Red Hat Directory Server 8.2

Administration Guide

for managing Directory Server instances

Edition 8.2.8

Copyright © 2010 Red Hat, Inc.

Legal Notice

Copyright © 2010 Red Hat, Inc..
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
August 2, 2010, updated on April 2, 2012

Abstract

This book is for LDAP administrators.
Preface
1. Directory Server Overview
2. Examples and Formatting
2.1. Command and File Examples
2.2. Tool Locations
2.3. LDAP Locations
2.4. Text Formatting and Styles
3. Additional Reading
4. Giving Feedback
5. Documentation History
1. Basic Red Hat Directory Server Settings
1.1. System Requirements
1.1.1. Required JDK
1.1.2. Directory Server Supported Platforms
1.1.3. Directory Server Console Supported Platforms
1.1.4. Password Sync Service Platforms
1.1.5. Web Application Browser Support
1.2. Directory Server File Locations
1.3. LDAP Tool Locations
1.4. Starting and Stopping Servers
1.4.1. Starting and Stopping Directory Server from the Console
1.4.2. Starting and Stopping Directory Server from the Command Line
1.4.3. Starting and Stopping Admin Server
1.5. Starting the Console
1.5.1. Starting the Directory Server Console
1.5.2. Logging into Directory Server
1.5.3. Changing Login Identity
1.5.4. Viewing the Current Console Bind DN
1.6. Enabling LDAPI
1.7. Changing Directory Server Port Numbers
1.8. Creating a New Directory Server Instance
1.9. Setting the Directory Manager Information
1.10. Using Directory Server Plug-ins
1.10.1. Enabling Plug-ins
1.10.2. Setting the Plug-in Precedence
2. Configuring Directory Databases
2.1. Creating and Maintaining Suffixes
2.1.1. Creating Suffixes
2.1.2. Maintaining Suffixes
2.2. Creating and Maintaining Databases
2.2.1. Creating Databases
2.2.2. Maintaining Directory Databases
2.2.3. Configuring Attribute Encryption
2.3. Creating and Maintaining Database Links
2.3.1. Creating a New Database Link
2.3.2. Configuring the Chaining Policy
2.3.3. Maintaining Database Links
2.3.4. Configuring Database Link Defaults
2.3.5. Deleting Database Links
2.3.6. Database Links and Access Control Evaluation
2.4. Configuring Cascading Chaining
2.4.1. Overview of Cascading Chaining
2.4.2. Configuring Cascading Chaining Using the Console
2.4.3. Configuring Cascading Chaining from the Command Line
2.4.4. Detecting Loops
2.4.5. Summary of Cascading Chaining Configuration Attributes
2.4.6. Cascading Chaining Configuration Example
2.5. Using Referrals
2.5.1. Starting the Server in Referral Mode
2.5.2. Setting Default Referrals
2.5.3. Creating Smart Referrals
2.5.4. Creating Suffix Referrals
3. Creating Directory Entries
3.1. Managing Entries from the Directory Console
3.1.1. Creating a Root Entry
3.1.2. Creating Directory Entries
3.1.3. Modifying Directory Entries
3.1.4. Deleting Directory Entries
3.2. Managing Entries from the Command Line
3.2.1. Providing Input from the Command Line
3.2.2. Creating a Root Entry from the Command Line
3.2.3. Adding Entries Using LDIF
3.2.4. Adding and Modifying Entries Using ldapmodify
3.2.5. Deleting Entries Using ldapdelete
3.2.6. Using Special Characters
3.3. Using LDIF Update Statements to Create or Modify Entries
3.3.1. Adding an Entry Using LDIF
3.3.2. Renaming an Entry Using LDIF
3.3.3. Modifying an Entry Using LDIF
3.3.4. Deleting an Entry Using LDIF
3.3.5. Modifying an Entry in an Internationalized Directory
3.4. Tracking Modifications to Directory Entries
3.4.1. Tracking Modifications to the Database through Update Sequence Numbers
3.4.2. Tracking Entry Modifications through Operational Attributes
3.5. Maintaining Referential Integrity
3.5.1. How Referential Integrity Works
3.5.2. Using Referential Integrity with Replication
3.5.3. Enabling and Disabling Referential Integrity
3.5.4. Modifying the Update Interval
3.5.5. Modifying the Attribute List
4. Populating Directory Databases
4.1. Importing Data
4.1.1. Importing Entries with Large Attributes
4.1.2. Importing a Database from the Console
4.1.3. Initializing a Database from the Console
4.1.4. Importing from the Command Line
4.2. Exporting Data
4.2.1. Exporting Directory Data to LDIF Using the Console
4.2.2. Exporting a Single Database to LDIF Using the Console
4.2.3. Exporting to LDIF from the Command Line
4.3. Backing up and Restoring Data
4.3.1. Backing up All Databases
4.3.2. Backing up the dse.ldif Configuration File
4.3.3. Restoring All Databases
4.3.4. Restoring a Single Database
4.3.5. Restoring Databases That Include Replicated Entries
4.3.6. Restoring the dse.ldif Configuration File
5. Managing Attributes and Values
5.1. Enforcing Attribute Uniqueness
5.1.1. Attribute Uniqueness Plug-in Syntax
5.1.2. Creating an Instance of the Attribute Uniqueness Plug-in
5.1.3. Configuring Attribute Uniqueness
5.1.4. Attribute Uniqueness Plug-in Syntax Examples
5.2. Assigning Class of Service
5.2.1. About the CoS Definition Entry
5.2.2. About the CoS Template Entry
5.2.3. How a Pointer CoS Works
5.2.4. How an Indirect CoS Works
5.2.5. How a Classic CoS Works
5.2.6. Handling Physical Attribute Values
5.2.7. Handling Multi-valued Attributes with CoS
5.2.8. Searches for CoS-Specified Attributes
5.2.9. Access Control and CoS
5.2.10. Managing CoS Using the Console
5.2.11. Managing CoS from the Command Line
5.2.12. Creating Role-Based Attributes
5.3. Linking Attributes to Manage Attribute Values
5.3.1. About Linking Attributes
5.3.2. Looking at the Linking Attributes Plug-in Syntax
5.3.3. Configuring Attribute Links
5.3.4. Cleaning up Attribute Links
5.4. Assigning and Managing Unique Numeric Attribute Values
5.4.1. Looking at the DNA Plug-in Syntax
5.4.2. Configuring Unique Number Assignments
6. Managing the Directory Schema
6.1. Overview of Schema
6.1.1. Default Schema Files
6.1.2. Object Classes
6.1.3. Attributes
6.1.4. Extending the Schema
6.1.5. Schema Replication
6.2. Managing Object Identifiers
6.3. Directory Server Attribute Syntaxes
6.4. Managing Custom Schema in the Console
6.4.1. Viewing Attributes and Object Classes
6.4.2. Creating Attributes
6.4.3. Creating Object Classes
6.4.4. Editing Custom Schema Elements
6.4.5. Deleting Schema
6.5. Managing Schema Using ldapmodify
6.5.1. Creating Attributes
6.5.2. Creating Object Classes
6.5.3. Deleting Schema
6.6. Creating Custom Schema Files
6.7. Dynamically Reloading Schema
6.7.1. Reloading Schema Using schema-reload.pl
6.7.2. Reloading Schema Using ldapmodify
6.7.3. Reloading Schema with Replication
6.7.4. Schema Reload Errors
6.8. Turning Schema Checking On and Off
6.9. Using Syntax Validation
6.9.1. About Syntax Validation
6.9.2. Syntax Validation and Other Directory Server Operations
6.9.3. Enabling or Disabling Syntax Validation
6.9.4. Enabling Strict Syntax Validation for DNs
6.9.5. Enabling Syntax Validation Warnings (Logging)
6.9.6. Validating the Syntax of Existing Attribute Values
7. Managing Indexes
7.1. About Indexes
7.1.1. About Index Types
7.1.2. About Default, System, and Standard Indexes
7.1.3. Overview of the Searching Algorithm
7.1.4. Approximate Searches
7.1.5. Indexing Performance
7.1.6. Balancing the Benefits of Indexing
7.2. Creating Standard Indexes
7.2.1. Creating Indexes from the Server Console
7.2.2. Creating Indexes from the Command Line
7.3. Applying New Indexes to Existing Databases
7.3.1. Running the db2index.pl Script
7.3.2. Using a cn=tasks Entry to Create an Index
7.4. Creating Browsing (VLV) Indexes
7.4.1. Creating Browsing Indexes from the Server Console
7.4.2. Creating Browsing Indexes from the Command Line
7.4.3. Setting Access Control for VLV Information
7.5. Changing the Index Sort Order
7.5.1. Changing the Sort Order in the Console
7.5.2. Changing the Sort Order in the Command Line
7.6. Changing the Width for Indexed Substring Searches
7.7. Deleting Indexes
7.7.1. Deleting Indexes from the Server Console
7.7.2. Deleting Indexes from the Command Line
7.7.3. Deleting Browsing Indexes from the Server Console
7.7.4. Deleting Browsing Indexes from the Command Line
8. Finding Directory Entries
8.1. Finding Entries Using the Directory Server Console
8.2. Using ldapsearch
8.2.1. ldapsearch Command-Line Format
8.2.2. Commonly Used ldapsearch Options
8.2.3. Using Special Characters
8.3. LDAP Search Filters
8.3.1. Using Attributes in Search Filters
8.3.2. Using Operators in Search Filters
8.3.3. Using Compound Search Filters
8.3.4. Using Matching Rules
8.4. Examples of Common ldapsearches
8.4.1. Returning All Entries
8.4.2. Specifying Search Filters on the Command Line
8.4.3. Searching the Root DSE Entry
8.4.4. Searching the Schema Entry
8.4.5. Using LDAP_BASEDN
8.4.6. Displaying Subsets of Attributes
8.4.7. Searching for Operational Attributes
8.4.8. Specifying Search Filters Using a File
8.4.9. Specifying DNs That Contain Commas in Search Filters
8.4.10. Using Client Authentication When Searching
8.4.11. Searching with Specified Controls
8.4.12. Searching with Language Matching Rules
8.4.13. Searching for Attributes with Bit Field Values
8.5. Using Persistent Search
8.5.1. An Overview of Persistent Searches
8.5.2. Running a Persistent Search
8.6. Performing Dereferencing Searches
8.7. Using Simple Paged Results
9. Managing Replication
9.1. Replication Overview
9.1.1. What Directory Units Are Replicated
9.1.2. Read-Write and Read-Only Replicas
9.1.3. Suppliers and Consumers
9.1.4. Changelog
9.1.5. Replication Identity
9.1.6. Replication Agreement
9.1.7. Replicating a Subset of Attributes with Fractional Replication
9.1.8. Compatibility with Earlier Versions of Directory Server
9.2. Replication Scenarios
9.2.1. Single-Master Replication
9.2.2. Multi-Master Replication
9.2.3. Cascading Replication
9.3. Creating the Supplier Bind DN Entry
9.4. Configuring Single-Master Replication
9.4.1. Configuring the Read-Write Replica on the Supplier Server
9.4.2. Configuring the Read-Only Replica on the Consumer
9.4.3. Creating the Replication Agreement
9.5. Configuring Multi-Master Replication
9.5.1. Configuring the Read-Write Replicas on the Supplier Servers
9.5.2. Configuring the Read-Only Replicas on the Consumer Servers
9.5.3. Setting up the Replication Agreements
9.5.4. Preventing Monopolization of the Consumer in Multi-Master Replication
9.6. Configuring Cascading Replication
9.6.1. Configuring the Read-Write Replica on the Supplier Server
9.6.2. Configuring the Read-Only Replica on the Consumer Server
9.6.3. Configuring the Read-Only Replica on the Hub
9.6.4. Setting up the Replication Agreements
9.7. Configuring Replication from the Command Line
9.7.1. Configuring Suppliers from the Command Line
9.7.2. Configuring Consumers from the Command Line
9.7.3. Configuring Hubs from the Command Line
9.7.4. Configuring Replication Agreements from the Command Line
9.7.5. Initializing Consumers Online from the Command Line
9.8. Making a Replica Updatable
9.9. Deleting the Changelog
9.9.1. Removing the Changelog
9.9.2. Moving the Changelog to a New Location
9.10. Initializing Consumers
9.10.1. When to Initialize a Consumer
9.10.2. Online Consumer Initialization Using the Console
9.10.3. Initializing Consumers Online Using the Command Line
9.10.4. Manual Consumer Initialization Using the Command Line
9.10.5. Filesystem Replica Initialization
9.11. Forcing Replication Updates
9.11.1. Forcing Replication Updates from the Console
9.11.2. Forcing Replication Updates from the Command Line
9.12. Replication over SSL
9.13. Setting Replication Timeout Periods
9.14. Replicating o=NetscapeRoot for Admin Server Failover
9.15. Replication with Earlier Releases
9.15.1. Using Legacy Replication
9.15.2. Legacy Replication and Parent Object Classes
9.15.3. Configuring Legacy Replication
9.16. Using the Retro Changelog Plug-in
9.16.1. Enabling the Retro Changelog Plug-in
9.16.2. Trimming the Retro Changelog
9.16.3. Searching and Modifying the Retro Changelog
9.16.4. Retro Changelog and the Access Control Policy
9.17. Monitoring Replication Status
9.17.1. Monitoring Replication Status from the Directory Server Console
9.17.2. Monitoring Replication Status from Administration Express
9.18. Solving Common Replication Conflicts
9.18.1. Solving Naming Conflicts
9.18.2. Solving Orphan Entry Conflicts
9.18.3. Solving Potential Interoperability Problems
9.19. Troubleshooting Replication-Related Problems
10. Synchronizing Red Hat Directory Server with Microsoft Active Directory
10.1. About Windows Sync
10.2. Configuring Windows Sync
10.2.1. Step 1: Configure SSL on Directory Server
10.2.2. Step 2: Configure the Active Directory Domain
10.2.3. Step 3: Select or Create the Sync Identity
10.2.4. Step 4: Install the Password Sync Service
10.2.5. Step 5: Configure the Password Sync Service
10.2.6. Step 6: Configure the Directory Server Database for Synchronization
10.2.7. Step 7: Create the Synchronization Agreement
10.2.8. Step 8: Configure Directory Server User and Group Entries for Synchronization
10.2.9. Step 9: Begin Synchronization
10.3. Synchronizing Users
10.3.1. User Attributes Synchronized between Directory Server and Active Directory
10.3.2. User Schema Differences between Red Hat Directory Server and Active Directory
10.3.3. Configuring User Sync for Directory Server Users
10.3.4. Configuring User Sync for Active Directory Users
10.4. Synchronizing Groups
10.4.1. About Windows Group Types
10.4.2. Group Attributes Synchronized between Directory Server and Active Directory
10.4.3. Group Schema Differences between Red Hat Directory Server and Active Directory
10.4.4. Configuring Group Sync for Directory Server Groups
10.4.5. Configuring Group Sync for Active Directory Groups
10.5. Deleting and Resurrecting Entries
10.5.1. Deleting Entries
10.5.2. Resurrecting Entries
10.6. Sending Synchronization Updates
10.6.1. Performing a Manual Sync Update
10.6.2. Sending a Total Update (Full Synchronization)
10.6.3. Sending Sync Updates in the Command Line
10.6.4. Checking Synchronization Status
10.7. Modifying the Sync Agreement
10.7.1. Editing the Sync Agreement in the Console
10.7.2. Adding and Editing the Sync Agreement in the Command Line
10.8. Configuring Unidirectional Synchronization
10.9. Managing the Password Sync Service
10.9.1. Modifying Password Sync
10.9.2. Starting and Stopping the Password Sync Service
10.9.3. Uninstalling Password Sync Service
10.9.4. Upgrading Password Sync
10.10. Troubleshooting
11. Organizing Entries with Groups, Roles, and Views
11.1. Using Groups
11.1.1. Creating Static Groups in the Console
11.1.2. Creating Dynamic Groups in the Console
11.1.3. Creating Groups in the Command Line
11.1.4. Using the memberOf Attribute to Manage Group Membership Information
11.2. Using Roles
11.2.1. About Roles
11.2.2. Creating a Managed Role
11.2.3. Creating a Filtered Role
11.2.4. Creating a Nested Role
11.2.5. Editing and Assigning Roles to an Entry
11.2.6. Viewing Roles for an Entry through the Command Line
11.2.7. Making a Role Inactive or Active
11.2.8. Viewing the Activation Status for Entries
11.2.9. About Deleting Roles
11.2.10. Using Roles Securely
11.3. Using Views
11.3.1. Creating Views in the Console
11.3.2. Creating Views from the Command Line
12. Managing Access Control
12.1. Access Control Principles
12.1.1. ACI Structure
12.1.2. ACI Placement
12.1.3. ACI Evaluation
12.1.4. ACI Limitations
12.2. Default ACIs
12.3. Creating ACIs Manually
12.3.1. The ACI Syntax
12.3.2. Defining Targets
12.3.3. Defining Permissions
12.4. Bind Rules
12.4.1. Bind Rule Syntax
12.4.2. Defining User Access - userdn Keyword
12.4.3. Defining Group Access - groupdn Keyword
12.4.4. Defining Role Access - roledn Keyword
12.4.5. Defining Access Based on Value Matching
12.4.6. Defining Access from a Specific IP Address
12.4.7. Defining Access from a Specific Domain
12.4.8. Requiring a Certain Level of Security in Connections
12.4.9. Defining Access at a Specific Time of Day or Day of Week
12.4.10. Defining Access Based on Authentication Method
12.4.11. Using Boolean Bind Rules
12.5. Creating ACIs from the Console
12.5.1. Displaying the Access Control Editor
12.5.2. Creating a New ACI
12.5.3. Editing an ACI
12.5.4. Deleting an ACI
12.6. Viewing ACIs
12.7. Checking Access Rights on Entries (Get Effective Rights)
12.7.1. Rights Shown with a Get Effective Rights Search
12.7.2. The Format of a Get Effective Rights Search
12.7.3. Using Get Effective Rights from the Console
12.7.4. Get Effective Rights Return Codes
12.8. Logging Access Control Information
12.9. Access Control Usage Examples
12.9.1. Granting Anonymous Access
12.9.2. Granting Write Access to Personal Entries
12.9.3. Restricting Access to Key Roles
12.9.4. Granting a Group Full Access to a Suffix
12.9.5. Granting Rights to Add and Delete Group Entries
12.9.6. Granting Conditional Access to a Group or Role
12.9.7. Denying Access
12.9.8. Setting a Target Using Filtering
12.9.9. Allowing Users to Add or Remove Themselves from a Group
12.9.10. Setting an ACI to Require a Certain Security Strength Factor for Some Operations
12.9.11. Defining Permissions for DNs That Contain a Comma
12.9.12. Proxied Authorization ACI Example
12.10. Advanced Access Control: Using Macro ACIs
12.10.1. Macro ACI Example
12.10.2. Macro ACI Syntax
12.11. Access Control and Replication
12.12. Compatibility with Earlier Releases
13. Managing User Authentication
13.1. Managing the Password Policy
13.1.1. Configuring the Password Policy
13.1.2. Setting User Passwords
13.1.3. Password Change Extended Operation
13.2. Configuring the Account Lockout Policy
13.2.1. Configuring the Account Lockout Policy Using the Console
13.2.2. Configuring the Account Lockout Policy Using the Command Line
13.2.3. Replicating Account Lockout Attributes
13.3. Synchronizing Passwords
13.4. Setting Resource Limits Based on the Bind DN
13.4.1. Setting Resource Limits Using the Console
13.4.2. Setting Resource Limits Using the Command Line
13.4.3. Setting Resource Limits on Anonymous Binds
13.5. Enabling Different Types of Binds
13.5.1. Requiring Secure Binds
13.5.2. Disabling Anonymous Binds
13.5.3. Allowing Unauthenticated Binds
13.5.4. Configuring Autobind
13.6. Using Pass-through Authentication
13.6.1. PTA Plug-in Syntax
13.6.2. Configuring the PTA Plug-in
13.6.3. PTA Plug-in Syntax Examples
13.7. Using PAM for Pass-through Authentication
13.7.1. PAM Pass-through Authentication Configuration Options
13.7.2. Configuring PAM Pass-through Authentication
13.8. Inactivating Users and Roles
13.8.1. Activating and Inactivating Users and Roles Using the Console
13.8.2. Viewing Inactive Users and Roles
13.8.3. Inactivating and Activating Users and Roles Using the Command Line
14. Configuring Secure Connections
14.1. Requiring Secure Connections
14.2. Using TLS/SSL
14.2.1. Enabling TLS/SSL: Summary of Steps
14.2.2. Obtaining and Installing Server Certificates
14.2.3. Configuring the Directory Server to Run in SSL/TLS
14.2.4. Command-Line Functions for Start TLS
14.2.5. Using certutil
14.2.6. Managing Certificates Used by the Directory Server Console
14.2.7. Updating Attribute Encryption for New SSL/TLS Certificates
14.2.8. Using External Security Devices
14.2.9. Setting Security Preferences
14.2.10. Using Certificate-Based Authentication
14.2.11. Managing Certificates for the Directory Server
14.3. Using SASL
14.3.1. About SASL Identity Mapping
14.3.2. Default SASL Mappings for Directory Server
14.3.3. Authentication Mechanisms for SASL in Directory Server
14.3.4. About Kerberos with Directory Server
14.3.5. Configuring SASL Identity Mapping
14.3.6. Configuring SASL Authentication at Directory Server Startup
14.3.7. Using an External Keytab
15. Monitoring Server and Database Activity
15.1. Types of Directory Server Log Files
15.2. Viewing Log Files
15.3. Configuring Logs
15.3.1. Enabling or Disabling Logs
15.3.2. Defining a Log File Rotation Policy
15.3.3. Defining a Log File Deletion Policy
15.3.4. Manual Log File Rotation
15.3.5. Configuring Log Levels
15.4. Replacing Log Files with a Named Pipe
15.4.1. Using the Named Pipe for Logging
15.4.2. Starting the Named Pipe with the Server
15.4.3. Using Plug-ins with the Named Pipe Log
15.5. Monitoring Server Activity
15.5.1. Monitoring the Server from the Directory Server Console
15.5.2. Monitoring the Directory Server from the Command Line
15.6. Monitoring Database Activity
15.6.1. Monitoring Database Activity from the Directory Server Console
15.6.2. Monitoring Databases from the Command Line
15.7. Monitoring Database Link Activity
15.8. Enabling and Disabling Counters
16. Monitoring Directory Server Using SNMP
16.1. About SNMP
16.2. Configuring the Master Agent
16.3. Configuring the Subagent
16.3.1. Creating the Subagent Configuration File
16.3.2. Starting the Subagent
16.3.3. Testing the Subagent
16.4. Configuring SNMP Traps
16.5. Configuring the Directory Server for SNMP
16.6. Using the Management Information Base
16.6.1. Operations Table
16.6.2. Entries Table
16.6.3. Entity Table
16.6.4. Interaction Table
17. Planning for Disaster
17.1. Identifying Potential Scenarios
17.2. Defining the Type of Rollover
17.3. Identifying Useful Directory Server Features for Disaster Recovery
17.3.1. Multi-Master Replication for Disaster Recovery
17.3.2. Chaining Databases for Disaster Recovery
17.3.3. Backing up Directory Data for Disaster Recovery
17.3.4. Using a Named Pipe Script for Disaster Recovery
17.4. Defining the Recovery Process
17.5. Basic Example: Performing a Recovery
A. LDAP Data Interchange Format
A.1. About the LDIF File Format
A.2. Continuing Lines in LDIF
A.3. Representing Binary Data
A.3.1. Standard LDIF Notation
A.3.2. Base-64 Encoding
A.4. Specifying Directory Entries Using LDIF
A.4.1. Specifying Domain Entries
A.4.2. Specifying Organizational Unit Entries
A.4.3. Specifying Organizational Person Entries
A.5. Defining Directories Using LDIF
A.5.1. LDIF File Example
A.6. Storing Information in Multiple Languages
B. LDAP URLs
B.1. Components of an LDAP URL
B.2. Escaping Unsafe Characters
B.3. Examples of LDAP URLs
C. Internationalization
C.1. About Locales
C.2. Supported Locales
C.3. Supported Language Subtypes
C.4. Searching an Internationalized Directory
C.4.1. Matching Rule Formats
C.4.2. Supported Search Types
C.4.3. International Search Examples
C.5. Troubleshooting Matching Rules
Glossary
Index