codes
Referral Ldap
Commonly-used command-line utilities
Finding and executing command-line utilities
Using special characters
Command-line utilities quick reference
Ldapsearch syntax
Ldapsearch
Ldapsearch syntax
Commonly-used ldapsearch options
Commonly-used ldapsearch options
Persistent search options
Persistent search options
Ldapsearch SSL options
Commonly-used ldapsearch options
Additional SSL ldapsearch options
Ldapsearch Sasl options
Sasl options
Description of CRAM-MD5 mechanism options
Require forward secrecy
Do not permit mechanisms that allow anonymous access
Description of CRAM-MD5 mechanism options
Do not permit mechanisms susceptible to active attacks
Maxbufsize
Following UID. For example
Description of DIGEST-MD5 Sasl mechanism options
Required Mech=DIGEST-MD5 Gives the Sasl Mechanism
10 Additional ldapsearch options
Additional ldapsearch options
Description of Gssapi Sasl mechanism options
10 Additional ldapsearch options
11 Commonly-used ldapmodify options
Ldapmodify
Ldapmodify syntax
Commonly-used ldapmodify options
12 ldapmodify SSL options
Ldapmodify SSL options
11 Commonly-used ldapmodify options
13 Sasl options
Ldapmodify Sasl options
12 ldapmodify SSL options
14 Additional ldapmodify options
Ldapdelete
Additional ldapmodify options
15 Commonly-used ldapdelete options
Ldapdelete syntax
Commonly-used ldapdelete options
Ldapdelete SSL options
17 Sasl options
Ldapdelete Sasl options
16 ldapdelete SSL options
18 Additional ldapdelete options
Ldappasswd
Additional ldapdelete options
Ldappasswd syntax
20 General ldappasswd options
Ldappasswd-specific options
General ldappasswd options
19 ldappasswd-specific options
20 General ldappasswd options
Ldappasswd Sasl options
Six values
Ldappasswd examples
21 Sasl options
Ldif
Example 6-2 Directory Manager generating a users password
Example 6-3 User changing his own password
Ldif
Ldif options
Ldif command has the following format
Dbscan
Ldif syntax
24 Entry file options
Dbscan options
Dbscan examples
23 Common options
Example 6-7 Dumping the entry file
Example 6-8 Displaying VLV index file contents
Example 6-13 Displaying the changelog file contents
Example 6-14 Dumping the index file uid.db4 with raw mode
Shell scripts in /opt/dirsrv/slapd-instancename
Finding and executing command-line scripts
Command-line scripts quick reference
Saveconfig
This section covers the following scripts
Shell scripts
Perl scripts in /opt/dirsrv/slapd-instancename
Scripts in /opt/dirsrv/bin
Bak2db options
1 bak2db Restores a database from backup
Cl-dump Dumps and decodes the changelog
Syntax
Dbverify options
Dbverify Checks for corrupt databases
Cl-dump options
Options
5 db2ldif Exports database contents to Ldif
4 db2bak Creates a backup of a database
Db2index options
6 db2index Reindexes database index files
Ldif2db Import
Reindex cn and givenname in the database instance userRoot
10 ldif2ldap options
Pwdhash Prints encrypted passwords
Ldif2ldap Performs import operation over Ldap
Ldif2db options
Syntax monitor
Monitor Retrieves monitoring information
Repl-monitor Monitors replication status
11 pwdhash options
Hostportbinddnbindpwdbindcert
Restart-slapd Restarts the Directory Server
Restoreconfig Restores Administration Server configuration
Saveconfig Saves Administration Server configuration
Vlvindex Creates virtual list view indexes
Start-slapd Starts the Directory Server
Stop-slapd Stops the Directory Server
Suffix2instance Maps a suffix to a backend name
Options Either the -nor the -soption must be specified
1 bak2db.pl Restores a database from backup
Restores a database from a backup
Perl scripts
Cl-dump.pl Dumps and decodes the changelog
3 db2bak.pl Creates a backup of a database
19 cl-dump.pl command options
Creates a backup of the database
4 db2index.pl Creates and generates indexes
5 db2ldif.pl Exports database contents to Ldif
22 db2ldif.pl options
Fixup-memberof.pl Regenerate memberOf attributes
24 ldif2db.pl options
Ldif2db.pl Import
23 fixup-memberof.pl options
24 ldif2db.pl options
25 Information extracted from access logs
Logconv.pl Log converter
26 logconv.pl options
28 ns-accountstatus.pl options
Ns-accountstatus.pl Establishes account status
27 logconv.pl options to display occurrences
29 ns-activate.pl options
Ns-activate.pl Activates an entry or group of entries
Ns-inactivate.pl Inactivates an entry or group of entries
Activates an entry or group of entries
32 repl-monitor.pl options
Repl-monitor.pl Monitors replication status
31 ns-newpwdpolicy.pl options
Shows in-progress status of replication
Where
Verify-db.pl Check for corrupt databases
Schema-reload.pl Reload schema files dynamically
33 schema-reload.pl options
Schemadirectory script uses the default schema directory
Usage information
Command, then it uses the default database directory
34 verify-db.pl option
HP authorized resellers
How to contact HP technical support
Contacting HP
Information to collect before contacting HP
Support and other resources
Related information
HP-UX Directory Server documentation set
This document uses the following typographical conventions
Troubleshooting resources
Typographic conventions
HP-UX documentation set
TIP
Utilities for exporting databases db2ldif
Finding and executing the ns-slapd command-line utilities
Exports the contents of the database to Ldif
Overview of ns-slapd
Table A-2 ldif2db options
Utilities for restoring and backing up databases ldif2db
Table A-1 db2ldif options
Imports Ldif files to the database
Utilities for creating and regenerating indexes db2index
Utilities for restoring and backing up databases archive2db
Utilities for restoring and backing up databases db2archive
Table A-5 db2index options
247
Glossary
Glossary
Bind rule
249
CoS definition
GSS-API
251
Ldap
NIS
253
Proxy
Sasl
255
Superuser
256
257
Symbols
Statistics for monitoring and optimizing directory
Read-only monitoring configuration entries
Suffix and replication configuration entries
259
Index
261
Database link plug-in configuration attributes
Distributed numeric assignment plug-in configuration
263
Ldap
NsDS5ReplicaChangesSentSinceStartup attribute
265
Page
267
Index
269
Index
271