Show Table of Contents
1.8. Using Directory Server Plug-ins
Directory Server has a number of default plug-ins which configure core Directory Server functions, such as replication, classes of service, and even attribute syntaxes. Core plug-ins are enabled and completely configured by default.
Other default plug-ins extend the functionality of the Directory Server by providing consistent, but user-defined, behaviors, as with DNA, attribute uniqueness, and attribute linking. These plug-ins are available, but not enabled or configured by default.
Using plug-ins also allows the Directory Server to be easily extended, so customers can write and deploy their own server plug-ins to perform whatever directory operations they need for their specific deployment.
The details of configuring and deploying plug-ins are covered in other guides (primarily the Plug-in Programmer's Guide and to some extent in the plug-in attribute reference in the Configuration and Command-Line Tool Reference). This section covers common administrative tasks for all plug-ins.
1.8.1. Enabling Plug-ins in the Directory Server Console
To enable and disable plug-ins over LDAP using the Directory Server Console:
- In the Directory Server Console, select the Configuration tab.
- Double-click the Plugins folder in the navigation tree.
- Select the plug-in from the Plugins list.
- To disable the plug-in, clear the Enabled check box. To enable the plug-in, check this check box.
- Click .
- Restart the Directory Server.
service dirsrv restart instance_name
Note
When a plug-in is disabled, all of the details about the plug-in — such as its version and its vendor — are not displayed in the Directory Server Console; all details fields show
NONE.
Once a plug-in is enabled, those details will not be displayed in the Console until the Directory Server is restarted (loading the new plug-in configuration) and the Directory Server Console is refreshed.
1.8.2. Enabling Plug-ins in the Command Line
To disable or enable a plug-in through the command line, use the
ldapmodify utility to edit the value of the nsslapd-pluginEnabled attribute. For example:
ldapmodify -D "cn=directory manager" -W -p 389 -h server.example.com -x dn: cn=ACL Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on
1.8.3. Setting the Plug-in Precedence
The plug-in precedence is the priority it has in the execution order of plug-ins. For pre- and post-operation plug-ins, this allows one plug-in to be executed and complete before the next plug-in is initiated, which lets the second plug-in take advantage of the first plug-in's results.
Plug-in precedence is configured in the
nsslapd-pluginPrecedence attribute on the plug-in's configuration entry. This attribute has a value of 1 (highest priority) to 99 (lowest priority). If the attribute is not set, it has a default value of 50.
The
nsslapd-pluginPrecedence attribute is set using the ldapmodify command. For example:
ldapmodify -D "cn=directory manager" -W -p 389 -h server.example.com -x dn: cn=My Example Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginPrecedence nsslapd-pluginPrecedence: 1
Important
Don not set the plug-in precedence for the default Directory Server plug-ins unless told to do so by Red Hat support. The plug-in precedence attribute is primarily to govern the behavior of custom plug-ins, not to change the behavior of the core Directory Server plug-ins.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.