3.2. Configuration Object Classes

Many configuration entries simply use the extensibleObject object class, but some require other object classes. These configuration object classes are listed here.

3.2.1. changeLogEntry (Object Class)

This object class is used for entries which store changes made to the Directory Server entries.
To configure Directory Server to maintain a changelog that is compatible with the changelog implemented in Directory Server 4.1x, enable the Retro Changelog Plug-in. Each entry in the changelog has the changeLogEntry object class.
This object class is defined in Changelog Internet Draft.
Superior Class
top
OID
2.16.840.1.113730.3.2.1
Required Attributes
objectClass Defines the object classes for the entry.
changeNumber Contains a number assigned arbitrarily to the changelog.
changeTime The time at which a change took place.
changeType The type of change performed on an entry.
targetDn The distinguished name of an entry added, modified or deleted on a supplier server.
Allowed Attributes
changes Changes made to the Directory Server.
deleteOldRdn A flag that defines whether the old Relative Distinguished Name (RDN) of the entry should be kept as a distinguished attribute of the entry or should be deleted.
newRdn New RDN of an entry that is the target of a modRDN or modDN operation.
newSuperior Name of the entry that becomes the immediate superior of the existing entry when processing a modDN operation.

3.2.2. directoryServerFeature (Object Class)

This object class is used specifically for entries which identify a feature of the directory service. This object class is defined by Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.40
Required Attributes
Attribute
Definition
objectClass Gives the object classes assigned to the entry.
Allowed Attributes
Attribute Definition
cn Specifies the common name of the entry.
multiLineDescription Gives a text description of the entry.
oid Specifies the OID of the feature.

3.2.3. nsBackendInstance (Object Class)

This object class is used for the Directory Server backend, or database, instance entry. This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.109
Required Attributes
Attribute
Definition
objectClass
Defines the object classes for the entry.
cn
Gives the common name of the entry.

3.2.4. nsChangelog4Config (Object Class)

In order for Directory Server 8.2 to replicate between Directory Server 4.x servers, the Directory Server 8.2 instance must have a special changelog configured. This object class defines the configuration for the retro changelog.
This object class is defined for the Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.82
Allowed Attributes
Attribute
Definition
cn (common Name)
Gives the common name of the entry.

3.2.5. nsContainer (Object Class)

Some entries do not define any specific entity, but they create a defined space within the directory tree as a parent entry for similar or related child entries. These are container entries, and they are identified by the nsContainer object class.
Superior Class
top
OID
2.16.840.1.113730.3.2.104
Required Attributes
Attribute
Definition
objectClass
Defines the object classes for the entry.
cn
Gives the common name of the entry.

3.2.6. nsDS5Replica (Object Class)

This object class is for entries which define a replica in database replication. Many of these attributes are set within the backend and cannot be modified.
Information on the attributes for this object class are listed with the core configuration attributes in chapter 2 of the Directory Server Configuration, Command, and File Reference.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.108
Required Attributes
objectClass Defines the object classes for the entry.
nsDS5ReplicaId Specifies the unique ID for suppliers in a replication environment.
nsDS5ReplicaRoot Specifies the suffix DN at the root of a replicated area.
Allowed Attributes
cn Gives the name for the replica.
nsDS5Flags Specifies information that has been previously set in flags.
nsDS5ReplicaAutoReferral Sets whether the server will follow configured referrals for the Directory Server database.
nsDS5ReplicaBindDN Specifies the DN to use when a supplier server binds to a consumer.
nsDS5ReplicaChangeCount Gives the total number of entries in the changelog and whether they have been replicated.
nsDS5ReplicaLegacyConsumer Specifies whether the replica is a legacy consumer.
nsDS5ReplicaName Specifies the unique ID for the replica for internal operations.
nsDS5ReplicaPurgeDelay Specifies the time in seconds before the changelog is purged.
nsDS5ReplicaReferral Specifies the URLs for user-defined referrals.
nsDS5ReplicaTombstonePurgeInterval Specifies the time interval in seconds between purge operation cycles.
nsDS5ReplicaType Defines the type of replica, such as a read-only consumer.
nsDS5Task Launches a replication task, such as dumping the database contents to LDIF; this is used internally by the Directory Server supplier.
nsState Stores information on the clock so that proper change sequence numbers are generated.

3.2.7. nsDS5ReplicationAgreement (Object Class)

Entries with the nsDS5ReplicationAgreement object class store the information set in a replication agreement. Information on the attributes for this object class are in chapter 2 of the Directory Server Configuration, Command, and File Reference.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.103
Required Attributes
objectClass Defines the object classes for the entry.
cn Used for naming the replication agreement.
Allowed Attributes
description Contains a free text description of the replication agreement.
nsDS5BeginReplicaRefresh Initializes a replica manually.
nsds5debugreplicatimeout Gives an alternate timeout period to use when the replication is run with debug logging.
nsDS5ReplicaBindDN Specifies the DN to use when a supplier server binds to a consumer.
nsDS5ReplicaBindMethod Specifies the method (SSL or simple authentication) to use for binding.
nsDS5ReplicaBusyWaitTime Specifies the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access.
nsDS5ReplicaChangesSentSinceStartup The number of changes sent to this replica since the server started.
nsDS5ReplicaCredentials Specifies the password for the bind DN.
nsDS5ReplicaHost Specifies the hostname for the consumer replica.
nsDS5ReplicaLastInitEnd States when the initialization of the consumer replica ended.
nsDS5ReplicaLastInitStart States when the initialization of the consumer replica started.
nsDS5ReplicaLastInitStatus The status for the initialization of the consumer.
nsDS5ReplicaLastUpdateEnd States when the most recent replication schedule update ended.
nsDS5ReplicaLastUpdateStart States when the most recent replication schedule update started.
nsDS5ReplicaLastUpdateStatus Provides the status for the most recent replication schedule updates.
nsDS5ReplicaPort Specifies the port number for the remote replica.
nsDS5ReplicaRoot Specifies the suffix DN at the root of a replicated area.
nsDS5ReplicaSessionPauseTime Specifies the amount of time in seconds a supplier should wait between update sessions.
nsDS5ReplicatedAttributeList Specifies any attributes that will not be replicated to a consumer server.
nsDS5ReplicaTimeout Specifies the number of seconds outbound LDAP operations will wait for a response from the remote replica before timing out and failing.
nsDS5ReplicaTransportInfo Specifies the type of transport used for transporting data to and from the replica.
nsDS5ReplicaUpdateInProgress States whether a replication schedule update is in progress.
nsDS5ReplicaUpdateSchedule Specifies the replication schedule.
nsDS50ruv Manages the internal state of the replica via the replication update vector.
nsruvReplicaLastModified Contains the most recent time that an entry in the replica was modified and the changelog was updated.

3.2.8. nsDSWindowsReplicationAgreement (Object Class)

Stores the synchronization attributes that concern the synchronization agreement. Information on the attributes for this object class are in chapter 2 of the Red Hat Directory Server Configuration, Command, and File Reference.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.503
Required Attributes
objectClass Defines the object classes for the entry.
cn Gives the name of the synchronization agreement.
Allowed Attributes
description Contains a text description of the synchronization agreement.
nsDS5BeginReplicaRefresh Initiates a manual synchronization.
nsds5debugreplicatimeout Gives an alternate timeout period to use when the synchronization is run with debug logging.
nsDS5ReplicaBindDN Specifies the DN to use when the Directory Server binds to the Windows server.
nsDS5ReplicaBindMethod Specifies the method (SSL or simple authentication) to use for binding.
nsDS5ReplicaBusyWaitTime Specifies the amount of time in seconds the Directory Server should wait after the Windows server sends back a busy response before making another attempt to acquire access.
nsDS5ReplicaChangesSentSinceStartup Shows the number of changes sent since the Directory Server started.
nsDS5ReplicaCredentials Specifies the credentials for the bind DN.
nsDS5ReplicaHost Specifies the hostname for the Windows domain controller of the Windows server being synchronized.
nsDS5ReplicaLastInitEnd States when the last total update (resynchronization) of the Windows server ended.
nsDS5ReplicaLastInitStart States when the last total update (resynchronization) of the Windows server started.
nsDS5ReplicaLastInitStatus The status for the total update (resynchronization) of the Windows server.
nsDS5ReplicaLastUpdateEnd States when the most recent update ended.
nsDS5ReplicaLastUpdateStart States when the most recent update started.
nsDS5ReplicaLastUpdateStatus Provides the status for the most recent updates.
nsDS5ReplicaPort Specifies the port number for the Windows server.
nsDS5ReplicaRoot Specifies the root suffix DN of the Directory Server.
nsDS5ReplicaSessionPauseTime Specifies the amount of time in seconds the Directory Server should wait between update sessions.
nsDS5ReplicaTimeout Specifies the number of seconds outbound LDAP operations will wait for a response from the Windows server before timing out and failing.
nsDS5ReplicaTransportInfo Specifies the type of transport used for transporting data to and from the Windows server.
nsDS5ReplicaUpdateInProgress States whether an update is in progress.
nsDS5ReplicaUpdateSchedule Specifies the synchronization schedule.
nsDS50ruv Manages the internal state of the Directory Server sync peer using the replication update vector (RUV).
nsds7DirectoryReplicaSubtree Specifies the Directory Server suffix (root or sub) that is synced.
nsds7DirsyncCookie Contains a cookie set by the sync service that functions as an RUV.
nsds7NewWinGroupSyncEnabled Specifies whether new Windows group accounts are automatically created on the Directory Server.
nsds7NewWinUserSyncEnabled Specifies whether new Windows user accounts are automatically created on the Directory Server.
nsds7WindowsDomain Identifies the Windows domain being synchronized; analogous to nsDS5ReplicaHost in a replication agreement.
nsds7WindowsReplicaSubtree Specifies the Windows server suffix (root or sub) that is synced.
nsruvReplicaLastModified Contains the most recent time that an entry in the Directory Server sync peer was modified and the changelog was updated.
winSyncInterval Sets how frequently, in seconds, the Directory Server polls the Windows server for updates to write over. If this is not set, the default is 300, which is 300 seconds or five (5) minutes.

3.2.9. nsMappingTree (Object Class)

A mapping tree maps a suffix to the backend. Each mapping tree entry uses the nsMappingTree object class. This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.110
Required Attributes
Attribute
Definition
objectClass
Gives the object classes assigned to the entry.
cn
Gives the common name of the entry.

3.2.10. nsSaslMapping (Object Class)

This object class is used for entries which contain an identity mapping configuration for mapping SASL attributes to the Directory Server attributes.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.317
Required Attributes
objectClass Defines the object classes for the entry.
cn Gives the name of the SASL mapping entry.
nsSaslMapBaseDNTemplate Contains the search base DN template.
nsSaslMapFilterTemplate Contains the search filter template.
nsSaslMapRegexString Contains a regular expression to match SASL identity strings.

3.2.11. nsslapdConfig (Object Class)

The nsslapdConfig object class defines the configuration object, cn=config, for the Directory Server instance.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.39
Required Attributes
Attribute
Definition
objectClass
Gives the object classes assigned to the entry.
Allowed Attributes
Attribute
Definition
cn
Gives the common name of the entry.

3.2.12. passwordPolicy (Object Class)

Both local and global password policies take the passwordPolicy object class. This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.13
Required Attributes
Attribute
Definition
objectClass
Gives the object classes assigned to the entry.
Allowed Attributes
Attribute
Definition
passwordMaxAge Sets the number of seconds after which user passwords expire.
passwordExp Identifies whether the user's password expires after an interval given by the passwordMaxAge attribute.
passwordMinLength Sets the minimum number of characters that must be used in passwords.
passwordKeepHistory Sets whether to keep a password history for a user.
passwordInHistory Sets the number of passwords the directory stores in the history.
passwordChange Identifies whether or not users is allowed to change their own password.
passwordWarning Sets the number of seconds before a warning message is sent to users whose password is about to expire.
passwordLockout Identifies whether or not users are locked out of the directory after a given number of failed bind attempts.
passwordMaxFailure Sets the number of failed bind attempts after which a user will be locked out of the directory.
passwordResetDuration Sets the period of time before the server resets the retry count to zero.
passwordUnlock Identifies whether a user is locked out until the password is reset by an administrator or whether the user can log in again after a given lockout duration. The default is to allow a user to log back in after the lockout period.
passwordLockoutDuration Sets the time, in seconds, that users will be locked out of the directory.
passwordCheckSyntax Identifies whether or not the password syntaxis checked by the server before the password is saved.
passwordMustChange Identifies whether or not to change their passwords when they first login to the directory or after the password is reset by the Directory Manager.
passwordStorageScheme Sets the type of encryption used to store Directory Server passwords.
passwordMinAge Sets the number of seconds that must pass before a user can change their password.
passwordResetFailureCount Sets the time, in seconds, after which the password failure counter will be reset. Each time an invalid password is sent from the user's account, the password failure counter is incremented.
passwordGraceLimit Sets the number of grace logins permitted when a user's password is expired.
passwordMinDigits Sets the minimum number of numeric characters (0 through 9) which must be used in the password.
passwordMinAlphas Sets the minimum number of alphabetic chracters that must be used in the password.
passwordMinUppers Sets the minimum number of upper case alphabetic characters, A to Z, which must be used in the password.
passwordMinLowers Sets the minimum number of lower case alphabetic characters, a to z, which must be used in the password.
passwordMinSpecials Sets the minimum number of special ASCII characters, such as !@#$., which must be used in the password.
passwordMin8bit Sets the minimum number of 8-bit chracters used in the password.
passwordMaxRepeats Sets the maximum number of times that the same character can be used in row.
passwordMinCategories Sets the minimum number of categories which must be used in the password.
passwordMinTokenLength Sets the length to check for trivial words.