Administration Guide
Making Open Source More Inclusive
1. General Directory Server Management Tasks
Expand section "1. General Directory Server Management Tasks" Collapse section "1. General Directory Server Management Tasks"
1. 1.1. System Requirements
2. 1.2. File Locations
3. 1.3. Supported Methods to Configure Directory Server
4. 1.4. Logging Into Directory Server Using the Web Console
5. 1.5. Starting and Stopping a Directory Server Instance
  Expand section "1.5. Starting and Stopping a Directory Server Instance" Collapse section "1.5. Starting and Stopping a Directory Server Instance"
  1. 1.5.1. Starting and Stopping a Directory Server Instance Using the Command Line
  2. 1.5.2. Starting and Stopping a Directory Server Instance Using the Web Console
6. 1.6. Creating a New Directory Server Instance
7. 1.7. Removing a Directory Server Instance
  Expand section "1.7. Removing a Directory Server Instance" Collapse section "1.7. Removing a Directory Server Instance"
  1. 1.7.1. Removing an Instance Using the Command Line
  2. 1.7.2. Removing an Instance Using the Web Console
8. 1.8. Setting Directory Server Configuration Parameters
  Expand section "1.8. Setting Directory Server Configuration Parameters" Collapse section "1.8. Setting Directory Server Configuration Parameters"
  1. 1.8.1. Managing Configuration Parameters
  2. 1.8.2. Where Directory Server Stores its Configuration
  3. 1.8.3. Benefits of Using Default Values
    
    Expand section "1.8.3. Benefits of Using Default Values" Collapse section "1.8.3. Benefits of Using Default Values"
    
    1.8.3.1. Removing a Parameter to Use the Default Value
9. 1.9. Changing the LDAP and LDAPS Port Numbers
  Expand section "1.9. Changing the LDAP and LDAPS Port Numbers" Collapse section "1.9. Changing the LDAP and LDAPS Port Numbers"
  1. 1.9.1. Changing the Port Numbers Using the Command Line
  2. 1.9.2. Changing the Port Numbers Using the Web Console
10. 1.10. Using Directory Server Plug-ins
  Expand section "1.10. Using Directory Server Plug-ins" Collapse section "1.10. Using Directory Server Plug-ins"
  1. 1.10.1. Listing Available Plug-ins
    
    Expand section "1.10.1. Listing Available Plug-ins" Collapse section "1.10.1. Listing Available Plug-ins"
    
    1.10.1.1. Listing Available Plug-ins Using the Command Line
    
    1.10.1.2. Listing Available Plug-ins Using the Web Console
  2. 1.10.2. Enabling Plug-ins Dynamically
  3. 1.10.3. Enabling and Disabling Plug-ins
    
    Expand section "1.10.3. Enabling and Disabling Plug-ins" Collapse section "1.10.3. Enabling and Disabling Plug-ins"
    
    1.10.3.1. Enabling and Disabling Plug-ins Using the Command Line
    
    1.10.3.2. Enabling and Disabling Plug-ins Using the Web Console
  4. 1.10.4. Configuring Plug-ins
    
    Expand section "1.10.4. Configuring Plug-ins" Collapse section "1.10.4. Configuring Plug-ins"
    
    1.10.4.1. Configuring Plug-ins Using the Command Line
    
    1.10.4.2. Configuring Plug-ins Using the Web Console
  5. 1.10.5. Setting the Plug-in Precedence
    
    Expand section "1.10.5. Setting the Plug-in Precedence" Collapse section "1.10.5. Setting the Plug-in Precedence"
    
    1.10.5.1. Setting the Plug-in Precedence Using the Command Line
    
    1.10.5.2. Setting the Plug-in Precedence Using the Web Console
11. 1.11. Creating and Using a .dsrc File to Set Default Options for Directory Server Command-line Utilities
  Expand section "1.11. Creating and Using a .dsrc File to Set Default Options for Directory Server Command-line Utilities" Collapse section "1.11. Creating and Using a .dsrc File to Set Default Options for Directory Server Command-line Utilities"
  1. 1.11.1. How a .dsrc File Simplifies Commands
  2. 1.11.2. Using the dsctl Utility to Create a .dsrc File
2. Configuring Directory Databases
Expand section "2. Configuring Directory Databases" Collapse section "2. Configuring Directory Databases"
1. 2.1. Creating and Maintaining Suffixes
  Expand section "2.1. Creating and Maintaining Suffixes" Collapse section "2.1. Creating and Maintaining Suffixes"
  1. 2.1.1. Creating Suffixes
    
    Expand section "2.1.1. Creating Suffixes" Collapse section "2.1.1. Creating Suffixes"
    
    2.1.1.1. Creating a Root Suffix
    
    Expand section "2.1.1.1. Creating a Root Suffix" Collapse section "2.1.1.1. Creating a Root Suffix"
    
    2.1.1.1.1. Creating a Root Suffix Using the Command Line
    
    2.1.1.1.2. Creating a Root Suffix Using the Web Console
    
    2.1.1.2. Creating a Sub-suffix
    
    Expand section "2.1.1.2. Creating a Sub-suffix" Collapse section "2.1.1.2. Creating a Sub-suffix"
    
    2.1.1.2.1. Creating a Sub-suffix Using the Command Line
    
    2.1.1.2.2. Creating a Sub-suffix Using the Web Console
  2. 2.1.2. Maintaining Suffixes
    
    Expand section "2.1.2. Maintaining Suffixes" Collapse section "2.1.2. Maintaining Suffixes"
    
    2.1.2.1. Viewing the Default Naming Context
    
    2.1.2.2. Disabling a Suffix
    
    Expand section "2.1.2.2. Disabling a Suffix" Collapse section "2.1.2.2. Disabling a Suffix"
    
    2.1.2.2.1. Disabling a Suffix Using the Command Line
    
    2.1.2.3. Deleting a Suffix
    
    Expand section "2.1.2.3. Deleting a Suffix" Collapse section "2.1.2.3. Deleting a Suffix"
    
    2.1.2.3.1. Deleting a Suffix Using the Command Line
    
    2.1.2.3.2. Deleting a Suffix Using the Web Console
2. 2.2. Creating and Maintaining Databases
  Expand section "2.2. Creating and Maintaining Databases" Collapse section "2.2. Creating and Maintaining Databases"
  1. 2.2.1. Creating Databases
    
    Expand section "2.2.1. Creating Databases" Collapse section "2.2.1. Creating Databases"
    
    2.2.1.1. Creating a New Database for a Single Suffix Using the Command Line
    
    2.2.1.2. Adding Multiple Databases for a Single Suffix
  2. 2.2.2. Maintaining Directory Databases
    
    Expand section "2.2.2. Maintaining Directory Databases" Collapse section "2.2.2. Maintaining Directory Databases"
    
    2.2.2.1. Setting a Database in Read-Only Mode
    
    Expand section "2.2.2.1. Setting a Database in Read-Only Mode" Collapse section "2.2.2.1. Setting a Database in Read-Only Mode"
    
    2.2.2.1.1. Setting a Database in Read-only Mode Using the Command Line
    
    2.2.2.1.2. Setting a Database in Read-only Mode Using the Web Console
    
    2.2.2.2. Placing the Entire Directory Server in Read-Only Mode
    
    Expand section "2.2.2.2. Placing the Entire Directory Server in Read-Only Mode" Collapse section "2.2.2.2. Placing the Entire Directory Server in Read-Only Mode"
    
    2.2.2.2.1. Placing the Entire Directory Server in Read-Only Mode Using the Command Line
    
    2.2.2.2.2. Placing the Entire Directory Server in Read-Only Mode Using the Web Console
    
    2.2.2.3. Deleting a Database
    
    Expand section "2.2.2.3. Deleting a Database" Collapse section "2.2.2.3. Deleting a Database"
    
    2.2.2.3.1. Deleting a Database Using the Command Line
    
    2.2.2.3.2. Deleting a Database Using the Web Console
    
    2.2.2.4. Changing the Transaction Log Directory
3. 2.3. Creating and Maintaining Database Links
  Expand section "2.3. Creating and Maintaining Database Links" Collapse section "2.3. Creating and Maintaining Database Links"
  1. 2.3.1. Creating a New Database Link
    
    Expand section "2.3.1. Creating a New Database Link" Collapse section "2.3.1. Creating a New Database Link"
    
    2.3.1.1. Creating a New Database Link Using the Command Line
    
    2.3.1.2. Creating a New Database Link Using the Web Console
    
    2.3.1.3. Managing the Default Configuration for New Database Links
    
    2.3.1.4. Additional Information on Required Settings When Creating a Database Link
  2. 2.3.2. Configuring the Chaining Policy
    
    Expand section "2.3.2. Configuring the Chaining Policy" Collapse section "2.3.2. Configuring the Chaining Policy"
    
    2.3.2.1. Chaining Component Operations
    
    Expand section "2.3.2.1. Chaining Component Operations" Collapse section "2.3.2.1. Chaining Component Operations"
    
    2.3.2.1.1. Chaining Component Operations Using the Command Line
    
    2.3.2.1.2. Chaining Component Operations Using the Web Console
    
    2.3.2.2. Chaining LDAP Controls
    
    Expand section "2.3.2.2. Chaining LDAP Controls" Collapse section "2.3.2.2. Chaining LDAP Controls"
    
    2.3.2.2.1. Chaining LDAP Controls Using the Command Line
    
    2.3.2.2.2. Chaining LDAP Controls Using the Web Console
  3. 2.3.3. Database Links and Access Control Evaluation
4. 2.4. Configuring Cascading Chaining
  Expand section "2.4. Configuring Cascading Chaining" Collapse section "2.4. Configuring Cascading Chaining"
5. 2.5. Using Referrals
  Expand section "2.5. Using Referrals" Collapse section "2.5. Using Referrals"
  1. 2.5.1. Starting the Server in Referral Mode
  2. 2.5.2. Setting Default Referrals
    
    Expand section "2.5.2. Setting Default Referrals" Collapse section "2.5.2. Setting Default Referrals"
    
    2.5.2.1. Setting a Default Referral Using the Command Line
  3. 2.5.3. Creating Smart Referrals
    
    Expand section "2.5.3. Creating Smart Referrals" Collapse section "2.5.3. Creating Smart Referrals"
    
    2.5.3.1. Creating Smart Referrals Using the Command Line
  4. 2.5.4. Creating Suffix Referrals
    
    Expand section "2.5.4. Creating Suffix Referrals" Collapse section "2.5.4. Creating Suffix Referrals"
    
    2.5.4.1. Creating Suffix Referrals Using the Command Line
    
    2.5.4.2. Creating Suffix Referrals Using the Web Console
6. 2.6. Verifying the Integrity of Back-end Databases
3. Managing Directory Entries
Expand section "3. Managing Directory Entries" Collapse section "3. Managing Directory Entries"
1. 3.1. Managing Directory Entries Using the Command Line
  Expand section "3.1. Managing Directory Entries Using the Command Line" Collapse section "3.1. Managing Directory Entries Using the Command Line"
  1. 3.1.1. Providing Input to the ldapadd, ldapmodify, and ldapdelete Utilities
    
    Expand section "3.1.1. Providing Input to the ldapadd, ldapmodify, and ldapdelete Utilities" Collapse section "3.1.1. Providing Input to the ldapadd, ldapmodify, and ldapdelete Utilities"
    
    3.1.1.1. Providing Input Using the Interactive Mode
    
    3.1.1.2. Providing Input Using an LDIF File
  2. 3.1.2. The Continuous Operation Mode
  3. 3.1.3. Adding an Entry
    
    Expand section "3.1.3. Adding an Entry" Collapse section "3.1.3. Adding an Entry"
    
    3.1.3.1. Adding an Entry Using ldapadd
    
    3.1.3.2. Adding an Entry Using ldapmodify
    
    3.1.3.3. Creating a Root Entry
  4. 3.1.4. Updating a Directory Entry
    
    Expand section "3.1.4. Updating a Directory Entry" Collapse section "3.1.4. Updating a Directory Entry"
    
    3.1.4.1. Adding Attributes to an Entry
    
    3.1.4.2. Updating an Attribute's Value
    
    3.1.4.3. Deleting Attributes from an Entry
  5. 3.1.5. Deleting an Entry
    
    Expand section "3.1.5. Deleting an Entry" Collapse section "3.1.5. Deleting an Entry"
    
    3.1.5.1. Deleting an Entry Using ldapdelete
    
    3.1.5.2. Deleting an Entry Using ldapmodify
  6. 3.1.6. Renaming and Moving an Entry
    
    Expand section "3.1.6. Renaming and Moving an Entry" Collapse section "3.1.6. Renaming and Moving an Entry"
    
    3.1.6.1. Considerations for Renaming Entries
    
    3.1.6.2. Renaming Users, Groups, POSIX Groups, and OUs
    
    3.1.6.3. The deleteOldRDN Parameter When Renaming Entries Using LDIF Statements
    
    3.1.6.4. Renaming an Entry or Subtree Using LDIF Statements
    
    3.1.6.5. Moving an Entry to a New Parent Using LDIF Statements
  7. 3.1.7. Using Special Characters
  8. 3.1.8. Using Binary Attributes
  9. 3.1.9. Updating an Entry in an Internationalized Directory
2. 3.2. Managing Directory Entries Using the Web Console
  Expand section "3.2. Managing Directory Entries Using the Web Console" Collapse section "3.2. Managing Directory Entries Using the Web Console"
4. Tracking Modifications to Directory Entries
Expand section "4. Tracking Modifications to Directory Entries" Collapse section "4. Tracking Modifications to Directory Entries"
1. 4.1. Tracking Modifications to the Database through Update Sequence Numbers
  Expand section "4.1. Tracking Modifications to the Database through Update Sequence Numbers" Collapse section "4.1. Tracking Modifications to the Database through Update Sequence Numbers"
  1. 4.1.1. An Overview of the Entry Sequence Numbers
    
    Expand section "4.1.1. An Overview of the Entry Sequence Numbers" Collapse section "4.1.1. An Overview of the Entry Sequence Numbers"
    
    4.1.1.1. Local and Global USNs
    
    4.1.1.2. Importing USN Entries
  2. 4.1.2. Enabling the USN Plug-in
    
    Expand section "4.1.2. Enabling the USN Plug-in" Collapse section "4.1.2. Enabling the USN Plug-in"
    
    4.1.2.1. Enabling the USN Plug-in Using the Command Line
    
    4.1.2.2. Enabling the USN Plug-in Using the Web Console
  3. 4.1.3. Global USNs
    
    Expand section "4.1.3. Global USNs" Collapse section "4.1.3. Global USNs"
    
    4.1.3.1. Identifying Whether Global USNs are Enabled
    
    Expand section "4.1.3.1. Identifying Whether Global USNs are Enabled" Collapse section "4.1.3.1. Identifying Whether Global USNs are Enabled"
    
    4.1.3.1.1. Identifying Whether Global USNs are Enabled Using the Command Line
    
    4.1.3.1.2. Identifying Whether Global USNs are Enabled Using the Web Console
    
    4.1.3.2. Enabling Global USNs
    
    Expand section "4.1.3.2. Enabling Global USNs" Collapse section "4.1.3.2. Enabling Global USNs"
    
    4.1.3.2.1. Enabling Global USNs Using the Command Line
    
    4.1.3.2.2. Enabling Global USNs Using the Web Console
  4. 4.1.4. Cleaning up USN Tombstone Entries
    
    Expand section "4.1.4. Cleaning up USN Tombstone Entries" Collapse section "4.1.4. Cleaning up USN Tombstone Entries"
    
    4.1.4.1. Cleaning up USN Tombstone Entries Using the Command Line
    
    4.1.4.2. Cleaning up USN Tombstone Entries Using the Web Console
2. 4.2. Tracking Entry Modifications through Operational Attributes
  Expand section "4.2. Tracking Entry Modifications through Operational Attributes" Collapse section "4.2. Tracking Entry Modifications through Operational Attributes"
  1. 4.2.1. Entries Modified or Created by a Database Link
  2. 4.2.2. Enabling Tracking of Modifications
    
    Expand section "4.2.2. Enabling Tracking of Modifications" Collapse section "4.2.2. Enabling Tracking of Modifications"
    
    4.2.2.1. Enabling Tracking Of Modifications Using the Command Line
3. 4.3. Tracking the Bind DN for Plug-in Initiated Updates
  Expand section "4.3. Tracking the Bind DN for Plug-in Initiated Updates" Collapse section "4.3. Tracking the Bind DN for Plug-in Initiated Updates"
  1. 4.3.1. Enabling Tracking the Bind DN for Plug-in Initiated Updates Using the Command Line
  2. 4.3.2. Enabling Tracking the Bind DN for Plug-in Initiated Updates Using the Web Console
4. 4.4. Tracking Password Change Times
5. Maintaining Referential Integrity
Expand section "5. Maintaining Referential Integrity" Collapse section "5. Maintaining Referential Integrity"
1. 5.1. How Referential Integrity Works
2. 5.2. Using Referential Integrity with Replication
3. 5.3. Enabling Referential Integrity
  Expand section "5.3. Enabling Referential Integrity" Collapse section "5.3. Enabling Referential Integrity"
  1. 5.3.1. Enabling Referential Integrity Using the Command Line
  2. 5.3.2. Enabling Referential Integrity Using the Web Console
4. 5.4. The Referential Integrity Update Interval
  Expand section "5.4. The Referential Integrity Update Interval" Collapse section "5.4. The Referential Integrity Update Interval"
5. 5.5. Displaying and Modifying the Attribute List
  Expand section "5.5. Displaying and Modifying the Attribute List" Collapse section "5.5. Displaying and Modifying the Attribute List"
6. 5.6. Configuring Scope for the Referential Integrity
  Expand section "5.6. Configuring Scope for the Referential Integrity" Collapse section "5.6. Configuring Scope for the Referential Integrity"
6. Populating Directory Databases
Expand section "6. Populating Directory Databases" Collapse section "6. Populating Directory Databases"
1. 6.1. Importing Data
  Expand section "6.1. Importing Data" Collapse section "6.1. Importing Data"
  1. 6.1.1. Setting EntryUSN Initial Values During Import
  2. 6.1.2. Importing Using the Command Line
    
    Expand section "6.1.2. Importing Using the Command Line" Collapse section "6.1.2. Importing Using the Command Line"
    
    6.1.2.1. Importing Data While the Server is Running
    
    Expand section "6.1.2.1. Importing Data While the Server is Running" Collapse section "6.1.2.1. Importing Data While the Server is Running"
    
    6.1.2.1.1. Importing Using the dsconf backend import Command
    
    6.1.2.1.2. Importing Data Using a cn=tasks Entry
    
    6.1.2.2. Importing Data While the Server is Offline
  3. 6.1.3. Importing Data Using the Web Console
2. 6.2. Exporting Data
  Expand section "6.2. Exporting Data" Collapse section "6.2. Exporting Data"
  1. 6.2.1. Exporting Data into an LDIF File Using the Command Line
    
    Expand section "6.2.1. Exporting Data into an LDIF File Using the Command Line" Collapse section "6.2.1. Exporting Data into an LDIF File Using the Command Line"
    
    6.2.1.1. Exporting a Database While the Server is Running
    
    Expand section "6.2.1.1. Exporting a Database While the Server is Running" Collapse section "6.2.1.1. Exporting a Database While the Server is Running"
    
    6.2.1.1.1. Exporting a Databases Using the dsconf backend export Command
    
    6.2.1.1.2. Exporting a Database Using a cn=tasks Entry
    
    6.2.1.2. Exporting a Database While the Server is Offline
  2. 6.2.2. Exporting a Suffix to an LDIF File Using the Web Console
  3. 6.2.3. Enabling Members of a Group to Export Data and Performing the Export as One of the Group Members
    
    Expand section "6.2.3. Enabling Members of a Group to Export Data and Performing the Export as One of the Group Members" Collapse section "6.2.3. Enabling Members of a Group to Export Data and Performing the Export as One of the Group Members"
    
    6.2.3.1. Enabling a Group to Export Data
    
    6.2.3.2. Performing an Export as a Regular User
3. 6.3. Backing up Directory Server
  Expand section "6.3. Backing up Directory Server" Collapse section "6.3. Backing up Directory Server"
  1. 6.3.1. Backing up All Databases Using the Command Line
    
    Expand section "6.3.1. Backing up All Databases Using the Command Line" Collapse section "6.3.1. Backing up All Databases Using the Command Line"
    
    6.3.1.1. Backing up All Databases While the Server is Running
    
    Expand section "6.3.1.1. Backing up All Databases While the Server is Running" Collapse section "6.3.1.1. Backing up All Databases While the Server is Running"
    
    6.3.1.1.1. Backing up All Databases Using the dsconf backup create Command
    
    6.3.1.1.2. Backing up All Databases Using a cn=tasks entry
    
    6.3.1.2. Backing up All Databases While the Server is Offline
  2. 6.3.2. Backup up all Databases Using the Web Console
  3. 6.3.3. Backing up Configuration Files, the Certificate Database, and Custom Schema Files
  4. 6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members
    
    Expand section "6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members" Collapse section "6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members"
    
    6.3.4.1. Enabling a Group to Back up Directory Server
    
    6.3.4.2. Performing a Backup as a Regular User
4. 6.4. Restoring Directory Server
  Expand section "6.4. Restoring Directory Server" Collapse section "6.4. Restoring Directory Server"
  1. 6.4.1. Restoring All Databases Using the Command Line
    
    Expand section "6.4.1. Restoring All Databases Using the Command Line" Collapse section "6.4.1. Restoring All Databases Using the Command Line"
    
    6.4.1.1. Restoring All Databases While the Server is Running
    
    Expand section "6.4.1.1. Restoring All Databases While the Server is Running" Collapse section "6.4.1.1. Restoring All Databases While the Server is Running"
    
    6.4.1.1.1. Restoring All Databases Using the dsconf backup restore Command
    
    6.4.1.1.2. Restoring all Databases Using a cn=tasks entry
    
    6.4.1.2. Restoring all Databases While the Server is Offline
  2. 6.4.2. Restoring All Databases Using the Web Console
  3. 6.4.3. Restoring Databases That Include Replicated Entries
7. Managing Attributes and Values
Expand section "7. Managing Attributes and Values" Collapse section "7. Managing Attributes and Values"
1. 7.1. Enforcing Attribute Uniqueness
  Expand section "7.1. Enforcing Attribute Uniqueness" Collapse section "7.1. Enforcing Attribute Uniqueness"
  1. 7.1.1. Creating a New Configuration Record of the Attribute Uniqueness Plug-in
  2. 7.1.2. Configuring Attribute Uniqueness over Suffixes or Subtrees
    
    Expand section "7.1.2. Configuring Attribute Uniqueness over Suffixes or Subtrees" Collapse section "7.1.2. Configuring Attribute Uniqueness over Suffixes or Subtrees"
    
    7.1.2.1. Configuring Attribute Uniqueness over Suffixes or Subtrees Using the Command Line
    
    7.1.2.2. Configuring Attribute Uniqueness over Suffixes or Subtrees Using the Web Console
  3. 7.1.3. Configuring Attribute Uniqueness over Object Classes
  4. 7.1.4. Attribute Uniqueness Plug-in Configuration Parameters
2. 7.2. Assigning Class of Service
  Expand section "7.2. Assigning Class of Service" Collapse section "7.2. Assigning Class of Service"
  1. 7.2.1. About the CoS Definition Entry
  2. 7.2.2. About the CoS Template Entry
  3. 7.2.3. How a Pointer CoS Works
  4. 7.2.4. How an Indirect CoS Works
  5. 7.2.5. How a Classic CoS Works
  6. 7.2.6. Handling Physical Attribute Values
  7. 7.2.7. Handling Multi-valued Attributes with CoS
  8. 7.2.8. Searches for CoS-Specified Attributes
  9. 7.2.9. Access Control and CoS
  10. 7.2.10. Managing CoS from the Command Line
    
    Expand section "7.2.10. Managing CoS from the Command Line" Collapse section "7.2.10. Managing CoS from the Command Line"
    
    7.2.10.1. Creating the CoS Definition Entry from the Command Line
    
    7.2.10.2. Creating the CoS Template Entry from the Command Line
    
    7.2.10.3. Example of a Pointer CoS
    
    7.2.10.4. Example of an Indirect CoS
    
    7.2.10.5. Example of a Classic CoS
    
    7.2.10.6. Searching for CoS Entries
    
    7.2.10.7. The costargettree attribute
  11. 7.2.11. Creating Role-Based Attributes
3. 7.3. Linking Attributes to Manage Attribute Values
  Expand section "7.3. Linking Attributes to Manage Attribute Values" Collapse section "7.3. Linking Attributes to Manage Attribute Values"
  1. 7.3.1. About Linking Attributes
  2. 7.3.2. Looking at the Linking Attributes Plug-in Syntax
  3. 7.3.3. Configuring Attribute Links
  4. 7.3.4. Cleaning up Attribute Links
    
    Expand section "7.3.4. Cleaning up Attribute Links" Collapse section "7.3.4. Cleaning up Attribute Links"
    
    7.3.4.1. Regenerating Linked Attributes
    
    7.3.4.2. Regenerating Linked Attributes Using ldapmodify
4. 7.4. Assigning and Managing Unique Numeric Attribute Values
  Expand section "7.4. Assigning and Managing Unique Numeric Attribute Values" Collapse section "7.4. Assigning and Managing Unique Numeric Attribute Values"
  1. 7.4.1. About Dynamic Number Assignments
    
    Expand section "7.4.1. About Dynamic Number Assignments" Collapse section "7.4.1. About Dynamic Number Assignments"
    
    7.4.1.1. Filters, Searches, and Target Entries
    
    7.4.1.2. Ranges and Assigning Numbers
    
    7.4.1.3. Multiple Attributes in the Same Range
  2. 7.4.2. Looking at the DNA Plug-in Syntax
  3. 7.4.3. Configuring Unique Number Assignments
    
    Expand section "7.4.3. Configuring Unique Number Assignments" Collapse section "7.4.3. Configuring Unique Number Assignments"
    
    7.4.3.1. Creating a New Instance of the DNA Plug-in
    
    7.4.3.2. Configuring Unique Number Assignments Using the Command Line
    
    7.4.3.3. Configuring Unique Number Assignments Using the Web Console
  4. 7.4.4. Distributed Number Assignment Plug-in Performance Notes
8. Organizing and Grouping Entries
Expand section "8. Organizing and Grouping Entries" Collapse section "8. Organizing and Grouping Entries"
1. 8.1. Using Groups
  Expand section "8.1. Using Groups" Collapse section "8.1. Using Groups"
  1. 8.1.1. The Different Types of Groups
  2. 8.1.2. Creating a Static Group
    
    Expand section "8.1.2. Creating a Static Group" Collapse section "8.1.2. Creating a Static Group"
    
    8.1.2.1. Creating a Static Group Using the Command Line
  3. 8.1.3. Creating a Dynamic Group
    
    Expand section "8.1.3. Creating a Dynamic Group" Collapse section "8.1.3. Creating a Dynamic Group"
    
    8.1.3.1. Creating a Dynamic Group Using the Command Line
  4. 8.1.4. Listing Group Membership in User Entries
    
    Expand section "8.1.4. Listing Group Membership in User Entries" Collapse section "8.1.4. Listing Group Membership in User Entries"
    
    8.1.4.1. Considerations When Using the memberOf Plug-in
    
    8.1.4.2. Required Object Classes by the memberOf Plug-In
    
    8.1.4.3. The MemberOf Plug-in Syntax
    
    8.1.4.4. Enabling the MemberOf Plug-in
    
    Expand section "8.1.4.4. Enabling the MemberOf Plug-in" Collapse section "8.1.4.4. Enabling the MemberOf Plug-in"
    
    8.1.4.4.1. Enabling the MemberOf Plug-in Using the Command Line
    
    8.1.4.4.2. Enabling the MemberOf Plug-in Using the Web Console
    
    8.1.4.5. Configuring the MemberOf Plug-in on Each Server
    
    Expand section "8.1.4.5. Configuring the MemberOf Plug-in on Each Server" Collapse section "8.1.4.5. Configuring the MemberOf Plug-in on Each Server"
    
    8.1.4.5.1. Configuring the MemberOf Plug-in on Each Server Using the Command Line
    
    8.1.4.5.2. Configuring the MemberOf Plug-in on Each Server Using the Web Console
    
    8.1.4.6. Using the MemberOf Plug-in Shared Configuration
    
    8.1.4.7. Setting the Scope of the MemberOf Plug-in
    
    8.1.4.8. Regenerating memberOf Values
  5. 8.1.5. Automatically Adding Entries to Specified Groups
    
    Expand section "8.1.5. Automatically Adding Entries to Specified Groups" Collapse section "8.1.5. Automatically Adding Entries to Specified Groups"
    
    8.1.5.1. Looking at the Structure of an Automembership Rule
    
    Expand section "8.1.5.1. Looking at the Structure of an Automembership Rule" Collapse section "8.1.5.1. Looking at the Structure of an Automembership Rule"
    
    8.1.5.1.1. The Automembership Configuration Entry
    
    8.1.5.1.2. Additional Regular Expression Entries
    
    8.1.5.2. Configuring Auto Membership Definitions
    
    Expand section "8.1.5.2. Configuring Auto Membership Definitions" Collapse section "8.1.5.2. Configuring Auto Membership Definitions"
    
    8.1.5.2.1. Configuring Auto Membership Definitions Using the Command Line
    
    8.1.5.2.2. Configuring Auto Membership Definitions Using the Web Console
    
    8.1.5.3. Updating Existing Entries to apply Auto Membership Definitions
    
    8.1.5.4. Examples of Automembership Rules
    
    8.1.5.5. Testing Automembership Definitions
    
    8.1.5.6. Canceling the Auto Membership Plug-in Task
2. 8.2. Using Roles
  Expand section "8.2. Using Roles" Collapse section "8.2. Using Roles"
  1. 8.2.1. About Roles
  2. 8.2.2. Managing Roles Using the Command Line
    
    Expand section "8.2.2. Managing Roles Using the Command Line" Collapse section "8.2.2. Managing Roles Using the Command Line"
    
    8.2.2.1. Creating a Managed Role
    
    Expand section "8.2.2.1. Creating a Managed Role" Collapse section "8.2.2.1. Creating a Managed Role"
    
    8.2.2.1.1. Creating Managed Roles through the Command Line
    
    8.2.2.2. Creating a Filtered Role
    
    Expand section "8.2.2.2. Creating a Filtered Role" Collapse section "8.2.2.2. Creating a Filtered Role"
    
    8.2.2.2.1. Creating a Filtered Role through the Command Line
    
    8.2.2.3. Creating a Nested Role
    
    Expand section "8.2.2.3. Creating a Nested Role" Collapse section "8.2.2.3. Creating a Nested Role"
    
    8.2.2.3.1. Creating Nested Role through the Command Line
    
    8.2.2.4. Viewing Roles for an Entry through the Command Line
    
    8.2.2.5. About Deleting Roles
  3. 8.2.3. Managing Roles in Directory Server Using the LDAP Browser
    
    Expand section "8.2.3. Managing Roles in Directory Server Using the LDAP Browser" Collapse section "8.2.3. Managing Roles in Directory Server Using the LDAP Browser"
    
    8.2.3.1. Creating a role in the LDAP browser
    
    8.2.3.2. Modifying a Role in the LDAP browser
    
    8.2.3.3. Deleting a Role in the LDAP browser
  4. 8.2.4. Using Roles Securely
3. 8.3. Automatically Creating Dual Entries
  Expand section "8.3. Automatically Creating Dual Entries" Collapse section "8.3. Automatically Creating Dual Entries"
  1. 8.3.1. About Managed Entries
    
    Expand section "8.3.1. About Managed Entries" Collapse section "8.3.1. About Managed Entries"
    
    8.3.1.1. About the Instance Definition Entry
    
    8.3.1.2. About the Template Entry
    
    8.3.1.3. Entry Attributes Written by the Managed Entries Plug-in
    
    8.3.1.4. Managed Entries Plug-in and Directory Server Operations
  2. 8.3.2. Creating the Managed Entries Template Entry
  3. 8.3.3. Creating the Managed Entries Instance Definition
  4. 8.3.4. Putting Managed Entries Plug-in Configuration in a Replicated Database
4. 8.4. Using Views
  Expand section "8.4. Using Views" Collapse section "8.4. Using Views"
5. 8.5. Managing Organizational Units
9. Configuring Secure Connections
Expand section "9. Configuring Secure Connections" Collapse section "9. Configuring Secure Connections"
1. 9.1. Requiring Secure Connections
2. 9.2. Setting a Minimum Strength Factor
3. 9.3. Managing the NSS Database Used by Directory Server
  Expand section "9.3. Managing the NSS Database Used by Directory Server" Collapse section "9.3. Managing the NSS Database Used by Directory Server"
  1. 9.3.1. Creating a Certificate Signing Request
    
    Expand section "9.3.1. Creating a Certificate Signing Request" Collapse section "9.3.1. Creating a Certificate Signing Request"
    
    9.3.1.1. Creating a Certificate Signing Request Using the Command Line
  2. 9.3.2. Installing a CA Certificate
    
    Expand section "9.3.2. Installing a CA Certificate" Collapse section "9.3.2. Installing a CA Certificate"
    
    9.3.2.1. Installing a CA Certificate Using the Command Line
    
    9.3.2.2. Installing a CA Certificate Using the Web Console
  3. 9.3.3. Importing a Private Key and Server Certificate
  4. 9.3.4. Installing a Server Certificate
    
    Expand section "9.3.4. Installing a Server Certificate" Collapse section "9.3.4. Installing a Server Certificate"
    
    9.3.4.1. Installing a Server Certificate Using the Command Line
    
    9.3.4.2. Installing a Server Certificate Using the Web Console
  5. 9.3.5. Generating and Installing a Self-signed Certificate
  6. 9.3.6. Renewing a Certificate
    
    Expand section "9.3.6. Renewing a Certificate" Collapse section "9.3.6. Renewing a Certificate"
    
    9.3.6.1. Renewing a Certificate Using the Command Line
  7. 9.3.7. Removing a Certificate
    
    Expand section "9.3.7. Removing a Certificate" Collapse section "9.3.7. Removing a Certificate"
    
    9.3.7.1. Removing a Certificate Using the Command Line
    
    9.3.7.2. Removing a Certificate Using the Web Console
  8. 9.3.8. Removing a Private Key
    
    Expand section "9.3.8. Removing a Private Key" Collapse section "9.3.8. Removing a Private Key"
    
    9.3.8.1. Removing a Private Key Using the Command Line
  9. 9.3.9. Changing the CA Trust Options
    
    Expand section "9.3.9. Changing the CA Trust Options" Collapse section "9.3.9. Changing the CA Trust Options"
    
    9.3.9.1. Changing the CA Trust Options Using the Command Line
    
    9.3.9.2. Changing the CA Trust Options Using the Web Console
  10. 9.3.10. Changing the Password of the NSS Database
    
    Expand section "9.3.10. Changing the Password of the NSS Database" Collapse section "9.3.10. Changing the Password of the NSS Database"
    
    9.3.10.1. Changing the Password of the NSS Database Using the Command Line
4. 9.4. Enabling TLS
  Expand section "9.4. Enabling TLS" Collapse section "9.4. Enabling TLS"
  1. 9.4.1. Enabling TLS in Directory Server
    
    Expand section "9.4.1. Enabling TLS in Directory Server" Collapse section "9.4.1. Enabling TLS in Directory Server"
    
    9.4.1.1. Enabling TLS in Directory Server Using the Command Line
    
    9.4.1.2. Enabling TLS in Directory Server Using the Web Console
    
    9.4.1.3. Setting Encryption Ciphers
    
    Expand section "9.4.1.3. Setting Encryption Ciphers" Collapse section "9.4.1.3. Setting Encryption Ciphers"
    
    9.4.1.3.1. Displaying the Default Ciphers
    
    9.4.1.3.2. Displaying and Setting the Ciphers Used by Directory Server Using the Command Line
    
    9.4.1.3.3. Displaying and Setting the Ciphers Used by Directory Server Using the Web Console
    
    9.4.1.4. Starting Directory Server Without a Password File
    
    9.4.1.5. Creating a Password File for Directory Server
    
    9.4.1.6. Managing How Directory Server Behaves If the Certificate Has Been Expired
  2. 9.4.2. Adding the CA Certificate Used By Directory Server to the Trust Store of Red Hat Enterprise Linux
5. 9.5. Displaying the Encryption Protocols Enabled in Directory Server
6. 9.6. Setting the Minimum TLS Encryption Protocol Version
7. 9.7. Setting the Highest TLS Encryption Protocol Version
8. 9.8. Using Hardware Security Modules
9. 9.9. Using Certificate-based Client Authentication
  Expand section "9.9. Using Certificate-based Client Authentication" Collapse section "9.9. Using Certificate-based Client Authentication"
10. 9.10. Setting up SASL Identity Mapping
  Expand section "9.10. Setting up SASL Identity Mapping" Collapse section "9.10. Setting up SASL Identity Mapping"
  1. 9.10.1. About SASL Identity Mapping
  2. 9.10.2. Default SASL Mappings for Directory Server
  3. 9.10.3. Configuring SASL Identity Mapping
    
    Expand section "9.10.3. Configuring SASL Identity Mapping" Collapse section "9.10.3. Configuring SASL Identity Mapping"
    
    9.10.3.1. Configuring SASL Identity Mapping Using the Command Line
    
    9.10.3.2. Configuring SASL Identity Mapping Using the Web Console
  4. 9.10.4. Enabling SASL Mapping Fallback
    
    Expand section "9.10.4. Enabling SASL Mapping Fallback" Collapse section "9.10.4. Enabling SASL Mapping Fallback"
    
    9.10.4.1. Setting SASL Mapping Priorities
11. 9.11. Using Kerberos GSS-API with SASL
  Expand section "9.11. Using Kerberos GSS-API with SASL" Collapse section "9.11. Using Kerberos GSS-API with SASL"
  1. 9.11.1. Authentication Mechanisms for SASL in Directory Server
  2. 9.11.2. About Kerberos in Directory Server
    
    Expand section "9.11.2. About Kerberos in Directory Server" Collapse section "9.11.2. About Kerberos in Directory Server"
    
    9.11.2.1. About Principals and Realms
    
    9.11.2.2. About the KDC Server and Keytabs
  3. 9.11.3. Configuring SASL Authentication at Directory Server Startup
12. 9.12. Setting SASL Mechanisms
13. 9.13. Using SASL with LDAP Clients
10. Configuring Attribute Encryption
Expand section "10. Configuring Attribute Encryption" Collapse section "10. Configuring Attribute Encryption"
1. 10.1. Encryption Keys
2. 10.2. Encryption Ciphers
3. 10.3. Configuring Attribute Encryption
  Expand section "10.3. Configuring Attribute Encryption" Collapse section "10.3. Configuring Attribute Encryption"
4. 10.4. Exporting and Importing an Encrypted Database
  Expand section "10.4. Exporting and Importing an Encrypted Database" Collapse section "10.4. Exporting and Importing an Encrypted Database"
  1. 10.4.1. Exporting an Encrypted Database
  2. 10.4.2. Importing an LDIF File into an Encrypted Database
5. 10.5. Updating the TLS Certificates Used for Attribute Encryption
11. Managing FIPS Mode Support
12. Managing the Directory Schema
Expand section "12. Managing the Directory Schema" Collapse section "12. Managing the Directory Schema"
1. 12.1. Overview of Schema
  Expand section "12.1. Overview of Schema" Collapse section "12.1. Overview of Schema"
  1. 12.1.1. Default Schema Files
  2. 12.1.2. Object Classes
  3. 12.1.3. Attributes
    
    Expand section "12.1.3. Attributes" Collapse section "12.1.3. Attributes"
    
    12.1.3.1. Directory Server Attribute Syntaxes
  4. 12.1.4. Extending the Schema
  5. 12.1.5. Schema Replication
2. 12.2. Managing Object Identifiers
3. 12.3. Creating an Object Class
  Expand section "12.3. Creating an Object Class" Collapse section "12.3. Creating an Object Class"
  1. 12.3.1. Creating an Object Class Using the Command Line
  2. 12.3.2. Creating an Object Class Using the Web Console
4. 12.4. Updating an Object Class
  Expand section "12.4. Updating an Object Class" Collapse section "12.4. Updating an Object Class"
  1. 12.4.1. Updating an Object Class Using the Command Line
  2. 12.4.2. Updating an Object Class Using the Web Console
5. 12.5. Removing an Object Class
  Expand section "12.5. Removing an Object Class" Collapse section "12.5. Removing an Object Class"
  1. 12.5.1. Removing an Object Class Using the Command Line
  2. 12.5.2. Removing an Object Class Using the Web Console
6. 12.6. Creating an Attribute
  Expand section "12.6. Creating an Attribute" Collapse section "12.6. Creating an Attribute"
  1. 12.6.1. Creating an Attribute Using the Command Line
  2. 12.6.2. Creating an Attribute Using the Web Console
7. 12.7. Updating an attribute
  Expand section "12.7. Updating an attribute" Collapse section "12.7. Updating an attribute"
  1. 12.7.1. Updating an Attribute Using the Command Line
  2. 12.7.2. Updating an Attribute Using the Web Console
8. 12.8. Removing an Attribute
  Expand section "12.8. Removing an Attribute" Collapse section "12.8. Removing an Attribute"
  1. 12.8.1. Removing an Attribute Using the Command Line
  2. 12.8.2. Removing an Attribute Using the Web Console
9. 12.9. Creating Custom Schema Files
10. 12.10. Dynamically Reloading Schema
  Expand section "12.10. Dynamically Reloading Schema" Collapse section "12.10. Dynamically Reloading Schema"
11. 12.11. Turning Schema Checking On and Off
  Expand section "12.11. Turning Schema Checking On and Off" Collapse section "12.11. Turning Schema Checking On and Off"
  1. 12.11.1. Turning Schema Checking On and Off Using the Command Line
  2. 12.11.2. Turning Schema Checking On and Off Using the Web Console
12. 12.12. Using Syntax Validation
  Expand section "12.12. Using Syntax Validation" Collapse section "12.12. Using Syntax Validation"
  1. 12.12.1. About Syntax Validation
  2. 12.12.2. Syntax Validation and Other Directory Server Operations
    
    Expand section "12.12.2. Syntax Validation and Other Directory Server Operations" Collapse section "12.12.2. Syntax Validation and Other Directory Server Operations"
    
    12.12.2.1. Turning Syntax Validation On and Off Using the Command Line
    
    12.12.2.2. Turning Syntax Validation On and Off Using the Web Console
  3. 12.12.3. Enabling or Disabling Strict Syntax Validation for DNs
    
    Expand section "12.12.3. Enabling or Disabling Strict Syntax Validation for DNs" Collapse section "12.12.3. Enabling or Disabling Strict Syntax Validation for DNs"
    
    12.12.3.1. Enabling or Disabling Strict Syntax Validation for DNs Using the Command Line
    
    12.12.3.2. Enabling or Disabling Strict Syntax Validation for DNs Using the Web Console
  4. 12.12.4. Enabling Syntax Validation Logging
    
    Expand section "12.12.4. Enabling Syntax Validation Logging" Collapse section "12.12.4. Enabling Syntax Validation Logging"
    
    12.12.4.1. Enabling Syntax Validation Logging Using the Command Line
    
    12.12.4.2. Enabling Syntax Validation Logging Using the Web Console
  5. 12.12.5. Validating the Syntax of Existing Attribute Values
    
    Expand section "12.12.5. Validating the Syntax of Existing Attribute Values" Collapse section "12.12.5. Validating the Syntax of Existing Attribute Values"
    
    12.12.5.1. Creating a Syntax Validation Task Using the dsconf schema validate-syntax Command
    
    12.12.5.2. Creating a Syntax Validation Task Using a cn=tasks Entry
13. Managing Indexes
Expand section "13. Managing Indexes" Collapse section "13. Managing Indexes"
1. 13.1. About Indexes
  Expand section "13.1. About Indexes" Collapse section "13.1. About Indexes"
2. 13.2. Creating Standard Indexes
  Expand section "13.2. Creating Standard Indexes" Collapse section "13.2. Creating Standard Indexes"
  1. 13.2.1. Creating Indexes Using the Command Line
  2. 13.2.2. Creating Indexes Using the Web Console
3. 13.3. Creating New Indexes to Existing Databases
  Expand section "13.3. Creating New Indexes to Existing Databases" Collapse section "13.3. Creating New Indexes to Existing Databases"
  1. 13.3.1. Creating an Index While the Instance is Running
    
    Expand section "13.3.1. Creating an Index While the Instance is Running" Collapse section "13.3.1. Creating an Index While the Instance is Running"
    
    13.3.1.1. Creating an Index Using the dsconf backend index reindex Command
    
    13.3.1.2. Creating an Index Using a cn=tasks Entry
  2. 13.3.2. Creating an Index While the Instance Offline
4. 13.4. Using virtual list view control to request a contiguous subset of a large search result
  Expand section "13.4. Using virtual list view control to request a contiguous subset of a large search result" Collapse section "13.4. Using virtual list view control to request a contiguous subset of a large search result"
5. 13.5. Changing the Index Sort Order
  Expand section "13.5. Changing the Index Sort Order" Collapse section "13.5. Changing the Index Sort Order"
  1. 13.5.1. Changing the Sort Order Using the Command Line
6. 13.6. Changing the Width for Indexed Substring Searches
7. 13.7. Deleting Indexes
  Expand section "13.7. Deleting Indexes" Collapse section "13.7. Deleting Indexes"
  1. 13.7.1. Deleting an Attribute from the Default Index Entry
  2. 13.7.2. Removing an Attribute from the Index
    
    Expand section "13.7.2. Removing an Attribute from the Index" Collapse section "13.7.2. Removing an Attribute from the Index"
    
    13.7.2.1. Removing an Attribute from the Index Using the Command Line
    
    13.7.2.2. Removing an Attribute from the Index Using the Web Console
  3. 13.7.3. Deleting Index Types Using the Command Line
  4. 13.7.4. Removing Browsing Indexes
    
    Expand section "13.7.4. Removing Browsing Indexes" Collapse section "13.7.4. Removing Browsing Indexes"
    
    13.7.4.1. Removing Browsing Indexes Using the Command Line
14. Finding Directory Entries
Expand section "14. Finding Directory Entries" Collapse section "14. Finding Directory Entries"
1. 14.1. Finding Directory Entries Using the Command Line
  Expand section "14.1. Finding Directory Entries Using the Command Line" Collapse section "14.1. Finding Directory Entries Using the Command Line"
2. 14.2. Finding Entries Using the Web Console
3. 14.3. LDAP Search Filters
  Expand section "14.3. LDAP Search Filters" Collapse section "14.3. LDAP Search Filters"
4. 14.4. Examples of Common ldapsearches
  Expand section "14.4. Examples of Common ldapsearches" Collapse section "14.4. Examples of Common ldapsearches"
5. 14.5. Improving Search Performance through Resource Limits
  Expand section "14.5. Improving Search Performance through Resource Limits" Collapse section "14.5. Improving Search Performance through Resource Limits"
6. 14.6. Using Persistent Search
7. 14.7. Searching with Specified Controls
  Expand section "14.7. Searching with Specified Controls" Collapse section "14.7. Searching with Specified Controls"
15. Managing Replication
Expand section "15. Managing Replication" Collapse section "15. Managing Replication"
1. 15.1. Replication Overview
  Expand section "15.1. Replication Overview" Collapse section "15.1. Replication Overview"
2. 15.2. Configuring Bootstrap Credentials
3. 15.3. Single-supplier Replication
  Expand section "15.3. Single-supplier Replication" Collapse section "15.3. Single-supplier Replication"
  1. 15.3.1. Setting up Single-supplier Replication Using the Command Line
  2. 15.3.2. Setting up Single-supplier Replication Using the Web Console
4. 15.4. Multi-Supplier Replication
  Expand section "15.4. Multi-Supplier Replication" Collapse section "15.4. Multi-Supplier Replication"
5. 15.5. Cascading Replication
  Expand section "15.5. Cascading Replication" Collapse section "15.5. Cascading Replication"
  1. 15.5.1. Setting up Cascading Replication Using the Command Line
  2. 15.5.2. Setting up Cascading Replication Using the Web Console
6. 15.6. Configuring Replication Partners to use Certificate-based Authentication
7. 15.7. Promoting a Consumer or Hub to a Supplier
  Expand section "15.7. Promoting a Consumer or Hub to a Supplier" Collapse section "15.7. Promoting a Consumer or Hub to a Supplier"
  1. 15.7.1. Promoting a Consumer or Hub to a Supplier Using the Command Line
  2. 15.7.2. Promoting a Consumer or Hub to a Supplier Using the Web Console
8. 15.8. About Initializing a Consumer
  Expand section "15.8. About Initializing a Consumer" Collapse section "15.8. About Initializing a Consumer"
  1. 15.8.1. When to Initialize a Consumer
  2. 15.8.2. Setting Initialization Timeouts
  3. 15.8.3. Initializing a Consumer
    
    Expand section "15.8.3. Initializing a Consumer" Collapse section "15.8.3. Initializing a Consumer"
    
    15.8.3.1. Initializing a Consumer Using the Command Line
    
    Expand section "15.8.3.1. Initializing a Consumer Using the Command Line" Collapse section "15.8.3.1. Initializing a Consumer Using the Command Line"
    
    15.8.3.1.1. Initializing a Consumer Online
    
    15.8.3.1.2. Initializing a Consumer Offline
  4. 15.8.4. Initializing a Consumer Using the Web Console
9. 15.9. Disabling and Re-enabling Replication
10. 15.10. Removing a Directory Server Instance from the Replication Topology
  Expand section "15.10. Removing a Directory Server Instance from the Replication Topology" Collapse section "15.10. Removing a Directory Server Instance from the Replication Topology"
  1. 15.10.1. Removing a Consumer or Hub from the Replication Topology
  2. 15.10.2. Removing a Supplier from the Replication Topology
11. 15.11. Managing Attributes Within Fractional Replication
  Expand section "15.11. Managing Attributes Within Fractional Replication" Collapse section "15.11. Managing Attributes Within Fractional Replication"
12. 15.12. Managing Deleted Entries with Replication
13. 15.13. Configuring Changelog Encryption
14. 15.14. Removing the Changelog
  Expand section "15.14. Removing the Changelog" Collapse section "15.14. Removing the Changelog"
  1. 15.14.1. Removing the Changelog using the Command Line
  2. 15.14.2. Removing the Changelog using the Web Console
15. 15.15. Exporting the Replication Changelog
16. 15.16. Importing the Replication Changelog from an LDIF-formatted Changelog Dump
17. 15.17. Moving the Replication Changelog Directory
18. 15.18. Trimming the Replication Changelog
  Expand section "15.18. Trimming the Replication Changelog" Collapse section "15.18. Trimming the Replication Changelog"
  1. 15.18.1. Configuring Replication Changelog Trimming
  2. 15.18.2. Manually Reducing the Size of a Large Changelog
19. 15.19. Forcing Replication Updates
20. 15.20. Setting Replication Timeout Periods
21. 15.21. Using the Retro Changelog Plug-in
  Expand section "15.21. Using the Retro Changelog Plug-in" Collapse section "15.21. Using the Retro Changelog Plug-in"
  1. 15.21.1. Enabling the Retro Changelog Plug-in
    
    Expand section "15.21.1. Enabling the Retro Changelog Plug-in" Collapse section "15.21.1. Enabling the Retro Changelog Plug-in"
    
    15.21.1.1. Enabling the Retro Changelog Plug-in Using the Command Line
    
    15.21.1.2. Enabling the Retro Changelog Plug-in Using the Web Console
  2. 15.21.2. Trimming the Retro Changelog
  3. 15.21.3. Searching and Modifying the Retro Changelog
  4. 15.21.4. Retro Changelog and the Access Control Policy
22. 15.22. Displaying the Status of a Specific Replication Agreement
  Expand section "15.22. Displaying the Status of a Specific Replication Agreement" Collapse section "15.22. Displaying the Status of a Specific Replication Agreement"
  1. 15.22.1. Displaying the Status of a Specific Replication Agreement Using the Command-Line
  2. 15.22.2. Displaying the Status of a Specific Replication Agreement Using the Web Console
23. 15.23. Monitoring the Replication Topology
  Expand section "15.23. Monitoring the Replication Topology" Collapse section "15.23. Monitoring the Replication Topology"
  1. 15.23.1. Setting Credentials for Replication Monitoring in the .dsrc File
  2. 15.23.2. Using Aliases in the Replication Topology Monitoring Output
24. 15.24. Comparing Two Directory Server Instances
25. 15.25. Solving Common Replication Conflicts
  Expand section "15.25. Solving Common Replication Conflicts" Collapse section "15.25. Solving Common Replication Conflicts"
26. 15.26. Troubleshooting Replication-Related Problems
  Expand section "15.26. Troubleshooting Replication-Related Problems" Collapse section "15.26. Troubleshooting Replication-Related Problems"
  1. 15.26.1. Possible Replication-related Error Messages
16. Synchronizing Red Hat Directory Server with Microsoft Active Directory
Expand section "16. Synchronizing Red Hat Directory Server with Microsoft Active Directory" Collapse section "16. Synchronizing Red Hat Directory Server with Microsoft Active Directory"
1. 16.1. About Windows Synchronization
2. 16.2. Supported Active Directory Versions
3. 16.3. Synchronizing Passwords
4. 16.4. Setting up Synchronization Between Active Directory and Directory Server
  Expand section "16.4. Setting up Synchronization Between Active Directory and Directory Server" Collapse section "16.4. Setting up Synchronization Between Active Directory and Directory Server"
  1. 16.4.1. Step 1: Enabling TLS on the Directory Server Host
  2. 16.4.2. Step 2: Enabling Password Complexity in the AD Domain
  3. 16.4.3. Step 3: Extracting the CA Certificate from AD
  4. 16.4.4. Step 4: Extracting the CA Certificate from the Directory Server's NSS Database
  5. 16.4.5. Step 5: Creating the Synchronization Accounts
  6. 16.4.6. Step 6: Installing the Password Sync Service
  7. 16.4.7. Step 7: Adding the CA Certificate Directory Server uses to the Password Sync Service's Certificate Database
  8. 16.4.8. Step 8: Adding the CA Certificate AD uses to Directory Server's Certificate Database
  9. 16.4.9. Step 9: Configuring the Database for Synchronization and Creating the Synchronization Agreement
    
    Expand section "16.4.9. Step 9: Configuring the Database for Synchronization and Creating the Synchronization Agreement" Collapse section "16.4.9. Step 9: Configuring the Database for Synchronization and Creating the Synchronization Agreement"
    
    16.4.9.1. Configuring the Database for Synchronization and Creating the Synchronization Agreement Using the Command Line
    
    16.4.9.2. Configuring the Database for Synchronization and Creating the Synchronization Agreement Using the Web Console
5. 16.5. Synchronizing Users
  Expand section "16.5. Synchronizing Users" Collapse section "16.5. Synchronizing Users"
  1. 16.5.1. User Attributes Synchronized between Directory Server and Active Directory
  2. 16.5.2. User Schema Differences between Red Hat Directory Server and Active Directory
    
    Expand section "16.5.2. User Schema Differences between Red Hat Directory Server and Active Directory" Collapse section "16.5.2. User Schema Differences between Red Hat Directory Server and Active Directory"
    
    16.5.2.1. Values for cn Attributes
    
    16.5.2.2. Password Policies
    
    16.5.2.3. Values for street and streetAddress
    
    16.5.2.4. Constraints on the initials Attribute
  3. 16.5.3. Configuring User Synchronization for Directory Server Users
  4. 16.5.4. Configuring User Synchronization for Active Directory Users
6. 16.6. Synchronizing Groups
  Expand section "16.6. Synchronizing Groups" Collapse section "16.6. Synchronizing Groups"
7. 16.7. Configuring Uni-Directional Synchronization
8. 16.8. Configuring Multiple Subtrees and Filters in Windows Synchronization
9. 16.9. Synchronizing POSIX Attributes for Users and Groups
  Expand section "16.9. Synchronizing POSIX Attributes for Users and Groups" Collapse section "16.9. Synchronizing POSIX Attributes for Users and Groups"
10. 16.10. Deleting and Resurrecting Entries
  Expand section "16.10. Deleting and Resurrecting Entries" Collapse section "16.10. Deleting and Resurrecting Entries"
  1. 16.10.1. Deleting Entries
  2. 16.10.2. Resurrecting Entries
11. 16.11. Sending Synchronization Updates
  Expand section "16.11. Sending Synchronization Updates" Collapse section "16.11. Sending Synchronization Updates"
  1. 16.11.1. Performing a Manual Incremental Synchronization
  2. 16.11.2. Performing a Full Synchronization
    
    Expand section "16.11.2. Performing a Full Synchronization" Collapse section "16.11.2. Performing a Full Synchronization"
    
    16.11.2.1. Performing a Full Synchronization Using the Command Line
    
    16.11.2.2. Performing a Full Synchronization Using the Web Console
  3. 16.11.3. Setting Synchronization Schedules
  4. 16.11.4. Changing Synchronization Connections
  5. 16.11.5. Handling Entries That Move Out of the Synchronized Subtree
12. 16.12. Troubleshooting
17. Setting up Content Synchronization Using the SyncRepl Protocol
Expand section "17. Setting up Content Synchronization Using the SyncRepl Protocol" Collapse section "17. Setting up Content Synchronization Using the SyncRepl Protocol"
1. 17.1. Configuring the Content Synchronization Plug-in Using the Command Line
18. Managing Access Control
Expand section "18. Managing Access Control" Collapse section "18. Managing Access Control"
1. 18.1. Access Control Principles
2. 18.2. ACI Placement
3. 18.3. ACI Structure
4. 18.4. ACI Evaluation
5. 18.5. Limitations of ACIs
6. 18.6. How Directory Server Handles ACIs in a Replication Topology
7. 18.7. Managing ACIs using the command line
  Expand section "18.7. Managing ACIs using the command line" Collapse section "18.7. Managing ACIs using the command line"
8. 18.8. Managing ACIs Using the Web Console
  Expand section "18.8. Managing ACIs Using the Web Console" Collapse section "18.8. Managing ACIs Using the Web Console"
9. 18.9. Defining Targets
  Expand section "18.9. Defining Targets" Collapse section "18.9. Defining Targets"
  1. 18.9.1. Frequently Used Target Keywords
    
    Expand section "18.9.1. Frequently Used Target Keywords" Collapse section "18.9.1. Frequently Used Target Keywords"
    
    18.9.1.1. Targeting a Directory Entry
    
    18.9.1.2. Targeting Attributes
    
    18.9.1.3. Targeting Entries and Attributes Using LDAP Filters
    
    18.9.1.4. Targeting Attribute Values Using LDAP Filters
  2. 18.9.2. Further Target Keywords
    
    Expand section "18.9.2. Further Target Keywords" Collapse section "18.9.2. Further Target Keywords"
    
    18.9.2.1. Targeting Source and Destination DNs
  3. 18.9.3. Advanced Usage of Target Rules
    
    Expand section "18.9.3. Advanced Usage of Target Rules" Collapse section "18.9.3. Advanced Usage of Target Rules"
    
    18.9.3.1. Delegating Permissions to Create and Maintain Groups
    
    18.9.3.2. Targeting Both an Entry and Attributes
    
    18.9.3.3. Targeting Certain Attributes of Entries Matching a Filter
    
    18.9.3.4. Targeting a Single Directory Entry
10. 18.10. Defining Permissions
  Expand section "18.10. Defining Permissions" Collapse section "18.10. Defining Permissions"
11. 18.11. Defining Bind Rules
  Expand section "18.11. Defining Bind Rules" Collapse section "18.11. Defining Bind Rules"
  1. 18.11.1. Frequently Used Bind Rules
    
    Expand section "18.11.1. Frequently Used Bind Rules" Collapse section "18.11.1. Frequently Used Bind Rules"
    
    18.11.1.1. Defining User-based Access
    
    Expand section "18.11.1.1. Defining User-based Access" Collapse section "18.11.1.1. Defining User-based Access"
    
    18.11.1.1.1. Using a DN with the userdn Keyword
    
    18.11.1.1.2. Using the userdn Keyword with an LDAP Filter
    
    18.11.1.1.3. Granting Anonymous Access
    
    18.11.1.1.4. Granting Access to Authenticated Users
    
    18.11.1.1.5. Enabling Users to Access Their Own Entries
    
    18.11.1.1.6. Setting Access for Child Entries of a User
    
    18.11.1.2. Defining Group-based Access
    
    Expand section "18.11.1.2. Defining Group-based Access" Collapse section "18.11.1.2. Defining Group-based Access"
    
    18.11.1.2.1. Using a DN with the groupdn Keyword
    
    18.11.1.2.2. Using the groupdn Keyword with an LDAP Filter
  2. 18.11.2. Further Bind Rules
    
    Expand section "18.11.2. Further Bind Rules" Collapse section "18.11.2. Further Bind Rules"
    
    18.11.2.1. Defining Access Based on Value Matching
    
    Expand section "18.11.2.1. Defining Access Based on Value Matching" Collapse section "18.11.2.1. Defining Access Based on Value Matching"
    
    18.11.2.1.1. Using the USERDN Bind Type
    
    18.11.2.1.2. Using the GROUPDN Bind Type
    
    18.11.2.1.3. Using the ROLEDN Bind Type
    
    18.11.2.1.4. Using the SELFDN Bind Type
    
    18.11.2.1.5. Using the LDAPURL Bind Type
    
    18.11.2.1.6. Using the userattr Keyword with Inheritance
    
    18.11.2.2. Defining Access from Specific IP Addresses or Ranges
    
    18.11.2.3. Defining Access from a Specific Host or Domain
    
    18.11.2.4. Requiring a Certain Level of Security in Connections
    
    18.11.2.5. Defining Access at a Specific Day of the Week
    
    18.11.2.6. Defining Access at a Specific Time of Day
    
    18.11.2.7. Defining Access Based on the Authentication Method
    
    18.11.2.8. Defining Access Based on Roles
  3. 18.11.3. Combining Bind Rules Using Boolean Operators
12. 18.12. Checking Access Rights on Entries (Get Effective Rights)
  Expand section "18.12. Checking Access Rights on Entries (Get Effective Rights)" Collapse section "18.12. Checking Access Rights on Entries (Get Effective Rights)"
  1. 18.12.1. Rights Shown with a Get Effective Rights Search
  2. 18.12.2. The Format of a Get Effective Rights Search
  3. 18.12.3. Examples of GER Searches
    
    Expand section "18.12.3. Examples of GER Searches" Collapse section "18.12.3. Examples of GER Searches"
    
    18.12.3.1. General Examples on Checking Access Rights
    
    18.12.3.2. Examples of Get Effective Rights Searches for Non-Existent Attributes
    
    18.12.3.3. Examples of Get Effective Rights Searches for Specific Attributes or Object Classes
    
    18.12.3.4. Examples of Get Effective Rights Searches for Non-Existent Entries
    
    18.12.3.5. Examples of Get Effective Rights Searches for Operational Attributes
    
    18.12.3.6. Examples of Get Effective Rights Results and Access Control Rules
  4. 18.12.4. Get Effective Rights Return Codes
13. 18.13. Logging Access Control Information
14. 18.14. Advanced Access Control: Using Macro ACIs
  Expand section "18.14. Advanced Access Control: Using Macro ACIs" Collapse section "18.14. Advanced Access Control: Using Macro ACIs"
  1. 18.14.1. Macro ACI Example
  2. 18.14.2. Macro ACI Syntax
    
    Expand section "18.14.2. Macro ACI Syntax" Collapse section "18.14.2. Macro ACI Syntax"
    
    18.14.2.1. Macro Matching for ($dn)
    
    18.14.2.2. Macro Matching for [$dn]
    
    18.14.2.3. Macro Matching for ($attr.attrName)
15. 18.15. Setting Access Controls on Directory Manager
  Expand section "18.15. Setting Access Controls on Directory Manager" Collapse section "18.15. Setting Access Controls on Directory Manager"
  1. 18.15.1. About Access Controls on the Directory Manager Account
  2. 18.15.2. Configuring the RootDN Access Control Plug-in
19. Using the Health Check Feature to Identify Problems
Expand section "19. Using the Health Check Feature to Identify Problems" Collapse section "19. Using the Health Check Feature to Identify Problems"
1. 19.1. Running the Directory Server Health Check
20. Managing User Authentication
Expand section "20. Managing User Authentication" Collapse section "20. Managing User Authentication"
1. 20.1. Setting User Passwords
2. 20.2. Setting Password Administrators
3. 20.3. Changing Passwords Stored Externally
4. 20.4. Managing the Password Policy
  Expand section "20.4. Managing the Password Policy" Collapse section "20.4. Managing the Password Policy"
  1. 20.4.1. Configuring the Global Password Policy
    
    Expand section "20.4.1. Configuring the Global Password Policy" Collapse section "20.4.1. Configuring the Global Password Policy"
    
    20.4.1.1. Configuring a Global Password Policy Using the Command Line
    
    20.4.1.2. Configuring a Global Password Policy Using the Web Console
  2. 20.4.2. Using Local Password Policies
    
    Expand section "20.4.2. Using Local Password Policies" Collapse section "20.4.2. Using Local Password Policies"
    
    20.4.2.1. Where Directory Server Stores Local Password Policy Entries
    
    20.4.2.2. Configuring a Local Password Policy
5. 20.5. Configuring temporary password rules
  Expand section "20.5. Configuring temporary password rules" Collapse section "20.5. Configuring temporary password rules"
  1. 20.5.1. Enabling temporary password rules in the global password policy
  2. 20.5.2. Enabling temporary password rules in a local password policy
6. 20.6. Understanding Password Expiration Controls
7. 20.7. Managing the Directory Manager Password
  Expand section "20.7. Managing the Directory Manager Password" Collapse section "20.7. Managing the Directory Manager Password"
  1. 20.7.1. Resetting the Directory Manager Password
  2. 20.7.2. Changing the Directory Manager Password
    
    Expand section "20.7.2. Changing the Directory Manager Password" Collapse section "20.7.2. Changing the Directory Manager Password"
    
    20.7.2.1. Changing the Directory Manager Password Using the Command Line
    
    20.7.2.2. Changing the Directory Manager Password Using the Web Console
  3. 20.7.3. Changing the Directory Manager Password Storage Scheme
    
    Expand section "20.7.3. Changing the Directory Manager Password Storage Scheme" Collapse section "20.7.3. Changing the Directory Manager Password Storage Scheme"
    
    20.7.3.1. Changing the Directory Manager Password Storage Scheme Using the Command Line
    
    20.7.3.2. Changing the Directory Manager Password Storage Scheme Using the Web Console
  4. 20.7.4. Changing the Directory Manager DN
8. 20.8. Checking Account Availability for Passwordless Access
  Expand section "20.8. Checking Account Availability for Passwordless Access" Collapse section "20.8. Checking Account Availability for Passwordless Access"
  1. 20.8.1. Searching for Entries Using the Account Usability Extension Control
  2. 20.8.2. Changing What Users Can Perform an Account Usability Search
9. 20.9. Configuring a Password-Based Account Lockout Policy
  Expand section "20.9. Configuring a Password-Based Account Lockout Policy" Collapse section "20.9. Configuring a Password-Based Account Lockout Policy"
10. 20.10. Configuring Time-Based Account Lockout Policies
  Expand section "20.10. Configuring Time-Based Account Lockout Policies" Collapse section "20.10. Configuring Time-Based Account Lockout Policies"
11. 20.11. Replicating Account Lockout Attributes
  Expand section "20.11. Replicating Account Lockout Attributes" Collapse section "20.11. Replicating Account Lockout Attributes"
12. 20.12. Enabling Different Types of Binds
  Expand section "20.12. Enabling Different Types of Binds" Collapse section "20.12. Enabling Different Types of Binds"
  1. 20.12.1. Requiring Secure Binds
  2. 20.12.2. Disabling Anonymous Binds
  3. 20.12.3. Allowing Unauthenticated Binds
  4. 20.12.4. Configuring Autobind
    
    Expand section "20.12.4. Configuring Autobind" Collapse section "20.12.4. Configuring Autobind"
    
    20.12.4.1. Overview of Autobind and LDAPI
    
    20.12.4.2. Configuring the Autobind Feature
13. 20.13. Using Pass-Through Authentication
  Expand section "20.13. Using Pass-Through Authentication" Collapse section "20.13. Using Pass-Through Authentication"
  1. 20.13.1. PTA Plug-in Syntax
  2. 20.13.2. Configuring the PTA Plug-in
    
    Expand section "20.13.2. Configuring the PTA Plug-in" Collapse section "20.13.2. Configuring the PTA Plug-in"
    
    20.13.2.1. Configuring the Servers to Use a Secure Connection
    
    20.13.2.2. Specifying the Authenticating Directory Server
    
    20.13.2.3. Specifying the Pass-Through Subtree
    
    20.13.2.4. Configuring the Optional Parameters
  3. 20.13.3. PTA Plug-in Syntax Examples
    
    Expand section "20.13.3. PTA Plug-in Syntax Examples" Collapse section "20.13.3. PTA Plug-in Syntax Examples"
    
    20.13.3.1. Specifying One Authenticating Directory Server and One Subtree
    
    20.13.3.2. Specifying Multiple Authenticating Directory Servers
    
    20.13.3.3. Specifying One Authenticating Directory Server and Multiple Subtrees
    
    20.13.3.4. Using Non-Default Parameter Values
    
    20.13.3.5. Specifying Different Optional Parameters and Subtrees for Different Authenticating Directory Servers
14. 20.14. Using Active Directory-formatted User Names for Authentication
15. 20.15. Using PAM for Pass-Through Authentication
  Expand section "20.15. Using PAM for Pass-Through Authentication" Collapse section "20.15. Using PAM for Pass-Through Authentication"
  1. 20.15.1. PAM Pass-Through Authentication Configuration Options
    
    Expand section "20.15.1. PAM Pass-Through Authentication Configuration Options" Collapse section "20.15.1. PAM Pass-Through Authentication Configuration Options"
    
    20.15.1.1. Specifying the Suffixes to Target for PAM PTA
    
    20.15.1.2. Applying Different PAM Pass-Through Authentication Configurations to Different Entries
    
    20.15.1.3. Setting PAM PTA Mappings
    
    20.15.1.4. Configuring General PAM PTA Settings
  2. 20.15.2. Configuring PAM Pass-Through Authentication
  3. 20.15.3. Using PAM Pass-Through Authentication with Active Directory as the Back End
16. 20.16. Manually Inactivating Users and Roles
  Expand section "20.16. Manually Inactivating Users and Roles" Collapse section "20.16. Manually Inactivating Users and Roles"
  1. 20.16.1. Displaying the Status of an Account or Role
  2. 20.16.2. Inactivating and Activating Users and Roles Using the Command Line
21. Monitoring Server and Database Activity
Expand section "21. Monitoring Server and Database Activity" Collapse section "21. Monitoring Server and Database Activity"
1. 21.1. Types of Directory Server Log Files
2. 21.2. Displaying Log Files
  Expand section "21.2. Displaying Log Files" Collapse section "21.2. Displaying Log Files"
  1. 21.2.1. Displaying Log Files Using the Command Line
  2. 21.2.2. Displaying Log Files Using the Web Console
3. 21.3. Configuring Log Files
  Expand section "21.3. Configuring Log Files" Collapse section "21.3. Configuring Log Files"
  1. 21.3.1. Enabling or Disabling Logs
    
    Expand section "21.3.1. Enabling or Disabling Logs" Collapse section "21.3.1. Enabling or Disabling Logs"
    
    21.3.1.1. Enabling or Disabling Logging Using the Command Line
    
    21.3.1.2. Enabling or Disabling Logging Using the Web Console
  2. 21.3.2. Configuring Plug-in-specific Logging
  3. 21.3.3. Disabling High-resolution Log Time Stamps
  4. 21.3.4. Defining a Log File Rotation Policy
    
    Expand section "21.3.4. Defining a Log File Rotation Policy" Collapse section "21.3.4. Defining a Log File Rotation Policy"
    
    21.3.4.1. Defining a Log File Rotation Policy Using the Command Line
    
    21.3.4.2. Defining a Log File Rotation Policy Using the Web Console
  5. 21.3.5. Defining a Log File Deletion Policy
    
    Expand section "21.3.5. Defining a Log File Deletion Policy" Collapse section "21.3.5. Defining a Log File Deletion Policy"
    
    21.3.5.1. Configuring a Log Deletion Policy Using the Command Line
    
    21.3.5.2. Configuring a Log Deletion Policy Using the Web Console
  6. 21.3.6. Manual Log File Rotation
  7. 21.3.7. Configuring the Log Levels
    
    Expand section "21.3.7. Configuring the Log Levels" Collapse section "21.3.7. Configuring the Log Levels"
    
    21.3.7.1. Configuring the Log Levels Using the Command Line
    
    21.3.7.2. Configuring the Log Levels Using the Web Console
    
    21.3.7.3. Logging Internal Operations
4. 21.4. Getting Access Log Statistics
5. 21.5. Monitoring the Local Disk for Graceful Shutdown
6. 21.6. Monitoring Server Activity
7. 21.7. Monitoring Database Activity
8. 21.8. Monitoring Database Link Activity
9. 21.9. Enabling and Disabling Counters
10. 21.10. Monitoring Directory Server Using SNMP
  Expand section "21.10. Monitoring Directory Server Using SNMP" Collapse section "21.10. Monitoring Directory Server Using SNMP"
  1. 21.10.1. About SNMP
  2. 21.10.2. Enabling and Disabling SNMP Support
  3. 21.10.3. Setting Parameters to Identify an Instance Using SNMP
  4. 21.10.4. Setting up an SNMP Agent for Directory Server
  5. 21.10.5. Configuring SNMP Traps
  6. 21.10.6. Using the Management Information Base
    
    Expand section "21.10.6. Using the Management Information Base" Collapse section "21.10.6. Using the Management Information Base"
    
    21.10.6.1. Operations Table
    
    21.10.6.2. Entries Table
    
    21.10.6.3. Entity Table
    
    21.10.6.4. Interaction Table
22. Making a High-availability and Disaster Recovery Plan
Expand section "22. Making a High-availability and Disaster Recovery Plan" Collapse section "22. Making a High-availability and Disaster Recovery Plan"
1. 22.1. Identifying Potential Scenarios
2. 22.2. Defining the Type of Rollover
3. 22.3. Identifying Useful Directory Server Features for Disaster Recovery
  Expand section "22.3. Identifying Useful Directory Server Features for Disaster Recovery" Collapse section "22.3. Identifying Useful Directory Server Features for Disaster Recovery"
4. 22.4. Defining the Recovery Process
5. 22.5. Basic Example: Performing a Recovery
23. Creating Test Entries
Expand section "23. Creating Test Entries" Collapse section "23. Creating Test Entries"
A. Using LDAP Client Tools
Expand section "A. Using LDAP Client Tools" Collapse section "A. Using LDAP Client Tools"
B. LDAP Data Interchange Format
Expand section "B. LDAP Data Interchange Format" Collapse section "B. LDAP Data Interchange Format"
1. B.1. About the LDIF File Format
2. B.2. Continuing Lines in LDIF
3. B.3. Representing Binary Data
  Expand section "B.3. Representing Binary Data" Collapse section "B.3. Representing Binary Data"
  1. B.3.1. Standard LDIF Notation
  2. B.3.2. Base-64 Encoding
4. B.4. Specifying Directory Entries Using LDIF
  Expand section "B.4. Specifying Directory Entries Using LDIF" Collapse section "B.4. Specifying Directory Entries Using LDIF"
5. B.5. Defining Directories Using LDIF
6. B.6. Storing Information in Multiple Languages
C. LDAP URLs
Expand section "C. LDAP URLs" Collapse section "C. LDAP URLs"
D. Internationalization
Expand section "D. Internationalization" Collapse section "D. Internationalization"
1. D.1. About Locales
2. D.2. Supported Locales
3. D.3. Supported Language Subtypes
4. D.4. Searching an Internationalized Directory
  Expand section "D.4. Searching an Internationalized Directory" Collapse section "D.4. Searching an Internationalized Directory"
  1. D.4.1. Matching Rule Formats
    
    Expand section "D.4.1. Matching Rule Formats" Collapse section "D.4.1. Matching Rule Formats"
    
    D.4.1.1. Using an OID for the Matching Rule
    
    D.4.1.2. Using a Language Tag for the Matching Rule
    
    D.4.1.3. Using an OID and Suffix for the Matching Rule
    
    D.4.1.4. Using a Language Tag and Suffix for the Matching Rule
  2. D.4.2. Supported Search Types
  3. D.4.3. International Search Examples
    
    Expand section "D.4.3. International Search Examples" Collapse section "D.4.3. International Search Examples"
    
    D.4.3.1. Less-Than Example
    
    D.4.3.2. Less-Than or Equal-to Example
    
    D.4.3.3. Equality Example
    
    D.4.3.4. Greater-Than or Equal-to Example
    
    D.4.3.5. Greater-Than Example
    
    D.4.3.6. Substring Example
5. D.5. Troubleshooting Matching Rules
E. Revision History
Legal Notice

Language:
Format:

Language:
Format:

6.3. Backing up Directory Server

A backup in Directory Server contains, for example:

All database files including the data stored within these databases
Note
Directory Server does not support backing up individual databases.
The transaction logs
The Indices

In contrast to a backup, you can export data as described in Section 6.2, “Exporting Data”. Use the export feature to export specific data, such as a subtree, from a server in the LDAP Data Interchange Format (LDIF) format.

Warning

Do not stop the server during a backup operation.

Directory Server runs the backup task as the dirsrv user. Therefore, the permissions of the destination directory must allow this user to create files.

6.3.1. Backing up All Databases Using the Command Line

Directory Server supports backing up the databases while the instance is running or while the instance is offline:

Use one of the following methods if the instance is running:
- Use the dsconf backup create command. See Section 6.3.1.1.1, “Backing up All Databases Using the dsconf backup create Command”.
- Create a cn=tasks entry. See Section 6.3.1.1.2, “Backing up All Databases Using a cn=tasks entry”.
If the instance is offline, use the dsctl db2bak command. See Section 6.3.1.2, “Backing up All Databases While the Server is Offline”.

Important

These methods only back up the databases. For details about backing up other important files, such as the configuration, see Section 6.3.3, “Backing up Configuration Files, the Certificate Database, and Custom Schema Files”.

6.3.1.1. Backing up All Databases While the Server is Running

6.3.1.1.1. Backing up All Databases Using the `dsconf backup create` Command

Use the dsconf backup create command to automatically create a task that backs up all databases.

# dsconf -D "cn=Directory Manager" ldap://server.example.com backup create
The backup create task has finished successfully

By default, dsconf stores the backup in a subdirectory called instance_name-time_stamp in the /var/lib/dirsrv/slapd-instance_name/bak/ directory. To specify a different location, append a directory name to the command.

6.3.1.1.2. Backing up All Databases Using a `cn=tasks` entry

The cn=tasks,cn=config entry in the Directory Server configuration is a container entry for temporary entries the server uses to manage tasks. To initiate a backup operation, create a task in the cn=backup,cn=tasks,cn=config entry.

Using a task entry enables you to backup the databases while the server is running.

A backup task entry requires the following attributes:

cn: Sets the unique name of the task.
nsDatabaseType: Sets the type of the database to back up. Directory Server supports only the ldbm database value in this attribute.

Backup tasks support additional parameters, for example, to specify a different destination directory as the default, /var/lib/dirsrv/slapd-instance_name/bak/. For a complete list, see the cn=backup section in the Red Hat Directory Server Configuration, Command, and File Reference.

For example, to backup all databases and store the archive in the default backup directory:

# ldapadd -D "cn=Directory Manager" -W -H ldap://server.example.com -x

dn: cn=example_backup,cn=export,cn=tasks,cn=config
changetype: add
objectclass: extensibleObject
cn: example_backup
nsDatabaseType: ldbm database

If you not specify the nsArchiveDir attribute, the server stores the backup in a subdirectory called instance_name-time_stamp in the /var/lib/dirsrv/slapd-instance_name/bak/ directory.

When the task is completed, the entry is removed from the directory configuration.

6.3.1.2. Backing up All Databases While the Server is Offline

If the server is offline when you backup databases, use the dsctl db2bak command:

Stop the instance:
```
# dsctl instance_name stop
```
Backup the database:
```
# dsctl instance_name db2bak
db2bak successful
```
Note
The dsctl db2bak command runs as the backup as the dirsrv user. Therefore, the permissions of the destination directory must allow this user to create files and directories.
If you not append a destination directory to the command, the server stores the backup in a subdirectory called instance_name-time_stamp in the /var/lib/dirsrv/slapd-instance_name/bak/ directory.
Start the instance:
```
# dsctl instance_name start
```

6.3.2. Backup up all Databases Using the Web Console

To back up all databases of an instance using the web console:

Open the Directory Server user interface in the web console. See Section 1.4, “Logging Into Directory Server Using the Web Console”.
Select the instance.
Click the Actions button, and select Manage Backup.
Click Create Backup.
Enter a name for the backup, such as a time stamp to indicate the creation date and time of the backup.
Click Create Backup.

The server stores the backup in a subdirectory with the name you entered in the /var/lib/dirsrv/slapd-instance_name/bak/ directory.

6.3.3. Backing up Configuration Files, the Certificate Database, and Custom Schema Files

The backup mechanism integrated into Directory Server backs up only the databases. However, there are additional files stored in the /etc/dirsrv/slapd-instance_name/ directory which are required to, for example, restore a instance on a different server after a hardware failure.

Note

Backing up the configuration directory is not supported in the web console.

Example 6.2. How to Back up the /etc/dirsrv/slapd-instance_name/ Directory

To back up the content of /etc/dirsrv/slapd-instance_name/, you can copy the directory or store it into an archive file. For example, to store the content of the /etc/dirsrv/slapd-instance_name/ directory in the /root/config_slapd-instance_name_time_stamp.tar.gz file:

# cd /etc/dirsrv/
# tar -zcvf /root/config_slapd-instance_name_$(date +%Y-%m-%d_%H-%M-%S).tar.gz slapd-instance_name/

Important

During the backup, do not update the certificate database. Otherwise, this database might not be consistent in the backup.

6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members

You can configure that members of a group have permissions to back up an instance and perform the backup. This increases the security because you no longer need to set the credentials of cn=Directory Manager in your backup script or cron jobs. Additionally, you can easily grant and revoke the backup permissions by modifying the group.

6.3.4.1. Enabling a Group to Back up Directory Server

Use this procedure to add the cn=backup_users,ou=groups,dc=example,dc=com group and enable members of this group to create backup tasks.

Procedure

Create the cn=backup_users,ou=groups,dc=example,dc=com group:

# dsidm -D "cn=Directory Manager" ldap://server.example.com -b "dc=example,dc=com" group create --cn backup_users

Add access control instructions (ACI) that allows members of the cn=backup_users,ou=groups,dc=example,dc=com group to create backup tasks:

# ldapadd -D "cn=Directory Manager" -W -H ldap://server.example.com

dn: cn=config
changetype: modify
add: aci
aci: (target = "ldap:///cn=backup,cn=tasks,cn=config")(targetattr="*")
 (version 3.0 ; acl "permission: Allow backup_users
  group to create backup tasks" ; allow (add, read, search) groupdn
  = "ldap:///cn=backup_users,ou=groups,dc=example,dc=com";)
-
add: aci
aci: (target = "ldap:///cn=config")(targetattr = "nsslapd-bakdir || objectClass")
 (version 3.0 ; acl "permission: Allow backup_users group
  to access bakdir attribute" ; allow (read,search) groupdn
  = "ldap:///cn=backup_users,ou=groups,dc=example,dc=com";)

Create a user:

Create a user account:

# dsidm -D "cn=Directory Manager" ldap://server.example.com -b "dc=example,dc=com" user create --uid="example" --cn="example" --uidNumber="1000" --gidNumber="1000" --homeDirectory="/home/example/" --displayName="Example User"

Set a password on the user account:

# dsidm -D "cn=Directory Manager" ldap://server.example.com -b "dc=example,dc=com" account reset_password "uid=example,ou=People,dc=example,dc=com" "password"

Add the uid=example,ou=People,dc=example,dc=com user to the cn=backup_users,ou=groups,dc=example,dc=com group:

# dsidm -D "cn=Directory Manager" ldap://server.example.com -b "dc=example,dc=com" group add_member backup_users uid=example,ou=People,dc=example,dc=com

Verification

Display the ACIs set on the cn=config entry:

# ldapsearch -o ldif-wrap=no -LLLx -D "cn=directory manager" -W -H ldap://server.example.com -b cn=config aci=* aci -s base
dn: cn=config
aci: (target = "ldap:///cn=backup,cn=tasks,cn=config")(targetattr="*")(version 3.0 ; acl "permission: Allow backup_users group to create backup tasks" ; allow (add, read, search) groupdn = "ldap:///cn=backup_users,ou=groups,dc=example,dc=com";)
aci: (target = "ldap:///cn=config")(targetattr = "nsslapd-bakdir || objectClass")(version 3.0 ; acl "permission: Allow backup_users group to access bakdir attribute" ; allow (read,search) groupdn = "ldap:///cn=backup_users,ou=groups,dc=example,dc=com";)
...

6.3.4.2. Performing a Backup as a Regular User

You can perform backups as a regular user instead of cn=Directory Manager.

Prerequisites

You enabled members of the cn=backup_users,ou=groups,dc=example,dc=com group to perform backups. See Section 6.3.4.1, “Enabling a Group to Back up Directory Server”.
The user you use to perform the backup is a member of the cn=backup_users,ou=groups,dc=example,dc=com group.

Procedure

Create a backup task using one of the following methods:

Using the dsconf backup create command:

# dsconf -D uid=example,ou=People,dc=example,dc=com ldap://server.example.com backup create

By manually creating the task:

# ldapadd -D uid=example,ou=People,dc=example,dc=com -W -H ldap://server.example.com

dn: cn=backup-2021_07_23_12:55_00,cn=backup,cn=tasks,cn=config
changetype: add
objectClass: extensibleObject
nsarchivedir: /var/lib/dirsrv/slapd-instance_name/bak/backup-2021_07_23_12:55_00
nsdatabasetype: ldbm database
cn: backup-2021_07_23_12:55_00

Verification

Verify that the backup was created:

# ls -l /var/lib/dirsrv/slapd-instance_name/bak/
total 0
drwx------. 3 dirsrv dirsrv 108 Jul 23 12:55 backup-2021_07_23_12_55_00
...

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

6.3. Backing up Directory Server

6.3.1. Backing up All Databases Using the Command Line

6.3.1.1. Backing up All Databases While the Server is Running

6.3.1.1.1. Backing up All Databases Using the `dsconf backup create` Command

6.3.1.1.2. Backing up All Databases Using a `cn=tasks` entry

6.3.1.2. Backing up All Databases While the Server is Offline

6.3.2. Backup up all Databases Using the Web Console

6.3.3. Backing up Configuration Files, the Certificate Database, and Custom Schema Files

6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members

6.3.4.1. Enabling a Group to Back up Directory Server

Procedure

Verification

6.3.4.2. Performing a Backup as a Regular User

Prerequisites

Procedure

Verification

Language and Page Formatting Options

6.3. Backing up Directory Server

6.3.1. Backing up All Databases Using the Command Line

6.3.1.1. Backing up All Databases While the Server is Running

6.3.1.1.1. Backing up All Databases Using the dsconf backup create Command

6.3.1.1.2. Backing up All Databases Using a cn=tasks entry

6.3.1.2. Backing up All Databases While the Server is Offline

6.3.2. Backup up all Databases Using the Web Console

6.3.3. Backing up Configuration Files, the Certificate Database, and Custom Schema Files

6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members

6.3.4.1. Enabling a Group to Back up Directory Server

Procedure

Verification

6.3.4.2. Performing a Backup as a Regular User

Prerequisites

Procedure

Verification

6.3.1.1.1. Backing up All Databases Using the `dsconf backup create` Command

6.3.1.1.2. Backing up All Databases Using a `cn=tasks` entry