Netscape NETSCAPE DIRECTORY SERVER 6.01 manuals
NETSCAPE DIRECTORY SERVER 6.01
Table of contents
- installation guide
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Guide
- Conventions Used In This Guide
- Related Information
- preparing for a directory server installation
- Configuration Decisions
- Choosing Unique Port Numbers
- Deciding the User and Group for Your Netscape Servers (UNIX only)
- Defining Authentication Entities
- Determining Your Directory Suffix
- Determining the Location of the User Directory
- Determining the Administration Domain
- Installation Process Overview
- Upgrade Process
- Supported Platforms
- Hardware Requirements
- dsktune Utility
- Verifying Disk Space
- Tuning the System
- Setting File Descriptors
- Windows NT 4.0 Server
- Verifying Required System Modules
- Installing Third-Party Utilities
- Ensuring System Clock Accuracy
- Configuring the System Post Installation
- Windows 2000 Server and Advanced Server
- Installing Windows 2000 Server
- Installing Windows Service Packs and Hotfixes
- HP-UX 11.0 Operating System
- DNS and NIS Requirements (UNIX only)
- using express and typical installation
- Using Typical Installation
- silent installation
- Preparing Silent Installation Files
- A Typical Installation
- Using an Existing Configuration Directory
- Installing the Stand-Alone Netscape Console
- Silent Installation File Format
- General] Installation Directives
- Base] Installation Directives
- slapd] Installation Directives
- Optional [slapd] Installation Directives
- admin] Installation Directives
- Chapter 5 Post Installation
- populating the directory tree
- Migration Overview
- Migration Prerequisites
- Identifying Custom Schema
- Migration Procedure
- Migrating a Replicated Site
- Approach
- Running dsktune
- Common Installation Problems
- Glossary
NETSCAPE DIRECTORY SERVER 6.01
Table of contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Guide
- Directory Server Overview
- Conventions Used in This Guide
- introduction to directory server
- About Global Directory Services
- About LDAP
- Overview of Directory Server Architecture
- Overview of the Basic Directory Tree
- Directory Server Data Storage
- About Directory Entries
- Distributing Directory Data
- Design Process Outline
- Deploying Your Directory
- Other General Directory Resources
- introduction to directory data
- What Your Directory Might Include
- What Your Directory Should Not Include
- Performing a Site Survey
- Identifying the Applications that Use Your Directory
- Identifying Data Sources
- Characterizing Your Directory Data
- Determining Level of Service
- Data Mastering for Replication
- Determining Data Ownership
- Determining Data Access
- Documenting Your Site Survey
- Repeating the Site Survey
- Schema Design Process Overview
- Netscape Standard Schema
- Standard Attributes
- Standard Object Classes
- Mapping Your Data to the Default Schema
- Matching Data to Schema Elements
- Customizing the Schema
- When to Extend Your Schema
- Naming Attribute and Object Classes
- Strategies for Defining New Attributes
- Creating Custom Schema Files
- Custom Schema Best Practices
- Maintaining Consistent Schema
- Schema Checking
- Maintaining Consistency in Replicated Schema
- Other Schema Resources
- Introduction to the Directory Tree
- Designing Your Directory Tree
- Suffix Naming Conventions
- Naming Multiple Suffixes
- Identifying Branch Points
- Replication Considerations
- Access Control Considerations
- Naming Entries
- Naming Group Entries
- Naming Other Kinds of Entries
- About Roles
- Deciding Between Roles and Groups
- Directory Tree Design Examples
- Directory Tree for an ISP
- other directory tree resources
- Topology Overview
- Distributing Your Data
- About Using Multiple Databases
- About Suffixes
- About Knowledge References
- The Structure of an LDAP Referral
- About Default Referrals
- Tips for Designing Smart Referrals
- Using Chaining
- Deciding Between Referrals and Chaining
- Usage Differences
- Using Indexes to Improve Database Performance
- Evaluating the Costs of Indexing
- Introduction to Replication
- Replication Concepts
- Unit of Replication
- Change Log
- Replication Agreement
- Common Replication Scenarios
- Multi-Master Replication
- Cascading Replication
- Mixed Environments
- Defining a Replication Strategy
- Replication Survey
- Using Replication for High Availability
- Using Replication for Local Availability
- Example of Network Load Balancing
- Example of Load Balancing for Improved Performance
- Example Replication Strategy for a Small Site
- Using Replication with other Directory Features
- Replication and Database Links
- Schema Replication
- About Security Threats
- Unauthorized Access
- Denial of Service
- Determining Access Rights
- Conducting Regular Audits
- Overview of Security Methods
- Anonymous Access
- Simple Password
- Certificate-Based Authentication
- Proxy Authentication
- Designing a Password Policy
- User-Defined Passwords
- Expiration Warning
- Password Minimum Age
- Designing a Password Policy in a Replicated Environment
- Designing Access Control
- Targets
- Permissions
- Bind Rules
- Setting Permissions
- When to Deny Access
- Using Filtered Access Control Rules
- Securing Connections With SSL
- other security resources
- An Enterprise
- Data Design
- Directory Tree Design
- Topology Design
- Database Topology
- Replication Design
- Supplier Consumer Architecture
- Security Design
- Tuning and Optimizations
- Schema Design
- Server Topology
- Supplier Architecture
NETSCAPE DIRECTORY SERVER 6.01
Table of contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Reference Guide
- Prerequisite Reading
- Conventions Used In This Reference Guide
- Chapter 1 Introduction
- Directory Server Configuration
- Using Directory Server Command-Line Scripts
- LDIF Configuration Files - Location
- Configuration of Plug-in Functionality
- Configuration of Databases
- Migration of Pre-Directory Server 6.x Configuration Files to LDIF Format
- Changing Configuration Attributes
- Modifying Configuration Entries Using LDAP
- Restrictions to Modifying Configuration Entries
- Core Server Configuration Attributes Reference
- cn=config
- nsslapd-accesscontrol (Enable Access Control)
- nsslapd-accesslog-level
- nsslapd-accesslog-list
- nsslapd-accesslog-logexpirationtimeunit (Access Log Expiration Time Unit)
- nsslapd-accesslog-logmaxdiskspace (Access Log Maximum Disk Space)
- nsslapd-accesslog-logrotationtime (Access Log Rotation Time)
- nsslapd-accesslog-maxlogsize (Access Log Maximum Log Size)
- nsslapd-attribute-name-exceptions
- nsslapd-auditlog-list
- nsslapd-auditlog-logexpirationtimeunit (Audit Log Expiration Time Unit)
- nsslapd-auditlog-logmaxdiskspace (Audit Log Maximum Disk Space)
- nsslapd-auditlog-logrotationtime (Audit Log Rotation Time)
- nsslapd-auditlog-maxlogsize (Audit Log Maximum Log Size)
- nsslapd-certmap-basedn (Certificate Map Search Base)
- nsslapd-enquote-sup-oc (Enable Superior Object Class Enquoting)
- nsslapd-errorlog (Error Log)
- nsslapd-errorlog-level (Error Log Level)
- nsslapd-errorlog-list
- nsslapd-errorlog-logging-enabled (Enable Error Logging)
- nsslapd-errorlog-logminfreediskspace (Error Log Minimum Free Disk Space)
- nsslapd-errorlog-logrotationtimeunit (Error Log Rotation Time Unit)
- nsslapd-errorlog-maxlogsperdir (Maximum Number of Error Log Files)
- nsslapd-instancedir (Instance Directory)
- nsslapd-listenhost (Listen to IP Address)
- nsslapd-localuser (Local User)
- nsslapd-maxthreadsperconn (Maximum Threads Per Connection)
- nsslapd-plug-in
- nsslapd-readonly (Read Only)
- nsslapd-referralmode (Referral Mode)
- nsslapd-return-exact-case (Return Exact Case)
- nsslapd-rootdn (Manager DN)
- nsslapd-rootpwstoragescheme (Root Password Storage Scheme)
- nsslapd-securelistenhost
- nsslapd-security (Security)
- nsslapd-threadnumber (Thread Number)
- nsslapd-versionstring
- passwordCheckSyntax (Check Password Syntax)
- passwordHistory (Password History)
- passwordLockout (Account Lockout)
- passwordMaxAge (Password Maximum Age)
- passwordMinLength (Password Minimum Length)
- passwordResetFailureCount (Reset Password Failure Count After)
- passwordUnlock (Unlock Account)
- cn=changelog5
- nsslapd-changelogmaxage (Max Changelog Age)
- cn=encryption
- nsssl2
- cn=features
- nsslapd-state
- cn=mapping tree,cn=config
- nsDS5Flags
- nsDS5ReplicaChangeCount
- nsDS5ReplicaName
- nsDS5ReplicaReferral
- nsDS5ReplicaType
- description
- nsDS5ReplicaBindMethod
- nsDS5ReplicaHost
- nsDS5ReplicaLastInitStatus
- nsDS5ReplicaLastUpdateStart
- nsDS5ReplicaRefresh
- nsDS5ReplicaTransportInfo
- nsDS5ReplicaUpdateSchedule
- currentConnections
- backendMonitorDN
- nssnmplocation
- nssnmpmasterhost
- cn=uniqueid generator
- Overview
- Object Classes for Plug-in Configuration
- bit check Plug-in
- ACL preoperation Plug-in
- Boolean Syntax Plug-in
- Case Ignore String Syntax Plug-in
- Class of Service Plug-in
- Distinguished Name Syntax Plug-in
- Integer Syntax Plug-in
- ldbm database Plug-in
- Legacy Replication Plug-in
- Octet String Syntax Plug-in
- CRYPT Password Storage Plug-in
- SHA Password Storage Scheme Plug-in
- Postal Address String Syntax Plug-in
- PTA Plug-in
- Retro Changelog Plug-in
- Roles Plug-in
- Telephone Syntax Plug-in
- URI Plug-in
- List of Attributes Common to all Plug-ins
- nsslapd-pluginType
- nsslapd-pluginId
- nsslapd-pluginDescription
- nsslapd-plugin-depends-on-named
- Database Attributes Under cn=config,cn=ldbm database,cn=plugins,cn=config
- nsslapd-cache-autosize
- nsslapd-dbcachesize
- nsslapd-db-circular-logging
- nsslapd-db-durable-transactions
- nsslapd-db-idl-divisor
- nsslapd-db-logdirectory
- nsslapd-db-page-size
- nsslapd-db-transaction-logging
- nsslapd-dbncache
- nsslapd-mode
- dbcacheroevict
- nsslapd-cachememsize
- nsslapd-readonly
- Database Attributes Under cn=database,cn=monitor,cn=ldbm database, cn=plugins,cn=config
- nsslapd-db-commit-rate
- nsslapd-db-log-region-wait-rate
- cn=plugins,cn=config
- nsMatchingRule
- dbfilenamenumber
- dbfilepageout
- Database Link Plug-in Attributes (chaining attributes)
- Database Link Attributes Under cn=config,cn=chaining database, cn=plugins,cn=config
- nsMaxTestResponseDelay
- nsAbandonedSearchCheckInterval
- nsBindRetryLimit
- nsConcurrentBindLimit
- nsOperationConnectionsLimit
- nsReferralOnScopedSearch
- cn=chaining database, cn=plugins,cn=config
- nsMultiplexorCredentials
- cn=chaining database,cn=plugins,cn=config
- nsUnbindCount
- Overview of Directory Server Files
- configuration files
- Backup Files
- ldif Files
- Log Files
- Access Log Content
- Access Logging Levels
- Default Access Logging Content
- Connection Number
- Operation Number
- Number of Entries
- LDAP Response Type
- Change Sequence Number
- Abandon Message
- Access Log Content for Additional Access Logging Levels
- Connection Description
- LDAP Result Codes
- Migration from 4.x Directory Server to 6.x
- Server Attributes
- Database Attributes
- General Server Configuration Attributes
- Database Link Attributes
- SNMP Attributes
- Finding and Executing Command-Line Utilities
- Command-Line Utilities Quick Reference
- Using Special Characters
- ldapmodify
- ldapdelete
- ldif
- Finding and Executing Command-Line Scripts
- Command-Line Scripts Quick Reference
- Shell and Batch Scripts
- bak2db (Restore database from backup)
- db2dsml (Export database contents to DSML)
- dsml2db (Import DSML document contents into database)
- ldif2db (Import)
- ldif2ldap (Perform import operation over LDAP)
- monitor (Retrieve monitoring information)
- restoreconfig (Restore Administration Server Configuration)
- start-slapd (Start the Directory Server)
- suffix2instance (Map Suffix to Backend Name)
- vlvindex (Create virtual list view (VLV) indexes)
- Perl Scripts
- db2index.pl (Create and generate indexes)
- db2ldif.pl (Export database contents to LDIF)
- ldif2db.pl (Import)
- migrateInstance6 (Migrate to Directory Server 5.0 or 6.x)
- ns-accountstatus.pl (Establish account status)
- ns-activate.pl (Activate an entry or group of entries)
- Overview of ns-slapd and slapd.exe Commands
- ns-slapd (UNIX)
- ns-slapd and slapd.exe Command-Line Utilities for Exporting Databases
- ns-slapd and slapd.exe Command-Line Utilities for Restoring and Backing up Databases
- archive2db
NETSCAPE DIRECTORY SERVER 6.01
Table of contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Prerequisite Reading
- Related Information
- Chapter 1 About Schema
- Object Class Inheritance
- Attribute Syntax
- Single-Valued and Multi-Valued Attributes
- Object Identifiers (OIDs)
- Extending Server Schema
- Chapter 2 Object Class Reference
- account
- alias
- cosClassicDefinition
- cosDefinition
- cosIndirectDefinition
- cosPointerDefinition
- cosSuperDefinition
- cosTemplate
- country
- dcObject
- device
- document
- documentSeries
- domain
- domainRelatedObject
- extensibleObject
- friendlyCountry
- groupOfCertificates
- groupOfNames
- groupOfUniqueNames
- groupOfURLs
- inetOrgPerson
- labeledURIObject
- locality
- newPilotPerson
- nsComplexRoleDefinition
- nsFilteredRoleDefinition
- nsLicenseUser
- nsManagedRoleDefinition
- nsNestedRoleDefinition
- nsRoleDefinition
- nsSimpleRoleDefinition
- organization
- organizationalPerson
- organizationalRole
- organizationalUnit
- person
- pilotObject
- pilotOrganization
- residentialPerson
- RFC822LocalPart
- room
- strongAuthenticationUser
- simpleSecurityObject
- abstract
- associatedDomain
- audio
- authorSn
- businessCategory
- cACertificate
- certificateRevocationList
- co (friendlyCountryName)
- cosIndirectSpecifier
- cosTargetTree
- dc (domainComponent)
- departmentNumber
- destinationIndicator
- dITRedirect
- dNSRecord
- documentIdentifier
- documentPublisher
- documentVersion
- dSAQuality
- employeeType
- generationQualifier
- homePhone
- host
- info
- janetMailbox
- keyWords
- labeledURI
- lastModifiedTime
- mailPreferenceOption
- member
- memberURL
- name
- nsLicenseEndTime
- o (organizationName)
- obsoletesDocument
- otherMailbox
- pager
- personalTitle
- physicalDeliveryOfficeName
- postalCode
- preferredLanguage
- protocolInformation
- roleOccupant
- searchGuide
- serialNumber
- sn (surname)
- street
- subtreeMinimumQuality
- supportedApplicationContext
- telexNumber
- title
- uid (userID)
- uniqueMember
- userCertificate
- userPassword
- userSMIMECertificate
- Operational Attributes
- altServer
- copiedFrom
- dITContentRules
- ldapSyntaxes
- nameForms
- nsds5replconflict
- numSubordinates
- objectClasses
- passwordExpWarned
- retryCountResetTime
- supportedControl
- supportedSASLMechanisms
- changeLog
- changeType
- newSuperior
- Special Object Classes
- passwordObject
- subschema
- Index
NETSCAPE DIRECTORY SERVER 6.01
Table of contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- List of Figures
- List of Tables
- Introduction
- Prerequisite Reading
- Conventions Used in This Book
- Part 1 Administering Netscape Directory Server
- Overview of Directory Server Management
- Copying Entry DNs to the Clipboard
- Binding to the Directory From Netscape Console
- Starting and Stopping the Directory Server
- Configuring LDAP Parameters
- tracking modifications to directory entries
- Starting the Server with SSL Enabled
- Cloning a Directory Server
- Starting the Server in Referral Mode
- creating directory entries
- creating a root entry
- creating an entry using a predefined template
- modifying directory entries
- displaying the property editor
- adding an attribute to an entry
- removing an attribute value
- Managing Entries From the Command Line
- Providing Input From the Command Line
- creating a root entry from the command line
- Adding and Modifying Entries Using ldapmodify
- adding entries using ldapmodify
- modifying entries using ldapmodify
- deleting entries using ldapdelete
- using special characters
- LDIF Update Statements
- adding an entry using ldif
- renaming an entry using ldif
- A Note on Renaming Entries
- Adding Attributes to Existing Entries Using LDIF
- changing an attribute value using ldif
- deleting a specific attribute value using ldif
- Deleting an Entry Using LDIF
- Maintaining Referential Integrity
- Using Referential Integrity with Replication
- From the Directory Server Console
- creating and maintaining suffixes
- Creating Suffixes
- creating a new root suffix using the console
- creating a new sub suffix using the console
- Maintaining Suffixes
- enabling referrals only during update operations
- Creating and Maintaining Databases
- Creating Databases
- creating a new database for an existing suffix using the console
- adding multiple databases for a single suffix
- adding the custom distribution function to a suffix
- Maintaining Directory Databases
- Creating and Maintaining Database Links
- Configuring the Chaining Policy
- chaining ldap controls
- Creating a New Database Link
- creating a new database link using the console
- creating a database link from the command line
- Chaining Using SSL
- Maintaining Database Links
- Database Links and Access Control Evaluation
- Advanced Feature: Tuning Database Link Performance
- managing connections to the remote server
- Detecting Errors During Normal Processing
- Managing Threaded Operations
- Advanced Feature: Configuring Cascading Chaining
- configuring cascading chaining defaults using the console
- configuring cascading chaining using the console
- configuring cascading chaining from the command line
- Summary of Cascading Chaining Configuration Attributes
- configuring server one
- configuring server two
- configuring server three
- Using Referrals
- Creating Smart Referrals
- creating smart referrals using the directory server console
- creating smart referrals from the command line
- Creating Suffix Referrals
- importing data
- performing an import from the console
- initializing a database from the console
- Importing From the Command Line
- Exporting Data
- exporting directory data to ldif using the console
- exporting a single database to ldif using the console
- exporting to ldif from the command line
- Backing Up and Restoring Data
- backing up all databases from the server console
- backing up a single database
- Backing Up the dse.ldif Configuration File
- restoring your database from the command line
- Restoring Databases that Include Replicated Entries
- Restoring the dse.ldif Configuration File
- Using Groups
- Managing Static Groups
- Managing Dynamic Groups
- Using Roles
- Managing Roles Using the Console
- creating a managed role
- creating a filtered role
- modifying a role entry
- Managing Roles Using the Command Line
- Examples: Managed Role Definition
- Example: Filtered Role Definition
- Example: Nested Role Definition
- Assigning Class of Service
- About CoS
- About the CoS Template Entry
- How a Pointer CoS Works
- How a Classic CoS Works
- Managing CoS Using the Console
- editing an existing cos
- Managing CoS From the Command Line
- creating the cos template entry from the command line
- Example of a Pointer CoS
- Example of an Indirect CoS
- Example of a Classic CoS
- Creating Role-Based Attributes
- access control and cos
- Access Control Principles
- ACI Placement
- ACI Limitations
- Default ACIs
- Creating ACIs Manually
- Example ACI
- targeting a directory entry
- Targeting Attributes
- targeting both an entry and attributes
- targeting attribute values using ldap filters
- targeting a single directory entry
- defining permissions
- assigning rights
- Rights Required for LDAP Operations
- Permissions Syntax
- Bind Rule Syntax
- Anonymous Access (anyone Keyword)
- Self Access (self Keyword)
- Examples
- defining access based on value matching
- using the userattr keyword with inheritance
- granting add permission using the userattr keyword
- defining access from a specific ip address
- defining access from a specific domain
- defining access based on authentication method
- using boolean bind rules
- Creating ACIs From the Console
- displaying the access control editor
- viewing current acis
- editing an aci
- Access Control Usage Examples
- Granting Anonymous Access
- Granting Write Access to Personal Entries
- Restricting Access to Key Roles
- Granting a Group Full Access to a Suffix
- Granting Rights to Add and Delete Group Entries
- Granting Conditional Access to a Group or Role
- Denying Access
- Setting a Target Using Filtering
- Defining Permissions for DNs That Contain a Comma
- Proxied Authorization ACI Example
- Viewing the ACIs for an Entry
- Macro ACI Example
- Macro ACI Syntax
- Macro Matching for ($dn)
- Macro Matching for [$dn]
- Macro Matching for ($attr.attrName)
- Access Control and Replication
- Compatibility with Earlier Releases
- Managing the Password Policy
- Configuring the Password Policy
- Configuring the Password Policy Using the Command-Line
- Setting User Passwords
- Configuring the Account Lockout Policy
- Configuring the Account Lockout Policy Using the Command Line
- Managing the Password Policy in a Replicated Environment
- Inactivating Users and Roles
- Inactivating User and Roles Using the Console
- Activating User and Roles Using the Console
- Activating User and Roles Using the Command Line
- Setting Resource Limits Using the Console
- Replication Overview
- Change Log
- Replication Identity
- Replication Agreement
- Replication Scenarios
- Multi-Master Replication
- Cascading Replication
- Summary of Steps for Complex Replication Configurations
- Detailed Replication Tasks
- configuring supplier settings
- configuring a hub supplier
- creating a replication agreement
- Configuring Single-Master Replication
- Configuring Multi-Master Replication
- Configuring Cascading Replication
- initializing the replicas for cascading replication
- Deleting the Change Log
- Initializing Consumers
- online consumer initialization using the console
- manual consumer initialization using the command line
- Forcing Replication Updates
- forcing replication updates from the console
- Replication over SSL
- configuring replication over ssl using the replication wizard
- Replication with Earlier Releases
- Using the Retro Change Log Plug-In
- trimming the retro change log
- searching and modifying the retro change log
- monitoring replication status
- Solving Common Replication Conflicts
- solving orphan entry conflicts
- solving potential interoperability problems
- Overview of Extending Schema
- Managing Attributes
- creating attributes
- editing attributes
- Managing Object Classes
- viewing object classes
- creating object classes
- editing object classes
- deleting object classes
- About Indexes
- About Index Types
- About Default, System, and Standard Indexes
- Overview of System Indexes
- Overview of Standard Indexes
- Balancing the Benefits of Indexing
- Creating Indexes
- Creating Indexes From the Command Line
- Adding an Index Entry
- Running the db2index.pl Script
- Creating Browsing Indexes From the Server Console
- Creating Browsing Indexes from the Command Line
- Running the vlvindex Script
- Deleting Indexes
- Deleting Indexes From the Server Console
- Deleting Indexes From the Command Line
- Deleting Browsing Indexes From the Server Console
- Deleting Browsing Indexes From the Command Line
- Managing Indexes
- Drawbacks of the All IDs Mechanism
- When All IDs Threshold is Too High
- All IDs Threshold Tuning Advice for Service Providers and Extranets
- Default All IDs Threshold Value
- Changing the All IDs Threshold Value
- Attribute Name Quick Reference Table
- drink favoritedrink
- Chapter 11 Managing SSL
- Obtaining and Installing Server Certificates
- Activating SSL
- Setting Security Preferences
- Configuring LDAP Clients to Use SSL
- Viewing and Configuring Log Files
- defining a log file rotation policy
- Access Log
- Error Log
- viewing the error log
- Audit Log
- configuring the audit log
- Manual Log File Rotation
- Viewing the Server Performance Monitor
- Resource Summary
- Connection Status
- Global Database Cache Information
- monitoring your server from the command line
- Monitoring Database Activity
- General Information (Database)
- database cache information table
- Database File-Specific Table
- Monitoring Database Link Activity
- About SNMP
- NMS-Initiated Communication
- Overview of the Directory Server Management Information Base
- The Entries Table
- Setting Up SNMP
- Configuring the AIX SNMP Daemon
- Starting and Stopping the SNMP Subagent on UNIX
- Configuring SNMP for the Directory Server
- Tuning Server Performance
- Tuning Database Performance
- Optimizing Search Performance
- Tuning Transaction Logging
- Changing the Location of the Database Transaction Log
- Disabling Durable Transactions
- Specifying Transaction Batching
- Avoid Creating Entries Under the cn=config Entry in the dse.ldif File
- Part 2 Plug-Ins Reference
- Server Plug-in Functionality Reference
- ACL Plug-In
- ACL Preoperation Plug-In
- Boolean Syntax Plug-In
- Case Ignore String Syntax Plug-In
- Class of Service Plug-In
- Distinguished Name Syntax Plug-In
- Integer Syntax Plug-In
- ldbm Database Plug-In
- Legacy Replication Plug-In
- Octet String Syntax Plug-in
- CRYPT Password Storage Plug-In
- SHA Password Storage Plug-In
- Postal Address String Syntax Plug-In
- PTA Plug-In
- Retro Change Log Plug-In
- Telephone Syntax Plug-In
- URI Plug-in
- How Directory Server Uses PTA
- PTA Plug-In Syntax
- Configuring the PTA Plug-In
- configuring the servers to use a secure connection
- specifying the authenticating directory server
- configuring the optional parameters
- PTA Plug-In Syntax Examples
- Specifying One Authenticating Directory Server and Multiple Subtrees
- Overview of the Attribute Uniqueness Plug-In
- Overview of the UID Uniqueness Plug-in
- Creating an Instance of the Attribute Uniqueness Plug-In
- Configuring Attribute Uniqueness Plug-Ins
- specifying a suffix or subtree
- using the markerobjectclass and requiredobjectclass keywords
- Attribute Uniqueness Plug-In Syntax Examples
- specifying one attribute and multiple subtrees
- Simple Replication Scenario
- Overview of IM Presence Information
- Schema For the Presence Plug-In
- Performance-Related Information
- Setting Resource Limits Based on Bind DN
- Part 3 Appendixes
- LDIF File Format
- Continuing Lines in LDIF
- specifying directory entries using ldif
- specifying organizational unit entries
- specifying organizational person entries
- Defining Directories Using LDIF
- LDIF File Example
- Storing Information in Multiple Languages
- Finding Entries Using the Server Console
- Using ldapsearch
- ldapsearch Command-Line Format
- ldapsearch Examples
- Returning All Entries
- Using LDAP_BASEDN
- Specifying DNs that Contain Commas in Search Filters
- Search Filter Syntax
- Using Operators in Search Filters
- Using Compound Search Filters
- Search Filter Examples
- Searching an Internationalized Directory
- Matching Rule Filter Syntax
- Using Wildcards in Matching Rule Filters
- International Search Examples
- Less Than or Equal to Example
- Greater Than Example
- Components of an LDAP URL
- Escaping Unsafe Characters
- Examples of LDAP URLs
- About Locales
- identifying supported locales
- supported language subtypes
- Table Of Contents
NETSCAPE DIRECTORY SERVER 6.01
Table of contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Preface
- Document Conventions
- Where to Find Directory Server Information
- Part 1 Introduction to Directory Server Plug-Ins
- What Are Directory Server Plug-Ins
- How Directory Server Plug-Ins Work
- Calling Directory Server Plug-In Functions
- Types of Directory Server Plug-Ins
- Including the API Header File
- Working with Parameter Blocks
- Setting Data in the Parameter Block
- Calling Front-End Functions
- Writing Plug-in Initialization Functions
- Specifying Directory Server Compatibility
- Registering Your Plug-In Functions
- Returning a Value to the Directory Server
- Compiling a Directory Server Plug-In
- Creating a Plug-In Configuration File
- Plug-In Dependencies
- Plug-In Type Dependencies
- Summary of Plug-In Directives
- Loading the Plug-In Configuration File
- Passing Extra Arguments to Plug-Ins
- Setting the Log Level of the Server
- Writing the Plug-In Example
- Compiling the Plug-In Example
- Registering the Plug-In Example
- Running the Plug-In Example
- Part 2 Basic Plug-In Programming Techniques
- Logging Messages
- Sending Data to the Client
- Working with Entries, Attributes, and Values
- Creating a New Entry
- Getting and Setting the DN of an Entry
- Getting the Attributes and Values of an Entry
- Working with DNs and RDNs
- Working with DN Suffixes
- Working with Search Filters
- Determining if an Entry Matches a Filter
- Getting the Search Criteria
- Converting a String to a Filter
- How Pre/Post-Operation Plug-Ins Work
- Types Pre-Operation and Post-Operation Functions
- Types of Post-Operation Functions
- Specifying Start and Close Functions
- Getting and Setting Parameters for the Bind Operation
- Processing an LDAP Search Operation
- Getting the List of Candidates
- Iterating Through Candidates
- Processing an LDAP Compare Operation
- Processing an LDAP Modify Operation
- Processing an LDAP Modify RDN Operation
- Processing an LDAP Delete Operation
- Understanding Authentication Methods
- How the Directory Server Identifies Clients
- Writing Your Own Authentication Plug-in
- Defining Your Authentication Function
- Getting the Entry and Checking the Credentials
- What to Do If Authentication Fails
- Registering the SASL Mechanism
- Example of a Pre-Operation Bind Plug-In
- Example of an Initialization Function
- Registering the Plug-In
- Using SASL with an LDAP Client
- Part 3 Advanced Programming Techniques
- How Entry Store/Fetch Plug-Ins Work
- Writing Entry Store/Fetch Functions
- How Extended Operation Plug-Ins Work
- Writing Extended Operation Functions
- Registering Extended Operation Functions
- Understanding Matching Rules
- Extensible Match Filters
- Extensible Match Filters in the Directory Server
- How Matching Rules Are Identified
- How the Server Associates Plug-Ins with OIDs
- Finding a Plug-In for Searching
- How the Server Uses Parameter Blocks
- How the Server Updates the Index
- Writing the Indexer Factory Function
- Getting and Setting Parameters in Indexer Factory Functions
- Writing the Indexer Function
- Getting and Setting Parameters in Indexer Functions
- How the Server Handles the Filter
- Query Operators in Matching Rules
- Writing a Filter Factory Function
- Getting and Setting Parameters in Filter Factory Functions
- Writing a Filter Index Function
- Getting and Setting Parameters in Filter Index Functions
- Writing a Filter Matching Function
- Handling Sorting by Matching Rules
- Writing a Destructor Function
- About Distributing Flat Namespaces
- Creating a Distribution Function
- Adding the Distribution Function to Your Directory
- Using the Console
- Adding Distribution Logic to a Suffix
- Custom Distribution Checklist
- Part 4 Reference
- Summary of Data Types and Structures
- Distribution Routines
- Functions for Access Control
- Functions for Internal Operations and Plug-In Callback
- Functions for Setting Internal Operation Flags
- Functions for Handling Attributes
- Functions for Managing Backend Operations
- Functions for Dealing with Controls
- Functions for Syntax Plug-In
- Functions for Managing Memory
- Functions for Managing DNs
- Functions for Managing Entries
- Functions Related to Entry Flags
- Functions for Dealing with Filters
- Functions Specific to Extended Operation
- Functions Specific to Bind Methods
- Functions for Thread-Safe LDAP Connections
- Functions for Logging
- Functions for Handling Matching Rules
- Functions for LDAPMod Manipulation
- Functions for Monitoring Operations
- Functions for Managing Parameter Block
- Functions for Handling Passwords
- Functions for Managing RDN
- Functions for Managing Roles
- Functions for Sending Entries and Results to the Client
- Functions Related to UTF-8
- Functions for Handling Values
- Functions for Handling Valueset
- Functions Specific to Virtual Attribute Service
- Functions for Managing Locks and Synchronization
- functions for manipulating bits
- Functions for Registering Object Extensions
- Parameters for Registering Plug-In Functions
- Post-Operation/Data Notification Plug-Ins
- Extended Operation Plug-Ins
- Matching Rule Plug-Ins
- Information About the Database
- Information About the Connection
- Information About the Operation
- Notes in the Access Log
- Information About the Plug-In
- Types of Plug-Ins
- Parameters for the Configuration Function
- Parameters for the Search Function
- Parameters for the Add Function
- Parameters for the Compare Function
- Parameters for the Modify Function
- Parameters for the Modify RDN Function
- Parameters for the Abandon Function
NETSCAPE DIRECTORY SERVER 6.01
Table of contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Guide
- What You Should Already Know
- Conventions Used in This Guide
- Where to Go for Related Information
- Part 1 Overview and Demo Installation
- Overview of Key Features
- Flexible end-entity registration services framework
- System Overview
- Public-Key Infrastructure
- CMS Subsystems or Managers
- Certificate Manager
- Registration Manager
- Data Recovery Manager
- Online Certificate Status Manager
- Basic System Configuration
- Plug-in Modules
- Policy Plug-in Modules
- Job Plug-In Modules
- Mapper and Publisher Plug-in Modules
- Event-Driven Notifications
- Command-Line Utilities
- Entry Points for Various Types of Users
- Agent Services Interface
- Registration Manager Agent Services
- Data Recovery Manager Agent Services
- Online Certificate Status Manager Agent Services Interface
- End-Entity Services Interface
- System Architecture
- JSS and the Java/JNI Layer
- Middleware/Java 2 Layers
- Security and Directory Protocols
- Steps in End-Entity Enrollment
- Some Enrollment Scenarios
- Extranet/E-Commerce: ExampleCorp
- Enrolling Existing Customers
- Enrolling New Customers
- Enrolling Extranet Users
- PIN Registration: Atlas Manufacturing
- VPN Client Enrollment and Revocation
- Router Enrollment and Revocation
- End Entities and Life-Cycle Management
- Access to Subsystems
- HTML Forms for End Users
- Netscape Personal Security Manager
- System Requirements
- Overview of the Default Demo
- Demo Passwords
- Installing the Default Demo
- Step 2. Run the Installation Wizard
- Step 3. Get the First User Certificate
- If You Need the First Agent Form Again
- Using the Default Demo
- Viewing Issued Certificates From the Agent Gateway
- Enrolling for a Certificate From the End-Entity Gateway
- Finding and Approving a Certificate Request
- Setting Your Browser to Use the Agent Certificate
- Create a Policy
- Use an LDAP Directory
- Step 1. Enable Directory-Based Authentication
- Step 2. Add a User to the Directory
- Step 3. Enroll with Directory-Based Authentication
- Publish Certificates to an LDAP Directory
- Configure the Publishing Destination
- Set Rules for Publishing Certificates
- Update the Publishing Directory
- Send Renewal Reminders
- Configuring a Mail Server for Certificate Management System
- Configuring Certificate Management System to Send Renewal Reminders
- Part 2 Planning and Installation
- Topology Decisions
- Certificate Manager and Registration Manager
- Certificate Manager and Data Recovery Manager
- Certificate Manager, Data Recovery Manager, and Registration Manager
- Cloned Certificate Manager
- CA's Distinguished Name
- CA Signing Certificate's Validity Period
- CAs and Certificate Extensions
- Cryptographic Token Decisions
- Publishing Decisions
- Publishing CRLs to the Online Certificate Status Manager
- Subsystem Certificate Decisions
- Certificate Manager Certificates
- Data Recovery Manager Certificate and Storage Key
- Authentication Decisions
- Information for UNIX Installation Script
- User/Group Directory Server
- Administration Server Information
- Certificate Management System Identifier
- Configuration Directory Settings
- Administration Server Port
- Token Logon or Single Sign-On Password
- Subsystems
- Network Configuration
- Key-Pair Information for CA Signing Certificate
- Validity Period for CA Signing Certificate
- CA Signing Certificate Request
- Subject Name for Registration Manager Signing Certificate
- Registration Manager Signing Certificate Issuer
- Subject Name for Transport Certificate
- Validity Period for Transport Certificate
- Transport Certificate Request
- Online Certificate Status Manager Configuration
- Online Certificate Status Manager Signing Certificate Request
- Online Certificate Status Manager Signing Certificate Issuer
- CA Signing Certificate
- SSL Server Key and Certificate
- Subject Name for SSL Server Certificate
- Extensions for SSL Server Certificate
- SSL Certificate Request
- Installation Overview
- Installation Stages
- Before You Begin the Installation
- Stage 1. Running the Installation Script
- Running the Installation Script on Windows NT
- Stage 2. Running the Installation Wizard
- Installing the Certificate Manager as a Root CA
- Installing the Certificate Manager as a Subordinate CA
- Installing a Standalone Registration Manager
- Installing a Standalone Data Recovery Manager
- Installing a Online Certificate Status Manager
- Stage 3. Enrolling for Administrator/Agent Certificate
- Agent Certificate for Other CMS Managers
- Stage 5. Creating Additional Instances or CA Clones
- Installing Multiple CMS Instances
- Cloning a Certificate Manager
- Step 1. Before You Begin
- Step 2. Create Instances for Clone CAs
- Installing Clone CA in a Different Server Group
- Installing Clone CA on a Separate Host
- Step 4. Copy Master CA's Certificate and Key Database
- Step 6. Configure the Clone CA
- Step 8. Establish Trust Between Master CA and Clone CAs
- Step B. Create a Privileged-User Entry for Clone CAs
- Step 9. Test Clone-Master Connection
- Step B. Approve the Request
- Step D. Revoke the Certificate
- Step 10. Use Master CA's Agent Certificate in Clone CAs
- Viewing Instance Information
- Changing the Name of an Instance
- Removing an Instance From a System
- Uninstalling From the Command Line
- Uninstalling by Using the Windows NT Add/Remove Programs Utility
- Significance of password.conf File
- Required Start-up Information
- Starting From Netscape Console
- Starting From the Command Line
- Starting From the Windows NT Services Panel
- Stopping From Netscape Console
- Stopping From the Command Line
- Restarting From the CMS Window
- Restarting From the Command Line
- Attending to an Unresponsive Server
- Password-Quality Checker
- Part 3 Configuration
- Netscape Console
- Users and Groups Tab
- Netscape Administration Server
- Starting Administration Server
- Shutting Down Administration Server
- The CMS Window
- Tasks Tab
- Logging In to the CMS Window
- Effects of Installation Type on Configuration
- Duplicating Configuration From One Instance to Another
- Modifying the Configuration
- Guidelines for Editing the Configuration File
- Sample Configuration File
- Road Map to Configuring Subsystems
- Step 1. Check Which Subsystem is Installed in the Instance
- Step 5. Customize End-Entity and Agent Forms
- Step 8. Schedule Jobs
- Step 11. Set up Key Archival and Recovery
- Chapter 11 Setting Up Ports
- Remote Administration Port
- Agent Port
- Step 1. Specify the Port Number
- Step 2: Specify IP Addresses
- Internal Database
- Step 1. Identify the Directory Server Instance
- Step 2. Restrict Access to the Internal Database
- Privileged-User Types and Responsibilities
- Agents
- Agent's Certificate for SSL Client Authentication
- Revocation Status Checking of Agent Certificates
- Trusted Managers
- Subsystems That Can Function as Trusted Managers
- Connectors for Linking Trusted Managers
- Trusted Manager's Certificate for SSL Client Authentication
- Groups and Their Privileges
- Groups for Agents
- Group for Registration Manager Agents
- Group for Online Certificate Status Manager Agents
- Setting Up Privileged Users
- Setting Up Agents
- Setting up Agents Using the Manual Process
- Setting Up Trusted Managers
- Setting Up a Registration Manager as a Trusted Manager
- Setting Up a Certificate Manager as a Trusted Manager
- Changing Privileged-User Information
- Changing a Privileged User's Certificate
- Changing Members in a Group
- Deleting a Privileged User
- Keys and Certificates for the Main Subsystems
- Certificate Manager's Key Pairs and Certificates
- OCSP Signing Key Pair and Certificate
- CRL Signing Key Pair and Certificate
- SSL Server Key Pair and Certificate
- Registration Manager's Key Pairs and Certificates
- Data Recovery Manager's Key Pairs and Certificates
- Transport Key Pair and Certificate
- Online Certificate Status Manager's Key Pairs and Certificates
- Tokens for Storing CMS Keys and Certificates
- Installing External Tokens
- Managing Tokens Used by the Subsystems
- Changing a Token's Password
- Hardware Cryptographic Accelerators
- Using the Wizard to Request a Certificate
- Step 1. Select the Operation
- Step 2. Choose the Certificate
- Step 3. Specify the Key-Pair Information
- Step 4. Specify the Subject Name for the Certificate
- Step 5. Specify the Validity Period
- Step 6. Specify Extensions
- Step 7. Copy the Certificate Signing Request
- Step 8. Check the Certificate Request Status
- Using the Wizard to Install a Certificate or Certificate Chain
- Data Formats for Installing Certificates and Certificate Chains
- Step 2. Select the Certificate or Certificate Chain
- Step 3. Specify the Location of the Certificate
- Step 4. View the Certificate or Certificate Chain
- Step 6. Verify the Certificate Status
- Step 1. Get the Required SSL Server Certificates
- Getting an SSL Client Certificate for a Subsystem
- Setting Up Cipher Preferences for SSL Communications
- SSL Ciphers Supported in Certificate Management System
- Configuring the Server to Use Specific Ciphers
- Getting New Certificates for the Subsystems
- Step 1. Plan for the New Certificate
- Step 2. Request the New Certificate
- Step 4. Deploy the New Certificate
- Deploying Registration Manager's Signing Certificate
- Deploying Data Recovery Manager's Transport Certificate
- Deploying a Subsystem's SSL Server Certificate
- Renewing Certificates for the Subsystems
- Step 1. Plan for Certificate Renewal
- Step 2. Renew the Existing Certificate
- Step 3. Install the Renewed Certificate
- Deploying Certificate Manager's Renewed CA Signing Certificate
- Deploying Data Recovery Manager's Renewed Transport Certificate
- Deploying a Subsystem's Renewed SSL Server Certificate
- Step 5. Restart the Server
- Viewing the Certificate Database Content
- Changing the Trust Settings of a CA Certificate
- Installing a New CA Certificate in the Certificate Database
- Introduction to Authentication
- Privileged-User Authentication
- Authentication of Agents
- End-Entity Authentication
- Authentication of End Users During Certificate Revocation
- Configuring Authentication for End-User Enrollment
- Step 2. Set Up the Directory for PIN-Based Enrollment
- Step B. Update the Directory
- Step C. Prepare the Input File
- Step E. Check the Output File
- Step 4: Add an Authentication Instance
- Step 5. Set Up the Enrollment Interface
- Step B. Customize the Form
- Step D. Remove Unwanted Enrollment Options
- Step 6. Enable End-Entity Interaction
- Enabling End-Entity Interaction with a Registration Manager
- Step 7. Turn on Automated Notification
- Step 9. Deliver PINs to End Users
- Setting Up Agent Initiated End User Enrollment
- Modifying an Authentication Instance
- Managing Authentication Plug-in Modules
- Registering an Authentication Module
- Deleting an Authentication Module
- Automated Notifications
- Notifications of Certificate Issuance to End Entities
- Notification of New Request in Queue
- Customizing Notification Messages
- Customizing Message Templates
- Tokens Available in Message Templates
- Tokens for Rejection Notifications to End Entities
- Tokens for Request In Queue Notification Messages
- Step 2. Turn On Certificate-Issuance Notification
- Step 3. Turn on Request in Queue Notification
- Step 4. Verify Mail Server Settings
- Step 5. Test Your Configuration
- Configuring a Subsystem to Run Automated Jobs
- Step 2. Modify Existing Jobs
- Step 3. Delete Unwanted Jobs
- Step 6. Verify Mail Server Settings
- Step 7. Test Your Configuration
- Registering a Job Module
- Deleting a Job Module
- Introduction to Policy
- What Is Policy
- Policy Rules
- Using Predicates in Policy Rules
- Attributes for Predicates
- Policy Processor
- Configuring Policy Rules for a Subsystem
- Step 2. Modify Existing Policy Rules
- Step 3. Delete Unwanted Policy Rules
- Step 5. Reorder Policy Rules
- Step 6. Restart the Server
- Using JavaScript for Policies
- Deleting a Policy Module
- Publishing of Certificates to a Directory
- Timing of Directory Updates
- Directory Update Process
- Directory Synchronization
- What's a CRL
- Reasons for Revoking a Certificate
- Revocation Checking by Netscape Clients
- Publishing of CRLs to an LDAP Directory
- CRL Issuing Points
- Step 2. Set Up the Directory for Publishing
- Step C. Identify an Entry That Has Write Access
- Step E. Specify the Directory Authentication Method
- Step F. Modify the Certificate Mapping File
- Step G. Restart Directory Server
- Step B. Add Mappers, Publishers, and Publishing Rules
- Step 4. Configure the Certificate Manager to Publish CRLs
- Step A. Specify CRL Details
- Step B. Set the CRL Extensions
- Step C. Create a Mapper for the CRL
- Step D. Create a Publisher for the CRL
- Step E. Create a Publishing Rule for the CRL
- Step 5. Identify the Publishing Directory
- Step 6. Test Certificate and CRL Publishing
- Step A. Decide a Directory Entry for Requesting a Certificate
- Step D. Download the Certificate to the Browser
- Step F. Revoke the Certificate
- Step G. Check the Directory for the CRL
- Manually Updating Certificates in the Directory
- Manually Updating the CRL in the Directory
- Configuring Certificate Manager to Publish to Files
- Step 2. Configure the Certificate Manager
- Step B. Create Publishing Rules for Certificates
- Step C. Create a Publishing Rule for CRLs
- Step D. Specify CRL Details
- Step E. Set the CRL Extensions
- Step F. Make Sure Publishing is Enabled
- Step D. Check the File for the Certificate
- Step E. Revoke the Certificate
- Step F. Check the File for the CRL
- Managing Mapper and Publisher Plug-in Modules
- Deleting a Mapper or Publisher Module
- What's an OCSP-Compliant PKI Setup
- How to Get an OCSP Responder
- How Online Certificate Status Manager Works
- How to Get OCSP-Compliant Clients
- Setting Up a Certificate Manager with OCSP Service
- Step 2. Install OCSP-Compliant Client
- Setting Up Personal Security Manager for OCSP-Based Certificate Validation
- Step 3. Enable Certificate Manager's HTTP Port
- Step 5. Restart the Certificate Manager
- Step A. Turn On Revocation Checking in the Browser
- Step C. Approve the Request
- Step E. Make Sure the CA is Trusted by the Browser
- Step H. Revoke the Certificate
- Step J. Check the Certificate Manager's OCSP Service Status Again
- Step 2. Install an OCSP-Compliant Client
- Step A. Specify CRL Format and Publishing Interval
- Step C. Create a Publisher for the CRL
- Step D. Create a Publishing Rule for the CRL
- Step E. Make Sure Publishing is Enabled
- Step 5. Configure Certificate Manager for Required Extension Policies
- Step 6. Configure the Online Certificate Status Manager
- Step 7. Restart the Certificate Manager
- Step 8. Restart the Online Certificate Status Manager
- Step 10. Test Your OCSP Responder Setup
- Step B. Request a Certificate
- Step F. Verify the Certificate in the Browser
- Step I. Verify the Certificate in the Browser
- PKI Setup for Key Archival and Recovery
- Clients That Can Generate Dual Key Pairs
- Forms for Users and Key Recovery Agents
- Where the Keys are Stored
- How Key Archival Works
- Key Recovery Process
- Interface for the Key Recovery Process
- Local Versus Remote Key Recovery Authorization
- How Agent-Initiated Key Recovery Works
- Key Recovery Agent Scheme
- Changing Key Recovery Agents' Passwords
- Configuring Key Archival and Recovery Process
- Step A. Deploy Clients That Can Generate Dual Key Pairs
- Step C. Customize the Certificate Enrollment Form
- Step D. Configure Key Archival Policies
- Step 2. Set Up the Key Recovery Process
- Step B. Facilitate the Key Recovery Agents to Change the Passwords
- Step 3. Test Your Key Archival and Recovery Setup
- Step B. Verify the Key
- Step D. Restore the Key in the Browser's Database
- Introduction to Logs
- Logs Maintained by the Server
- Services That Are Logged
- Log Levels (Message Categories)
- Log File Locations
- Log File Naming Conventions
- Rotation of Log Files
- Location of Rotated Log Files
- Configuring CMS Logs
- Step 3. Delete Unwanted Listeners
- Step 4. Create New Listeners
- Monitoring CMS Logs
- Monitoring System Logs
- Monitoring Error Logs
- Monitoring Audit Logs
- Using System Tools for Monitoring the Server (Windows NT Only)
- Logging to Windows NT Event Log
- Avoiding Event Log From Getting Filled
- Archiving of Rotated Log Files
- Signing Log Files
- Managing Log Modules
- Deleting a Log Module
- Part 4 Issuing and Managing Certificates
- Certificate Issuance to Servers
- How the Manual Server Enrollment Process Works
- Getting Server SSL Certificates for Netscape Servers
- Step 1. Generate the Server Certificate Request
- Step 3. Install Your Server's SSL Certificate
- Step 5. Verify Your Server's SSL and CA Certificates
- Renewal of Server Certificates
- CEP Enrollment
- Setting up CEP Enrollment Manually
- Step 1. Set up the Directory for Publishing Certificates and CRLs
- Step 2. Configure the Certificate Manager for Publishing Certificates and CRLs
- Step 3. Set Up Automated Enrollment
- Step 4. Set Up Multiple CEP Services
- Certificate Issuance to Routers or VPN Clients
- Step 2. Generate the Key Pair for the Router
- Step 3. Request the CA's Certificate
- Example
- Part 5 Appendix
- Certificate Download Specification
Related products
NETSCAPE DIRECTORY SERVER 6.0NETSCAPE DIRECTORY SERVER 6.02NETSCAPE DIRECTORY SERVER 6.01 - PLUG-INNETSCAPE DIRECTORY SERVER 7.0NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENTNETSCAPE DIRECTORY SERVER 6.02 - PLUG-INNETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATORNETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENTNETSCAPE DIRECTORY SERVER 6.1 - PLUG-INNETSCAPE DIRECTORY SERVER 6.2 - PLUG-INNetscape categories
More Netscape categoriesmanualsdatabase
Your AI-powered manual search engine