Jump To Close Expand all Collapse all Table of contents Administration Guide Making Open Source More Inclusive 1. General Directory Server Management Tasks Expand section "1. General Directory Server Management Tasks" Collapse section "1. General Directory Server Management Tasks" 1.1. System Requirements 1.2. File Locations 1.3. Supported Methods to Configure Directory Server 1.4. Logging Into Directory Server Using the Web Console 1.5. Starting and Stopping a Directory Server Instance Expand section "1.5. Starting and Stopping a Directory Server Instance" Collapse section "1.5. Starting and Stopping a Directory Server Instance" 1.5.1. Starting and Stopping a Directory Server Instance Using the Command Line 1.5.2. Starting and Stopping a Directory Server Instance Using the Web Console 1.6. Creating a New Directory Server Instance 1.7. Removing a Directory Server Instance Expand section "1.7. Removing a Directory Server Instance" Collapse section "1.7. Removing a Directory Server Instance" 1.7.1. Removing an Instance Using the Command Line 1.7.2. Removing an Instance Using the Web Console 1.8. Setting Directory Server Configuration Parameters Expand section "1.8. Setting Directory Server Configuration Parameters" Collapse section "1.8. Setting Directory Server Configuration Parameters" 1.8.1. Managing Configuration Parameters 1.8.2. Where Directory Server Stores its Configuration 1.8.3. Benefits of Using Default Values Expand section "1.8.3. Benefits of Using Default Values" Collapse section "1.8.3. Benefits of Using Default Values" 1.8.3.1. Removing a Parameter to Use the Default Value 1.8.4. The dsconf config backend command limitations 1.9. Changing the LDAP and LDAPS Port Numbers Expand section "1.9. Changing the LDAP and LDAPS Port Numbers" Collapse section "1.9. Changing the LDAP and LDAPS Port Numbers" 1.9.1. Changing the Port Numbers Using the Command Line 1.9.2. Changing the Port Numbers Using the Web Console 1.10. Using Directory Server Plug-ins Expand section "1.10. Using Directory Server Plug-ins" Collapse section "1.10. Using Directory Server Plug-ins" 1.10.1. Listing Available Plug-ins Expand section "1.10.1. Listing Available Plug-ins" Collapse section "1.10.1. Listing Available Plug-ins" 1.10.1.1. Listing Available Plug-ins Using the Command Line 1.10.1.2. Listing Available Plug-ins Using the Web Console 1.10.2. Enabling and Disabling Plug-ins Expand section "1.10.2. Enabling and Disabling Plug-ins" Collapse section "1.10.2. Enabling and Disabling Plug-ins" 1.10.2.1. Enabling and Disabling Plug-ins Using the Command Line 1.10.2.2. Enabling and Disabling Plug-ins Using the Web Console 1.10.3. Configuring Plug-ins Expand section "1.10.3. Configuring Plug-ins" Collapse section "1.10.3. Configuring Plug-ins" 1.10.3.1. Configuring Plug-ins Using the Command Line 1.10.3.2. Configuring Plug-ins Using the Web Console 1.10.4. Setting the Plug-in Precedence Expand section "1.10.4. Setting the Plug-in Precedence" Collapse section "1.10.4. Setting the Plug-in Precedence" 1.10.4.1. Setting the Plug-in Precedence Using the Command Line 1.10.4.2. Setting the Plug-in Precedence Using the Web Console 1.11. Creating and Using a .dsrc File to Set Default Options for Directory Server Command-line Utilities Expand section "1.11. Creating and Using a .dsrc File to Set Default Options for Directory Server Command-line Utilities" Collapse section "1.11. Creating and Using a .dsrc File to Set Default Options for Directory Server Command-line Utilities" 1.11.1. How a .dsrc File Simplifies Commands 1.11.2. Using the dsctl Utility to Create a .dsrc File 1.11.3. Remote and Local Connection Resolution When Using Directory Server Utilities 2. Configuring Directory Databases Expand section "2. Configuring Directory Databases" Collapse section "2. Configuring Directory Databases" 2.1. Creating and Maintaining Suffixes Expand section "2.1. Creating and Maintaining Suffixes" Collapse section "2.1. Creating and Maintaining Suffixes" 2.1.1. Creating Suffixes Expand section "2.1.1. Creating Suffixes" Collapse section "2.1.1. Creating Suffixes" 2.1.1.1. Creating a Root Suffix Expand section "2.1.1.1. Creating a Root Suffix" Collapse section "2.1.1.1. Creating a Root Suffix" 2.1.1.1.1. Creating a Root Suffix Using the Command Line 2.1.1.1.2. Creating a Root Suffix Using the Web Console 2.1.1.2. Creating a Sub-suffix Expand section "2.1.1.2. Creating a Sub-suffix" Collapse section "2.1.1.2. Creating a Sub-suffix" 2.1.1.2.1. Creating a Sub-suffix Using the Command Line 2.1.1.2.2. Creating a Sub-suffix Using the Web Console 2.1.2. Maintaining Suffixes Expand section "2.1.2. Maintaining Suffixes" Collapse section "2.1.2. Maintaining Suffixes" 2.1.2.1. Viewing the Default Naming Context 2.1.2.2. Disabling a Suffix Expand section "2.1.2.2. Disabling a Suffix" Collapse section "2.1.2.2. Disabling a Suffix" 2.1.2.2.1. Disabling a Suffix Using the Command Line 2.1.2.3. Deleting a Suffix Expand section "2.1.2.3. Deleting a Suffix" Collapse section "2.1.2.3. Deleting a Suffix" 2.1.2.3.1. Deleting a Suffix Using the Command Line 2.1.2.3.2. Deleting a Suffix Using the Web Console 2.2. Creating and Maintaining Databases Expand section "2.2. Creating and Maintaining Databases" Collapse section "2.2. Creating and Maintaining Databases" 2.2.1. Creating Databases Expand section "2.2.1. Creating Databases" Collapse section "2.2.1. Creating Databases" 2.2.1.1. Creating a New Database for a Single Suffix Using the Command Line 2.2.1.2. Adding Multiple Databases for a Single Suffix 2.2.2. Maintaining Directory Databases Expand section "2.2.2. Maintaining Directory Databases" Collapse section "2.2.2. Maintaining Directory Databases" 2.2.2.1. Setting a Database in Read-Only Mode Expand section "2.2.2.1. Setting a Database in Read-Only Mode" Collapse section "2.2.2.1. Setting a Database in Read-Only Mode" 2.2.2.1.1. Setting a Database in Read-only Mode Using the Command Line 2.2.2.1.2. Setting a Database in Read-only Mode Using the Web Console 2.2.2.2. Placing the Entire Directory Server in Read-Only Mode Expand section "2.2.2.2. Placing the Entire Directory Server in Read-Only Mode" Collapse section "2.2.2.2. Placing the Entire Directory Server in Read-Only Mode" 2.2.2.2.1. Placing the Entire Directory Server in Read-Only Mode Using the Command Line 2.2.2.2.2. Placing the Entire Directory Server in Read-Only Mode Using the Web Console 2.2.2.3. Deleting a Database Expand section "2.2.2.3. Deleting a Database" Collapse section "2.2.2.3. Deleting a Database" 2.2.2.3.1. Deleting a Database Using the Command Line 2.2.2.3.2. Deleting a Database Using the Web Console 2.2.2.4. Changing the Transaction Log Directory 2.3. Creating and Maintaining Database Links Expand section "2.3. Creating and Maintaining Database Links" Collapse section "2.3. Creating and Maintaining Database Links" 2.3.1. Creating a New Database Link Expand section "2.3.1. Creating a New Database Link" Collapse section "2.3.1. Creating a New Database Link" 2.3.1.1. Creating a New Database Link Using the Command Line 2.3.1.2. Creating a New Database Link Using the Web Console 2.3.1.3. Managing the Default Configuration for New Database Links 2.3.1.4. Additional Information on Required Settings When Creating a Database Link 2.3.2. Configuring the Chaining Policy Expand section "2.3.2. Configuring the Chaining Policy" Collapse section "2.3.2. Configuring the Chaining Policy" 2.3.2.1. Chaining Component Operations Expand section "2.3.2.1. Chaining Component Operations" Collapse section "2.3.2.1. Chaining Component Operations" 2.3.2.1.1. Chaining Component Operations Using the Command Line 2.3.2.1.2. Chaining Component Operations Using the Web Console 2.3.2.2. Chaining LDAP Controls Expand section "2.3.2.2. Chaining LDAP Controls" Collapse section "2.3.2.2. Chaining LDAP Controls" 2.3.2.2.1. Chaining LDAP Controls Using the Command Line 2.3.2.2.2. Chaining LDAP Controls Using the Web Console 2.3.3. Database Links and Access Control Evaluation 2.4. Configuring Cascading Chaining Expand section "2.4. Configuring Cascading Chaining" Collapse section "2.4. Configuring Cascading Chaining" 2.4.1. Overview of Cascading Chaining 2.4.2. Configuring Cascading Chaining Using the Command Line 2.4.3. Detecting Loops 2.5. Using Referrals Expand section "2.5. Using Referrals" Collapse section "2.5. Using Referrals" 2.5.1. Starting the Server in Referral Mode 2.5.2. Setting Default Referrals Expand section "2.5.2. Setting Default Referrals" Collapse section "2.5.2. Setting Default Referrals" 2.5.2.1. Setting a Default Referral Using the Command Line 2.5.3. Creating Smart Referrals Expand section "2.5.3. Creating Smart Referrals" Collapse section "2.5.3. Creating Smart Referrals" 2.5.3.1. Creating Smart Referrals Using the Command Line 2.5.4. Creating Suffix Referrals Expand section "2.5.4. Creating Suffix Referrals" Collapse section "2.5.4. Creating Suffix Referrals" 2.5.4.1. Creating Suffix Referrals Using the Command Line 2.5.4.2. Creating Suffix Referrals Using the Web Console 2.6. Verifying the Integrity of Back-end Databases 3. Managing Directory Entries Expand section "3. Managing Directory Entries" Collapse section "3. Managing Directory Entries" 3.1. Managing Directory Entries Using the Command Line Expand section "3.1. Managing Directory Entries Using the Command Line" Collapse section "3.1. Managing Directory Entries Using the Command Line" 3.1.1. Providing Input to the ldapadd, ldapmodify, and ldapdelete Utilities Expand section "3.1.1. Providing Input to the ldapadd, ldapmodify, and ldapdelete Utilities" Collapse section "3.1.1. Providing Input to the ldapadd, ldapmodify, and ldapdelete Utilities" 3.1.1.1. Providing Input Using the Interactive Mode 3.1.1.2. Providing Input Using an LDIF File 3.1.2. The Continuous Operation Mode 3.1.3. Adding an Entry Expand section "3.1.3. Adding an Entry" Collapse section "3.1.3. Adding an Entry" 3.1.3.1. Adding an Entry Using ldapadd 3.1.3.2. Adding an Entry Using ldapmodify 3.1.3.3. Creating a Root Entry 3.1.4. Updating a Directory Entry Expand section "3.1.4. Updating a Directory Entry" Collapse section "3.1.4. Updating a Directory Entry" 3.1.4.1. Adding Attributes to an Entry 3.1.4.2. Updating an Attribute's Value 3.1.4.3. Deleting Attributes from an Entry 3.1.5. Deleting an Entry Expand section "3.1.5. Deleting an Entry" Collapse section "3.1.5. Deleting an Entry" 3.1.5.1. Deleting an Entry Using ldapdelete 3.1.5.2. Deleting an Entry Using ldapmodify 3.1.6. Renaming and Moving an Entry Expand section "3.1.6. Renaming and Moving an Entry" Collapse section "3.1.6. Renaming and Moving an Entry" 3.1.6.1. Considerations for Renaming Entries 3.1.6.2. Renaming Users, Groups, POSIX Groups, and OUs 3.1.6.3. The deleteOldRDN Parameter When Renaming Entries Using LDIF Statements 3.1.6.4. Renaming an Entry or Subtree Using LDIF Statements 3.1.6.5. Moving an Entry to a New Parent Using LDIF Statements 3.1.7. Using Special Characters 3.1.8. Using Binary Attributes 3.1.9. Updating an Entry in an Internationalized Directory 3.2. Managing Directory Entries Using the Web Console Expand section "3.2. Managing Directory Entries Using the Web Console" Collapse section "3.2. Managing Directory Entries Using the Web Console" 3.2.1. Adding an LDAP Entry Using the Web Console 3.2.2. Editing an LDAP Entry Using the Web Console 3.2.3. Renaming and Relocating an LDAP Entry or Subtree Using the Web Console 3.2.4. Deleting an LDAP Entry Using the Web Console 4. Tracking Modifications to Directory Entries Expand section "4. Tracking Modifications to Directory Entries" Collapse section "4. Tracking Modifications to Directory Entries" 4.1. Tracking Modifications to the Database through Update Sequence Numbers Expand section "4.1. Tracking Modifications to the Database through Update Sequence Numbers" Collapse section "4.1. Tracking Modifications to the Database through Update Sequence Numbers" 4.1.1. An Overview of the Entry Sequence Numbers Expand section "4.1.1. An Overview of the Entry Sequence Numbers" Collapse section "4.1.1. An Overview of the Entry Sequence Numbers" 4.1.1.1. Local and Global USNs 4.1.1.2. Importing USN Entries 4.1.2. Enabling the USN Plug-in Expand section "4.1.2. Enabling the USN Plug-in" Collapse section "4.1.2. Enabling the USN Plug-in" 4.1.2.1. Enabling the USN Plug-in Using the Command Line 4.1.2.2. Enabling the USN Plug-in Using the Web Console 4.1.3. Global USNs Expand section "4.1.3. Global USNs" Collapse section "4.1.3. Global USNs" 4.1.3.1. Identifying Whether Global USNs are Enabled Expand section "4.1.3.1. Identifying Whether Global USNs are Enabled" Collapse section "4.1.3.1. Identifying Whether Global USNs are Enabled" 4.1.3.1.1. Identifying Whether Global USNs are Enabled Using the Command Line 4.1.3.1.2. Identifying Whether Global USNs are Enabled Using the Web Console 4.1.3.2. Enabling Global USNs Expand section "4.1.3.2. Enabling Global USNs" Collapse section "4.1.3.2. Enabling Global USNs" 4.1.3.2.1. Enabling Global USNs Using the Command Line 4.1.3.2.2. Enabling Global USNs Using the Web Console 4.1.4. Cleaning up USN Tombstone Entries Expand section "4.1.4. Cleaning up USN Tombstone Entries" Collapse section "4.1.4. Cleaning up USN Tombstone Entries" 4.1.4.1. Cleaning up USN Tombstone Entries Using the Command Line 4.1.4.2. Cleaning up USN Tombstone Entries Using the Web Console 4.2. Tracking Entry Modifications through Operational Attributes Expand section "4.2. Tracking Entry Modifications through Operational Attributes" Collapse section "4.2. Tracking Entry Modifications through Operational Attributes" 4.2.1. Entries Modified or Created by a Database Link 4.2.2. Enabling Tracking of Modifications Expand section "4.2.2. Enabling Tracking of Modifications" Collapse section "4.2.2. Enabling Tracking of Modifications" 4.2.2.1. Enabling Tracking Of Modifications Using the Command Line 4.3. Tracking the Bind DN for Plug-in Initiated Updates Expand section "4.3. Tracking the Bind DN for Plug-in Initiated Updates" Collapse section "4.3. Tracking the Bind DN for Plug-in Initiated Updates" 4.3.1. Enabling Tracking the Bind DN for Plug-in Initiated Updates Using the Command Line 4.3.2. Enabling Tracking the Bind DN for Plug-in Initiated Updates Using the Web Console 4.4. Tracking Password Change Times 5. Maintaining Referential Integrity Expand section "5. Maintaining Referential Integrity" Collapse section "5. Maintaining Referential Integrity" 5.1. How Referential Integrity Works 5.2. Using Referential Integrity with Replication 5.3. Enabling Referential Integrity Expand section "5.3. Enabling Referential Integrity" Collapse section "5.3. Enabling Referential Integrity" 5.3.1. Enabling Referential Integrity Using the Command Line 5.3.2. Enabling Referential Integrity Using the Web Console 5.4. The Referential Integrity Update Interval Expand section "5.4. The Referential Integrity Update Interval" Collapse section "5.4. The Referential Integrity Update Interval" 5.4.1. Displaying the Update Interval Using the Command Line 5.4.2. Displaying the Update Interval Using the Web Console 5.4.3. Modifying the Update Interval Using the Command Line 5.4.4. Modifying the Update Interval Using the Web Console 5.5. Displaying and Modifying the Attribute List Expand section "5.5. Displaying and Modifying the Attribute List" Collapse section "5.5. Displaying and Modifying the Attribute List" 5.5.1. Displaying the Attribute List Using the Command Line 5.5.2. Displaying the Attribute List Using the Web Console 5.5.3. Configuring the Attribute List Using the Command Line 5.5.4. Configuring the Attribute List Using the Web Console 5.6. Configuring Scope for the Referential Integrity Expand section "5.6. Configuring Scope for the Referential Integrity" Collapse section "5.6. Configuring Scope for the Referential Integrity" 5.6.1. Parameters That Control the Referential Integrity Scope 5.6.2. Displaying the Referential Integrity Scope Using the Command Line 5.6.3. Displaying the Referential Integrity Scope Using the Web Console 5.6.4. Configuring the Referential Integrity Scope Using the Command Line 5.6.5. Configuring the Referential Integrity Scope Using the Web Console 6. Populating Directory Databases Expand section "6. Populating Directory Databases" Collapse section "6. Populating Directory Databases" 6.1. Importing Data Expand section "6.1. Importing Data" Collapse section "6.1. Importing Data" 6.1.1. Setting EntryUSN Initial Values During Import 6.1.2. Importing Using the Command Line Expand section "6.1.2. Importing Using the Command Line" Collapse section "6.1.2. Importing Using the Command Line" 6.1.2.1. Importing Data While the Server is Running Expand section "6.1.2.1. Importing Data While the Server is Running" Collapse section "6.1.2.1. Importing Data While the Server is Running" 6.1.2.1.1. Importing Using the dsconf backend import Command 6.1.2.1.2. Importing Data Using a cn=tasks Entry 6.1.2.2. Importing Data While the Server is Offline 6.1.3. Importing Data Using the Web Console 6.2. Exporting Data Expand section "6.2. Exporting Data" Collapse section "6.2. Exporting Data" 6.2.1. Exporting Data into an LDIF File Using the Command Line Expand section "6.2.1. Exporting Data into an LDIF File Using the Command Line" Collapse section "6.2.1. Exporting Data into an LDIF File Using the Command Line" 6.2.1.1. Exporting a Database While the Server is Running Expand section "6.2.1.1. Exporting a Database While the Server is Running" Collapse section "6.2.1.1. Exporting a Database While the Server is Running" 6.2.1.1.1. Exporting a Databases Using the dsconf backend export Command 6.2.1.1.2. Exporting a Database Using a cn=tasks Entry 6.2.1.2. Exporting a Database While the Server is Offline 6.2.2. Exporting a Suffix to an LDIF File Using the Web Console 6.2.3. Enabling Members of a Group to Export Data and Performing the Export as One of the Group Members Expand section "6.2.3. Enabling Members of a Group to Export Data and Performing the Export as One of the Group Members" Collapse section "6.2.3. Enabling Members of a Group to Export Data and Performing the Export as One of the Group Members" 6.2.3.1. Enabling a Group to Export Data 6.2.3.2. Performing an Export as a Regular User 6.3. Backing up Directory Server Expand section "6.3. Backing up Directory Server" Collapse section "6.3. Backing up Directory Server" 6.3.1. Backing up All Databases Using the Command Line Expand section "6.3.1. Backing up All Databases Using the Command Line" Collapse section "6.3.1. Backing up All Databases Using the Command Line" 6.3.1.1. Backing up All Databases While the Server is Running Expand section "6.3.1.1. Backing up All Databases While the Server is Running" Collapse section "6.3.1.1. Backing up All Databases While the Server is Running" 6.3.1.1.1. Backing up All Databases Using the dsconf backup create Command 6.3.1.1.2. Backing up All Databases Using a cn=tasks entry 6.3.1.2. Backing up All Databases While the Server is Offline 6.3.2. Backup up all Databases Using the Web Console 6.3.3. Backing up Configuration Files, the Certificate Database, and Custom Schema Files 6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members Expand section "6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members" Collapse section "6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members" 6.3.4.1. Enabling a Group to Back up Directory Server 6.3.4.2. Performing a Backup as a Regular User 6.4. Restoring Directory Server Expand section "6.4. Restoring Directory Server" Collapse section "6.4. Restoring Directory Server" 6.4.1. Restoring All Databases Using the Command Line Expand section "6.4.1. Restoring All Databases Using the Command Line" Collapse section "6.4.1. Restoring All Databases Using the Command Line" 6.4.1.1. Restoring All Databases While the Server is Running Expand section "6.4.1.1. Restoring All Databases While the Server is Running" Collapse section "6.4.1.1. Restoring All Databases While the Server is Running" 6.4.1.1.1. Restoring All Databases Using the dsconf backup restore Command 6.4.1.1.2. Restoring all Databases Using a cn=tasks entry 6.4.1.2. Restoring all Databases While the Server is Offline 6.4.2. Restoring All Databases Using the Web Console 6.4.3. Restoring Databases That Include Replicated Entries 7. Managing Attributes and Values Expand section "7. Managing Attributes and Values" Collapse section "7. Managing Attributes and Values" 7.1. Enforcing Attribute Uniqueness Expand section "7.1. Enforcing Attribute Uniqueness" Collapse section "7.1. Enforcing Attribute Uniqueness" 7.1.1. Creating a New Configuration Record of the Attribute Uniqueness Plug-in 7.1.2. Configuring Attribute Uniqueness over Suffixes or Subtrees Expand section "7.1.2. Configuring Attribute Uniqueness over Suffixes or Subtrees" Collapse section "7.1.2. Configuring Attribute Uniqueness over Suffixes or Subtrees" 7.1.2.1. Configuring Attribute Uniqueness over Suffixes or Subtrees Using the Command Line 7.1.2.2. Configuring Attribute Uniqueness over Suffixes or Subtrees Using the Web Console 7.1.3. Configuring Attribute Uniqueness over Object Classes 7.1.4. Attribute Uniqueness Plug-in Configuration Parameters 7.2. Assigning Class of Service Expand section "7.2. Assigning Class of Service" Collapse section "7.2. Assigning Class of Service" 7.2.1. About the CoS Definition Entry 7.2.2. About the CoS Template Entry 7.2.3. How a Pointer CoS Works 7.2.4. How an Indirect CoS Works 7.2.5. How a Classic CoS Works 7.2.6. Handling Physical Attribute Values 7.2.7. Handling Multi-valued Attributes with CoS 7.2.8. Searches for CoS-Specified Attributes 7.2.9. Access Control and CoS 7.2.10. Managing CoS from the Command Line Expand section "7.2.10. Managing CoS from the Command Line" Collapse section "7.2.10. Managing CoS from the Command Line" 7.2.10.1. Creating the CoS Definition Entry from the Command Line 7.2.10.2. Creating the CoS Template Entry from the Command Line 7.2.10.3. Example of a Pointer CoS 7.2.10.4. Example of an Indirect CoS 7.2.10.5. Example of a Classic CoS 7.2.10.6. Searching for CoS Entries 7.2.10.7. The costargettree attribute 7.2.11. Creating Role-Based Attributes 7.3. Linking Attributes to Manage Attribute Values Expand section "7.3. Linking Attributes to Manage Attribute Values" Collapse section "7.3. Linking Attributes to Manage Attribute Values" 7.3.1. About Linking Attributes 7.3.2. Looking at the Linking Attributes Plug-in Syntax 7.3.3. Configuring Attribute Links 7.3.4. Cleaning up Attribute Links Expand section "7.3.4. Cleaning up Attribute Links" Collapse section "7.3.4. Cleaning up Attribute Links" 7.3.4.1. Regenerating Linked Attributes 7.3.4.2. Regenerating Linked Attributes Using ldapmodify 7.4. Assigning and Managing Unique Numeric Attribute Values Expand section "7.4. Assigning and Managing Unique Numeric Attribute Values" Collapse section "7.4. Assigning and Managing Unique Numeric Attribute Values" 7.4.1. About Dynamic Number Assignments Expand section "7.4.1. About Dynamic Number Assignments" Collapse section "7.4.1. About Dynamic Number Assignments" 7.4.1.1. Filters, Searches, and Target Entries 7.4.1.2. Ranges and Assigning Numbers 7.4.1.3. Multiple Attributes in the Same Range 7.4.2. Looking at the DNA Plug-in Syntax 7.4.3. Configuring Unique Number Assignments Expand section "7.4.3. Configuring Unique Number Assignments" Collapse section "7.4.3. Configuring Unique Number Assignments" 7.4.3.1. Creating a New Instance of the DNA Plug-in 7.4.3.2. Configuring Unique Number Assignments Using the Command Line 7.4.3.3. Configuring Unique Number Assignments Using the Web Console 7.4.4. Distributed Number Assignment Plug-in Performance Notes 8. Organizing and Grouping Entries Expand section "8. Organizing and Grouping Entries" Collapse section "8. Organizing and Grouping Entries" 8.1. Using Groups Expand section "8.1. Using Groups" Collapse section "8.1. Using Groups" 8.1.1. The Different Types of Groups 8.1.2. Creating a Static Group Expand section "8.1.2. Creating a Static Group" Collapse section "8.1.2. Creating a Static Group" 8.1.2.1. Creating a Static Group Using the Command Line 8.1.3. Creating a Dynamic Group Expand section "8.1.3. Creating a Dynamic Group" Collapse section "8.1.3. Creating a Dynamic Group" 8.1.3.1. Creating a Dynamic Group Using the Command Line 8.1.4. Listing Group Membership in User Entries Expand section "8.1.4. Listing Group Membership in User Entries" Collapse section "8.1.4. Listing Group Membership in User Entries" 8.1.4.1. Considerations When Using the memberOf Plug-in 8.1.4.2. Required Object Classes by the memberOf Plug-In 8.1.4.3. The MemberOf Plug-in Syntax 8.1.4.4. Enabling the MemberOf Plug-in Expand section "8.1.4.4. Enabling the MemberOf Plug-in" Collapse section "8.1.4.4. Enabling the MemberOf Plug-in" 8.1.4.4.1. Enabling the MemberOf Plug-in Using the Command Line 8.1.4.4.2. Enabling the MemberOf Plug-in Using the Web Console 8.1.4.5. Configuring the MemberOf Plug-in on Each Server Expand section "8.1.4.5. Configuring the MemberOf Plug-in on Each Server" Collapse section "8.1.4.5. Configuring the MemberOf Plug-in on Each Server" 8.1.4.5.1. Configuring the MemberOf Plug-in on Each Server Using the Command Line 8.1.4.5.2. Configuring the MemberOf Plug-in on Each Server Using the Web Console 8.1.4.6. Using the MemberOf Plug-in Shared Configuration 8.1.4.7. Setting the Scope of the MemberOf Plug-in 8.1.4.8. Regenerating memberOf Values 8.1.5. Automatically Adding Entries to Specified Groups Expand section "8.1.5. Automatically Adding Entries to Specified Groups" Collapse section "8.1.5. Automatically Adding Entries to Specified Groups" 8.1.5.1. Looking at the Structure of an Automembership Rule Expand section "8.1.5.1. Looking at the Structure of an Automembership Rule" Collapse section "8.1.5.1. Looking at the Structure of an Automembership Rule" 8.1.5.1.1. The Automembership Configuration Entry 8.1.5.1.2. Additional Regular Expression Entries 8.1.5.2. Configuring Auto Membership Definitions Expand section "8.1.5.2. Configuring Auto Membership Definitions" Collapse section "8.1.5.2. Configuring Auto Membership Definitions" 8.1.5.2.1. Configuring Auto Membership Definitions Using the Command Line 8.1.5.2.2. Configuring Auto Membership Definitions Using the Web Console 8.1.5.3. Updating Existing Entries to apply Auto Membership Definitions 8.1.5.4. Examples of Automembership Rules 8.1.5.5. Testing Automembership Definitions 8.1.5.6. Canceling the Auto Membership Plug-in Task 8.2. Using Roles Expand section "8.2. Using Roles" Collapse section "8.2. Using Roles" 8.2.1. About Roles 8.2.2. Managing Roles Using the Command Line Expand section "8.2.2. Managing Roles Using the Command Line" Collapse section "8.2.2. Managing Roles Using the Command Line" 8.2.2.1. Creating a Managed Role Expand section "8.2.2.1. Creating a Managed Role" Collapse section "8.2.2.1. Creating a Managed Role" 8.2.2.1.1. Creating Managed Roles through the Command Line 8.2.2.2. Creating a Filtered Role Expand section "8.2.2.2. Creating a Filtered Role" Collapse section "8.2.2.2. Creating a Filtered Role" 8.2.2.2.1. Creating a Filtered Role through the Command Line 8.2.2.3. Creating a Nested Role Expand section "8.2.2.3. Creating a Nested Role" Collapse section "8.2.2.3. Creating a Nested Role" 8.2.2.3.1. Creating Nested Role through the Command Line 8.2.2.4. Viewing Roles for an Entry through the Command Line 8.2.2.5. About Deleting Roles 8.2.3. Managing Roles in Directory Server Using the LDAP Browser Expand section "8.2.3. Managing Roles in Directory Server Using the LDAP Browser" Collapse section "8.2.3. Managing Roles in Directory Server Using the LDAP Browser" 8.2.3.1. Creating a role in the LDAP browser 8.2.3.2. Modifying a Role in the LDAP browser 8.2.3.3. Deleting a Role in the LDAP browser 8.2.4. Using Roles Securely 8.3. Automatically Creating Dual Entries Expand section "8.3. Automatically Creating Dual Entries" Collapse section "8.3. Automatically Creating Dual Entries" 8.3.1. About Managed Entries Expand section "8.3.1. About Managed Entries" Collapse section "8.3.1. About Managed Entries" 8.3.1.1. About the Instance Definition Entry 8.3.1.2. About the Template Entry 8.3.1.3. Entry Attributes Written by the Managed Entries Plug-in 8.3.1.4. Managed Entries Plug-in and Directory Server Operations 8.3.2. Creating the Managed Entries Template Entry 8.3.3. Creating the Managed Entries Instance Definition 8.3.4. Putting Managed Entries Plug-in Configuration in a Replicated Database 8.4. Using Views Expand section "8.4. Using Views" Collapse section "8.4. Using Views" 8.4.1. About Views 8.4.2. Creating Views from the Command Line 8.4.3. Improving Views Performance 8.5. Managing Organizational Units 9. Configuring Secure Connections Expand section "9. Configuring Secure Connections" Collapse section "9. Configuring Secure Connections" 9.1. Requiring Secure Connections 9.2. Setting a Minimum Strength Factor 9.3. Managing the NSS Database Used by Directory Server Expand section "9.3. Managing the NSS Database Used by Directory Server" Collapse section "9.3. Managing the NSS Database Used by Directory Server" 9.3.1. Creating a Certificate Signing Request Expand section "9.3.1. Creating a Certificate Signing Request" Collapse section "9.3.1. Creating a Certificate Signing Request" 9.3.1.1. Creating a Certificate Signing Request Using the Command Line 9.3.2. Installing a CA Certificate Expand section "9.3.2. Installing a CA Certificate" Collapse section "9.3.2. Installing a CA Certificate" 9.3.2.1. Installing a CA Certificate Using the Command Line 9.3.2.2. Installing a CA Certificate Using the Web Console 9.3.3. Importing a Private Key and Server Certificate 9.3.4. Installing a Server Certificate Expand section "9.3.4. Installing a Server Certificate" Collapse section "9.3.4. Installing a Server Certificate" 9.3.4.1. Installing a Server Certificate Using the Command Line 9.3.4.2. Installing a Server Certificate Using the Web Console 9.3.5. Generating and Installing a Self-signed Certificate 9.3.6. Renewing a Certificate Expand section "9.3.6. Renewing a Certificate" Collapse section "9.3.6. Renewing a Certificate" 9.3.6.1. Renewing a Certificate Using the Command Line 9.3.7. Removing a Certificate Expand section "9.3.7. Removing a Certificate" Collapse section "9.3.7. Removing a Certificate" 9.3.7.1. Removing a Certificate Using the Command Line 9.3.7.2. Removing a Certificate Using the Web Console 9.3.8. Removing a Private Key Expand section "9.3.8. Removing a Private Key" Collapse section "9.3.8. Removing a Private Key" 9.3.8.1. Removing a Private Key Using the Command Line 9.3.9. Changing the CA Trust Options Expand section "9.3.9. Changing the CA Trust Options" Collapse section "9.3.9. Changing the CA Trust Options" 9.3.9.1. Changing the CA Trust Options Using the Command Line 9.3.9.2. Changing the CA Trust Options Using the Web Console 9.3.10. Changing the Password of the NSS Database Expand section "9.3.10. Changing the Password of the NSS Database" Collapse section "9.3.10. Changing the Password of the NSS Database" 9.3.10.1. Changing the Password of the NSS Database Using the Command Line 9.4. Enabling TLS Expand section "9.4. Enabling TLS" Collapse section "9.4. Enabling TLS" 9.4.1. Enabling TLS in Directory Server Expand section "9.4.1. Enabling TLS in Directory Server" Collapse section "9.4.1. Enabling TLS in Directory Server" 9.4.1.1. Enabling TLS in Directory Server Using the Command Line 9.4.1.2. Enabling TLS in Directory Server Using the Web Console 9.4.1.3. Setting Encryption Ciphers Expand section "9.4.1.3. Setting Encryption Ciphers" Collapse section "9.4.1.3. Setting Encryption Ciphers" 9.4.1.3.1. Displaying the Default Ciphers 9.4.1.3.2. Displaying and Setting the Ciphers Used by Directory Server Using the Command Line 9.4.1.3.3. Displaying and Setting the Ciphers Used by Directory Server Using the Web Console 9.4.1.4. Starting Directory Server Without a Password File 9.4.1.5. Creating a Password File for Directory Server 9.4.1.6. Managing How Directory Server Behaves If the Certificate Has Been Expired 9.4.2. Adding the CA Certificate Used By Directory Server to the Trust Store of Red Hat Enterprise Linux 9.5. Displaying the Encryption Protocols Enabled in Directory Server 9.6. Setting the Minimum TLS Encryption Protocol Version 9.7. Setting the Highest TLS Encryption Protocol Version 9.8. Using Hardware Security Modules 9.9. Using Certificate-based Client Authentication Expand section "9.9. Using Certificate-based Client Authentication" Collapse section "9.9. Using Certificate-based Client Authentication" 9.9.1. Setting up Certificate-based Authentication 9.9.2. Adding a Certificate to a User 9.9.3. Forcing the EXTERNAL SASL Mechanism for Bind Requests 9.9.4. Authenticating Using a Certificate 9.10. Setting up SASL Identity Mapping Expand section "9.10. Setting up SASL Identity Mapping" Collapse section "9.10. Setting up SASL Identity Mapping" 9.10.1. About SASL Identity Mapping 9.10.2. Default SASL Mappings for Directory Server 9.10.3. Configuring SASL Identity Mapping Expand section "9.10.3. Configuring SASL Identity Mapping" Collapse section "9.10.3. Configuring SASL Identity Mapping" 9.10.3.1. Configuring SASL Identity Mapping Using the Command Line 9.10.3.2. Configuring SASL Identity Mapping Using the Web Console 9.10.4. Enabling SASL Mapping Fallback Expand section "9.10.4. Enabling SASL Mapping Fallback" Collapse section "9.10.4. Enabling SASL Mapping Fallback" 9.10.4.1. Setting SASL Mapping Priorities 9.11. Using Kerberos GSS-API with SASL Expand section "9.11. Using Kerberos GSS-API with SASL" Collapse section "9.11. Using Kerberos GSS-API with SASL" 9.11.1. Authentication Mechanisms for SASL in Directory Server 9.11.2. About Kerberos in Directory Server Expand section "9.11.2. About Kerberos in Directory Server" Collapse section "9.11.2. About Kerberos in Directory Server" 9.11.2.1. About Principals and Realms 9.11.2.2. About the KDC Server and Keytabs 9.11.3. Configuring SASL Authentication at Directory Server Startup 9.12. Setting SASL Mechanisms 9.13. Using SASL with LDAP Clients 10. Configuring Attribute Encryption Expand section "10. Configuring Attribute Encryption" Collapse section "10. Configuring Attribute Encryption" 10.1. Encryption Keys 10.2. Encryption Ciphers 10.3. Configuring Attribute Encryption Expand section "10.3. Configuring Attribute Encryption" Collapse section "10.3. Configuring Attribute Encryption" 10.3.1. Enabling Encryption of an Attribute Using the Command Line 10.3.2. Enabling Encryption of an Attribute Using the Web Console 10.3.3. Disabling Encryption for an Attribute Using the Command Line 10.3.4. Disabling Encryption of an Attribute Using the Web Console 10.3.5. General Considerations after Enabling Attribute Encryption 10.4. Exporting and Importing an Encrypted Database Expand section "10.4. Exporting and Importing an Encrypted Database" Collapse section "10.4. Exporting and Importing an Encrypted Database" 10.4.1. Exporting an Encrypted Database 10.4.2. Importing an LDIF File into an Encrypted Database 10.5. Updating the TLS Certificates Used for Attribute Encryption 11. Managing FIPS Mode Support 12. Managing the Directory Schema Expand section "12. Managing the Directory Schema" Collapse section "12. Managing the Directory Schema" 12.1. Overview of Schema Expand section "12.1. Overview of Schema" Collapse section "12.1. Overview of Schema" 12.1.1. Default Schema Files 12.1.2. Object Classes 12.1.3. Attributes Expand section "12.1.3. Attributes" Collapse section "12.1.3. Attributes" 12.1.3.1. Directory Server Attribute Syntaxes 12.1.4. Extending the Schema 12.1.5. Schema Replication 12.2. Managing Object Identifiers 12.3. Creating an Object Class Expand section "12.3. Creating an Object Class" Collapse section "12.3. Creating an Object Class" 12.3.1. Creating an Object Class Using the Command Line 12.3.2. Creating an Object Class Using the Web Console 12.4. Updating an Object Class Expand section "12.4. Updating an Object Class" Collapse section "12.4. Updating an Object Class" 12.4.1. Updating an Object Class Using the Command Line 12.4.2. Updating an Object Class Using the Web Console 12.5. Removing an Object Class Expand section "12.5. Removing an Object Class" Collapse section "12.5. Removing an Object Class" 12.5.1. Removing an Object Class Using the Command Line 12.5.2. Removing an Object Class Using the Web Console 12.6. Creating an Attribute Expand section "12.6. Creating an Attribute" Collapse section "12.6. Creating an Attribute" 12.6.1. Creating an Attribute Using the Command Line 12.6.2. Creating an Attribute Using the Web Console 12.7. Updating an attribute Expand section "12.7. Updating an attribute" Collapse section "12.7. Updating an attribute" 12.7.1. Updating an Attribute Using the Command Line 12.7.2. Updating an Attribute Using the Web Console 12.8. Removing an Attribute Expand section "12.8. Removing an Attribute" Collapse section "12.8. Removing an Attribute" 12.8.1. Removing an Attribute Using the Command Line 12.8.2. Removing an Attribute Using the Web Console 12.9. Creating Custom Schema Files 12.10. Dynamically Reloading Schema Expand section "12.10. Dynamically Reloading Schema" Collapse section "12.10. Dynamically Reloading Schema" 12.10.1. Dynamically Reloading the Schema Using the dsconf schema reload Command 12.10.2. Dynamically Reloading the Schema Using a cn=tasks Entry 12.10.3. Reloading The Schema in a Replication Topology 12.10.4. Schema Reload Errors 12.11. Turning Schema Checking On and Off Expand section "12.11. Turning Schema Checking On and Off" Collapse section "12.11. Turning Schema Checking On and Off" 12.11.1. Turning Schema Checking On and Off Using the Command Line 12.11.2. Turning Schema Checking On and Off Using the Web Console 12.12. Using Syntax Validation Expand section "12.12. Using Syntax Validation" Collapse section "12.12. Using Syntax Validation" 12.12.1. About Syntax Validation 12.12.2. Syntax Validation and Other Directory Server Operations Expand section "12.12.2. Syntax Validation and Other Directory Server Operations" Collapse section "12.12.2. Syntax Validation and Other Directory Server Operations" 12.12.2.1. Turning Syntax Validation On and Off Using the Command Line 12.12.2.2. Turning Syntax Validation On and Off Using the Web Console 12.12.3. Enabling or Disabling Strict Syntax Validation for DNs Expand section "12.12.3. Enabling or Disabling Strict Syntax Validation for DNs" Collapse section "12.12.3. Enabling or Disabling Strict Syntax Validation for DNs" 12.12.3.1. Enabling or Disabling Strict Syntax Validation for DNs Using the Command Line 12.12.3.2. Enabling or Disabling Strict Syntax Validation for DNs Using the Web Console 12.12.4. Enabling Syntax Validation Logging Expand section "12.12.4. Enabling Syntax Validation Logging" Collapse section "12.12.4. Enabling Syntax Validation Logging" 12.12.4.1. Enabling Syntax Validation Logging Using the Command Line 12.12.4.2. Enabling Syntax Validation Logging Using the Web Console 12.12.5. Validating the Syntax of Existing Attribute Values Expand section "12.12.5. Validating the Syntax of Existing Attribute Values" Collapse section "12.12.5. Validating the Syntax of Existing Attribute Values" 12.12.5.1. Creating a Syntax Validation Task Using the dsconf schema validate-syntax Command 12.12.5.2. Creating a Syntax Validation Task Using a cn=tasks Entry 13. Managing Indexes Expand section "13. Managing Indexes" Collapse section "13. Managing Indexes" 13.1. About Indexes Expand section "13.1. About Indexes" Collapse section "13.1. About Indexes" 13.1.1. About Index Types 13.1.2. About Default and Database Indexes 13.1.3. Overview of the Searching Algorithm 13.1.4. Approximate Searches 13.1.5. Balancing the Benefits of Indexing 13.1.6. Indexing Limitations 13.2. Creating Standard Indexes Expand section "13.2. Creating Standard Indexes" Collapse section "13.2. Creating Standard Indexes" 13.2.1. Creating Indexes Using the Command Line 13.2.2. Creating Indexes Using the Web Console 13.3. Creating New Indexes to Existing Databases Expand section "13.3. Creating New Indexes to Existing Databases" Collapse section "13.3. Creating New Indexes to Existing Databases" 13.3.1. Creating an Index While the Instance is Running Expand section "13.3.1. Creating an Index While the Instance is Running" Collapse section "13.3.1. Creating an Index While the Instance is Running" 13.3.1.1. Creating an Index Using the dsconf backend index reindex Command 13.3.1.2. Creating an Index Using a cn=tasks Entry 13.3.2. Creating an Index While the Instance Offline 13.4. Using virtual list view control to request a contiguous subset of a large search result Expand section "13.4. Using virtual list view control to request a contiguous subset of a large search result" Collapse section "13.4. Using virtual list view control to request a contiguous subset of a large search result" 13.4.1. How the VLV control works in ldapsearch commands 13.4.2. Enabling unauthenticated users to use the VLV control 13.4.3. Creating a VLV index using the command line to improve the speed of VLV queries 13.4.4. Creating a VLV index using the web console to improve the speed of VLV queries 13.5. Changing the Index Sort Order Expand section "13.5. Changing the Index Sort Order" Collapse section "13.5. Changing the Index Sort Order" 13.5.1. Changing the Sort Order Using the Command Line 13.6. Changing the Width for Indexed Substring Searches 13.7. Deleting Indexes Expand section "13.7. Deleting Indexes" Collapse section "13.7. Deleting Indexes" 13.7.1. Deleting an Attribute from the Default Index Entry 13.7.2. Removing an Attribute from the Index Expand section "13.7.2. Removing an Attribute from the Index" Collapse section "13.7.2. Removing an Attribute from the Index" 13.7.2.1. Removing an Attribute from the Index Using the Command Line 13.7.2.2. Removing an Attribute from the Index Using the Web Console 13.7.3. Deleting Index Types Using the Command Line 13.7.4. Removing Browsing Indexes Expand section "13.7.4. Removing Browsing Indexes" Collapse section "13.7.4. Removing Browsing Indexes" 13.7.4.1. Removing Browsing Indexes Using the Command Line 14. Finding Directory Entries Expand section "14. Finding Directory Entries" Collapse section "14. Finding Directory Entries" 14.1. Finding Directory Entries Using the Command Line Expand section "14.1. Finding Directory Entries Using the Command Line" Collapse section "14.1. Finding Directory Entries Using the Command Line" 14.1.1. ldapsearch Command-Line Format 14.1.2. Commonly Used ldapsearch Options 14.1.3. Using Special Characters 14.2. Finding Entries Using the Web Console 14.3. LDAP Search Filters Expand section "14.3. LDAP Search Filters" Collapse section "14.3. LDAP Search Filters" 14.3.1. Using Attributes in Search Filters 14.3.2. Using Operators in Search Filters 14.3.3. Using Compound Search Filters 14.3.4. Using Matching Rules 14.4. Examples of Common ldapsearches Expand section "14.4. Examples of Common ldapsearches" Collapse section "14.4. Examples of Common ldapsearches" 14.4.1. Returning All Entries 14.4.2. Specifying Search Filters on the Command Line 14.4.3. Searching the Root DSE Entry 14.4.4. Searching the Schema Entry 14.4.5. Using LDAP_BASEDN 14.4.6. Displaying Subsets of Attributes 14.4.7. Searching for Operational Attributes 14.4.8. Specifying Search Filters Using a File 14.4.9. Specifying DNs That Contain Commas in Search Filters 14.4.10. Using a Client Certificate to Bind to Directory Server 14.4.11. Searching with Language Matching Rules 14.4.12. Searching for Attributes with Bit Field Values 14.5. Improving Search Performance through Resource Limits Expand section "14.5. Improving Search Performance through Resource Limits" Collapse section "14.5. Improving Search Performance through Resource Limits" 14.5.1. Search Performance and Resource Limits 14.5.2. Fine Grained ID List Size 14.5.3. Setting User and Global Resource Limits Using the Command Line 14.5.4. Setting Resource Limits on Anonymous Binds 14.5.5. Improving Performance for Range Searches 14.6. Using Persistent Search 14.7. Searching with Specified Controls Expand section "14.7. Searching with Specified Controls" Collapse section "14.7. Searching with Specified Controls" 14.7.1. Retrieving Effective User Rights 14.7.2. Using Server-Side Sorting 14.7.3. Performing Dereferencing Searches 14.7.4. Using Simple Paged Results 14.7.5. Pre- and Post-read Entry Response Controls 15. Managing Replication Expand section "15. Managing Replication" Collapse section "15. Managing Replication" 15.1. Replication Overview Expand section "15.1. Replication Overview" Collapse section "15.1. Replication Overview" 15.1.1. What Directory Units Are Replicated 15.1.2. Read-Write and Read-Only Replicas 15.1.3. Suppliers and Consumers 15.1.4. Changelog 15.1.5. Replication Identity 15.1.6. Replication Agreement 15.1.7. Replicating a Subset of Attributes with Fractional Replication 15.1.8. Replication over TLS 15.2. Single-supplier Replication Expand section "15.2. Single-supplier Replication" Collapse section "15.2. Single-supplier Replication" 15.2.1. Setting up Single-supplier Replication Using the Command Line 15.2.2. Setting up Single-supplier Replication Using the Web Console 15.3. Multi-Supplier Replication Expand section "15.3. Multi-Supplier Replication" Collapse section "15.3. Multi-Supplier Replication" 15.3.1. Setting up Multi-supplier Replication Using the Command Line 15.3.2. Setting up Multi-supplier Replication Using the Web Console 15.3.3. Preventing Monopolization of a Consumer in Multi-Supplier Replication 15.4. Cascading Replication Expand section "15.4. Cascading Replication" Collapse section "15.4. Cascading Replication" 15.4.1. Setting up Cascading Replication Using the Command Line 15.4.2. Setting up Cascading Replication Using the Web Console 15.5. Configuring Bootstrap Credentials 15.6. Configuring Replication Partners to use Certificate-based Authentication 15.7. Promoting a Consumer or Hub to a Supplier Expand section "15.7. Promoting a Consumer or Hub to a Supplier" Collapse section "15.7. Promoting a Consumer or Hub to a Supplier" 15.7.1. Promoting a Consumer or Hub to a Supplier Using the Command Line 15.7.2. Promoting a Consumer or Hub to a Supplier Using the Web Console 15.8. About Initializing a Consumer Expand section "15.8. About Initializing a Consumer" Collapse section "15.8. About Initializing a Consumer" 15.8.1. When to Initialize a Consumer 15.8.2. Setting Initialization Timeouts 15.8.3. Initializing a Consumer Expand section "15.8.3. Initializing a Consumer" Collapse section "15.8.3. Initializing a Consumer" 15.8.3.1. Initializing a Consumer Using the Command Line Expand section "15.8.3.1. Initializing a Consumer Using the Command Line" Collapse section "15.8.3.1. Initializing a Consumer Using the Command Line" 15.8.3.1.1. Initializing a Consumer Online 15.8.3.1.2. Initializing a Consumer Offline 15.8.4. Initializing a Consumer Using the Web Console 15.9. Disabling and Re-enabling Replication 15.10. Removing a Directory Server Instance from the Replication Topology Expand section "15.10. Removing a Directory Server Instance from the Replication Topology" Collapse section "15.10. Removing a Directory Server Instance from the Replication Topology" 15.10.1. Removing a Consumer or Hub from the Replication Topology 15.10.2. Removing a Supplier from the Replication Topology 15.11. Managing Attributes Within Fractional Replication Expand section "15.11. Managing Attributes Within Fractional Replication" Collapse section "15.11. Managing Attributes Within Fractional Replication" 15.11.1. Setting Different Fractional Replication Attributes for Total and Incremental Updates 15.11.2. The Replication Keep-alive Entry 15.11.3. Preventing "Empty" Updates from Fractional Replication 15.12. Managing Deleted Entries with Replication 15.13. Configuring Changelog Encryption 15.14. Removing the Changelog Expand section "15.14. Removing the Changelog" Collapse section "15.14. Removing the Changelog" 15.14.1. Removing the Changelog using the Command Line 15.14.2. Removing the Changelog using the Web Console 15.15. Exporting the Replication Changelog 15.16. Importing the Replication Changelog from an LDIF-formatted Changelog Dump 15.17. Moving the Replication Changelog Directory 15.18. Trimming the Replication Changelog Expand section "15.18. Trimming the Replication Changelog" Collapse section "15.18. Trimming the Replication Changelog" 15.18.1. Configuring Replication Changelog Trimming 15.18.2. Manually Reducing the Size of a Large Changelog 15.19. Forcing Replication Updates 15.20. Setting Replication Timeout Periods 15.21. Using the Retro Changelog Plug-in Expand section "15.21. Using the Retro Changelog Plug-in" Collapse section "15.21. Using the Retro Changelog Plug-in" 15.21.1. Enabling the Retro Changelog Plug-in Expand section "15.21.1. Enabling the Retro Changelog Plug-in" Collapse section "15.21.1. Enabling the Retro Changelog Plug-in" 15.21.1.1. Enabling the Retro Changelog Plug-in Using the Command Line 15.21.1.2. Enabling the Retro Changelog Plug-in Using the Web Console 15.21.2. Trimming the Retro Changelog 15.21.3. Searching and Modifying the Retro Changelog 15.21.4. Retro Changelog and the Access Control Policy 15.22. Displaying the Status of a Specific Replication Agreement Expand section "15.22. Displaying the Status of a Specific Replication Agreement" Collapse section "15.22. Displaying the Status of a Specific Replication Agreement" 15.22.1. Displaying the Status of a Specific Replication Agreement Using the Command-Line 15.22.2. Displaying the Status of a Specific Replication Agreement Using the Web Console 15.23. Monitoring the Replication Topology Expand section "15.23. Monitoring the Replication Topology" Collapse section "15.23. Monitoring the Replication Topology" 15.23.1. Setting Credentials for Replication Monitoring in the .dsrc File 15.23.2. Using Aliases in the Replication Topology Monitoring Output 15.24. Comparing Two Directory Server Instances 15.25. Solving Common Replication Conflicts Expand section "15.25. Solving Common Replication Conflicts" Collapse section "15.25. Solving Common Replication Conflicts" 15.25.1. Solving Naming Conflicts 15.25.2. Solving Orphan Entry Conflicts 15.25.3. Resolving Errors for Obsolete or Missing Suppliers 15.26. Troubleshooting Replication-Related Problems Expand section "15.26. Troubleshooting Replication-Related Problems" Collapse section "15.26. Troubleshooting Replication-Related Problems" 15.26.1. Possible Replication-related Error Messages 16. Synchronizing Red Hat Directory Server with Microsoft Active Directory Expand section "16. Synchronizing Red Hat Directory Server with Microsoft Active Directory" Collapse section "16. Synchronizing Red Hat Directory Server with Microsoft Active Directory" 16.1. About Windows Synchronization 16.2. Supported Active Directory Versions 16.3. Synchronizing Passwords 16.4. Setting up Synchronization Between Active Directory and Directory Server Expand section "16.4. Setting up Synchronization Between Active Directory and Directory Server" Collapse section "16.4. Setting up Synchronization Between Active Directory and Directory Server" 16.4.1. Step 1: Enabling TLS on the Directory Server Host 16.4.2. Step 2: Enabling Password Complexity in the AD Domain 16.4.3. Step 3: Extracting the CA Certificate from AD 16.4.4. Step 4: Extracting the CA Certificate from the Directory Server's NSS Database 16.4.5. Step 5: Creating the Synchronization Accounts 16.4.6. Step 6: Installing the Password Sync Service 16.4.7. Step 7: Adding the CA Certificate Directory Server uses to the Password Sync Service's Certificate Database 16.4.8. Step 8: Adding the CA Certificate AD uses to Directory Server's Certificate Database 16.4.9. Step 9: Configuring the Database for Synchronization and Creating the Synchronization Agreement Expand section "16.4.9. Step 9: Configuring the Database for Synchronization and Creating the Synchronization Agreement" Collapse section "16.4.9. Step 9: Configuring the Database for Synchronization and Creating the Synchronization Agreement" 16.4.9.1. Configuring the Database for Synchronization and Creating the Synchronization Agreement Using the Command Line 16.4.9.2. Configuring the Database for Synchronization and Creating the Synchronization Agreement Using the Web Console 16.5. Synchronizing Users Expand section "16.5. Synchronizing Users" Collapse section "16.5. Synchronizing Users" 16.5.1. User Attributes Synchronized between Directory Server and Active Directory 16.5.2. User Schema Differences between Red Hat Directory Server and Active Directory Expand section "16.5.2. User Schema Differences between Red Hat Directory Server and Active Directory" Collapse section "16.5.2. User Schema Differences between Red Hat Directory Server and Active Directory" 16.5.2.1. Values for cn Attributes 16.5.2.2. Password Policies 16.5.2.3. Values for street and streetAddress 16.5.2.4. Constraints on the initials Attribute 16.5.3. Configuring User Synchronization for Directory Server Users 16.5.4. Configuring User Synchronization for Active Directory Users 16.6. Synchronizing Groups Expand section "16.6. Synchronizing Groups" Collapse section "16.6. Synchronizing Groups" 16.6.1. About Windows Group Types 16.6.2. Group Attributes Synchronized between Directory Server and Active Directory 16.6.3. Group Schema Differences between Red Hat Directory Server and Active Directory 16.6.4. Configuring Group Synchronization for Directory Server Groups 16.6.5. Configuring Group Synchronization for Active Directory Groups 16.7. Configuring Uni-Directional Synchronization 16.8. Configuring Multiple Subtrees and Filters in Windows Synchronization 16.9. Synchronizing POSIX Attributes for Users and Groups Expand section "16.9. Synchronizing POSIX Attributes for Users and Groups" Collapse section "16.9. Synchronizing POSIX Attributes for Users and Groups" 16.9.1. Enabling POSIX Attribute Synchronization 16.9.2. Changing Posix Group Attribute Synchronization Settings 16.9.3. Fixing Mismatched member and uniqueMember Attribute Values in posixGroup Entries 16.10. Deleting and Resurrecting Entries Expand section "16.10. Deleting and Resurrecting Entries" Collapse section "16.10. Deleting and Resurrecting Entries" 16.10.1. Deleting Entries 16.10.2. Resurrecting Entries 16.11. Sending Synchronization Updates Expand section "16.11. Sending Synchronization Updates" Collapse section "16.11. Sending Synchronization Updates" 16.11.1. Performing a Manual Incremental Synchronization 16.11.2. Performing a Full Synchronization Expand section "16.11.2. Performing a Full Synchronization" Collapse section "16.11.2. Performing a Full Synchronization" 16.11.2.1. Performing a Full Synchronization Using the Command Line 16.11.2.2. Performing a Full Synchronization Using the Web Console 16.11.3. Setting Synchronization Schedules 16.11.4. Changing Synchronization Connections 16.11.5. Handling Entries That Move Out of the Synchronized Subtree 16.12. Troubleshooting 17. Setting up Content Synchronization Using the SyncRepl Protocol Expand section "17. Setting up Content Synchronization Using the SyncRepl Protocol" Collapse section "17. Setting up Content Synchronization Using the SyncRepl Protocol" 17.1. Configuring the Content Synchronization Plug-in Using the Command Line 18. Managing Access Control Expand section "18. Managing Access Control" Collapse section "18. Managing Access Control" 18.1. Access Control Principles 18.2. ACI Placement 18.3. ACI Structure 18.4. ACI Evaluation 18.5. Limitations of ACIs 18.6. How Directory Server Handles ACIs in a Replication Topology 18.7. Managing ACIs using the command line Expand section "18.7. Managing ACIs using the command line" Collapse section "18.7. Managing ACIs using the command line" 18.7.1. Displaying ACIs 18.7.2. Adding an ACI 18.7.3. Deleting an ACI 18.7.4. Updating an ACI 18.8. Managing ACIs Using the Web Console Expand section "18.8. Managing ACIs Using the Web Console" Collapse section "18.8. Managing ACIs Using the Web Console" 18.8.1. Creating an Access Control Instruction in the LDAP browser 18.8.2. Editing Access Control Instructions in the LDAP browser 18.8.3. Removing an Access Control Instruction in the LDAP browser 18.9. Defining Targets Expand section "18.9. Defining Targets" Collapse section "18.9. Defining Targets" 18.9.1. Frequently Used Target Keywords Expand section "18.9.1. Frequently Used Target Keywords" Collapse section "18.9.1. Frequently Used Target Keywords" 18.9.1.1. Targeting a Directory Entry 18.9.1.2. Targeting Attributes 18.9.1.3. Targeting Entries and Attributes Using LDAP Filters 18.9.1.4. Targeting Attribute Values Using LDAP Filters 18.9.2. Further Target Keywords Expand section "18.9.2. Further Target Keywords" Collapse section "18.9.2. Further Target Keywords" 18.9.2.1. Targeting Source and Destination DNs 18.9.3. Advanced Usage of Target Rules Expand section "18.9.3. Advanced Usage of Target Rules" Collapse section "18.9.3. Advanced Usage of Target Rules" 18.9.3.1. Delegating Permissions to Create and Maintain Groups 18.9.3.2. Targeting Both an Entry and Attributes 18.9.3.3. Targeting Certain Attributes of Entries Matching a Filter 18.9.3.4. Targeting a Single Directory Entry 18.10. Defining Permissions Expand section "18.10. Defining Permissions" Collapse section "18.10. Defining Permissions" 18.10.1. User rights 18.10.2. Rights Required for LDAP Operations 18.10.3. Access Control and the modrdn Operation 18.11. Defining Bind Rules Expand section "18.11. Defining Bind Rules" Collapse section "18.11. Defining Bind Rules" 18.11.1. Frequently Used Bind Rules Expand section "18.11.1. Frequently Used Bind Rules" Collapse section "18.11.1. Frequently Used Bind Rules" 18.11.1.1. Defining User-based Access Expand section "18.11.1.1. Defining User-based Access" Collapse section "18.11.1.1. Defining User-based Access" 18.11.1.1.1. Using a DN with the userdn Keyword 18.11.1.1.2. Using the userdn Keyword with an LDAP Filter 18.11.1.1.3. Granting Anonymous Access 18.11.1.1.4. Granting Access to Authenticated Users 18.11.1.1.5. Enabling Users to Access Their Own Entries 18.11.1.1.6. Setting Access for Child Entries of a User 18.11.1.2. Defining Group-based Access Expand section "18.11.1.2. Defining Group-based Access" Collapse section "18.11.1.2. Defining Group-based Access" 18.11.1.2.1. Using a DN with the groupdn Keyword 18.11.1.2.2. Using the groupdn Keyword with an LDAP Filter 18.11.2. Further Bind Rules Expand section "18.11.2. Further Bind Rules" Collapse section "18.11.2. Further Bind Rules" 18.11.2.1. Defining Access Based on Value Matching Expand section "18.11.2.1. Defining Access Based on Value Matching" Collapse section "18.11.2.1. Defining Access Based on Value Matching" 18.11.2.1.1. Using the USERDN Bind Type 18.11.2.1.2. Using the GROUPDN Bind Type 18.11.2.1.3. Using the ROLEDN Bind Type 18.11.2.1.4. Using the SELFDN Bind Type 18.11.2.1.5. Using the LDAPURL Bind Type 18.11.2.1.6. Using the userattr Keyword with Inheritance 18.11.2.2. Defining Access from Specific IP Addresses or Ranges 18.11.2.3. Defining Access from a Specific Host or Domain 18.11.2.4. Requiring a Certain Level of Security in Connections 18.11.2.5. Defining Access at a Specific Day of the Week 18.11.2.6. Defining Access at a Specific Time of Day 18.11.2.7. Defining Access Based on the Authentication Method 18.11.2.8. Defining Access Based on Roles 18.11.3. Combining Bind Rules Using Boolean Operators 18.12. Checking Access Rights on Entries (Get Effective Rights) Expand section "18.12. Checking Access Rights on Entries (Get Effective Rights)" Collapse section "18.12. Checking Access Rights on Entries (Get Effective Rights)" 18.12.1. Rights Shown with a Get Effective Rights Search 18.12.2. The Format of a Get Effective Rights Search 18.12.3. Examples of GER Searches Expand section "18.12.3. Examples of GER Searches" Collapse section "18.12.3. Examples of GER Searches" 18.12.3.1. General Examples on Checking Access Rights 18.12.3.2. Examples of Get Effective Rights Searches for Non-Existent Attributes 18.12.3.3. Examples of Get Effective Rights Searches for Specific Attributes or Object Classes 18.12.3.4. Examples of Get Effective Rights Searches for Non-Existent Entries 18.12.3.5. Examples of Get Effective Rights Searches for Operational Attributes 18.12.3.6. Examples of Get Effective Rights Results and Access Control Rules 18.12.4. Get Effective Rights Return Codes 18.13. Logging Access Control Information 18.14. Advanced Access Control: Using Macro ACIs Expand section "18.14. Advanced Access Control: Using Macro ACIs" Collapse section "18.14. Advanced Access Control: Using Macro ACIs" 18.14.1. Macro ACI Example 18.14.2. Macro ACI Syntax Expand section "18.14.2. Macro ACI Syntax" Collapse section "18.14.2. Macro ACI Syntax" 18.14.2.1. Macro Matching for ($dn) 18.14.2.2. Macro Matching for [$dn] 18.14.2.3. Macro Matching for ($attr.attrName) 18.15. Setting Access Controls on Directory Manager Expand section "18.15. Setting Access Controls on Directory Manager" Collapse section "18.15. Setting Access Controls on Directory Manager" 18.15.1. About Access Controls on the Directory Manager Account 18.15.2. Configuring the RootDN Access Control Plug-in 19. Using the Health Check Feature to Identify Problems Expand section "19. Using the Health Check Feature to Identify Problems" Collapse section "19. Using the Health Check Feature to Identify Problems" 19.1. Running the Directory Server Health Check 20. Managing User Authentication Expand section "20. Managing User Authentication" Collapse section "20. Managing User Authentication" 20.1. Setting User Passwords 20.2. Setting Password Administrators 20.3. Changing Passwords Stored Externally 20.4. Managing the Password Policy Expand section "20.4. Managing the Password Policy" Collapse section "20.4. Managing the Password Policy" 20.4.1. Configuring the Global Password Policy Expand section "20.4.1. Configuring the Global Password Policy" Collapse section "20.4.1. Configuring the Global Password Policy" 20.4.1.1. Configuring a Global Password Policy Using the Command Line 20.4.1.2. Configuring a Global Password Policy Using the Web Console 20.4.2. Using Local Password Policies Expand section "20.4.2. Using Local Password Policies" Collapse section "20.4.2. Using Local Password Policies" 20.4.2.1. Where Directory Server Stores Local Password Policy Entries 20.4.2.2. Configuring a Local Password Policy 20.5. Configuring temporary password rules Expand section "20.5. Configuring temporary password rules" Collapse section "20.5. Configuring temporary password rules" 20.5.1. Enabling temporary password rules in the global password policy 20.5.2. Enabling temporary password rules in a local password policy 20.6. Understanding Password Expiration Controls 20.7. Managing the Directory Manager Password Expand section "20.7. Managing the Directory Manager Password" Collapse section "20.7. Managing the Directory Manager Password" 20.7.1. Resetting the Directory Manager Password 20.7.2. Changing the Directory Manager Password Expand section "20.7.2. Changing the Directory Manager Password" Collapse section "20.7.2. Changing the Directory Manager Password" 20.7.2.1. Changing the Directory Manager Password Using the Command Line 20.7.2.2. Changing the Directory Manager Password Using the Web Console 20.7.3. Changing the Directory Manager Password Storage Scheme Expand section "20.7.3. Changing the Directory Manager Password Storage Scheme" Collapse section "20.7.3. Changing the Directory Manager Password Storage Scheme" 20.7.3.1. Changing the Directory Manager Password Storage Scheme Using the Command Line 20.7.3.2. Changing the Directory Manager Password Storage Scheme Using the Web Console 20.7.4. Changing the Directory Manager DN 20.8. Checking Account Availability for Passwordless Access Expand section "20.8. Checking Account Availability for Passwordless Access" Collapse section "20.8. Checking Account Availability for Passwordless Access" 20.8.1. Searching for Entries Using the Account Usability Extension Control 20.8.2. Changing What Users Can Perform an Account Usability Search 20.9. Configuring a Password-Based Account Lockout Policy Expand section "20.9. Configuring a Password-Based Account Lockout Policy" Collapse section "20.9. Configuring a Password-Based Account Lockout Policy" 20.9.1. Configuring the Account Lockout Policy Using the Command Line 20.9.2. Configuring the Account Lockout Policy Using the Web Console 20.9.3. Disabling Legacy Password Lockout Behavior 20.10. Configuring Time-Based Account Lockout Policies Expand section "20.10. Configuring Time-Based Account Lockout Policies" Collapse section "20.10. Configuring Time-Based Account Lockout Policies" 20.10.1. Account Policy Plug-in Syntax 20.10.2. Account Inactivity and Account Expiration 20.10.3. Disabling Accounts a Certain Amount of Time After Password Expiry 20.10.4. Tracking Login Times without Setting Lockout Policies 20.10.5. Unlocking Inactive Accounts 20.11. Replicating Account Lockout Attributes Expand section "20.11. Replicating Account Lockout Attributes" Collapse section "20.11. Replicating Account Lockout Attributes" 20.11.1. Managing the Account Lockouts and Replication 20.11.2. Configuring Directory Server to Replicate Password Policy Attributes 20.11.3. Configuring Fractional Replication for Password Policy Attributes 20.12. Enabling Different Types of Binds Expand section "20.12. Enabling Different Types of Binds" Collapse section "20.12. Enabling Different Types of Binds" 20.12.1. Requiring Secure Binds 20.12.2. Disabling Anonymous Binds 20.12.3. Allowing Unauthenticated Binds 20.12.4. Configuring Autobind Expand section "20.12.4. Configuring Autobind" Collapse section "20.12.4. Configuring Autobind" 20.12.4.1. Overview of Autobind and LDAPI 20.12.4.2. Configuring the Autobind Feature 20.13. Using Pass-Through Authentication Expand section "20.13. Using Pass-Through Authentication" Collapse section "20.13. Using Pass-Through Authentication" 20.13.1. PTA Plug-in Syntax 20.13.2. Configuring the PTA Plug-in Expand section "20.13.2. Configuring the PTA Plug-in" Collapse section "20.13.2. Configuring the PTA Plug-in" 20.13.2.1. Configuring the Servers to Use a Secure Connection 20.13.2.2. Specifying the Authenticating Directory Server 20.13.2.3. Specifying the Pass-Through Subtree 20.13.2.4. Configuring the Optional Parameters 20.13.3. PTA Plug-in Syntax Examples Expand section "20.13.3. PTA Plug-in Syntax Examples" Collapse section "20.13.3. PTA Plug-in Syntax Examples" 20.13.3.1. Specifying One Authenticating Directory Server and One Subtree 20.13.3.2. Specifying Multiple Authenticating Directory Servers 20.13.3.3. Specifying One Authenticating Directory Server and Multiple Subtrees 20.13.3.4. Using Non-Default Parameter Values 20.13.3.5. Specifying Different Optional Parameters and Subtrees for Different Authenticating Directory Servers 20.14. Using Active Directory-formatted User Names for Authentication 20.15. Using PAM for Pass Through Authentication Expand section "20.15. Using PAM for Pass Through Authentication" Collapse section "20.15. Using PAM for Pass Through Authentication" 20.15.1. PAM Pass Through Authentication Configuration Options Expand section "20.15.1. PAM Pass Through Authentication Configuration Options" Collapse section "20.15.1. PAM Pass Through Authentication Configuration Options" 20.15.1.1. Specifying the Suffixes to Target for PAM PTA 20.15.1.2. Applying Different PAM Pass Through Authentication Configurations to Different Entries 20.15.1.3. Setting PAM PTA Mappings 20.15.1.4. Configuring General PAM PTA Settings 20.15.2. Configuring PAM Pass Through Authentication 20.15.3. Using PAM Pass Through Authentication with Active Directory as the Back End 20.16. Manually Inactivating Users and Roles Expand section "20.16. Manually Inactivating Users and Roles" Collapse section "20.16. Manually Inactivating Users and Roles" 20.16.1. Displaying the Status of an Account or Role 20.16.2. Inactivating and Activating Users and Roles Using the Command Line 21. Monitoring Server and Database Activity Expand section "21. Monitoring Server and Database Activity" Collapse section "21. Monitoring Server and Database Activity" 21.1. Types of Directory Server Log Files 21.2. Displaying Log Files Expand section "21.2. Displaying Log Files" Collapse section "21.2. Displaying Log Files" 21.2.1. Displaying Log Files Using the Command Line 21.2.2. Displaying Log Files Using the Web Console 21.3. Configuring Log Files Expand section "21.3. Configuring Log Files" Collapse section "21.3. Configuring Log Files" 21.3.1. Enabling or Disabling Logs Expand section "21.3.1. Enabling or Disabling Logs" Collapse section "21.3.1. Enabling or Disabling Logs" 21.3.1.1. Enabling or Disabling Logging Using the Command Line 21.3.1.2. Enabling or Disabling Logging Using the Web Console 21.3.2. Configuring Plug-in-specific Logging 21.3.3. Disabling High-resolution Log Time Stamps 21.3.4. Defining a Log File Rotation Policy Expand section "21.3.4. Defining a Log File Rotation Policy" Collapse section "21.3.4. Defining a Log File Rotation Policy" 21.3.4.1. Defining a Log File Rotation Policy Using the Command Line 21.3.4.2. Defining a Log File Rotation Policy Using the Web Console 21.3.5. Defining a Log File Deletion Policy Expand section "21.3.5. Defining a Log File Deletion Policy" Collapse section "21.3.5. Defining a Log File Deletion Policy" 21.3.5.1. Configuring a Log Deletion Policy Using the Command Line 21.3.5.2. Configuring a Log Deletion Policy Using the Web Console 21.3.6. Manual Log File Rotation 21.3.7. Configuring the Log Levels Expand section "21.3.7. Configuring the Log Levels" Collapse section "21.3.7. Configuring the Log Levels" 21.3.7.1. Configuring the Log Levels Using the Command Line 21.3.7.2. Configuring the Log Levels Using the Web Console 21.3.7.3. Logging Internal Operations 21.3.8. Disabling Access Log Buffering for Debugging Expand section "21.3.8. Disabling Access Log Buffering for Debugging" Collapse section "21.3.8. Disabling Access Log Buffering for Debugging" 21.3.8.1. Disabling Access Log Buffering Using the Command Line 21.3.8.2. Disabling Access Log Buffering Using the Web Console 21.4. Getting Access Log Statistics 21.5. Monitoring the Local Disk for Graceful Shutdown 21.6. Monitoring Server Activity 21.7. Monitoring Database Activity 21.8. Monitoring Database Link Activity 21.9. Enabling and Disabling Counters 21.10. Monitoring Directory Server Using SNMP Expand section "21.10. Monitoring Directory Server Using SNMP" Collapse section "21.10. Monitoring Directory Server Using SNMP" 21.10.1. About SNMP 21.10.2. Enabling and Disabling SNMP Support 21.10.3. Setting Parameters to Identify an Instance Using SNMP 21.10.4. Setting up an SNMP Agent for Directory Server 21.10.5. Configuring SNMP Traps 21.10.6. Using the Management Information Base Expand section "21.10.6. Using the Management Information Base" Collapse section "21.10.6. Using the Management Information Base" 21.10.6.1. Operations Table 21.10.6.2. Entries Table 21.10.6.3. Entity Table 21.10.6.4. Interaction Table 22. Making a High-availability and Disaster Recovery Plan Expand section "22. Making a High-availability and Disaster Recovery Plan" Collapse section "22. Making a High-availability and Disaster Recovery Plan" 22.1. Identifying Potential Scenarios 22.2. Defining the Type of Rollover 22.3. Identifying Useful Directory Server Features for Disaster Recovery Expand section "22.3. Identifying Useful Directory Server Features for Disaster Recovery" Collapse section "22.3. Identifying Useful Directory Server Features for Disaster Recovery" 22.3.1. Backing up Directory Data for Disaster Recovery 22.3.2. Multi-Supplier Replication for High-availability 22.3.3. Chaining Databases for High-availability 22.4. Defining the Recovery Process 22.5. Basic Example: Performing a Recovery 23. Creating Test Entries Expand section "23. Creating Test Entries" Collapse section "23. Creating Test Entries" 23.1. Creating an LDIF File with Example User Entries 23.2. Creating an LDIF File with Example Group Entries 23.3. Creating an LDIF File with an Example CoS Definition 23.4. Creating an LDIF File with Example Modification Statements 23.5. Creating an LDIF File with Nested Example Entries A. Using LDAP Client Tools Expand section "A. Using LDAP Client Tools" Collapse section "A. Using LDAP Client Tools" A.1. Running Extended Operations A.2. Comparing Entries A.3. Changing Passwords A.4. Generating LDAP URLs B. LDAP Data Interchange Format Expand section "B. LDAP Data Interchange Format" Collapse section "B. LDAP Data Interchange Format" B.1. About the LDIF File Format B.2. Continuing Lines in LDIF B.3. Representing Binary Data Expand section "B.3. Representing Binary Data" Collapse section "B.3. Representing Binary Data" B.3.1. Standard LDIF Notation B.3.2. Base-64 Encoding B.4. Specifying Directory Entries Using LDIF Expand section "B.4. Specifying Directory Entries Using LDIF" Collapse section "B.4. Specifying Directory Entries Using LDIF" B.4.1. Specifying Domain Entries B.4.2. Specifying Organizational Unit Entries B.4.3. Specifying Organizational Person Entries B.5. Defining Directories Using LDIF B.6. Storing Information in Multiple Languages C. LDAP URLs Expand section "C. LDAP URLs" Collapse section "C. LDAP URLs" C.1. Components of an LDAP URL C.2. Escaping Unsafe Characters C.3. Examples of LDAP URLs D. Internationalization Expand section "D. Internationalization" Collapse section "D. Internationalization" D.1. About Locales D.2. Supported Locales D.3. Supported Language Subtypes D.4. Searching an Internationalized Directory Expand section "D.4. Searching an Internationalized Directory" Collapse section "D.4. Searching an Internationalized Directory" D.4.1. Matching Rule Formats Expand section "D.4.1. Matching Rule Formats" Collapse section "D.4.1. Matching Rule Formats" D.4.1.1. Using an OID for the Matching Rule D.4.1.2. Using a Language Tag for the Matching Rule D.4.1.3. Using an OID and Suffix for the Matching Rule D.4.1.4. Using a Language Tag and Suffix for the Matching Rule D.4.2. Supported Search Types D.4.3. International Search Examples Expand section "D.4.3. International Search Examples" Collapse section "D.4.3. International Search Examples" D.4.3.1. Less-Than Example D.4.3.2. Less-Than or Equal-to Example D.4.3.3. Equality Example D.4.3.4. Greater-Than or Equal-to Example D.4.3.5. Greater-Than Example D.4.3.6. Substring Example D.5. Troubleshooting Matching Rules E. Revision History Legal Notice Settings Close Language: 简体中文 日本語 English Language: 简体中文 日本語 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: 简体中文 日本語 English Language: 简体中文 日本語 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF 21.5. Monitoring the Local Disk for Graceful Shutdown See the Monitoring the Local Disk for Graceful Shutdown section in the Red Hat Directory Server Performance Tuning Guide. Previous Next