Administration Guide
Making Open Source More Inclusive
1. General Directory Server Management Tasks
Expand section "1. General Directory Server Management Tasks" Collapse section "1. General Directory Server Management Tasks"
1. 1.1. System Requirements
2. 1.2. File Locations
3. 1.3. Supported Methods to Configure Directory Server
4. 1.4. Logging Into Directory Server Using the Web Console
5. 1.5. Starting and Stopping a Directory Server Instance
  Expand section "1.5. Starting and Stopping a Directory Server Instance" Collapse section "1.5. Starting and Stopping a Directory Server Instance"
  1. 1.5.1. Starting and Stopping a Directory Server Instance Using the Command Line
  2. 1.5.2. Starting and Stopping a Directory Server Instance Using the Web Console
6. 1.6. Creating a New Directory Server Instance
7. 1.7. Removing a Directory Server Instance
  Expand section "1.7. Removing a Directory Server Instance" Collapse section "1.7. Removing a Directory Server Instance"
  1. 1.7.1. Removing an Instance Using the Command Line
  2. 1.7.2. Removing an Instance Using the Web Console
8. 1.8. Setting Directory Server Configuration Parameters
  Expand section "1.8. Setting Directory Server Configuration Parameters" Collapse section "1.8. Setting Directory Server Configuration Parameters"
  1. 1.8.1. Managing Configuration Parameters
  2. 1.8.2. Where Directory Server Stores its Configuration
  3. 1.8.3. Benefits of Using Default Values
    
    Expand section "1.8.3. Benefits of Using Default Values" Collapse section "1.8.3. Benefits of Using Default Values"
    
    1.8.3.1. Removing a Parameter to Use the Default Value
9. 1.9. Changing the LDAP and LDAPS Port Numbers
  Expand section "1.9. Changing the LDAP and LDAPS Port Numbers" Collapse section "1.9. Changing the LDAP and LDAPS Port Numbers"
  1. 1.9.1. Changing the Port Numbers Using the Command Line
  2. 1.9.2. Changing the Port Numbers Using the Web Console
10. 1.10. Using Directory Server Plug-ins
  Expand section "1.10. Using Directory Server Plug-ins" Collapse section "1.10. Using Directory Server Plug-ins"
  1. 1.10.1. Listing Available Plug-ins
    
    Expand section "1.10.1. Listing Available Plug-ins" Collapse section "1.10.1. Listing Available Plug-ins"
    
    1.10.1.1. Listing Available Plug-ins Using the Command Line
    
    1.10.1.2. Listing Available Plug-ins Using the Web Console
  2. 1.10.2. Enabling Plug-ins Dynamically
  3. 1.10.3. Enabling and Disabling Plug-ins
    
    Expand section "1.10.3. Enabling and Disabling Plug-ins" Collapse section "1.10.3. Enabling and Disabling Plug-ins"
    
    1.10.3.1. Enabling and Disabling Plug-ins Using the Command Line
    
    1.10.3.2. Enabling and Disabling Plug-ins Using the Web Console
  4. 1.10.4. Configuring Plug-ins
    
    Expand section "1.10.4. Configuring Plug-ins" Collapse section "1.10.4. Configuring Plug-ins"
    
    1.10.4.1. Configuring Plug-ins Using the Command Line
    
    1.10.4.2. Configuring Plug-ins Using the Web Console
  5. 1.10.5. Setting the Plug-in Precedence
    
    Expand section "1.10.5. Setting the Plug-in Precedence" Collapse section "1.10.5. Setting the Plug-in Precedence"
    
    1.10.5.1. Setting the Plug-in Precedence Using the Command Line
    
    1.10.5.2. Setting the Plug-in Precedence Using the Web Console
11. 1.11. Creating and Using a .dsrc File to Set Default Options for Directory Server Command-line Utilities
  Expand section "1.11. Creating and Using a .dsrc File to Set Default Options for Directory Server Command-line Utilities" Collapse section "1.11. Creating and Using a .dsrc File to Set Default Options for Directory Server Command-line Utilities"
  1. 1.11.1. How a .dsrc File Simplifies Commands
  2. 1.11.2. Using the dsctl Utility to Create a .dsrc File
2. Configuring Directory Databases
Expand section "2. Configuring Directory Databases" Collapse section "2. Configuring Directory Databases"
1. 2.1. Creating and Maintaining Suffixes
  Expand section "2.1. Creating and Maintaining Suffixes" Collapse section "2.1. Creating and Maintaining Suffixes"
  1. 2.1.1. Creating Suffixes
    
    Expand section "2.1.1. Creating Suffixes" Collapse section "2.1.1. Creating Suffixes"
    
    2.1.1.1. Creating a Root Suffix
    
    Expand section "2.1.1.1. Creating a Root Suffix" Collapse section "2.1.1.1. Creating a Root Suffix"
    
    2.1.1.1.1. Creating a Root Suffix Using the Command Line
    
    2.1.1.1.2. Creating a Root Suffix Using the Web Console
    
    2.1.1.2. Creating a Sub-suffix
    
    Expand section "2.1.1.2. Creating a Sub-suffix" Collapse section "2.1.1.2. Creating a Sub-suffix"
    
    2.1.1.2.1. Creating a Sub-suffix Using the Command Line
    
    2.1.1.2.2. Creating a Sub-suffix Using the Web Console
  2. 2.1.2. Maintaining Suffixes
    
    Expand section "2.1.2. Maintaining Suffixes" Collapse section "2.1.2. Maintaining Suffixes"
    
    2.1.2.1. Viewing the Default Naming Context
    
    2.1.2.2. Disabling a Suffix
    
    Expand section "2.1.2.2. Disabling a Suffix" Collapse section "2.1.2.2. Disabling a Suffix"
    
    2.1.2.2.1. Disabling a Suffix Using the Command Line
    
    2.1.2.3. Deleting a Suffix
    
    Expand section "2.1.2.3. Deleting a Suffix" Collapse section "2.1.2.3. Deleting a Suffix"
    
    2.1.2.3.1. Deleting a Suffix Using the Command Line
    
    2.1.2.3.2. Deleting a Suffix Using the Web Console
2. 2.2. Creating and Maintaining Databases
  Expand section "2.2. Creating and Maintaining Databases" Collapse section "2.2. Creating and Maintaining Databases"
  1. 2.2.1. Creating Databases
    
    Expand section "2.2.1. Creating Databases" Collapse section "2.2.1. Creating Databases"
    
    2.2.1.1. Creating a New Database for a Single Suffix Using the Command Line
    
    2.2.1.2. Adding Multiple Databases for a Single Suffix
  2. 2.2.2. Maintaining Directory Databases
    
    Expand section "2.2.2. Maintaining Directory Databases" Collapse section "2.2.2. Maintaining Directory Databases"
    
    2.2.2.1. Setting a Database in Read-Only Mode
    
    Expand section "2.2.2.1. Setting a Database in Read-Only Mode" Collapse section "2.2.2.1. Setting a Database in Read-Only Mode"
    
    2.2.2.1.1. Setting a Database in Read-only Mode Using the Command Line
    
    2.2.2.1.2. Setting a Database in Read-only Mode Using the Web Console
    
    2.2.2.2. Placing the Entire Directory Server in Read-Only Mode
    
    Expand section "2.2.2.2. Placing the Entire Directory Server in Read-Only Mode" Collapse section "2.2.2.2. Placing the Entire Directory Server in Read-Only Mode"
    
    2.2.2.2.1. Placing the Entire Directory Server in Read-Only Mode Using the Command Line
    
    2.2.2.2.2. Placing the Entire Directory Server in Read-Only Mode Using the Web Console
    
    2.2.2.3. Deleting a Database
    
    Expand section "2.2.2.3. Deleting a Database" Collapse section "2.2.2.3. Deleting a Database"
    
    2.2.2.3.1. Deleting a Database Using the Command Line
    
    2.2.2.3.2. Deleting a Database Using the Web Console
    
    2.2.2.4. Changing the Transaction Log Directory
3. 2.3. Creating and Maintaining Database Links
  Expand section "2.3. Creating and Maintaining Database Links" Collapse section "2.3. Creating and Maintaining Database Links"
  1. 2.3.1. Creating a New Database Link
    
    Expand section "2.3.1. Creating a New Database Link" Collapse section "2.3.1. Creating a New Database Link"
    
    2.3.1.1. Creating a New Database Link Using the Command Line
    
    2.3.1.2. Creating a New Database Link Using the Web Console
    
    2.3.1.3. Managing the Default Configuration for New Database Links
    
    2.3.1.4. Additional Information on Required Settings When Creating a Database Link
  2. 2.3.2. Configuring the Chaining Policy
    
    Expand section "2.3.2. Configuring the Chaining Policy" Collapse section "2.3.2. Configuring the Chaining Policy"
    
    2.3.2.1. Chaining Component Operations
    
    Expand section "2.3.2.1. Chaining Component Operations" Collapse section "2.3.2.1. Chaining Component Operations"
    
    2.3.2.1.1. Chaining Component Operations Using the Command Line
    
    2.3.2.1.2. Chaining Component Operations Using the Web Console
    
    2.3.2.2. Chaining LDAP Controls
    
    Expand section "2.3.2.2. Chaining LDAP Controls" Collapse section "2.3.2.2. Chaining LDAP Controls"
    
    2.3.2.2.1. Chaining LDAP Controls Using the Command Line
    
    2.3.2.2.2. Chaining LDAP Controls Using the Web Console
  3. 2.3.3. Database Links and Access Control Evaluation
4. 2.4. Configuring Cascading Chaining
  Expand section "2.4. Configuring Cascading Chaining" Collapse section "2.4. Configuring Cascading Chaining"
5. 2.5. Using Referrals
  Expand section "2.5. Using Referrals" Collapse section "2.5. Using Referrals"
  1. 2.5.1. Starting the Server in Referral Mode
  2. 2.5.2. Setting Default Referrals
    
    Expand section "2.5.2. Setting Default Referrals" Collapse section "2.5.2. Setting Default Referrals"
    
    2.5.2.1. Setting a Default Referral Using the Command Line
  3. 2.5.3. Creating Smart Referrals
    
    Expand section "2.5.3. Creating Smart Referrals" Collapse section "2.5.3. Creating Smart Referrals"
    
    2.5.3.1. Creating Smart Referrals Using the Command Line
  4. 2.5.4. Creating Suffix Referrals
    
    Expand section "2.5.4. Creating Suffix Referrals" Collapse section "2.5.4. Creating Suffix Referrals"
    
    2.5.4.1. Creating Suffix Referrals Using the Command Line
    
    2.5.4.2. Creating Suffix Referrals Using the Web Console
6. 2.6. Verifying the Integrity of Back-end Databases
3. Managing Directory Entries
Expand section "3. Managing Directory Entries" Collapse section "3. Managing Directory Entries"
1. 3.1. Managing Directory Entries Using the Command Line
  Expand section "3.1. Managing Directory Entries Using the Command Line" Collapse section "3.1. Managing Directory Entries Using the Command Line"
  1. 3.1.1. Providing Input to the ldapadd, ldapmodify, and ldapdelete Utilities
    
    Expand section "3.1.1. Providing Input to the ldapadd, ldapmodify, and ldapdelete Utilities" Collapse section "3.1.1. Providing Input to the ldapadd, ldapmodify, and ldapdelete Utilities"
    
    3.1.1.1. Providing Input Using the Interactive Mode
    
    3.1.1.2. Providing Input Using an LDIF File
  2. 3.1.2. The Continuous Operation Mode
  3. 3.1.3. Adding an Entry
    
    Expand section "3.1.3. Adding an Entry" Collapse section "3.1.3. Adding an Entry"
    
    3.1.3.1. Adding an Entry Using ldapadd
    
    3.1.3.2. Adding an Entry Using ldapmodify
    
    3.1.3.3. Creating a Root Entry
  4. 3.1.4. Updating a Directory Entry
    
    Expand section "3.1.4. Updating a Directory Entry" Collapse section "3.1.4. Updating a Directory Entry"
    
    3.1.4.1. Adding Attributes to an Entry
    
    3.1.4.2. Updating an Attribute's Value
    
    3.1.4.3. Deleting Attributes from an Entry
  5. 3.1.5. Deleting an Entry
    
    Expand section "3.1.5. Deleting an Entry" Collapse section "3.1.5. Deleting an Entry"
    
    3.1.5.1. Deleting an Entry Using ldapdelete
    
    3.1.5.2. Deleting an Entry Using ldapmodify
  6. 3.1.6. Renaming and Moving an Entry
    
    Expand section "3.1.6. Renaming and Moving an Entry" Collapse section "3.1.6. Renaming and Moving an Entry"
    
    3.1.6.1. Considerations for Renaming Entries
    
    3.1.6.2. Renaming Users, Groups, POSIX Groups, and OUs
    
    3.1.6.3. The deleteOldRDN Parameter When Renaming Entries Using LDIF Statements
    
    3.1.6.4. Renaming an Entry or Subtree Using LDIF Statements
    
    3.1.6.5. Moving an Entry to a New Parent Using LDIF Statements
  7. 3.1.7. Using Special Characters
  8. 3.1.8. Using Binary Attributes
  9. 3.1.9. Updating an Entry in an Internationalized Directory
2. 3.2. Managing Directory Entries Using the Web Console
  Expand section "3.2. Managing Directory Entries Using the Web Console" Collapse section "3.2. Managing Directory Entries Using the Web Console"
4. Tracking Modifications to Directory Entries
Expand section "4. Tracking Modifications to Directory Entries" Collapse section "4. Tracking Modifications to Directory Entries"
1. 4.1. Tracking Modifications to the Database through Update Sequence Numbers
  Expand section "4.1. Tracking Modifications to the Database through Update Sequence Numbers" Collapse section "4.1. Tracking Modifications to the Database through Update Sequence Numbers"
  1. 4.1.1. An Overview of the Entry Sequence Numbers
    
    Expand section "4.1.1. An Overview of the Entry Sequence Numbers" Collapse section "4.1.1. An Overview of the Entry Sequence Numbers"
    
    4.1.1.1. Local and Global USNs
    
    4.1.1.2. Importing USN Entries
  2. 4.1.2. Enabling the USN Plug-in
    
    Expand section "4.1.2. Enabling the USN Plug-in" Collapse section "4.1.2. Enabling the USN Plug-in"
    
    4.1.2.1. Enabling the USN Plug-in Using the Command Line
    
    4.1.2.2. Enabling the USN Plug-in Using the Web Console
  3. 4.1.3. Global USNs
    
    Expand section "4.1.3. Global USNs" Collapse section "4.1.3. Global USNs"
    
    4.1.3.1. Identifying Whether Global USNs are Enabled
    
    Expand section "4.1.3.1. Identifying Whether Global USNs are Enabled" Collapse section "4.1.3.1. Identifying Whether Global USNs are Enabled"
    
    4.1.3.1.1. Identifying Whether Global USNs are Enabled Using the Command Line
    
    4.1.3.1.2. Identifying Whether Global USNs are Enabled Using the Web Console
    
    4.1.3.2. Enabling Global USNs
    
    Expand section "4.1.3.2. Enabling Global USNs" Collapse section "4.1.3.2. Enabling Global USNs"
    
    4.1.3.2.1. Enabling Global USNs Using the Command Line
    
    4.1.3.2.2. Enabling Global USNs Using the Web Console
  4. 4.1.4. Cleaning up USN Tombstone Entries
    
    Expand section "4.1.4. Cleaning up USN Tombstone Entries" Collapse section "4.1.4. Cleaning up USN Tombstone Entries"
    
    4.1.4.1. Cleaning up USN Tombstone Entries Using the Command Line
    
    4.1.4.2. Cleaning up USN Tombstone Entries Using the Web Console
2. 4.2. Tracking Entry Modifications through Operational Attributes
  Expand section "4.2. Tracking Entry Modifications through Operational Attributes" Collapse section "4.2. Tracking Entry Modifications through Operational Attributes"
  1. 4.2.1. Entries Modified or Created by a Database Link
  2. 4.2.2. Enabling Tracking of Modifications
    
    Expand section "4.2.2. Enabling Tracking of Modifications" Collapse section "4.2.2. Enabling Tracking of Modifications"
    
    4.2.2.1. Enabling Tracking Of Modifications Using the Command Line
3. 4.3. Tracking the Bind DN for Plug-in Initiated Updates
  Expand section "4.3. Tracking the Bind DN for Plug-in Initiated Updates" Collapse section "4.3. Tracking the Bind DN for Plug-in Initiated Updates"
  1. 4.3.1. Enabling Tracking the Bind DN for Plug-in Initiated Updates Using the Command Line
  2. 4.3.2. Enabling Tracking the Bind DN for Plug-in Initiated Updates Using the Web Console
4. 4.4. Tracking Password Change Times
5. Maintaining Referential Integrity
Expand section "5. Maintaining Referential Integrity" Collapse section "5. Maintaining Referential Integrity"
1. 5.1. How Referential Integrity Works
2. 5.2. Using Referential Integrity with Replication
3. 5.3. Enabling Referential Integrity
  Expand section "5.3. Enabling Referential Integrity" Collapse section "5.3. Enabling Referential Integrity"
  1. 5.3.1. Enabling Referential Integrity Using the Command Line
  2. 5.3.2. Enabling Referential Integrity Using the Web Console
4. 5.4. The Referential Integrity Update Interval
  Expand section "5.4. The Referential Integrity Update Interval" Collapse section "5.4. The Referential Integrity Update Interval"
5. 5.5. Displaying and Modifying the Attribute List
  Expand section "5.5. Displaying and Modifying the Attribute List" Collapse section "5.5. Displaying and Modifying the Attribute List"
6. 5.6. Configuring Scope for the Referential Integrity
  Expand section "5.6. Configuring Scope for the Referential Integrity" Collapse section "5.6. Configuring Scope for the Referential Integrity"
6. Populating Directory Databases
Expand section "6. Populating Directory Databases" Collapse section "6. Populating Directory Databases"
1. 6.1. Importing Data
  Expand section "6.1. Importing Data" Collapse section "6.1. Importing Data"
  1. 6.1.1. Setting EntryUSN Initial Values During Import
  2. 6.1.2. Importing Using the Command Line
    
    Expand section "6.1.2. Importing Using the Command Line" Collapse section "6.1.2. Importing Using the Command Line"
    
    6.1.2.1. Importing Data While the Server is Running
    
    Expand section "6.1.2.1. Importing Data While the Server is Running" Collapse section "6.1.2.1. Importing Data While the Server is Running"
    
    6.1.2.1.1. Importing Using the dsconf backend import Command
    
    6.1.2.1.2. Importing Data Using a cn=tasks Entry
    
    6.1.2.2. Importing Data While the Server is Offline
  3. 6.1.3. Importing Data Using the Web Console
2. 6.2. Exporting Data
  Expand section "6.2. Exporting Data" Collapse section "6.2. Exporting Data"
  1. 6.2.1. Exporting Data into an LDIF File Using the Command Line
    
    Expand section "6.2.1. Exporting Data into an LDIF File Using the Command Line" Collapse section "6.2.1. Exporting Data into an LDIF File Using the Command Line"
    
    6.2.1.1. Exporting a Database While the Server is Running
    
    Expand section "6.2.1.1. Exporting a Database While the Server is Running" Collapse section "6.2.1.1. Exporting a Database While the Server is Running"
    
    6.2.1.1.1. Exporting a Databases Using the dsconf backend export Command
    
    6.2.1.1.2. Exporting a Database Using a cn=tasks Entry
    
    6.2.1.2. Exporting a Database While the Server is Offline
  2. 6.2.2. Exporting a Suffix to an LDIF File Using the Web Console
  3. 6.2.3. Enabling Members of a Group to Export Data and Performing the Export as One of the Group Members
    
    Expand section "6.2.3. Enabling Members of a Group to Export Data and Performing the Export as One of the Group Members" Collapse section "6.2.3. Enabling Members of a Group to Export Data and Performing the Export as One of the Group Members"
    
    6.2.3.1. Enabling a Group to Export Data
    
    6.2.3.2. Performing an Export as a Regular User
3. 6.3. Backing up Directory Server
  Expand section "6.3. Backing up Directory Server" Collapse section "6.3. Backing up Directory Server"
  1. 6.3.1. Backing up All Databases Using the Command Line
    
    Expand section "6.3.1. Backing up All Databases Using the Command Line" Collapse section "6.3.1. Backing up All Databases Using the Command Line"
    
    6.3.1.1. Backing up All Databases While the Server is Running
    
    Expand section "6.3.1.1. Backing up All Databases While the Server is Running" Collapse section "6.3.1.1. Backing up All Databases While the Server is Running"
    
    6.3.1.1.1. Backing up All Databases Using the dsconf backup create Command
    
    6.3.1.1.2. Backing up All Databases Using a cn=tasks entry
    
    6.3.1.2. Backing up All Databases While the Server is Offline
  2. 6.3.2. Backup up all Databases Using the Web Console
  3. 6.3.3. Backing up Configuration Files, the Certificate Database, and Custom Schema Files
  4. 6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members
    
    Expand section "6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members" Collapse section "6.3.4. Enabling Members of a Group to Back up Directory Server and Performing the Backup as One of the Group Members"
    
    6.3.4.1. Enabling a Group to Back up Directory Server
    
    6.3.4.2. Performing a Backup as a Regular User
4. 6.4. Restoring Directory Server
  Expand section "6.4. Restoring Directory Server" Collapse section "6.4. Restoring Directory Server"
  1. 6.4.1. Restoring All Databases Using the Command Line
    
    Expand section "6.4.1. Restoring All Databases Using the Command Line" Collapse section "6.4.1. Restoring All Databases Using the Command Line"
    
    6.4.1.1. Restoring All Databases While the Server is Running
    
    Expand section "6.4.1.1. Restoring All Databases While the Server is Running" Collapse section "6.4.1.1. Restoring All Databases While the Server is Running"
    
    6.4.1.1.1. Restoring All Databases Using the dsconf backup restore Command
    
    6.4.1.1.2. Restoring all Databases Using a cn=tasks entry
    
    6.4.1.2. Restoring all Databases While the Server is Offline
  2. 6.4.2. Restoring All Databases Using the Web Console
  3. 6.4.3. Restoring Databases That Include Replicated Entries
7. Managing Attributes and Values
Expand section "7. Managing Attributes and Values" Collapse section "7. Managing Attributes and Values"
1. 7.1. Enforcing Attribute Uniqueness
  Expand section "7.1. Enforcing Attribute Uniqueness" Collapse section "7.1. Enforcing Attribute Uniqueness"
  1. 7.1.1. Creating a New Configuration Record of the Attribute Uniqueness Plug-in
  2. 7.1.2. Configuring Attribute Uniqueness over Suffixes or Subtrees
    
    Expand section "7.1.2. Configuring Attribute Uniqueness over Suffixes or Subtrees" Collapse section "7.1.2. Configuring Attribute Uniqueness over Suffixes or Subtrees"
    
    7.1.2.1. Configuring Attribute Uniqueness over Suffixes or Subtrees Using the Command Line
    
    7.1.2.2. Configuring Attribute Uniqueness over Suffixes or Subtrees Using the Web Console
  3. 7.1.3. Configuring Attribute Uniqueness over Object Classes
  4. 7.1.4. Attribute Uniqueness Plug-in Configuration Parameters
2. 7.2. Assigning Class of Service
  Expand section "7.2. Assigning Class of Service" Collapse section "7.2. Assigning Class of Service"
  1. 7.2.1. About the CoS Definition Entry
  2. 7.2.2. About the CoS Template Entry
  3. 7.2.3. How a Pointer CoS Works
  4. 7.2.4. How an Indirect CoS Works
  5. 7.2.5. How a Classic CoS Works
  6. 7.2.6. Handling Physical Attribute Values
  7. 7.2.7. Handling Multi-valued Attributes with CoS
  8. 7.2.8. Searches for CoS-Specified Attributes
  9. 7.2.9. Access Control and CoS
  10. 7.2.10. Managing CoS from the Command Line
    
    Expand section "7.2.10. Managing CoS from the Command Line" Collapse section "7.2.10. Managing CoS from the Command Line"
    
    7.2.10.1. Creating the CoS Definition Entry from the Command Line
    
    7.2.10.2. Creating the CoS Template Entry from the Command Line
    
    7.2.10.3. Example of a Pointer CoS
    
    7.2.10.4. Example of an Indirect CoS
    
    7.2.10.5. Example of a Classic CoS
    
    7.2.10.6. Searching for CoS Entries
    
    7.2.10.7. The costargettree attribute
  11. 7.2.11. Creating Role-Based Attributes
3. 7.3. Linking Attributes to Manage Attribute Values
  Expand section "7.3. Linking Attributes to Manage Attribute Values" Collapse section "7.3. Linking Attributes to Manage Attribute Values"
  1. 7.3.1. About Linking Attributes
  2. 7.3.2. Looking at the Linking Attributes Plug-in Syntax
  3. 7.3.3. Configuring Attribute Links
  4. 7.3.4. Cleaning up Attribute Links
    
    Expand section "7.3.4. Cleaning up Attribute Links" Collapse section "7.3.4. Cleaning up Attribute Links"
    
    7.3.4.1. Regenerating Linked Attributes
    
    7.3.4.2. Regenerating Linked Attributes Using ldapmodify
4. 7.4. Assigning and Managing Unique Numeric Attribute Values
  Expand section "7.4. Assigning and Managing Unique Numeric Attribute Values" Collapse section "7.4. Assigning and Managing Unique Numeric Attribute Values"
  1. 7.4.1. About Dynamic Number Assignments
    
    Expand section "7.4.1. About Dynamic Number Assignments" Collapse section "7.4.1. About Dynamic Number Assignments"
    
    7.4.1.1. Filters, Searches, and Target Entries
    
    7.4.1.2. Ranges and Assigning Numbers
    
    7.4.1.3. Multiple Attributes in the Same Range
  2. 7.4.2. Looking at the DNA Plug-in Syntax
  3. 7.4.3. Configuring Unique Number Assignments
    
    Expand section "7.4.3. Configuring Unique Number Assignments" Collapse section "7.4.3. Configuring Unique Number Assignments"
    
    7.4.3.1. Creating a New Instance of the DNA Plug-in
    
    7.4.3.2. Configuring Unique Number Assignments Using the Command Line
    
    7.4.3.3. Configuring Unique Number Assignments Using the Web Console
  4. 7.4.4. Distributed Number Assignment Plug-in Performance Notes
8. Organizing and Grouping Entries
Expand section "8. Organizing and Grouping Entries" Collapse section "8. Organizing and Grouping Entries"
1. 8.1. Using Groups
  Expand section "8.1. Using Groups" Collapse section "8.1. Using Groups"
  1. 8.1.1. The Different Types of Groups
  2. 8.1.2. Creating a Static Group
    
    Expand section "8.1.2. Creating a Static Group" Collapse section "8.1.2. Creating a Static Group"
    
    8.1.2.1. Creating a Static Group Using the Command Line
  3. 8.1.3. Creating a Dynamic Group
    
    Expand section "8.1.3. Creating a Dynamic Group" Collapse section "8.1.3. Creating a Dynamic Group"
    
    8.1.3.1. Creating a Dynamic Group Using the Command Line
  4. 8.1.4. Listing Group Membership in User Entries
    
    Expand section "8.1.4. Listing Group Membership in User Entries" Collapse section "8.1.4. Listing Group Membership in User Entries"
    
    8.1.4.1. Considerations When Using the memberOf Plug-in
    
    8.1.4.2. Required Object Classes by the memberOf Plug-In
    
    8.1.4.3. The MemberOf Plug-in Syntax
    
    8.1.4.4. Enabling the MemberOf Plug-in
    
    Expand section "8.1.4.4. Enabling the MemberOf Plug-in" Collapse section "8.1.4.4. Enabling the MemberOf Plug-in"
    
    8.1.4.4.1. Enabling the MemberOf Plug-in Using the Command Line
    
    8.1.4.4.2. Enabling the MemberOf Plug-in Using the Web Console
    
    8.1.4.5. Configuring the MemberOf Plug-in on Each Server
    
    Expand section "8.1.4.5. Configuring the MemberOf Plug-in on Each Server" Collapse section "8.1.4.5. Configuring the MemberOf Plug-in on Each Server"
    
    8.1.4.5.1. Configuring the MemberOf Plug-in on Each Server Using the Command Line
    
    8.1.4.5.2. Configuring the MemberOf Plug-in on Each Server Using the Web Console
    
    8.1.4.6. Using the MemberOf Plug-in Shared Configuration
    
    8.1.4.7. Setting the Scope of the MemberOf Plug-in
    
    8.1.4.8. Regenerating memberOf Values
  5. 8.1.5. Automatically Adding Entries to Specified Groups
    
    Expand section "8.1.5. Automatically Adding Entries to Specified Groups" Collapse section "8.1.5. Automatically Adding Entries to Specified Groups"
    
    8.1.5.1. Looking at the Structure of an Automembership Rule
    
    Expand section "8.1.5.1. Looking at the Structure of an Automembership Rule" Collapse section "8.1.5.1. Looking at the Structure of an Automembership Rule"
    
    8.1.5.1.1. The Automembership Configuration Entry
    
    8.1.5.1.2. Additional Regular Expression Entries
    
    8.1.5.2. Configuring Auto Membership Definitions
    
    Expand section "8.1.5.2. Configuring Auto Membership Definitions" Collapse section "8.1.5.2. Configuring Auto Membership Definitions"
    
    8.1.5.2.1. Configuring Auto Membership Definitions Using the Command Line
    
    8.1.5.2.2. Configuring Auto Membership Definitions Using the Web Console
    
    8.1.5.3. Updating Existing Entries to apply Auto Membership Definitions
    
    8.1.5.4. Examples of Automembership Rules
    
    8.1.5.5. Testing Automembership Definitions
    
    8.1.5.6. Canceling the Auto Membership Plug-in Task
2. 8.2. Using Roles
  Expand section "8.2. Using Roles" Collapse section "8.2. Using Roles"
  1. 8.2.1. About Roles
  2. 8.2.2. Managing Roles Using the Command Line
    
    Expand section "8.2.2. Managing Roles Using the Command Line" Collapse section "8.2.2. Managing Roles Using the Command Line"
    
    8.2.2.1. Creating a Managed Role
    
    Expand section "8.2.2.1. Creating a Managed Role" Collapse section "8.2.2.1. Creating a Managed Role"
    
    8.2.2.1.1. Creating Managed Roles through the Command Line
    
    8.2.2.2. Creating a Filtered Role
    
    Expand section "8.2.2.2. Creating a Filtered Role" Collapse section "8.2.2.2. Creating a Filtered Role"
    
    8.2.2.2.1. Creating a Filtered Role through the Command Line
    
    8.2.2.3. Creating a Nested Role
    
    Expand section "8.2.2.3. Creating a Nested Role" Collapse section "8.2.2.3. Creating a Nested Role"
    
    8.2.2.3.1. Creating Nested Role through the Command Line
    
    8.2.2.4. Viewing Roles for an Entry through the Command Line
    
    8.2.2.5. About Deleting Roles
  3. 8.2.3. Managing Roles in Directory Server Using the LDAP Browser
    
    Expand section "8.2.3. Managing Roles in Directory Server Using the LDAP Browser" Collapse section "8.2.3. Managing Roles in Directory Server Using the LDAP Browser"
    
    8.2.3.1. Creating a role in the LDAP browser
    
    8.2.3.2. Modifying a Role in the LDAP browser
    
    8.2.3.3. Deleting a Role in the LDAP browser
  4. 8.2.4. Using Roles Securely
3. 8.3. Automatically Creating Dual Entries
  Expand section "8.3. Automatically Creating Dual Entries" Collapse section "8.3. Automatically Creating Dual Entries"
  1. 8.3.1. About Managed Entries
    
    Expand section "8.3.1. About Managed Entries" Collapse section "8.3.1. About Managed Entries"
    
    8.3.1.1. About the Instance Definition Entry
    
    8.3.1.2. About the Template Entry
    
    8.3.1.3. Entry Attributes Written by the Managed Entries Plug-in
    
    8.3.1.4. Managed Entries Plug-in and Directory Server Operations
  2. 8.3.2. Creating the Managed Entries Template Entry
  3. 8.3.3. Creating the Managed Entries Instance Definition
  4. 8.3.4. Putting Managed Entries Plug-in Configuration in a Replicated Database
4. 8.4. Using Views
  Expand section "8.4. Using Views" Collapse section "8.4. Using Views"
5. 8.5. Managing Organizational Units
9. Configuring Secure Connections
Expand section "9. Configuring Secure Connections" Collapse section "9. Configuring Secure Connections"
1. 9.1. Requiring Secure Connections
2. 9.2. Setting a Minimum Strength Factor
3. 9.3. Managing the NSS Database Used by Directory Server
  Expand section "9.3. Managing the NSS Database Used by Directory Server" Collapse section "9.3. Managing the NSS Database Used by Directory Server"
  1. 9.3.1. Creating a Certificate Signing Request
    
    Expand section "9.3.1. Creating a Certificate Signing Request" Collapse section "9.3.1. Creating a Certificate Signing Request"
    
    9.3.1.1. Creating a Certificate Signing Request Using the Command Line
  2. 9.3.2. Installing a CA Certificate
    
    Expand section "9.3.2. Installing a CA Certificate" Collapse section "9.3.2. Installing a CA Certificate"
    
    9.3.2.1. Installing a CA Certificate Using the Command Line
    
    9.3.2.2. Installing a CA Certificate Using the Web Console
  3. 9.3.3. Importing a Private Key and Server Certificate
  4. 9.3.4. Installing a Server Certificate
    
    Expand section "9.3.4. Installing a Server Certificate" Collapse section "9.3.4. Installing a Server Certificate"
    
    9.3.4.1. Installing a Server Certificate Using the Command Line
    
    9.3.4.2. Installing a Server Certificate Using the Web Console
  5. 9.3.5. Generating and Installing a Self-signed Certificate
  6. 9.3.6. Renewing a Certificate
    
    Expand section "9.3.6. Renewing a Certificate" Collapse section "9.3.6. Renewing a Certificate"
    
    9.3.6.1. Renewing a Certificate Using the Command Line
  7. 9.3.7. Removing a Certificate
    
    Expand section "9.3.7. Removing a Certificate" Collapse section "9.3.7. Removing a Certificate"
    
    9.3.7.1. Removing a Certificate Using the Command Line
    
    9.3.7.2. Removing a Certificate Using the Web Console
  8. 9.3.8. Removing a Private Key
    
    Expand section "9.3.8. Removing a Private Key" Collapse section "9.3.8. Removing a Private Key"
    
    9.3.8.1. Removing a Private Key Using the Command Line
  9. 9.3.9. Changing the CA Trust Options
    
    Expand section "9.3.9. Changing the CA Trust Options" Collapse section "9.3.9. Changing the CA Trust Options"
    
    9.3.9.1. Changing the CA Trust Options Using the Command Line
    
    9.3.9.2. Changing the CA Trust Options Using the Web Console
  10. 9.3.10. Changing the Password of the NSS Database
    
    Expand section "9.3.10. Changing the Password of the NSS Database" Collapse section "9.3.10. Changing the Password of the NSS Database"
    
    9.3.10.1. Changing the Password of the NSS Database Using the Command Line
4. 9.4. Enabling TLS
  Expand section "9.4. Enabling TLS" Collapse section "9.4. Enabling TLS"
  1. 9.4.1. Enabling TLS in Directory Server
    
    Expand section "9.4.1. Enabling TLS in Directory Server" Collapse section "9.4.1. Enabling TLS in Directory Server"
    
    9.4.1.1. Enabling TLS in Directory Server Using the Command Line
    
    9.4.1.2. Enabling TLS in Directory Server Using the Web Console
    
    9.4.1.3. Setting Encryption Ciphers
    
    Expand section "9.4.1.3. Setting Encryption Ciphers" Collapse section "9.4.1.3. Setting Encryption Ciphers"
    
    9.4.1.3.1. Displaying the Default Ciphers
    
    9.4.1.3.2. Displaying and Setting the Ciphers Used by Directory Server Using the Command Line
    
    9.4.1.3.3. Displaying and Setting the Ciphers Used by Directory Server Using the Web Console
    
    9.4.1.4. Starting Directory Server Without a Password File
    
    9.4.1.5. Creating a Password File for Directory Server
    
    9.4.1.6. Managing How Directory Server Behaves If the Certificate Has Been Expired
  2. 9.4.2. Adding the CA Certificate Used By Directory Server to the Trust Store of Red Hat Enterprise Linux
5. 9.5. Displaying the Encryption Protocols Enabled in Directory Server
6. 9.6. Setting the Minimum TLS Encryption Protocol Version
7. 9.7. Setting the Highest TLS Encryption Protocol Version
8. 9.8. Using Hardware Security Modules
9. 9.9. Using Certificate-based Client Authentication
  Expand section "9.9. Using Certificate-based Client Authentication" Collapse section "9.9. Using Certificate-based Client Authentication"
10. 9.10. Setting up SASL Identity Mapping
  Expand section "9.10. Setting up SASL Identity Mapping" Collapse section "9.10. Setting up SASL Identity Mapping"
  1. 9.10.1. About SASL Identity Mapping
  2. 9.10.2. Default SASL Mappings for Directory Server
  3. 9.10.3. Configuring SASL Identity Mapping
    
    Expand section "9.10.3. Configuring SASL Identity Mapping" Collapse section "9.10.3. Configuring SASL Identity Mapping"
    
    9.10.3.1. Configuring SASL Identity Mapping Using the Command Line
    
    9.10.3.2. Configuring SASL Identity Mapping Using the Web Console
  4. 9.10.4. Enabling SASL Mapping Fallback
    
    Expand section "9.10.4. Enabling SASL Mapping Fallback" Collapse section "9.10.4. Enabling SASL Mapping Fallback"
    
    9.10.4.1. Setting SASL Mapping Priorities
11. 9.11. Using Kerberos GSS-API with SASL
  Expand section "9.11. Using Kerberos GSS-API with SASL" Collapse section "9.11. Using Kerberos GSS-API with SASL"
  1. 9.11.1. Authentication Mechanisms for SASL in Directory Server
  2. 9.11.2. About Kerberos in Directory Server
    
    Expand section "9.11.2. About Kerberos in Directory Server" Collapse section "9.11.2. About Kerberos in Directory Server"
    
    9.11.2.1. About Principals and Realms
    
    9.11.2.2. About the KDC Server and Keytabs
  3. 9.11.3. Configuring SASL Authentication at Directory Server Startup
12. 9.12. Setting SASL Mechanisms
13. 9.13. Using SASL with LDAP Clients
10. Configuring Attribute Encryption
Expand section "10. Configuring Attribute Encryption" Collapse section "10. Configuring Attribute Encryption"
1. 10.1. Encryption Keys
2. 10.2. Encryption Ciphers
3. 10.3. Configuring Attribute Encryption
  Expand section "10.3. Configuring Attribute Encryption" Collapse section "10.3. Configuring Attribute Encryption"
4. 10.4. Exporting and Importing an Encrypted Database
  Expand section "10.4. Exporting and Importing an Encrypted Database" Collapse section "10.4. Exporting and Importing an Encrypted Database"
  1. 10.4.1. Exporting an Encrypted Database
  2. 10.4.2. Importing an LDIF File into an Encrypted Database
5. 10.5. Updating the TLS Certificates Used for Attribute Encryption
11. Managing FIPS Mode Support
12. Managing the Directory Schema
Expand section "12. Managing the Directory Schema" Collapse section "12. Managing the Directory Schema"
1. 12.1. Overview of Schema
  Expand section "12.1. Overview of Schema" Collapse section "12.1. Overview of Schema"
  1. 12.1.1. Default Schema Files
  2. 12.1.2. Object Classes
  3. 12.1.3. Attributes
    
    Expand section "12.1.3. Attributes" Collapse section "12.1.3. Attributes"
    
    12.1.3.1. Directory Server Attribute Syntaxes
  4. 12.1.4. Extending the Schema
  5. 12.1.5. Schema Replication
2. 12.2. Managing Object Identifiers
3. 12.3. Creating an Object Class
  Expand section "12.3. Creating an Object Class" Collapse section "12.3. Creating an Object Class"
  1. 12.3.1. Creating an Object Class Using the Command Line
  2. 12.3.2. Creating an Object Class Using the Web Console
4. 12.4. Updating an Object Class
  Expand section "12.4. Updating an Object Class" Collapse section "12.4. Updating an Object Class"
  1. 12.4.1. Updating an Object Class Using the Command Line
  2. 12.4.2. Updating an Object Class Using the Web Console
5. 12.5. Removing an Object Class
  Expand section "12.5. Removing an Object Class" Collapse section "12.5. Removing an Object Class"
  1. 12.5.1. Removing an Object Class Using the Command Line
  2. 12.5.2. Removing an Object Class Using the Web Console
6. 12.6. Creating an Attribute
  Expand section "12.6. Creating an Attribute" Collapse section "12.6. Creating an Attribute"
  1. 12.6.1. Creating an Attribute Using the Command Line
  2. 12.6.2. Creating an Attribute Using the Web Console
7. 12.7. Updating an attribute
  Expand section "12.7. Updating an attribute" Collapse section "12.7. Updating an attribute"
  1. 12.7.1. Updating an Attribute Using the Command Line
  2. 12.7.2. Updating an Attribute Using the Web Console
8. 12.8. Removing an Attribute
  Expand section "12.8. Removing an Attribute" Collapse section "12.8. Removing an Attribute"
  1. 12.8.1. Removing an Attribute Using the Command Line
  2. 12.8.2. Removing an Attribute Using the Web Console
9. 12.9. Creating Custom Schema Files
10. 12.10. Dynamically Reloading Schema
  Expand section "12.10. Dynamically Reloading Schema" Collapse section "12.10. Dynamically Reloading Schema"
11. 12.11. Turning Schema Checking On and Off
  Expand section "12.11. Turning Schema Checking On and Off" Collapse section "12.11. Turning Schema Checking On and Off"
  1. 12.11.1. Turning Schema Checking On and Off Using the Command Line
  2. 12.11.2. Turning Schema Checking On and Off Using the Web Console
12. 12.12. Using Syntax Validation
  Expand section "12.12. Using Syntax Validation" Collapse section "12.12. Using Syntax Validation"
  1. 12.12.1. About Syntax Validation
  2. 12.12.2. Syntax Validation and Other Directory Server Operations
    
    Expand section "12.12.2. Syntax Validation and Other Directory Server Operations" Collapse section "12.12.2. Syntax Validation and Other Directory Server Operations"
    
    12.12.2.1. Turning Syntax Validation On and Off Using the Command Line
    
    12.12.2.2. Turning Syntax Validation On and Off Using the Web Console
  3. 12.12.3. Enabling or Disabling Strict Syntax Validation for DNs
    
    Expand section "12.12.3. Enabling or Disabling Strict Syntax Validation for DNs" Collapse section "12.12.3. Enabling or Disabling Strict Syntax Validation for DNs"
    
    12.12.3.1. Enabling or Disabling Strict Syntax Validation for DNs Using the Command Line
    
    12.12.3.2. Enabling or Disabling Strict Syntax Validation for DNs Using the Web Console
  4. 12.12.4. Enabling Syntax Validation Logging
    
    Expand section "12.12.4. Enabling Syntax Validation Logging" Collapse section "12.12.4. Enabling Syntax Validation Logging"
    
    12.12.4.1. Enabling Syntax Validation Logging Using the Command Line
    
    12.12.4.2. Enabling Syntax Validation Logging Using the Web Console
  5. 12.12.5. Validating the Syntax of Existing Attribute Values
    
    Expand section "12.12.5. Validating the Syntax of Existing Attribute Values" Collapse section "12.12.5. Validating the Syntax of Existing Attribute Values"
    
    12.12.5.1. Creating a Syntax Validation Task Using the dsconf schema validate-syntax Command
    
    12.12.5.2. Creating a Syntax Validation Task Using a cn=tasks Entry
13. Managing Indexes
Expand section "13. Managing Indexes" Collapse section "13. Managing Indexes"
1. 13.1. About Indexes
  Expand section "13.1. About Indexes" Collapse section "13.1. About Indexes"
2. 13.2. Creating Standard Indexes
  Expand section "13.2. Creating Standard Indexes" Collapse section "13.2. Creating Standard Indexes"
  1. 13.2.1. Creating Indexes Using the Command Line
  2. 13.2.2. Creating Indexes Using the Web Console
3. 13.3. Creating New Indexes to Existing Databases
  Expand section "13.3. Creating New Indexes to Existing Databases" Collapse section "13.3. Creating New Indexes to Existing Databases"
  1. 13.3.1. Creating an Index While the Instance is Running
    
    Expand section "13.3.1. Creating an Index While the Instance is Running" Collapse section "13.3.1. Creating an Index While the Instance is Running"
    
    13.3.1.1. Creating an Index Using the dsconf backend index reindex Command
    
    13.3.1.2. Creating an Index Using a cn=tasks Entry
  2. 13.3.2. Creating an Index While the Instance Offline
4. 13.4. Using virtual list view control to request a contiguous subset of a large search result
  Expand section "13.4. Using virtual list view control to request a contiguous subset of a large search result" Collapse section "13.4. Using virtual list view control to request a contiguous subset of a large search result"
5. 13.5. Changing the Index Sort Order
  Expand section "13.5. Changing the Index Sort Order" Collapse section "13.5. Changing the Index Sort Order"
  1. 13.5.1. Changing the Sort Order Using the Command Line
6. 13.6. Changing the Width for Indexed Substring Searches
7. 13.7. Deleting Indexes
  Expand section "13.7. Deleting Indexes" Collapse section "13.7. Deleting Indexes"
  1. 13.7.1. Deleting an Attribute from the Default Index Entry
  2. 13.7.2. Removing an Attribute from the Index
    
    Expand section "13.7.2. Removing an Attribute from the Index" Collapse section "13.7.2. Removing an Attribute from the Index"
    
    13.7.2.1. Removing an Attribute from the Index Using the Command Line
    
    13.7.2.2. Removing an Attribute from the Index Using the Web Console
  3. 13.7.3. Deleting Index Types Using the Command Line
  4. 13.7.4. Removing Browsing Indexes
    
    Expand section "13.7.4. Removing Browsing Indexes" Collapse section "13.7.4. Removing Browsing Indexes"
    
    13.7.4.1. Removing Browsing Indexes Using the Command Line
14. Finding Directory Entries
Expand section "14. Finding Directory Entries" Collapse section "14. Finding Directory Entries"
1. 14.1. Finding Directory Entries Using the Command Line
  Expand section "14.1. Finding Directory Entries Using the Command Line" Collapse section "14.1. Finding Directory Entries Using the Command Line"
2. 14.2. Finding Entries Using the Web Console
3. 14.3. LDAP Search Filters
  Expand section "14.3. LDAP Search Filters" Collapse section "14.3. LDAP Search Filters"
4. 14.4. Examples of Common ldapsearches
  Expand section "14.4. Examples of Common ldapsearches" Collapse section "14.4. Examples of Common ldapsearches"
5. 14.5. Improving Search Performance through Resource Limits
  Expand section "14.5. Improving Search Performance through Resource Limits" Collapse section "14.5. Improving Search Performance through Resource Limits"
6. 14.6. Using Persistent Search
7. 14.7. Searching with Specified Controls
  Expand section "14.7. Searching with Specified Controls" Collapse section "14.7. Searching with Specified Controls"
15. Managing Replication
Expand section "15. Managing Replication" Collapse section "15. Managing Replication"
1. 15.1. Replication Overview
  Expand section "15.1. Replication Overview" Collapse section "15.1. Replication Overview"
2. 15.2. Configuring Bootstrap Credentials
3. 15.3. Single-supplier Replication
  Expand section "15.3. Single-supplier Replication" Collapse section "15.3. Single-supplier Replication"
  1. 15.3.1. Setting up Single-supplier Replication Using the Command Line
  2. 15.3.2. Setting up Single-supplier Replication Using the Web Console
4. 15.4. Multi-Supplier Replication
  Expand section "15.4. Multi-Supplier Replication" Collapse section "15.4. Multi-Supplier Replication"
5. 15.5. Cascading Replication
  Expand section "15.5. Cascading Replication" Collapse section "15.5. Cascading Replication"
  1. 15.5.1. Setting up Cascading Replication Using the Command Line
  2. 15.5.2. Setting up Cascading Replication Using the Web Console
6. 15.6. Configuring Replication Partners to use Certificate-based Authentication
7. 15.7. Promoting a Consumer or Hub to a Supplier
  Expand section "15.7. Promoting a Consumer or Hub to a Supplier" Collapse section "15.7. Promoting a Consumer or Hub to a Supplier"
  1. 15.7.1. Promoting a Consumer or Hub to a Supplier Using the Command Line
  2. 15.7.2. Promoting a Consumer or Hub to a Supplier Using the Web Console
8. 15.8. About Initializing a Consumer
  Expand section "15.8. About Initializing a Consumer" Collapse section "15.8. About Initializing a Consumer"
  1. 15.8.1. When to Initialize a Consumer
  2. 15.8.2. Setting Initialization Timeouts
  3. 15.8.3. Initializing a Consumer
    
    Expand section "15.8.3. Initializing a Consumer" Collapse section "15.8.3. Initializing a Consumer"
    
    15.8.3.1. Initializing a Consumer Using the Command Line
    
    Expand section "15.8.3.1. Initializing a Consumer Using the Command Line" Collapse section "15.8.3.1. Initializing a Consumer Using the Command Line"
    
    15.8.3.1.1. Initializing a Consumer Online
    
    15.8.3.1.2. Initializing a Consumer Offline
  4. 15.8.4. Initializing a Consumer Using the Web Console
9. 15.9. Disabling and Re-enabling Replication
10. 15.10. Removing a Directory Server Instance from the Replication Topology
  Expand section "15.10. Removing a Directory Server Instance from the Replication Topology" Collapse section "15.10. Removing a Directory Server Instance from the Replication Topology"
  1. 15.10.1. Removing a Consumer or Hub from the Replication Topology
  2. 15.10.2. Removing a Supplier from the Replication Topology
11. 15.11. Managing Attributes Within Fractional Replication
  Expand section "15.11. Managing Attributes Within Fractional Replication" Collapse section "15.11. Managing Attributes Within Fractional Replication"
12. 15.12. Managing Deleted Entries with Replication
13. 15.13. Configuring Changelog Encryption
14. 15.14. Removing the Changelog
  Expand section "15.14. Removing the Changelog" Collapse section "15.14. Removing the Changelog"
  1. 15.14.1. Removing the Changelog using the Command Line
  2. 15.14.2. Removing the Changelog using the Web Console
15. 15.15. Exporting the Replication Changelog
16. 15.16. Importing the Replication Changelog from an LDIF-formatted Changelog Dump
17. 15.17. Moving the Replication Changelog Directory
18. 15.18. Trimming the Replication Changelog
  Expand section "15.18. Trimming the Replication Changelog" Collapse section "15.18. Trimming the Replication Changelog"
  1. 15.18.1. Configuring Replication Changelog Trimming
  2. 15.18.2. Manually Reducing the Size of a Large Changelog
19. 15.19. Forcing Replication Updates
20. 15.20. Setting Replication Timeout Periods
21. 15.21. Using the Retro Changelog Plug-in
  Expand section "15.21. Using the Retro Changelog Plug-in" Collapse section "15.21. Using the Retro Changelog Plug-in"
  1. 15.21.1. Enabling the Retro Changelog Plug-in
    
    Expand section "15.21.1. Enabling the Retro Changelog Plug-in" Collapse section "15.21.1. Enabling the Retro Changelog Plug-in"
    
    15.21.1.1. Enabling the Retro Changelog Plug-in Using the Command Line
    
    15.21.1.2. Enabling the Retro Changelog Plug-in Using the Web Console
  2. 15.21.2. Trimming the Retro Changelog
  3. 15.21.3. Searching and Modifying the Retro Changelog
  4. 15.21.4. Retro Changelog and the Access Control Policy
22. 15.22. Displaying the Status of a Specific Replication Agreement
  Expand section "15.22. Displaying the Status of a Specific Replication Agreement" Collapse section "15.22. Displaying the Status of a Specific Replication Agreement"
  1. 15.22.1. Displaying the Status of a Specific Replication Agreement Using the Command-Line
  2. 15.22.2. Displaying the Status of a Specific Replication Agreement Using the Web Console
23. 15.23. Monitoring the Replication Topology
  Expand section "15.23. Monitoring the Replication Topology" Collapse section "15.23. Monitoring the Replication Topology"
  1. 15.23.1. Setting Credentials for Replication Monitoring in the .dsrc File
  2. 15.23.2. Using Aliases in the Replication Topology Monitoring Output
24. 15.24. Comparing Two Directory Server Instances
25. 15.25. Solving Common Replication Conflicts
  Expand section "15.25. Solving Common Replication Conflicts" Collapse section "15.25. Solving Common Replication Conflicts"
26. 15.26. Troubleshooting Replication-Related Problems
  Expand section "15.26. Troubleshooting Replication-Related Problems" Collapse section "15.26. Troubleshooting Replication-Related Problems"
  1. 15.26.1. Possible Replication-related Error Messages
16. Synchronizing Red Hat Directory Server with Microsoft Active Directory
Expand section "16. Synchronizing Red Hat Directory Server with Microsoft Active Directory" Collapse section "16. Synchronizing Red Hat Directory Server with Microsoft Active Directory"
1. 16.1. About Windows Synchronization
2. 16.2. Supported Active Directory Versions
3. 16.3. Synchronizing Passwords
4. 16.4. Setting up Synchronization Between Active Directory and Directory Server
  Expand section "16.4. Setting up Synchronization Between Active Directory and Directory Server" Collapse section "16.4. Setting up Synchronization Between Active Directory and Directory Server"
  1. 16.4.1. Step 1: Enabling TLS on the Directory Server Host
  2. 16.4.2. Step 2: Enabling Password Complexity in the AD Domain
  3. 16.4.3. Step 3: Extracting the CA Certificate from AD
  4. 16.4.4. Step 4: Extracting the CA Certificate from the Directory Server's NSS Database
  5. 16.4.5. Step 5: Creating the Synchronization Accounts
  6. 16.4.6. Step 6: Installing the Password Sync Service
  7. 16.4.7. Step 7: Adding the CA Certificate Directory Server uses to the Password Sync Service's Certificate Database
  8. 16.4.8. Step 8: Adding the CA Certificate AD uses to Directory Server's Certificate Database
  9. 16.4.9. Step 9: Configuring the Database for Synchronization and Creating the Synchronization Agreement
    
    Expand section "16.4.9. Step 9: Configuring the Database for Synchronization and Creating the Synchronization Agreement" Collapse section "16.4.9. Step 9: Configuring the Database for Synchronization and Creating the Synchronization Agreement"
    
    16.4.9.1. Configuring the Database for Synchronization and Creating the Synchronization Agreement Using the Command Line
    
    16.4.9.2. Configuring the Database for Synchronization and Creating the Synchronization Agreement Using the Web Console
5. 16.5. Synchronizing Users
  Expand section "16.5. Synchronizing Users" Collapse section "16.5. Synchronizing Users"
  1. 16.5.1. User Attributes Synchronized between Directory Server and Active Directory
  2. 16.5.2. User Schema Differences between Red Hat Directory Server and Active Directory
    
    Expand section "16.5.2. User Schema Differences between Red Hat Directory Server and Active Directory" Collapse section "16.5.2. User Schema Differences between Red Hat Directory Server and Active Directory"
    
    16.5.2.1. Values for cn Attributes
    
    16.5.2.2. Password Policies
    
    16.5.2.3. Values for street and streetAddress
    
    16.5.2.4. Constraints on the initials Attribute
  3. 16.5.3. Configuring User Synchronization for Directory Server Users
  4. 16.5.4. Configuring User Synchronization for Active Directory Users
6. 16.6. Synchronizing Groups
  Expand section "16.6. Synchronizing Groups" Collapse section "16.6. Synchronizing Groups"
7. 16.7. Configuring Uni-Directional Synchronization
8. 16.8. Configuring Multiple Subtrees and Filters in Windows Synchronization
9. 16.9. Synchronizing POSIX Attributes for Users and Groups
  Expand section "16.9. Synchronizing POSIX Attributes for Users and Groups" Collapse section "16.9. Synchronizing POSIX Attributes for Users and Groups"
10. 16.10. Deleting and Resurrecting Entries
  Expand section "16.10. Deleting and Resurrecting Entries" Collapse section "16.10. Deleting and Resurrecting Entries"
  1. 16.10.1. Deleting Entries
  2. 16.10.2. Resurrecting Entries
11. 16.11. Sending Synchronization Updates
  Expand section "16.11. Sending Synchronization Updates" Collapse section "16.11. Sending Synchronization Updates"
  1. 16.11.1. Performing a Manual Incremental Synchronization
  2. 16.11.2. Performing a Full Synchronization
    
    Expand section "16.11.2. Performing a Full Synchronization" Collapse section "16.11.2. Performing a Full Synchronization"
    
    16.11.2.1. Performing a Full Synchronization Using the Command Line
    
    16.11.2.2. Performing a Full Synchronization Using the Web Console
  3. 16.11.3. Setting Synchronization Schedules
  4. 16.11.4. Changing Synchronization Connections
  5. 16.11.5. Handling Entries That Move Out of the Synchronized Subtree
12. 16.12. Troubleshooting
17. Setting up Content Synchronization Using the SyncRepl Protocol
Expand section "17. Setting up Content Synchronization Using the SyncRepl Protocol" Collapse section "17. Setting up Content Synchronization Using the SyncRepl Protocol"
1. 17.1. Configuring the Content Synchronization Plug-in Using the Command Line
18. Managing Access Control
Expand section "18. Managing Access Control" Collapse section "18. Managing Access Control"
1. 18.1. Access Control Principles
2. 18.2. ACI Placement
3. 18.3. ACI Structure
4. 18.4. ACI Evaluation
5. 18.5. Limitations of ACIs
6. 18.6. How Directory Server Handles ACIs in a Replication Topology
7. 18.7. Managing ACIs using the command line
  Expand section "18.7. Managing ACIs using the command line" Collapse section "18.7. Managing ACIs using the command line"
8. 18.8. Managing ACIs Using the Web Console
  Expand section "18.8. Managing ACIs Using the Web Console" Collapse section "18.8. Managing ACIs Using the Web Console"
9. 18.9. Defining Targets
  Expand section "18.9. Defining Targets" Collapse section "18.9. Defining Targets"
  1. 18.9.1. Frequently Used Target Keywords
    
    Expand section "18.9.1. Frequently Used Target Keywords" Collapse section "18.9.1. Frequently Used Target Keywords"
    
    18.9.1.1. Targeting a Directory Entry
    
    18.9.1.2. Targeting Attributes
    
    18.9.1.3. Targeting Entries and Attributes Using LDAP Filters
    
    18.9.1.4. Targeting Attribute Values Using LDAP Filters
  2. 18.9.2. Further Target Keywords
    
    Expand section "18.9.2. Further Target Keywords" Collapse section "18.9.2. Further Target Keywords"
    
    18.9.2.1. Targeting Source and Destination DNs
  3. 18.9.3. Advanced Usage of Target Rules
    
    Expand section "18.9.3. Advanced Usage of Target Rules" Collapse section "18.9.3. Advanced Usage of Target Rules"
    
    18.9.3.1. Delegating Permissions to Create and Maintain Groups
    
    18.9.3.2. Targeting Both an Entry and Attributes
    
    18.9.3.3. Targeting Certain Attributes of Entries Matching a Filter
    
    18.9.3.4. Targeting a Single Directory Entry
10. 18.10. Defining Permissions
  Expand section "18.10. Defining Permissions" Collapse section "18.10. Defining Permissions"
11. 18.11. Defining Bind Rules
  Expand section "18.11. Defining Bind Rules" Collapse section "18.11. Defining Bind Rules"
  1. 18.11.1. Frequently Used Bind Rules
    
    Expand section "18.11.1. Frequently Used Bind Rules" Collapse section "18.11.1. Frequently Used Bind Rules"
    
    18.11.1.1. Defining User-based Access
    
    Expand section "18.11.1.1. Defining User-based Access" Collapse section "18.11.1.1. Defining User-based Access"
    
    18.11.1.1.1. Using a DN with the userdn Keyword
    
    18.11.1.1.2. Using the userdn Keyword with an LDAP Filter
    
    18.11.1.1.3. Granting Anonymous Access
    
    18.11.1.1.4. Granting Access to Authenticated Users
    
    18.11.1.1.5. Enabling Users to Access Their Own Entries
    
    18.11.1.1.6. Setting Access for Child Entries of a User
    
    18.11.1.2. Defining Group-based Access
    
    Expand section "18.11.1.2. Defining Group-based Access" Collapse section "18.11.1.2. Defining Group-based Access"
    
    18.11.1.2.1. Using a DN with the groupdn Keyword
    
    18.11.1.2.2. Using the groupdn Keyword with an LDAP Filter
  2. 18.11.2. Further Bind Rules
    
    Expand section "18.11.2. Further Bind Rules" Collapse section "18.11.2. Further Bind Rules"
    
    18.11.2.1. Defining Access Based on Value Matching
    
    Expand section "18.11.2.1. Defining Access Based on Value Matching" Collapse section "18.11.2.1. Defining Access Based on Value Matching"
    
    18.11.2.1.1. Using the USERDN Bind Type
    
    18.11.2.1.2. Using the GROUPDN Bind Type
    
    18.11.2.1.3. Using the ROLEDN Bind Type
    
    18.11.2.1.4. Using the SELFDN Bind Type
    
    18.11.2.1.5. Using the LDAPURL Bind Type
    
    18.11.2.1.6. Using the userattr Keyword with Inheritance
    
    18.11.2.2. Defining Access from Specific IP Addresses or Ranges
    
    18.11.2.3. Defining Access from a Specific Host or Domain
    
    18.11.2.4. Requiring a Certain Level of Security in Connections
    
    18.11.2.5. Defining Access at a Specific Day of the Week
    
    18.11.2.6. Defining Access at a Specific Time of Day
    
    18.11.2.7. Defining Access Based on the Authentication Method
    
    18.11.2.8. Defining Access Based on Roles
  3. 18.11.3. Combining Bind Rules Using Boolean Operators
12. 18.12. Checking Access Rights on Entries (Get Effective Rights)
  Expand section "18.12. Checking Access Rights on Entries (Get Effective Rights)" Collapse section "18.12. Checking Access Rights on Entries (Get Effective Rights)"
  1. 18.12.1. Rights Shown with a Get Effective Rights Search
  2. 18.12.2. The Format of a Get Effective Rights Search
  3. 18.12.3. Examples of GER Searches
    
    Expand section "18.12.3. Examples of GER Searches" Collapse section "18.12.3. Examples of GER Searches"
    
    18.12.3.1. General Examples on Checking Access Rights
    
    18.12.3.2. Examples of Get Effective Rights Searches for Non-Existent Attributes
    
    18.12.3.3. Examples of Get Effective Rights Searches for Specific Attributes or Object Classes
    
    18.12.3.4. Examples of Get Effective Rights Searches for Non-Existent Entries
    
    18.12.3.5. Examples of Get Effective Rights Searches for Operational Attributes
    
    18.12.3.6. Examples of Get Effective Rights Results and Access Control Rules
  4. 18.12.4. Get Effective Rights Return Codes
13. 18.13. Logging Access Control Information
14. 18.14. Advanced Access Control: Using Macro ACIs
  Expand section "18.14. Advanced Access Control: Using Macro ACIs" Collapse section "18.14. Advanced Access Control: Using Macro ACIs"
  1. 18.14.1. Macro ACI Example
  2. 18.14.2. Macro ACI Syntax
    
    Expand section "18.14.2. Macro ACI Syntax" Collapse section "18.14.2. Macro ACI Syntax"
    
    18.14.2.1. Macro Matching for ($dn)
    
    18.14.2.2. Macro Matching for [$dn]
    
    18.14.2.3. Macro Matching for ($attr.attrName)
15. 18.15. Setting Access Controls on Directory Manager
  Expand section "18.15. Setting Access Controls on Directory Manager" Collapse section "18.15. Setting Access Controls on Directory Manager"
  1. 18.15.1. About Access Controls on the Directory Manager Account
  2. 18.15.2. Configuring the RootDN Access Control Plug-in
19. Using the Health Check Feature to Identify Problems
Expand section "19. Using the Health Check Feature to Identify Problems" Collapse section "19. Using the Health Check Feature to Identify Problems"
1. 19.1. Running the Directory Server Health Check
20. Managing User Authentication
Expand section "20. Managing User Authentication" Collapse section "20. Managing User Authentication"
1. 20.1. Setting User Passwords
2. 20.2. Setting Password Administrators
3. 20.3. Changing Passwords Stored Externally
4. 20.4. Managing the Password Policy
  Expand section "20.4. Managing the Password Policy" Collapse section "20.4. Managing the Password Policy"
  1. 20.4.1. Configuring the Global Password Policy
    
    Expand section "20.4.1. Configuring the Global Password Policy" Collapse section "20.4.1. Configuring the Global Password Policy"
    
    20.4.1.1. Configuring a Global Password Policy Using the Command Line
    
    20.4.1.2. Configuring a Global Password Policy Using the Web Console
  2. 20.4.2. Using Local Password Policies
    
    Expand section "20.4.2. Using Local Password Policies" Collapse section "20.4.2. Using Local Password Policies"
    
    20.4.2.1. Where Directory Server Stores Local Password Policy Entries
    
    20.4.2.2. Configuring a Local Password Policy
5. 20.5. Configuring temporary password rules
  Expand section "20.5. Configuring temporary password rules" Collapse section "20.5. Configuring temporary password rules"
  1. 20.5.1. Enabling temporary password rules in the global password policy
  2. 20.5.2. Enabling temporary password rules in a local password policy
6. 20.6. Understanding Password Expiration Controls
7. 20.7. Managing the Directory Manager Password
  Expand section "20.7. Managing the Directory Manager Password" Collapse section "20.7. Managing the Directory Manager Password"
  1. 20.7.1. Resetting the Directory Manager Password
  2. 20.7.2. Changing the Directory Manager Password
    
    Expand section "20.7.2. Changing the Directory Manager Password" Collapse section "20.7.2. Changing the Directory Manager Password"
    
    20.7.2.1. Changing the Directory Manager Password Using the Command Line
    
    20.7.2.2. Changing the Directory Manager Password Using the Web Console
  3. 20.7.3. Changing the Directory Manager Password Storage Scheme
    
    Expand section "20.7.3. Changing the Directory Manager Password Storage Scheme" Collapse section "20.7.3. Changing the Directory Manager Password Storage Scheme"
    
    20.7.3.1. Changing the Directory Manager Password Storage Scheme Using the Command Line
    
    20.7.3.2. Changing the Directory Manager Password Storage Scheme Using the Web Console
  4. 20.7.4. Changing the Directory Manager DN
8. 20.8. Checking Account Availability for Passwordless Access
  Expand section "20.8. Checking Account Availability for Passwordless Access" Collapse section "20.8. Checking Account Availability for Passwordless Access"
  1. 20.8.1. Searching for Entries Using the Account Usability Extension Control
  2. 20.8.2. Changing What Users Can Perform an Account Usability Search
9. 20.9. Configuring a Password-Based Account Lockout Policy
  Expand section "20.9. Configuring a Password-Based Account Lockout Policy" Collapse section "20.9. Configuring a Password-Based Account Lockout Policy"
10. 20.10. Configuring Time-Based Account Lockout Policies
  Expand section "20.10. Configuring Time-Based Account Lockout Policies" Collapse section "20.10. Configuring Time-Based Account Lockout Policies"
11. 20.11. Replicating Account Lockout Attributes
  Expand section "20.11. Replicating Account Lockout Attributes" Collapse section "20.11. Replicating Account Lockout Attributes"
12. 20.12. Enabling Different Types of Binds
  Expand section "20.12. Enabling Different Types of Binds" Collapse section "20.12. Enabling Different Types of Binds"
  1. 20.12.1. Requiring Secure Binds
  2. 20.12.2. Disabling Anonymous Binds
  3. 20.12.3. Allowing Unauthenticated Binds
  4. 20.12.4. Configuring Autobind
    
    Expand section "20.12.4. Configuring Autobind" Collapse section "20.12.4. Configuring Autobind"
    
    20.12.4.1. Overview of Autobind and LDAPI
    
    20.12.4.2. Configuring the Autobind Feature
13. 20.13. Using Pass-Through Authentication
  Expand section "20.13. Using Pass-Through Authentication" Collapse section "20.13. Using Pass-Through Authentication"
  1. 20.13.1. PTA Plug-in Syntax
  2. 20.13.2. Configuring the PTA Plug-in
    
    Expand section "20.13.2. Configuring the PTA Plug-in" Collapse section "20.13.2. Configuring the PTA Plug-in"
    
    20.13.2.1. Configuring the Servers to Use a Secure Connection
    
    20.13.2.2. Specifying the Authenticating Directory Server
    
    20.13.2.3. Specifying the Pass-Through Subtree
    
    20.13.2.4. Configuring the Optional Parameters
  3. 20.13.3. PTA Plug-in Syntax Examples
    
    Expand section "20.13.3. PTA Plug-in Syntax Examples" Collapse section "20.13.3. PTA Plug-in Syntax Examples"
    
    20.13.3.1. Specifying One Authenticating Directory Server and One Subtree
    
    20.13.3.2. Specifying Multiple Authenticating Directory Servers
    
    20.13.3.3. Specifying One Authenticating Directory Server and Multiple Subtrees
    
    20.13.3.4. Using Non-Default Parameter Values
    
    20.13.3.5. Specifying Different Optional Parameters and Subtrees for Different Authenticating Directory Servers
14. 20.14. Using Active Directory-formatted User Names for Authentication
15. 20.15. Using PAM for Pass-Through Authentication
  Expand section "20.15. Using PAM for Pass-Through Authentication" Collapse section "20.15. Using PAM for Pass-Through Authentication"
  1. 20.15.1. PAM Pass-Through Authentication Configuration Options
    
    Expand section "20.15.1. PAM Pass-Through Authentication Configuration Options" Collapse section "20.15.1. PAM Pass-Through Authentication Configuration Options"
    
    20.15.1.1. Specifying the Suffixes to Target for PAM PTA
    
    20.15.1.2. Applying Different PAM Pass-Through Authentication Configurations to Different Entries
    
    20.15.1.3. Setting PAM PTA Mappings
    
    20.15.1.4. Configuring General PAM PTA Settings
  2. 20.15.2. Configuring PAM Pass-Through Authentication
  3. 20.15.3. Using PAM Pass-Through Authentication with Active Directory as the Back End
16. 20.16. Manually Inactivating Users and Roles
  Expand section "20.16. Manually Inactivating Users and Roles" Collapse section "20.16. Manually Inactivating Users and Roles"
  1. 20.16.1. Displaying the Status of an Account or Role
  2. 20.16.2. Inactivating and Activating Users and Roles Using the Command Line
21. Monitoring Server and Database Activity
Expand section "21. Monitoring Server and Database Activity" Collapse section "21. Monitoring Server and Database Activity"
1. 21.1. Types of Directory Server Log Files
2. 21.2. Displaying Log Files
  Expand section "21.2. Displaying Log Files" Collapse section "21.2. Displaying Log Files"
  1. 21.2.1. Displaying Log Files Using the Command Line
  2. 21.2.2. Displaying Log Files Using the Web Console
3. 21.3. Configuring Log Files
  Expand section "21.3. Configuring Log Files" Collapse section "21.3. Configuring Log Files"
  1. 21.3.1. Enabling or Disabling Logs
    
    Expand section "21.3.1. Enabling or Disabling Logs" Collapse section "21.3.1. Enabling or Disabling Logs"
    
    21.3.1.1. Enabling or Disabling Logging Using the Command Line
    
    21.3.1.2. Enabling or Disabling Logging Using the Web Console
  2. 21.3.2. Configuring Plug-in-specific Logging
  3. 21.3.3. Disabling High-resolution Log Time Stamps
  4. 21.3.4. Defining a Log File Rotation Policy
    
    Expand section "21.3.4. Defining a Log File Rotation Policy" Collapse section "21.3.4. Defining a Log File Rotation Policy"
    
    21.3.4.1. Defining a Log File Rotation Policy Using the Command Line
    
    21.3.4.2. Defining a Log File Rotation Policy Using the Web Console
  5. 21.3.5. Defining a Log File Deletion Policy
    
    Expand section "21.3.5. Defining a Log File Deletion Policy" Collapse section "21.3.5. Defining a Log File Deletion Policy"
    
    21.3.5.1. Configuring a Log Deletion Policy Using the Command Line
    
    21.3.5.2. Configuring a Log Deletion Policy Using the Web Console
  6. 21.3.6. Manual Log File Rotation
  7. 21.3.7. Configuring the Log Levels
    
    Expand section "21.3.7. Configuring the Log Levels" Collapse section "21.3.7. Configuring the Log Levels"
    
    21.3.7.1. Configuring the Log Levels Using the Command Line
    
    21.3.7.2. Configuring the Log Levels Using the Web Console
    
    21.3.7.3. Logging Internal Operations
4. 21.4. Getting Access Log Statistics
5. 21.5. Monitoring the Local Disk for Graceful Shutdown
6. 21.6. Monitoring Server Activity
7. 21.7. Monitoring Database Activity
8. 21.8. Monitoring Database Link Activity
9. 21.9. Enabling and Disabling Counters
10. 21.10. Monitoring Directory Server Using SNMP
  Expand section "21.10. Monitoring Directory Server Using SNMP" Collapse section "21.10. Monitoring Directory Server Using SNMP"
  1. 21.10.1. About SNMP
  2. 21.10.2. Enabling and Disabling SNMP Support
  3. 21.10.3. Setting Parameters to Identify an Instance Using SNMP
  4. 21.10.4. Setting up an SNMP Agent for Directory Server
  5. 21.10.5. Configuring SNMP Traps
  6. 21.10.6. Using the Management Information Base
    
    Expand section "21.10.6. Using the Management Information Base" Collapse section "21.10.6. Using the Management Information Base"
    
    21.10.6.1. Operations Table
    
    21.10.6.2. Entries Table
    
    21.10.6.3. Entity Table
    
    21.10.6.4. Interaction Table
22. Making a High-availability and Disaster Recovery Plan
Expand section "22. Making a High-availability and Disaster Recovery Plan" Collapse section "22. Making a High-availability and Disaster Recovery Plan"
1. 22.1. Identifying Potential Scenarios
2. 22.2. Defining the Type of Rollover
3. 22.3. Identifying Useful Directory Server Features for Disaster Recovery
  Expand section "22.3. Identifying Useful Directory Server Features for Disaster Recovery" Collapse section "22.3. Identifying Useful Directory Server Features for Disaster Recovery"
4. 22.4. Defining the Recovery Process
5. 22.5. Basic Example: Performing a Recovery
23. Creating Test Entries
Expand section "23. Creating Test Entries" Collapse section "23. Creating Test Entries"
A. Using LDAP Client Tools
Expand section "A. Using LDAP Client Tools" Collapse section "A. Using LDAP Client Tools"
B. LDAP Data Interchange Format
Expand section "B. LDAP Data Interchange Format" Collapse section "B. LDAP Data Interchange Format"
1. B.1. About the LDIF File Format
2. B.2. Continuing Lines in LDIF
3. B.3. Representing Binary Data
  Expand section "B.3. Representing Binary Data" Collapse section "B.3. Representing Binary Data"
  1. B.3.1. Standard LDIF Notation
  2. B.3.2. Base-64 Encoding
4. B.4. Specifying Directory Entries Using LDIF
  Expand section "B.4. Specifying Directory Entries Using LDIF" Collapse section "B.4. Specifying Directory Entries Using LDIF"
5. B.5. Defining Directories Using LDIF
6. B.6. Storing Information in Multiple Languages
C. LDAP URLs
Expand section "C. LDAP URLs" Collapse section "C. LDAP URLs"
D. Internationalization
Expand section "D. Internationalization" Collapse section "D. Internationalization"
1. D.1. About Locales
2. D.2. Supported Locales
3. D.3. Supported Language Subtypes
4. D.4. Searching an Internationalized Directory
  Expand section "D.4. Searching an Internationalized Directory" Collapse section "D.4. Searching an Internationalized Directory"
  1. D.4.1. Matching Rule Formats
    
    Expand section "D.4.1. Matching Rule Formats" Collapse section "D.4.1. Matching Rule Formats"
    
    D.4.1.1. Using an OID for the Matching Rule
    
    D.4.1.2. Using a Language Tag for the Matching Rule
    
    D.4.1.3. Using an OID and Suffix for the Matching Rule
    
    D.4.1.4. Using a Language Tag and Suffix for the Matching Rule
  2. D.4.2. Supported Search Types
  3. D.4.3. International Search Examples
    
    Expand section "D.4.3. International Search Examples" Collapse section "D.4.3. International Search Examples"
    
    D.4.3.1. Less-Than Example
    
    D.4.3.2. Less-Than or Equal-to Example
    
    D.4.3.3. Equality Example
    
    D.4.3.4. Greater-Than or Equal-to Example
    
    D.4.3.5. Greater-Than Example
    
    D.4.3.6. Substring Example
5. D.5. Troubleshooting Matching Rules
E. Revision History
Legal Notice

Language:
Format:

Language:
Format:

7.3. Linking Attributes to Manage Attribute Values

A class of service dynamically supplies attribute values for entries which all have attributes with the same value, like building addresses, postal codes, or main office numbers. These are shared attribute values, which are updated in a single template entry.

Frequently, though, there are relationships between entries where there needs to be a way to express linkage between them, but the values (and possibly even the attributes) that express that relationship are different. Red Hat Directory Server provides a way to link specified attributes together, so that when one attribute in one entry is altered, a corresponding attribute on a related entry is automatically updated. (The link and managed attributes both have DN values. The value of the link attribute contains the DN of the entry for the plug-in to update; the managed attribute in the second entry has a DN value which points back to the original link entry.)

7.3.1. About Linking Attributes

The Linked Attributes Plug-in, allows multiple instances of the plug-in. Each instance configures one attribute which is manually maintained by the administrator (linkType) and one attribute which is automatically maintained by the plug-in (managedType).

Figure 7.5. Basic Linked Attribute Configuration

Note

To preserve data consistency, only the plug-in process should maintain the managed attribute. Consider creating an ACI that will restrict all write access to any managed attribute. See Section 18.7.2, “Adding an ACI” for information on setting ACIs.

A Linked Attribute Plug-in instance can be restricted to a single subtree within the directory. This can allow more flexible customization of attribute combinations and affected entries. If no scope is set, then the plug-in operates in the entire directory.

Figure 7.6. Restricting the Linked Attribute Plug-in to a Specific Subtree

When configuring the Linked Attribute Plug-in instance, certain configurations are required:

Both the managed attribute and linked attribute must require the Distinguished Name syntax in their attribute definitions. The linked attributes are essentially managed cross-references, and the way that the plug-in handles these cross-references is by pulling the DN of the entry from the attribute value.
For information on planning custom schema elements, see Chapter 12, Managing the Directory Schema.
Each Linked Attribute Plug-in instance must be local and any managed attributes must be blocked from replication using fractional replication.
Any changes that are made on one supplier will automatically trigger the plug-in to manage the values on the corresponding directory entries, so the data stay consistent across servers. However, the managed attributes must be maintained by the plug-in instance for the data to be consistent between the linked entries. This means that managed attribute values should be maintained solely by the plug-in processes, not the replication process, even in a multi-supplier replication environment.
For information on using fractional replication, see Section 15.1.7, “Replicating a Subset of Attributes with Fractional Replication”.

7.3.2. Looking at the Linking Attributes Plug-in Syntax

The default Linked Attributes Plug-in entry is a container entry for each plug-in instance, similar to the password syntax plug-ins or the DNA Plug-in in the next section. Each entry beneath this container entry defines a different link-managed attribute pair.

To create a new linking attribute pair, then, create a new plug-in instance beneath the container entry. A basic linking attribute plug-in instance required defining two things:

The attribute that is managed manually by administrators, in the linkType attribute
The attribute that is created dynamically by the plug-in, in the managedType attribute
Optionally, a scope that restricts the plug-in to a specific part of the directory tree, in the linkScope attribute

Example 7.5. Example Linked Attributes Plug-in Instance Entry

dn: cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: Manager Link
linkType: directReport
managedType: manager
linkScope: ou=people,dc=example,dc=com

For a list of attributes available for an instance of the Linked Attributes plug-in, see the corresponding section in the Red Hat Directory Server Configuration, Command, and File Reference.

7.3.3. Configuring Attribute Links

If it is not already enabled, enable the Linked Attributes plug-in. For details, see Section 1.10.3, “Enabling and Disabling Plug-ins”.f
Create the plug-in instance. Both the --managed-type and --link-type parameters are required. The following example shows the plug-in instance created by using dsconf:
```
# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin linked-attr config "Manager Link" add --link-type=directReport --managed-type=manager
```
Restart the instance:
```
# dsctl instance_name restart
```
If you enable the dynamic plug-in as described in Section 1.10.2, “Enabling Plug-ins Dynamically”, restarting the instance is not required.

7.3.4. Cleaning up Attribute Links

The managed-linked attributes can get out of sync. For instance, a linked attribute could be imported or replicated over to a server, but the corresponding managed attribute was not because the link attribute was not properly configured. The managed-linked attribute pairs can be fixed by running the dsconf plugin linked-attr fixup command or by launching a fix-up task.

The fixup task removes any managed attributes (attributes managed by the plug-in) that do not have a corresponding link attribute (attributes managed by the administrator) on the referenced entry. Conversely, the task adds any missing managed attributes if the link attribute exists in an entry.

7.3.4.1. Regenerating Linked Attributes

The dsconf plugin linked-attr fixup command launches a special task to regenerate all of the managed-link attribute pairs on directory entries. One or the other may be lost in certain situations. If the link attribute exists in an entry, the task traces the cross-referenced DN in the available attribute and creates the corresponding configured managed attribute on the referenced entry. If a managed attribute exists with no corresponding link attribute, then the managed attribute value is removed.

To repair all configured link attribute pairs for the entire scope of the plug-in, then run the command as the Directory Manager:

# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin linked-attr fixup

It is also possible to limit the fixup task to a single link-managed attribute pair by passing a base DN to the command. For example:

# dsconf -D "cn=Directory Manager" ldap://server.example.com plugin linked-attr fixup "cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config"

7.3.4.2. Regenerating Linked Attributes Using ldapmodify

Repairing linked attributes is one of the tasks which can be managed through a special task configuration entry. Task entries occur under the cn=tasks configuration entry in the dse.ldif file, so it is also possible to initiate a task by adding the entry using ldapmodify. When the task is complete, the entry is removed from the directory.

This task is the same one created automatically by the dsconf plugin linked-attr fixup command when it is run.

To initiate a linked attributes fixup task, add an entry under the cn=fixup linked attributes,cn=tasks,cn=config entry. The only required attribute is the cn for the specific task, though it also allows the ttl attribute to set a timeout period. Using ldapmodify:

# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x
dn: cn=example,cn=fixup linked attributes,cn=tasks,cn=config
changetype: add
cn:example
ttl: 5

Once the task is completed, the entry is deleted from the dse.ldif configuration, so it is possible to reuse the same task entry continually.

The cn=fixup linked attributes task configuration is described in more detail in the Configuration, Command, and File Reference.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

7.3. Linking Attributes to Manage Attribute Values

7.3.1. About Linking Attributes

7.3.2. Looking at the Linking Attributes Plug-in Syntax

7.3.3. Configuring Attribute Links

7.3.4. Cleaning up Attribute Links

7.3.4.1. Regenerating Linked Attributes

7.3.4.2. Regenerating Linked Attributes Using ldapmodify

Language and Page Formatting Options

7.3. Linking Attributes to Manage Attribute Values

7.3.1. About Linking Attributes

7.3.2. Looking at the Linking Attributes Plug-in Syntax

7.3.3. Configuring Attribute Links

7.3.4. Cleaning up Attribute Links

7.3.4.1. Regenerating Linked Attributes

7.3.4.2. Regenerating Linked Attributes Using ldapmodify