Manuals database logo
manualsdatabase
Your AI-powered manual search engine

Netscape NETSCAPE DIRECTORY SERVER 6.01 manuals

NETSCAPE DIRECTORY SERVER 6.01 first page preview

NETSCAPE DIRECTORY SERVER 6.01

Brand: Netscape | Category: Server
Table of contents
  1. installation guide
  2. Table Of Contents
  3. Table Of Contents
  4. Table Of Contents
  5. About This Guide
  6. Conventions Used In This Guide
  7. Related Information
  8. preparing for a directory server installation
  9. Configuration Decisions
  10. Choosing Unique Port Numbers
  11. Deciding the User and Group for Your Netscape Servers (UNIX only)
  12. Defining Authentication Entities
  13. Determining Your Directory Suffix
  14. Determining the Location of the User Directory
  15. Determining the Administration Domain
  16. Installation Process Overview
  17. Upgrade Process
  18. Supported Platforms
  19. Hardware Requirements
  20. dsktune Utility
  21. Verifying Disk Space
  22. Tuning the System
  23. Setting File Descriptors
  24. Windows NT 4.0 Server
  25. Verifying Required System Modules
  26. Installing Third-Party Utilities
  27. Ensuring System Clock Accuracy
  28. Configuring the System Post Installation
  29. Windows 2000 Server and Advanced Server
  30. Installing Windows 2000 Server
  31. Installing Windows Service Packs and Hotfixes
  32. HP-UX 11.0 Operating System
  33. DNS and NIS Requirements (UNIX only)
  34. using express and typical installation
  35. Using Typical Installation
  36. silent installation
  37. Preparing Silent Installation Files
  38. A Typical Installation
  39. Using an Existing Configuration Directory
  40. Installing the Stand-Alone Netscape Console
  41. Silent Installation File Format
  42. General] Installation Directives
  43. Base] Installation Directives
  44. slapd] Installation Directives
  45. Optional [slapd] Installation Directives
  46. admin] Installation Directives
  47. Chapter 5 Post Installation
  48. populating the directory tree
  49. Migration Overview
  50. Migration Prerequisites
  51. Identifying Custom Schema
  52. Migration Procedure
  53. Migrating a Replicated Site
  54. Approach
  55. Running dsktune
  56. Common Installation Problems
  57. Glossary
NETSCAPE DIRECTORY SERVER 6.01 first page preview

NETSCAPE DIRECTORY SERVER 6.01

Brand: Netscape | Category: Server
Table of contents
  1. Table Of Contents
  2. Table Of Contents
  3. Table Of Contents
  4. Table Of Contents
  5. Table Of Contents
  6. Table Of Contents
  7. About This Guide
  8. Directory Server Overview
  9. Conventions Used in This Guide
  10. introduction to directory server
  11. About Global Directory Services
  12. About LDAP
  13. Overview of Directory Server Architecture
  14. Overview of the Basic Directory Tree
  15. Directory Server Data Storage
  16. About Directory Entries
  17. Distributing Directory Data
  18. Design Process Outline
  19. Deploying Your Directory
  20. Other General Directory Resources
  21. introduction to directory data
  22. What Your Directory Might Include
  23. What Your Directory Should Not Include
  24. Performing a Site Survey
  25. Identifying the Applications that Use Your Directory
  26. Identifying Data Sources
  27. Characterizing Your Directory Data
  28. Determining Level of Service
  29. Data Mastering for Replication
  30. Determining Data Ownership
  31. Determining Data Access
  32. Documenting Your Site Survey
  33. Repeating the Site Survey
  34. Schema Design Process Overview
  35. Netscape Standard Schema
  36. Standard Attributes
  37. Standard Object Classes
  38. Mapping Your Data to the Default Schema
  39. Matching Data to Schema Elements
  40. Customizing the Schema
  41. When to Extend Your Schema
  42. Naming Attribute and Object Classes
  43. Strategies for Defining New Attributes
  44. Creating Custom Schema Files
  45. Custom Schema Best Practices
  46. Maintaining Consistent Schema
  47. Schema Checking
  48. Maintaining Consistency in Replicated Schema
  49. Other Schema Resources
  50. Introduction to the Directory Tree
  51. Designing Your Directory Tree
  52. Suffix Naming Conventions
  53. Naming Multiple Suffixes
  54. Identifying Branch Points
  55. Replication Considerations
  56. Access Control Considerations
  57. Naming Entries
  58. Naming Group Entries
  59. Naming Other Kinds of Entries
  60. About Roles
  61. Deciding Between Roles and Groups
  62. Directory Tree Design Examples
  63. Directory Tree for an ISP
  64. other directory tree resources
  65. Topology Overview
  66. Distributing Your Data
  67. About Using Multiple Databases
  68. About Suffixes
  69. About Knowledge References
  70. The Structure of an LDAP Referral
  71. About Default Referrals
  72. Tips for Designing Smart Referrals
  73. Using Chaining
  74. Deciding Between Referrals and Chaining
  75. Usage Differences
  76. Using Indexes to Improve Database Performance
  77. Evaluating the Costs of Indexing
  78. Introduction to Replication
  79. Replication Concepts
  80. Unit of Replication
  81. Change Log
  82. Replication Agreement
  83. Common Replication Scenarios
  84. Multi-Master Replication
  85. Cascading Replication
  86. Mixed Environments
  87. Defining a Replication Strategy
  88. Replication Survey
  89. Using Replication for High Availability
  90. Using Replication for Local Availability
  91. Example of Network Load Balancing
  92. Example of Load Balancing for Improved Performance
  93. Example Replication Strategy for a Small Site
  94. Using Replication with other Directory Features
  95. Replication and Database Links
  96. Schema Replication
  97. About Security Threats
  98. Unauthorized Access
  99. Denial of Service
  100. Determining Access Rights
  101. Conducting Regular Audits
  102. Overview of Security Methods
  103. Anonymous Access
  104. Simple Password
  105. Certificate-Based Authentication
  106. Proxy Authentication
  107. Designing a Password Policy
  108. User-Defined Passwords
  109. Expiration Warning
  110. Password Minimum Age
  111. Designing a Password Policy in a Replicated Environment
  112. Designing Access Control
  113. Targets
  114. Permissions
  115. Bind Rules
  116. Setting Permissions
  117. When to Deny Access
  118. Using Filtered Access Control Rules
  119. Securing Connections With SSL
  120. other security resources
  121. An Enterprise
  122. Data Design
  123. Directory Tree Design
  124. Topology Design
  125. Database Topology
  126. Replication Design
  127. Supplier Consumer Architecture
  128. Security Design
  129. Tuning and Optimizations
  130. Schema Design
  131. Server Topology
  132. Supplier Architecture
NETSCAPE DIRECTORY SERVER 6.01 first page preview

NETSCAPE DIRECTORY SERVER 6.01

Brand: Netscape | Category: Server
Table of contents
  1. Table Of Contents
  2. Table Of Contents
  3. Table Of Contents
  4. Table Of Contents
  5. Table Of Contents
  6. Table Of Contents
  7. Table Of Contents
  8. Table Of Contents
  9. Table Of Contents
  10. Table Of Contents
  11. Table Of Contents
  12. Table Of Contents
  13. About This Reference Guide
  14. Prerequisite Reading
  15. Conventions Used In This Reference Guide
  16. Chapter 1 Introduction
  17. Directory Server Configuration
  18. Using Directory Server Command-Line Scripts
  19. LDIF Configuration Files - Location
  20. Configuration of Plug-in Functionality
  21. Configuration of Databases
  22. Migration of Pre-Directory Server 6.x Configuration Files to LDIF Format
  23. Changing Configuration Attributes
  24. Modifying Configuration Entries Using LDAP
  25. Restrictions to Modifying Configuration Entries
  26. Core Server Configuration Attributes Reference
  27. cn=config
  28. nsslapd-accesscontrol (Enable Access Control)
  29. nsslapd-accesslog-level
  30. nsslapd-accesslog-list
  31. nsslapd-accesslog-logexpirationtimeunit (Access Log Expiration Time Unit)
  32. nsslapd-accesslog-logmaxdiskspace (Access Log Maximum Disk Space)
  33. nsslapd-accesslog-logrotationtime (Access Log Rotation Time)
  34. nsslapd-accesslog-maxlogsize (Access Log Maximum Log Size)
  35. nsslapd-attribute-name-exceptions
  36. nsslapd-auditlog-list
  37. nsslapd-auditlog-logexpirationtimeunit (Audit Log Expiration Time Unit)
  38. nsslapd-auditlog-logmaxdiskspace (Audit Log Maximum Disk Space)
  39. nsslapd-auditlog-logrotationtime (Audit Log Rotation Time)
  40. nsslapd-auditlog-maxlogsize (Audit Log Maximum Log Size)
  41. nsslapd-certmap-basedn (Certificate Map Search Base)
  42. nsslapd-enquote-sup-oc (Enable Superior Object Class Enquoting)
  43. nsslapd-errorlog (Error Log)
  44. nsslapd-errorlog-level (Error Log Level)
  45. nsslapd-errorlog-list
  46. nsslapd-errorlog-logging-enabled (Enable Error Logging)
  47. nsslapd-errorlog-logminfreediskspace (Error Log Minimum Free Disk Space)
  48. nsslapd-errorlog-logrotationtimeunit (Error Log Rotation Time Unit)
  49. nsslapd-errorlog-maxlogsperdir (Maximum Number of Error Log Files)
  50. nsslapd-instancedir (Instance Directory)
  51. nsslapd-listenhost (Listen to IP Address)
  52. nsslapd-localuser (Local User)
  53. nsslapd-maxthreadsperconn (Maximum Threads Per Connection)
  54. nsslapd-plug-in
  55. nsslapd-readonly (Read Only)
  56. nsslapd-referralmode (Referral Mode)
  57. nsslapd-return-exact-case (Return Exact Case)
  58. nsslapd-rootdn (Manager DN)
  59. nsslapd-rootpwstoragescheme (Root Password Storage Scheme)
  60. nsslapd-securelistenhost
  61. nsslapd-security (Security)
  62. nsslapd-threadnumber (Thread Number)
  63. nsslapd-versionstring
  64. passwordCheckSyntax (Check Password Syntax)
  65. passwordHistory (Password History)
  66. passwordLockout (Account Lockout)
  67. passwordMaxAge (Password Maximum Age)
  68. passwordMinLength (Password Minimum Length)
  69. passwordResetFailureCount (Reset Password Failure Count After)
  70. passwordUnlock (Unlock Account)
  71. cn=changelog5
  72. nsslapd-changelogmaxage (Max Changelog Age)
  73. cn=encryption
  74. nsssl2
  75. cn=features
  76. nsslapd-state
  77. cn=mapping tree,cn=config
  78. nsDS5Flags
  79. nsDS5ReplicaChangeCount
  80. nsDS5ReplicaName
  81. nsDS5ReplicaReferral
  82. nsDS5ReplicaType
  83. description
  84. nsDS5ReplicaBindMethod
  85. nsDS5ReplicaHost
  86. nsDS5ReplicaLastInitStatus
  87. nsDS5ReplicaLastUpdateStart
  88. nsDS5ReplicaRefresh
  89. nsDS5ReplicaTransportInfo
  90. nsDS5ReplicaUpdateSchedule
  91. currentConnections
  92. backendMonitorDN
  93. nssnmplocation
  94. nssnmpmasterhost
  95. cn=uniqueid generator
  96. Overview
  97. Object Classes for Plug-in Configuration
  98. bit check Plug-in
  99. ACL preoperation Plug-in
  100. Boolean Syntax Plug-in
  101. Case Ignore String Syntax Plug-in
  102. Class of Service Plug-in
  103. Distinguished Name Syntax Plug-in
  104. Integer Syntax Plug-in
  105. ldbm database Plug-in
  106. Legacy Replication Plug-in
  107. Octet String Syntax Plug-in
  108. CRYPT Password Storage Plug-in
  109. SHA Password Storage Scheme Plug-in
  110. Postal Address String Syntax Plug-in
  111. PTA Plug-in
  112. Retro Changelog Plug-in
  113. Roles Plug-in
  114. Telephone Syntax Plug-in
  115. URI Plug-in
  116. List of Attributes Common to all Plug-ins
  117. nsslapd-pluginType
  118. nsslapd-pluginId
  119. nsslapd-pluginDescription
  120. nsslapd-plugin-depends-on-named
  121. Database Attributes Under cn=config,cn=ldbm database,cn=plugins,cn=config
  122. nsslapd-cache-autosize
  123. nsslapd-dbcachesize
  124. nsslapd-db-circular-logging
  125. nsslapd-db-durable-transactions
  126. nsslapd-db-idl-divisor
  127. nsslapd-db-logdirectory
  128. nsslapd-db-page-size
  129. nsslapd-db-transaction-logging
  130. nsslapd-dbncache
  131. nsslapd-mode
  132. dbcacheroevict
  133. nsslapd-cachememsize
  134. nsslapd-readonly
  135. Database Attributes Under cn=database,cn=monitor,cn=ldbm database, cn=plugins,cn=config
  136. nsslapd-db-commit-rate
  137. nsslapd-db-log-region-wait-rate
  138. cn=plugins,cn=config
  139. nsMatchingRule
  140. dbfilenamenumber
  141. dbfilepageout
  142. Database Link Plug-in Attributes (chaining attributes)
  143. Database Link Attributes Under cn=config,cn=chaining database, cn=plugins,cn=config
  144. nsMaxTestResponseDelay
  145. nsAbandonedSearchCheckInterval
  146. nsBindRetryLimit
  147. nsConcurrentBindLimit
  148. nsOperationConnectionsLimit
  149. nsReferralOnScopedSearch
  150. cn=chaining database, cn=plugins,cn=config
  151. nsMultiplexorCredentials
  152. cn=chaining database,cn=plugins,cn=config
  153. nsUnbindCount
  154. Overview of Directory Server Files
  155. configuration files
  156. Backup Files
  157. ldif Files
  158. Log Files
  159. Access Log Content
  160. Access Logging Levels
  161. Default Access Logging Content
  162. Connection Number
  163. Operation Number
  164. Number of Entries
  165. LDAP Response Type
  166. Change Sequence Number
  167. Abandon Message
  168. Access Log Content for Additional Access Logging Levels
  169. Connection Description
  170. LDAP Result Codes
  171. Migration from 4.x Directory Server to 6.x
  172. Server Attributes
  173. Database Attributes
  174. General Server Configuration Attributes
  175. Database Link Attributes
  176. SNMP Attributes
  177. Finding and Executing Command-Line Utilities
  178. Command-Line Utilities Quick Reference
  179. Using Special Characters
  180. ldapmodify
  181. ldapdelete
  182. ldif
  183. Finding and Executing Command-Line Scripts
  184. Command-Line Scripts Quick Reference
  185. Shell and Batch Scripts
  186. bak2db (Restore database from backup)
  187. db2dsml (Export database contents to DSML)
  188. dsml2db (Import DSML document contents into database)
  189. ldif2db (Import)
  190. ldif2ldap (Perform import operation over LDAP)
  191. monitor (Retrieve monitoring information)
  192. restoreconfig (Restore Administration Server Configuration)
  193. start-slapd (Start the Directory Server)
  194. suffix2instance (Map Suffix to Backend Name)
  195. vlvindex (Create virtual list view (VLV) indexes)
  196. Perl Scripts
  197. db2index.pl (Create and generate indexes)
  198. db2ldif.pl (Export database contents to LDIF)
  199. ldif2db.pl (Import)
  200. migrateInstance6 (Migrate to Directory Server 5.0 or 6.x)
  201. ns-accountstatus.pl (Establish account status)
  202. ns-activate.pl (Activate an entry or group of entries)
  203. Overview of ns-slapd and slapd.exe Commands
  204. ns-slapd (UNIX)
  205. ns-slapd and slapd.exe Command-Line Utilities for Exporting Databases
  206. ns-slapd and slapd.exe Command-Line Utilities for Restoring and Backing up Databases
  207. archive2db
NETSCAPE DIRECTORY SERVER 6.01 first page preview

NETSCAPE DIRECTORY SERVER 6.01

Brand: Netscape | Category: Server
Table of contents
  1. Table Of Contents
  2. Table Of Contents
  3. Table Of Contents
  4. Table Of Contents
  5. Table Of Contents
  6. Table Of Contents
  7. Table Of Contents
  8. Table Of Contents
  9. Prerequisite Reading
  10. Related Information
  11. Chapter 1 About Schema
  12. Object Class Inheritance
  13. Attribute Syntax
  14. Single-Valued and Multi-Valued Attributes
  15. Object Identifiers (OIDs)
  16. Extending Server Schema
  17. Chapter 2 Object Class Reference
  18. account
  19. alias
  20. cosClassicDefinition
  21. cosDefinition
  22. cosIndirectDefinition
  23. cosPointerDefinition
  24. cosSuperDefinition
  25. cosTemplate
  26. country
  27. dcObject
  28. device
  29. document
  30. documentSeries
  31. domain
  32. domainRelatedObject
  33. extensibleObject
  34. friendlyCountry
  35. groupOfCertificates
  36. groupOfNames
  37. groupOfUniqueNames
  38. groupOfURLs
  39. inetOrgPerson
  40. labeledURIObject
  41. locality
  42. newPilotPerson
  43. nsComplexRoleDefinition
  44. nsFilteredRoleDefinition
  45. nsLicenseUser
  46. nsManagedRoleDefinition
  47. nsNestedRoleDefinition
  48. nsRoleDefinition
  49. nsSimpleRoleDefinition
  50. organization
  51. organizationalPerson
  52. organizationalRole
  53. organizationalUnit
  54. person
  55. pilotObject
  56. pilotOrganization
  57. residentialPerson
  58. RFC822LocalPart
  59. room
  60. strongAuthenticationUser
  61. simpleSecurityObject
  62. abstract
  63. associatedDomain
  64. audio
  65. authorSn
  66. businessCategory
  67. cACertificate
  68. certificateRevocationList
  69. co (friendlyCountryName)
  70. cosIndirectSpecifier
  71. cosTargetTree
  72. dc (domainComponent)
  73. departmentNumber
  74. destinationIndicator
  75. dITRedirect
  76. dNSRecord
  77. documentIdentifier
  78. documentPublisher
  79. documentVersion
  80. dSAQuality
  81. employeeType
  82. generationQualifier
  83. homePhone
  84. host
  85. info
  86. janetMailbox
  87. keyWords
  88. labeledURI
  89. lastModifiedTime
  90. mailPreferenceOption
  91. member
  92. memberURL
  93. name
  94. nsLicenseEndTime
  95. o (organizationName)
  96. obsoletesDocument
  97. otherMailbox
  98. pager
  99. personalTitle
  100. physicalDeliveryOfficeName
  101. postalCode
  102. preferredLanguage
  103. protocolInformation
  104. roleOccupant
  105. searchGuide
  106. serialNumber
  107. sn (surname)
  108. street
  109. subtreeMinimumQuality
  110. supportedApplicationContext
  111. telexNumber
  112. title
  113. uid (userID)
  114. uniqueMember
  115. userCertificate
  116. userPassword
  117. userSMIMECertificate
  118. Operational Attributes
  119. altServer
  120. copiedFrom
  121. dITContentRules
  122. ldapSyntaxes
  123. nameForms
  124. nsds5replconflict
  125. numSubordinates
  126. objectClasses
  127. passwordExpWarned
  128. retryCountResetTime
  129. supportedControl
  130. supportedSASLMechanisms
  131. changeLog
  132. changeType
  133. newSuperior
  134. Special Object Classes
  135. passwordObject
  136. subschema
  137. Index
NETSCAPE DIRECTORY SERVER 6.01 first page preview

NETSCAPE DIRECTORY SERVER 6.01

Brand: Netscape | Category: Server
Table of contents
  1. Table Of Contents
  2. Table Of Contents
  3. Table Of Contents
  4. Table Of Contents
  5. Table Of Contents
  6. Table Of Contents
  7. Table Of Contents
  8. Table Of Contents
  9. Table Of Contents
  10. Table Of Contents
  11. Table Of Contents
  12. List of Figures
  13. List of Tables
  14. Introduction
  15. Prerequisite Reading
  16. Conventions Used in This Book
  17. Part 1 Administering Netscape Directory Server
  18. Overview of Directory Server Management
  19. Copying Entry DNs to the Clipboard
  20. Binding to the Directory From Netscape Console
  21. Starting and Stopping the Directory Server
  22. Configuring LDAP Parameters
  23. tracking modifications to directory entries
  24. Starting the Server with SSL Enabled
  25. Cloning a Directory Server
  26. Starting the Server in Referral Mode
  27. creating directory entries
  28. creating a root entry
  29. creating an entry using a predefined template
  30. modifying directory entries
  31. displaying the property editor
  32. adding an attribute to an entry
  33. removing an attribute value
  34. Managing Entries From the Command Line
  35. Providing Input From the Command Line
  36. creating a root entry from the command line
  37. Adding and Modifying Entries Using ldapmodify
  38. adding entries using ldapmodify
  39. modifying entries using ldapmodify
  40. deleting entries using ldapdelete
  41. using special characters
  42. LDIF Update Statements
  43. adding an entry using ldif
  44. renaming an entry using ldif
  45. A Note on Renaming Entries
  46. Adding Attributes to Existing Entries Using LDIF
  47. changing an attribute value using ldif
  48. deleting a specific attribute value using ldif
  49. Deleting an Entry Using LDIF
  50. Maintaining Referential Integrity
  51. Using Referential Integrity with Replication
  52. From the Directory Server Console
  53. creating and maintaining suffixes
  54. Creating Suffixes
  55. creating a new root suffix using the console
  56. creating a new sub suffix using the console
  57. Maintaining Suffixes
  58. enabling referrals only during update operations
  59. Creating and Maintaining Databases
  60. Creating Databases
  61. creating a new database for an existing suffix using the console
  62. adding multiple databases for a single suffix
  63. adding the custom distribution function to a suffix
  64. Maintaining Directory Databases
  65. Creating and Maintaining Database Links
  66. Configuring the Chaining Policy
  67. chaining ldap controls
  68. Creating a New Database Link
  69. creating a new database link using the console
  70. creating a database link from the command line
  71. Chaining Using SSL
  72. Maintaining Database Links
  73. Database Links and Access Control Evaluation
  74. Advanced Feature: Tuning Database Link Performance
  75. managing connections to the remote server
  76. Detecting Errors During Normal Processing
  77. Managing Threaded Operations
  78. Advanced Feature: Configuring Cascading Chaining
  79. configuring cascading chaining defaults using the console
  80. configuring cascading chaining using the console
  81. configuring cascading chaining from the command line
  82. Summary of Cascading Chaining Configuration Attributes
  83. configuring server one
  84. configuring server two
  85. configuring server three
  86. Using Referrals
  87. Creating Smart Referrals
  88. creating smart referrals using the directory server console
  89. creating smart referrals from the command line
  90. Creating Suffix Referrals
  91. importing data
  92. performing an import from the console
  93. initializing a database from the console
  94. Importing From the Command Line
  95. Exporting Data
  96. exporting directory data to ldif using the console
  97. exporting a single database to ldif using the console
  98. exporting to ldif from the command line
  99. Backing Up and Restoring Data
  100. backing up all databases from the server console
  101. backing up a single database
  102. Backing Up the dse.ldif Configuration File
  103. restoring your database from the command line
  104. Restoring Databases that Include Replicated Entries
  105. Restoring the dse.ldif Configuration File
  106. Using Groups
  107. Managing Static Groups
  108. Managing Dynamic Groups
  109. Using Roles
  110. Managing Roles Using the Console
  111. creating a managed role
  112. creating a filtered role
  113. modifying a role entry
  114. Managing Roles Using the Command Line
  115. Examples: Managed Role Definition
  116. Example: Filtered Role Definition
  117. Example: Nested Role Definition
  118. Assigning Class of Service
  119. About CoS
  120. About the CoS Template Entry
  121. How a Pointer CoS Works
  122. How a Classic CoS Works
  123. Managing CoS Using the Console
  124. editing an existing cos
  125. Managing CoS From the Command Line
  126. creating the cos template entry from the command line
  127. Example of a Pointer CoS
  128. Example of an Indirect CoS
  129. Example of a Classic CoS
  130. Creating Role-Based Attributes
  131. access control and cos
  132. Access Control Principles
  133. ACI Placement
  134. ACI Limitations
  135. Default ACIs
  136. Creating ACIs Manually
  137. Example ACI
  138. targeting a directory entry
  139. Targeting Attributes
  140. targeting both an entry and attributes
  141. targeting attribute values using ldap filters
  142. targeting a single directory entry
  143. defining permissions
  144. assigning rights
  145. Rights Required for LDAP Operations
  146. Permissions Syntax
  147. Bind Rule Syntax
  148. Anonymous Access (anyone Keyword)
  149. Self Access (self Keyword)
  150. Examples
  151. defining access based on value matching
  152. using the userattr keyword with inheritance
  153. granting add permission using the userattr keyword
  154. defining access from a specific ip address
  155. defining access from a specific domain
  156. defining access based on authentication method
  157. using boolean bind rules
  158. Creating ACIs From the Console
  159. displaying the access control editor
  160. viewing current acis
  161. editing an aci
  162. Access Control Usage Examples
  163. Granting Anonymous Access
  164. Granting Write Access to Personal Entries
  165. Restricting Access to Key Roles
  166. Granting a Group Full Access to a Suffix
  167. Granting Rights to Add and Delete Group Entries
  168. Granting Conditional Access to a Group or Role
  169. Denying Access
  170. Setting a Target Using Filtering
  171. Defining Permissions for DNs That Contain a Comma
  172. Proxied Authorization ACI Example
  173. Viewing the ACIs for an Entry
  174. Macro ACI Example
  175. Macro ACI Syntax
  176. Macro Matching for ($dn)
  177. Macro Matching for [$dn]
  178. Macro Matching for ($attr.attrName)
  179. Access Control and Replication
  180. Compatibility with Earlier Releases
  181. Managing the Password Policy
  182. Configuring the Password Policy
  183. Configuring the Password Policy Using the Command-Line
  184. Setting User Passwords
  185. Configuring the Account Lockout Policy
  186. Configuring the Account Lockout Policy Using the Command Line
  187. Managing the Password Policy in a Replicated Environment
  188. Inactivating Users and Roles
  189. Inactivating User and Roles Using the Console
  190. Activating User and Roles Using the Console
  191. Activating User and Roles Using the Command Line
  192. Setting Resource Limits Using the Console
  193. Replication Overview
  194. Change Log
  195. Replication Identity
  196. Replication Agreement
  197. Replication Scenarios
  198. Multi-Master Replication
  199. Cascading Replication
  200. Summary of Steps for Complex Replication Configurations
  201. Detailed Replication Tasks
  202. configuring supplier settings
  203. configuring a hub supplier
  204. creating a replication agreement
  205. Configuring Single-Master Replication
  206. Configuring Multi-Master Replication
  207. Configuring Cascading Replication
  208. initializing the replicas for cascading replication
  209. Deleting the Change Log
  210. Initializing Consumers
  211. online consumer initialization using the console
  212. manual consumer initialization using the command line
  213. Forcing Replication Updates
  214. forcing replication updates from the console
  215. Replication over SSL
  216. configuring replication over ssl using the replication wizard
  217. Replication with Earlier Releases
  218. Using the Retro Change Log Plug-In
  219. trimming the retro change log
  220. searching and modifying the retro change log
  221. monitoring replication status
  222. Solving Common Replication Conflicts
  223. solving orphan entry conflicts
  224. solving potential interoperability problems
  225. Overview of Extending Schema
  226. Managing Attributes
  227. creating attributes
  228. editing attributes
  229. Managing Object Classes
  230. viewing object classes
  231. creating object classes
  232. editing object classes
  233. deleting object classes
  234. About Indexes
  235. About Index Types
  236. About Default, System, and Standard Indexes
  237. Overview of System Indexes
  238. Overview of Standard Indexes
  239. Balancing the Benefits of Indexing
  240. Creating Indexes
  241. Creating Indexes From the Command Line
  242. Adding an Index Entry
  243. Running the db2index.pl Script
  244. Creating Browsing Indexes From the Server Console
  245. Creating Browsing Indexes from the Command Line
  246. Running the vlvindex Script
  247. Deleting Indexes
  248. Deleting Indexes From the Server Console
  249. Deleting Indexes From the Command Line
  250. Deleting Browsing Indexes From the Server Console
  251. Deleting Browsing Indexes From the Command Line
  252. Managing Indexes
  253. Drawbacks of the All IDs Mechanism
  254. When All IDs Threshold is Too High
  255. All IDs Threshold Tuning Advice for Service Providers and Extranets
  256. Default All IDs Threshold Value
  257. Changing the All IDs Threshold Value
  258. Attribute Name Quick Reference Table
  259. drink favoritedrink
  260. Chapter 11 Managing SSL
  261. Obtaining and Installing Server Certificates
  262. Activating SSL
  263. Setting Security Preferences
  264. Configuring LDAP Clients to Use SSL
  265. Viewing and Configuring Log Files
  266. defining a log file rotation policy
  267. Access Log
  268. Error Log
  269. viewing the error log
  270. Audit Log
  271. configuring the audit log
  272. Manual Log File Rotation
  273. Viewing the Server Performance Monitor
  274. Resource Summary
  275. Connection Status
  276. Global Database Cache Information
  277. monitoring your server from the command line
  278. Monitoring Database Activity
  279. General Information (Database)
  280. database cache information table
  281. Database File-Specific Table
  282. Monitoring Database Link Activity
  283. About SNMP
  284. NMS-Initiated Communication
  285. Overview of the Directory Server Management Information Base
  286. The Entries Table
  287. Setting Up SNMP
  288. Configuring the AIX SNMP Daemon
  289. Starting and Stopping the SNMP Subagent on UNIX
  290. Configuring SNMP for the Directory Server
  291. Tuning Server Performance
  292. Tuning Database Performance
  293. Optimizing Search Performance
  294. Tuning Transaction Logging
  295. Changing the Location of the Database Transaction Log
  296. Disabling Durable Transactions
  297. Specifying Transaction Batching
  298. Avoid Creating Entries Under the cn=config Entry in the dse.ldif File
  299. Part 2 Plug-Ins Reference
  300. Server Plug-in Functionality Reference
  301. ACL Plug-In
  302. ACL Preoperation Plug-In
  303. Boolean Syntax Plug-In
  304. Case Ignore String Syntax Plug-In
  305. Class of Service Plug-In
  306. Distinguished Name Syntax Plug-In
  307. Integer Syntax Plug-In
  308. ldbm Database Plug-In
  309. Legacy Replication Plug-In
  310. Octet String Syntax Plug-in
  311. CRYPT Password Storage Plug-In
  312. SHA Password Storage Plug-In
  313. Postal Address String Syntax Plug-In
  314. PTA Plug-In
  315. Retro Change Log Plug-In
  316. Telephone Syntax Plug-In
  317. URI Plug-in
  318. How Directory Server Uses PTA
  319. PTA Plug-In Syntax
  320. Configuring the PTA Plug-In
  321. configuring the servers to use a secure connection
  322. specifying the authenticating directory server
  323. configuring the optional parameters
  324. PTA Plug-In Syntax Examples
  325. Specifying One Authenticating Directory Server and Multiple Subtrees
  326. Overview of the Attribute Uniqueness Plug-In
  327. Overview of the UID Uniqueness Plug-in
  328. Creating an Instance of the Attribute Uniqueness Plug-In
  329. Configuring Attribute Uniqueness Plug-Ins
  330. specifying a suffix or subtree
  331. using the markerobjectclass and requiredobjectclass keywords
  332. Attribute Uniqueness Plug-In Syntax Examples
  333. specifying one attribute and multiple subtrees
  334. Simple Replication Scenario
  335. Overview of IM Presence Information
  336. Schema For the Presence Plug-In
  337. Performance-Related Information
  338. Setting Resource Limits Based on Bind DN
  339. Part 3 Appendixes
  340. LDIF File Format
  341. Continuing Lines in LDIF
  342. specifying directory entries using ldif
  343. specifying organizational unit entries
  344. specifying organizational person entries
  345. Defining Directories Using LDIF
  346. LDIF File Example
  347. Storing Information in Multiple Languages
  348. Finding Entries Using the Server Console
  349. Using ldapsearch
  350. ldapsearch Command-Line Format
  351. ldapsearch Examples
  352. Returning All Entries
  353. Using LDAP_BASEDN
  354. Specifying DNs that Contain Commas in Search Filters
  355. Search Filter Syntax
  356. Using Operators in Search Filters
  357. Using Compound Search Filters
  358. Search Filter Examples
  359. Searching an Internationalized Directory
  360. Matching Rule Filter Syntax
  361. Using Wildcards in Matching Rule Filters
  362. International Search Examples
  363. Less Than or Equal to Example
  364. Greater Than Example
  365. Components of an LDAP URL
  366. Escaping Unsafe Characters
  367. Examples of LDAP URLs
  368. About Locales
  369. identifying supported locales
  370. supported language subtypes
  371. Table Of Contents
NETSCAPE DIRECTORY SERVER 6.01 first page preview

NETSCAPE DIRECTORY SERVER 6.01

Brand: Netscape | Category: Server
Table of contents
  1. Table Of Contents
  2. Table Of Contents
  3. Table Of Contents
  4. Table Of Contents
  5. Table Of Contents
  6. Table Of Contents
  7. Table Of Contents
  8. Preface
  9. Document Conventions
  10. Where to Find Directory Server Information
  11. Part 1 Introduction to Directory Server Plug-Ins
  12. What Are Directory Server Plug-Ins
  13. How Directory Server Plug-Ins Work
  14. Calling Directory Server Plug-In Functions
  15. Types of Directory Server Plug-Ins
  16. Including the API Header File
  17. Working with Parameter Blocks
  18. Setting Data in the Parameter Block
  19. Calling Front-End Functions
  20. Writing Plug-in Initialization Functions
  21. Specifying Directory Server Compatibility
  22. Registering Your Plug-In Functions
  23. Returning a Value to the Directory Server
  24. Compiling a Directory Server Plug-In
  25. Creating a Plug-In Configuration File
  26. Plug-In Dependencies
  27. Plug-In Type Dependencies
  28. Summary of Plug-In Directives
  29. Loading the Plug-In Configuration File
  30. Passing Extra Arguments to Plug-Ins
  31. Setting the Log Level of the Server
  32. Writing the Plug-In Example
  33. Compiling the Plug-In Example
  34. Registering the Plug-In Example
  35. Running the Plug-In Example
  36. Part 2 Basic Plug-In Programming Techniques
  37. Logging Messages
  38. Sending Data to the Client
  39. Working with Entries, Attributes, and Values
  40. Creating a New Entry
  41. Getting and Setting the DN of an Entry
  42. Getting the Attributes and Values of an Entry
  43. Working with DNs and RDNs
  44. Working with DN Suffixes
  45. Working with Search Filters
  46. Determining if an Entry Matches a Filter
  47. Getting the Search Criteria
  48. Converting a String to a Filter
  49. How Pre/Post-Operation Plug-Ins Work
  50. Types Pre-Operation and Post-Operation Functions
  51. Types of Post-Operation Functions
  52. Specifying Start and Close Functions
  53. Getting and Setting Parameters for the Bind Operation
  54. Processing an LDAP Search Operation
  55. Getting the List of Candidates
  56. Iterating Through Candidates
  57. Processing an LDAP Compare Operation
  58. Processing an LDAP Modify Operation
  59. Processing an LDAP Modify RDN Operation
  60. Processing an LDAP Delete Operation
  61. Understanding Authentication Methods
  62. How the Directory Server Identifies Clients
  63. Writing Your Own Authentication Plug-in
  64. Defining Your Authentication Function
  65. Getting the Entry and Checking the Credentials
  66. What to Do If Authentication Fails
  67. Registering the SASL Mechanism
  68. Example of a Pre-Operation Bind Plug-In
  69. Example of an Initialization Function
  70. Registering the Plug-In
  71. Using SASL with an LDAP Client
  72. Part 3 Advanced Programming Techniques
  73. How Entry Store/Fetch Plug-Ins Work
  74. Writing Entry Store/Fetch Functions
  75. How Extended Operation Plug-Ins Work
  76. Writing Extended Operation Functions
  77. Registering Extended Operation Functions
  78. Understanding Matching Rules
  79. Extensible Match Filters
  80. Extensible Match Filters in the Directory Server
  81. How Matching Rules Are Identified
  82. How the Server Associates Plug-Ins with OIDs
  83. Finding a Plug-In for Searching
  84. How the Server Uses Parameter Blocks
  85. How the Server Updates the Index
  86. Writing the Indexer Factory Function
  87. Getting and Setting Parameters in Indexer Factory Functions
  88. Writing the Indexer Function
  89. Getting and Setting Parameters in Indexer Functions
  90. How the Server Handles the Filter
  91. Query Operators in Matching Rules
  92. Writing a Filter Factory Function
  93. Getting and Setting Parameters in Filter Factory Functions
  94. Writing a Filter Index Function
  95. Getting and Setting Parameters in Filter Index Functions
  96. Writing a Filter Matching Function
  97. Handling Sorting by Matching Rules
  98. Writing a Destructor Function
  99. About Distributing Flat Namespaces
  100. Creating a Distribution Function
  101. Adding the Distribution Function to Your Directory
  102. Using the Console
  103. Adding Distribution Logic to a Suffix
  104. Custom Distribution Checklist
  105. Part 4 Reference
  106. Summary of Data Types and Structures
  107. Distribution Routines
  108. Functions for Access Control
  109. Functions for Internal Operations and Plug-In Callback
  110. Functions for Setting Internal Operation Flags
  111. Functions for Handling Attributes
  112. Functions for Managing Backend Operations
  113. Functions for Dealing with Controls
  114. Functions for Syntax Plug-In
  115. Functions for Managing Memory
  116. Functions for Managing DNs
  117. Functions for Managing Entries
  118. Functions Related to Entry Flags
  119. Functions for Dealing with Filters
  120. Functions Specific to Extended Operation
  121. Functions Specific to Bind Methods
  122. Functions for Thread-Safe LDAP Connections
  123. Functions for Logging
  124. Functions for Handling Matching Rules
  125. Functions for LDAPMod Manipulation
  126. Functions for Monitoring Operations
  127. Functions for Managing Parameter Block
  128. Functions for Handling Passwords
  129. Functions for Managing RDN
  130. Functions for Managing Roles
  131. Functions for Sending Entries and Results to the Client
  132. Functions Related to UTF-8
  133. Functions for Handling Values
  134. Functions for Handling Valueset
  135. Functions Specific to Virtual Attribute Service
  136. Functions for Managing Locks and Synchronization
  137. functions for manipulating bits
  138. Functions for Registering Object Extensions
  139. Parameters for Registering Plug-In Functions
  140. Post-Operation/Data Notification Plug-Ins
  141. Extended Operation Plug-Ins
  142. Matching Rule Plug-Ins
  143. Information About the Database
  144. Information About the Connection
  145. Information About the Operation
  146. Notes in the Access Log
  147. Information About the Plug-In
  148. Types of Plug-Ins
  149. Parameters for the Configuration Function
  150. Parameters for the Search Function
  151. Parameters for the Add Function
  152. Parameters for the Compare Function
  153. Parameters for the Modify Function
  154. Parameters for the Modify RDN Function
  155. Parameters for the Abandon Function
NETSCAPE DIRECTORY SERVER 6.01 first page preview

NETSCAPE DIRECTORY SERVER 6.01

Brand: Netscape | Category: Software
Table of contents
  1. Table Of Contents
  2. Table Of Contents
  3. Table Of Contents
  4. Table Of Contents
  5. Table Of Contents
  6. Table Of Contents
  7. Table Of Contents
  8. Table Of Contents
  9. Table Of Contents
  10. Table Of Contents
  11. Table Of Contents
  12. Table Of Contents
  13. Table Of Contents
  14. Table Of Contents
  15. Table Of Contents
  16. Table Of Contents
  17. Table Of Contents
  18. Table Of Contents
  19. Table Of Contents
  20. About This Guide
  21. What You Should Already Know
  22. Conventions Used in This Guide
  23. Where to Go for Related Information
  24. Part 1 Overview and Demo Installation
  25. Overview of Key Features
  26. Flexible end-entity registration services framework
  27. System Overview
  28. Public-Key Infrastructure
  29. CMS Subsystems or Managers
  30. Certificate Manager
  31. Registration Manager
  32. Data Recovery Manager
  33. Online Certificate Status Manager
  34. Basic System Configuration
  35. Plug-in Modules
  36. Policy Plug-in Modules
  37. Job Plug-In Modules
  38. Mapper and Publisher Plug-in Modules
  39. Event-Driven Notifications
  40. Command-Line Utilities
  41. Entry Points for Various Types of Users
  42. Agent Services Interface
  43. Registration Manager Agent Services
  44. Data Recovery Manager Agent Services
  45. Online Certificate Status Manager Agent Services Interface
  46. End-Entity Services Interface
  47. System Architecture
  48. JSS and the Java/JNI Layer
  49. Middleware/Java 2 Layers
  50. Security and Directory Protocols
  51. Steps in End-Entity Enrollment
  52. Some Enrollment Scenarios
  53. Extranet/E-Commerce: ExampleCorp
  54. Enrolling Existing Customers
  55. Enrolling New Customers
  56. Enrolling Extranet Users
  57. PIN Registration: Atlas Manufacturing
  58. VPN Client Enrollment and Revocation
  59. Router Enrollment and Revocation
  60. End Entities and Life-Cycle Management
  61. Access to Subsystems
  62. HTML Forms for End Users
  63. Netscape Personal Security Manager
  64. System Requirements
  65. Overview of the Default Demo
  66. Demo Passwords
  67. Installing the Default Demo
  68. Step 2. Run the Installation Wizard
  69. Step 3. Get the First User Certificate
  70. If You Need the First Agent Form Again
  71. Using the Default Demo
  72. Viewing Issued Certificates From the Agent Gateway
  73. Enrolling for a Certificate From the End-Entity Gateway
  74. Finding and Approving a Certificate Request
  75. Setting Your Browser to Use the Agent Certificate
  76. Create a Policy
  77. Use an LDAP Directory
  78. Step 1. Enable Directory-Based Authentication
  79. Step 2. Add a User to the Directory
  80. Step 3. Enroll with Directory-Based Authentication
  81. Publish Certificates to an LDAP Directory
  82. Configure the Publishing Destination
  83. Set Rules for Publishing Certificates
  84. Update the Publishing Directory
  85. Send Renewal Reminders
  86. Configuring a Mail Server for Certificate Management System
  87. Configuring Certificate Management System to Send Renewal Reminders
  88. Part 2 Planning and Installation
  89. Topology Decisions
  90. Certificate Manager and Registration Manager
  91. Certificate Manager and Data Recovery Manager
  92. Certificate Manager, Data Recovery Manager, and Registration Manager
  93. Cloned Certificate Manager
  94. CA's Distinguished Name
  95. CA Signing Certificate's Validity Period
  96. CAs and Certificate Extensions
  97. Cryptographic Token Decisions
  98. Publishing Decisions
  99. Publishing CRLs to the Online Certificate Status Manager
  100. Subsystem Certificate Decisions
  101. Certificate Manager Certificates
  102. Data Recovery Manager Certificate and Storage Key
  103. Authentication Decisions
  104. Information for UNIX Installation Script
  105. User/Group Directory Server
  106. Administration Server Information
  107. Certificate Management System Identifier
  108. Configuration Directory Settings
  109. Administration Server Port
  110. Token Logon or Single Sign-On Password
  111. Subsystems
  112. Network Configuration
  113. Key-Pair Information for CA Signing Certificate
  114. Validity Period for CA Signing Certificate
  115. CA Signing Certificate Request
  116. Subject Name for Registration Manager Signing Certificate
  117. Registration Manager Signing Certificate Issuer
  118. Subject Name for Transport Certificate
  119. Validity Period for Transport Certificate
  120. Transport Certificate Request
  121. Online Certificate Status Manager Configuration
  122. Online Certificate Status Manager Signing Certificate Request
  123. Online Certificate Status Manager Signing Certificate Issuer
  124. CA Signing Certificate
  125. SSL Server Key and Certificate
  126. Subject Name for SSL Server Certificate
  127. Extensions for SSL Server Certificate
  128. SSL Certificate Request
  129. Installation Overview
  130. Installation Stages
  131. Before You Begin the Installation
  132. Stage 1. Running the Installation Script
  133. Running the Installation Script on Windows NT
  134. Stage 2. Running the Installation Wizard
  135. Installing the Certificate Manager as a Root CA
  136. Installing the Certificate Manager as a Subordinate CA
  137. Installing a Standalone Registration Manager
  138. Installing a Standalone Data Recovery Manager
  139. Installing a Online Certificate Status Manager
  140. Stage 3. Enrolling for Administrator/Agent Certificate
  141. Agent Certificate for Other CMS Managers
  142. Stage 5. Creating Additional Instances or CA Clones
  143. Installing Multiple CMS Instances
  144. Cloning a Certificate Manager
  145. Step 1. Before You Begin
  146. Step 2. Create Instances for Clone CAs
  147. Installing Clone CA in a Different Server Group
  148. Installing Clone CA on a Separate Host
  149. Step 4. Copy Master CA's Certificate and Key Database
  150. Step 6. Configure the Clone CA
  151. Step 8. Establish Trust Between Master CA and Clone CAs
  152. Step B. Create a Privileged-User Entry for Clone CAs
  153. Step 9. Test Clone-Master Connection
  154. Step B. Approve the Request
  155. Step D. Revoke the Certificate
  156. Step 10. Use Master CA's Agent Certificate in Clone CAs
  157. Viewing Instance Information
  158. Changing the Name of an Instance
  159. Removing an Instance From a System
  160. Uninstalling From the Command Line
  161. Uninstalling by Using the Windows NT Add/Remove Programs Utility
  162. Significance of password.conf File
  163. Required Start-up Information
  164. Starting From Netscape Console
  165. Starting From the Command Line
  166. Starting From the Windows NT Services Panel
  167. Stopping From Netscape Console
  168. Stopping From the Command Line
  169. Restarting From the CMS Window
  170. Restarting From the Command Line
  171. Attending to an Unresponsive Server
  172. Password-Quality Checker
  173. Part 3 Configuration
  174. Netscape Console
  175. Users and Groups Tab
  176. Netscape Administration Server
  177. Starting Administration Server
  178. Shutting Down Administration Server
  179. The CMS Window
  180. Tasks Tab
  181. Logging In to the CMS Window
  182. Effects of Installation Type on Configuration
  183. Duplicating Configuration From One Instance to Another
  184. Modifying the Configuration
  185. Guidelines for Editing the Configuration File
  186. Sample Configuration File
  187. Road Map to Configuring Subsystems
  188. Step 1. Check Which Subsystem is Installed in the Instance
  189. Step 5. Customize End-Entity and Agent Forms
  190. Step 8. Schedule Jobs
  191. Step 11. Set up Key Archival and Recovery
  192. Chapter 11 Setting Up Ports
  193. Remote Administration Port
  194. Agent Port
  195. Step 1. Specify the Port Number
  196. Step 2: Specify IP Addresses
  197. Internal Database
  198. Step 1. Identify the Directory Server Instance
  199. Step 2. Restrict Access to the Internal Database
  200. Privileged-User Types and Responsibilities
  201. Agents
  202. Agent's Certificate for SSL Client Authentication
  203. Revocation Status Checking of Agent Certificates
  204. Trusted Managers
  205. Subsystems That Can Function as Trusted Managers
  206. Connectors for Linking Trusted Managers
  207. Trusted Manager's Certificate for SSL Client Authentication
  208. Groups and Their Privileges
  209. Groups for Agents
  210. Group for Registration Manager Agents
  211. Group for Online Certificate Status Manager Agents
  212. Setting Up Privileged Users
  213. Setting Up Agents
  214. Setting up Agents Using the Manual Process
  215. Setting Up Trusted Managers
  216. Setting Up a Registration Manager as a Trusted Manager
  217. Setting Up a Certificate Manager as a Trusted Manager
  218. Changing Privileged-User Information
  219. Changing a Privileged User's Certificate
  220. Changing Members in a Group
  221. Deleting a Privileged User
  222. Keys and Certificates for the Main Subsystems
  223. Certificate Manager's Key Pairs and Certificates
  224. OCSP Signing Key Pair and Certificate
  225. CRL Signing Key Pair and Certificate
  226. SSL Server Key Pair and Certificate
  227. Registration Manager's Key Pairs and Certificates
  228. Data Recovery Manager's Key Pairs and Certificates
  229. Transport Key Pair and Certificate
  230. Online Certificate Status Manager's Key Pairs and Certificates
  231. Tokens for Storing CMS Keys and Certificates
  232. Installing External Tokens
  233. Managing Tokens Used by the Subsystems
  234. Changing a Token's Password
  235. Hardware Cryptographic Accelerators
  236. Using the Wizard to Request a Certificate
  237. Step 1. Select the Operation
  238. Step 2. Choose the Certificate
  239. Step 3. Specify the Key-Pair Information
  240. Step 4. Specify the Subject Name for the Certificate
  241. Step 5. Specify the Validity Period
  242. Step 6. Specify Extensions
  243. Step 7. Copy the Certificate Signing Request
  244. Step 8. Check the Certificate Request Status
  245. Using the Wizard to Install a Certificate or Certificate Chain
  246. Data Formats for Installing Certificates and Certificate Chains
  247. Step 2. Select the Certificate or Certificate Chain
  248. Step 3. Specify the Location of the Certificate
  249. Step 4. View the Certificate or Certificate Chain
  250. Step 6. Verify the Certificate Status
  251. Step 1. Get the Required SSL Server Certificates
  252. Getting an SSL Client Certificate for a Subsystem
  253. Setting Up Cipher Preferences for SSL Communications
  254. SSL Ciphers Supported in Certificate Management System
  255. Configuring the Server to Use Specific Ciphers
  256. Getting New Certificates for the Subsystems
  257. Step 1. Plan for the New Certificate
  258. Step 2. Request the New Certificate
  259. Step 4. Deploy the New Certificate
  260. Deploying Registration Manager's Signing Certificate
  261. Deploying Data Recovery Manager's Transport Certificate
  262. Deploying a Subsystem's SSL Server Certificate
  263. Renewing Certificates for the Subsystems
  264. Step 1. Plan for Certificate Renewal
  265. Step 2. Renew the Existing Certificate
  266. Step 3. Install the Renewed Certificate
  267. Deploying Certificate Manager's Renewed CA Signing Certificate
  268. Deploying Data Recovery Manager's Renewed Transport Certificate
  269. Deploying a Subsystem's Renewed SSL Server Certificate
  270. Step 5. Restart the Server
  271. Viewing the Certificate Database Content
  272. Changing the Trust Settings of a CA Certificate
  273. Installing a New CA Certificate in the Certificate Database
  274. Introduction to Authentication
  275. Privileged-User Authentication
  276. Authentication of Agents
  277. End-Entity Authentication
  278. Authentication of End Users During Certificate Revocation
  279. Configuring Authentication for End-User Enrollment
  280. Step 2. Set Up the Directory for PIN-Based Enrollment
  281. Step B. Update the Directory
  282. Step C. Prepare the Input File
  283. Step E. Check the Output File
  284. Step 4: Add an Authentication Instance
  285. Step 5. Set Up the Enrollment Interface
  286. Step B. Customize the Form
  287. Step D. Remove Unwanted Enrollment Options
  288. Step 6. Enable End-Entity Interaction
  289. Enabling End-Entity Interaction with a Registration Manager
  290. Step 7. Turn on Automated Notification
  291. Step 9. Deliver PINs to End Users
  292. Setting Up Agent Initiated End User Enrollment
  293. Modifying an Authentication Instance
  294. Managing Authentication Plug-in Modules
  295. Registering an Authentication Module
  296. Deleting an Authentication Module
  297. Automated Notifications
  298. Notifications of Certificate Issuance to End Entities
  299. Notification of New Request in Queue
  300. Customizing Notification Messages
  301. Customizing Message Templates
  302. Tokens Available in Message Templates
  303. Tokens for Rejection Notifications to End Entities
  304. Tokens for Request In Queue Notification Messages
  305. Step 2. Turn On Certificate-Issuance Notification
  306. Step 3. Turn on Request in Queue Notification
  307. Step 4. Verify Mail Server Settings
  308. Step 5. Test Your Configuration
  309. Configuring a Subsystem to Run Automated Jobs
  310. Step 2. Modify Existing Jobs
  311. Step 3. Delete Unwanted Jobs
  312. Step 6. Verify Mail Server Settings
  313. Step 7. Test Your Configuration
  314. Registering a Job Module
  315. Deleting a Job Module
  316. Introduction to Policy
  317. What Is Policy
  318. Policy Rules
  319. Using Predicates in Policy Rules
  320. Attributes for Predicates
  321. Policy Processor
  322. Configuring Policy Rules for a Subsystem
  323. Step 2. Modify Existing Policy Rules
  324. Step 3. Delete Unwanted Policy Rules
  325. Step 5. Reorder Policy Rules
  326. Step 6. Restart the Server
  327. Using JavaScript for Policies
  328. Deleting a Policy Module
  329. Publishing of Certificates to a Directory
  330. Timing of Directory Updates
  331. Directory Update Process
  332. Directory Synchronization
  333. What's a CRL
  334. Reasons for Revoking a Certificate
  335. Revocation Checking by Netscape Clients
  336. Publishing of CRLs to an LDAP Directory
  337. CRL Issuing Points
  338. Step 2. Set Up the Directory for Publishing
  339. Step C. Identify an Entry That Has Write Access
  340. Step E. Specify the Directory Authentication Method
  341. Step F. Modify the Certificate Mapping File
  342. Step G. Restart Directory Server
  343. Step B. Add Mappers, Publishers, and Publishing Rules
  344. Step 4. Configure the Certificate Manager to Publish CRLs
  345. Step A. Specify CRL Details
  346. Step B. Set the CRL Extensions
  347. Step C. Create a Mapper for the CRL
  348. Step D. Create a Publisher for the CRL
  349. Step E. Create a Publishing Rule for the CRL
  350. Step 5. Identify the Publishing Directory
  351. Step 6. Test Certificate and CRL Publishing
  352. Step A. Decide a Directory Entry for Requesting a Certificate
  353. Step D. Download the Certificate to the Browser
  354. Step F. Revoke the Certificate
  355. Step G. Check the Directory for the CRL
  356. Manually Updating Certificates in the Directory
  357. Manually Updating the CRL in the Directory
  358. Configuring Certificate Manager to Publish to Files
  359. Step 2. Configure the Certificate Manager
  360. Step B. Create Publishing Rules for Certificates
  361. Step C. Create a Publishing Rule for CRLs
  362. Step D. Specify CRL Details
  363. Step E. Set the CRL Extensions
  364. Step F. Make Sure Publishing is Enabled
  365. Step D. Check the File for the Certificate
  366. Step E. Revoke the Certificate
  367. Step F. Check the File for the CRL
  368. Managing Mapper and Publisher Plug-in Modules
  369. Deleting a Mapper or Publisher Module
  370. What's an OCSP-Compliant PKI Setup
  371. How to Get an OCSP Responder
  372. How Online Certificate Status Manager Works
  373. How to Get OCSP-Compliant Clients
  374. Setting Up a Certificate Manager with OCSP Service
  375. Step 2. Install OCSP-Compliant Client
  376. Setting Up Personal Security Manager for OCSP-Based Certificate Validation
  377. Step 3. Enable Certificate Manager's HTTP Port
  378. Step 5. Restart the Certificate Manager
  379. Step A. Turn On Revocation Checking in the Browser
  380. Step C. Approve the Request
  381. Step E. Make Sure the CA is Trusted by the Browser
  382. Step H. Revoke the Certificate
  383. Step J. Check the Certificate Manager's OCSP Service Status Again
  384. Step 2. Install an OCSP-Compliant Client
  385. Step A. Specify CRL Format and Publishing Interval
  386. Step C. Create a Publisher for the CRL
  387. Step D. Create a Publishing Rule for the CRL
  388. Step E. Make Sure Publishing is Enabled
  389. Step 5. Configure Certificate Manager for Required Extension Policies
  390. Step 6. Configure the Online Certificate Status Manager
  391. Step 7. Restart the Certificate Manager
  392. Step 8. Restart the Online Certificate Status Manager
  393. Step 10. Test Your OCSP Responder Setup
  394. Step B. Request a Certificate
  395. Step F. Verify the Certificate in the Browser
  396. Step I. Verify the Certificate in the Browser
  397. PKI Setup for Key Archival and Recovery
  398. Clients That Can Generate Dual Key Pairs
  399. Forms for Users and Key Recovery Agents
  400. Where the Keys are Stored
  401. How Key Archival Works
  402. Key Recovery Process
  403. Interface for the Key Recovery Process
  404. Local Versus Remote Key Recovery Authorization
  405. How Agent-Initiated Key Recovery Works
  406. Key Recovery Agent Scheme
  407. Changing Key Recovery Agents' Passwords
  408. Configuring Key Archival and Recovery Process
  409. Step A. Deploy Clients That Can Generate Dual Key Pairs
  410. Step C. Customize the Certificate Enrollment Form
  411. Step D. Configure Key Archival Policies
  412. Step 2. Set Up the Key Recovery Process
  413. Step B. Facilitate the Key Recovery Agents to Change the Passwords
  414. Step 3. Test Your Key Archival and Recovery Setup
  415. Step B. Verify the Key
  416. Step D. Restore the Key in the Browser's Database
  417. Introduction to Logs
  418. Logs Maintained by the Server
  419. Services That Are Logged
  420. Log Levels (Message Categories)
  421. Log File Locations
  422. Log File Naming Conventions
  423. Rotation of Log Files
  424. Location of Rotated Log Files
  425. Configuring CMS Logs
  426. Step 3. Delete Unwanted Listeners
  427. Step 4. Create New Listeners
  428. Monitoring CMS Logs
  429. Monitoring System Logs
  430. Monitoring Error Logs
  431. Monitoring Audit Logs
  432. Using System Tools for Monitoring the Server (Windows NT Only)
  433. Logging to Windows NT Event Log
  434. Avoiding Event Log From Getting Filled
  435. Archiving of Rotated Log Files
  436. Signing Log Files
  437. Managing Log Modules
  438. Deleting a Log Module
  439. Part 4 Issuing and Managing Certificates
  440. Certificate Issuance to Servers
  441. How the Manual Server Enrollment Process Works
  442. Getting Server SSL Certificates for Netscape Servers
  443. Step 1. Generate the Server Certificate Request
  444. Step 3. Install Your Server's SSL Certificate
  445. Step 5. Verify Your Server's SSL and CA Certificates
  446. Renewal of Server Certificates
  447. CEP Enrollment
  448. Setting up CEP Enrollment Manually
  449. Step 1. Set up the Directory for Publishing Certificates and CRLs
  450. Step 2. Configure the Certificate Manager for Publishing Certificates and CRLs
  451. Step 3. Set Up Automated Enrollment
  452. Step 4. Set Up Multiple CEP Services
  453. Certificate Issuance to Routers or VPN Clients
  454. Step 2. Generate the Key Pair for the Router
  455. Step 3. Request the CA's Certificate
  456. Example
  457. Part 5 Appendix
  458. Certificate Download Specification
Netscape categories
Server
Software
Gateway
More Netscape categories
Manuals database logo
manualsdatabase
Your AI-powered manual search engine