mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj3/src/main/docbkx/admin-guide/appendix-controls.xml
@@ -41,9 +41,13 @@ <para>OpenDJ software supports the following LDAP controls.</para> <variablelist> <varlistentry> <varlistentry xml:id="assertion-request-control"> <term>Assertion Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Assertion</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.1.12</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc4528'>RFC 4528 - Lightweight Directory Access Protocol (LDAP) Assertion Control</link> @@ -51,9 +55,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="authorization-identity-request-control"> <term>Authorization Identity Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Authorization identity</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.16</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc3829'>RFC 3829 - Lightweight Directory Access Protocol (LDAP) Authorization Identity @@ -61,9 +69,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="authorization-identity-response-control"> <term>Authorization Identity Response Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Authorization identity</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.15</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc3829'>RFC 3829 - Lightweight Directory Access Protocol (LDAP) Authorization Identity @@ -71,9 +83,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="entry-change-notification-response-control"> <term>Entry Change Notification Response Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Entry change notification</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.7</para> <para>Internet-Draft: <link xlink:href='http://tools.ietf.org/html/draft-ietf-ldapext-psearch' @@ -82,9 +98,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="get-effective-rights-request-control"> <term>Get Effective Rights Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Get effective rights</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.2</para> <para>Internet-Draft: <link xlink:href='http://tools.ietf.org/html/draft-ietf-ldapext-acl-model' @@ -93,9 +113,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="manage-dsait-request-control"> <term>Manage DSAIT Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Manage DSAIT</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.2</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc3296'>RFC 3296 - Named Subordinate References in Lightweight Directory Access Protocol @@ -103,9 +127,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="matched-values-request-control"> <term>Matched Values Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Matched values</secondary> </indexterm> <para>Object Identifier: 1.2.826.0.1.3344810.2.3</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc3876'>RFC 3876 - Returning Matched Values with the Lightweight Directory Access Protocol @@ -113,9 +141,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="password-expired-response-control"> <term>Password Expired Response Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Password expired</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.4</para> <para>Internet-Draft: <link xlink:href='http://tools.ietf.org/html/draft-vchu-ldap-pwd-policy' @@ -124,9 +156,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="password-expiring-response-control"> <term>Password Expiring Response Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Password expiring</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.5</para> <para>Internet-Draft: <link xlink:href='http://tools.ietf.org/html/draft-vchu-ldap-pwd-policy' @@ -135,9 +171,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="password-policy-response-control"> <term>Password Policy Response Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Password policy</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.4.1.42.2.27.8.5.1</para> <para>Internet-Draft: <link xlink:href='http://tools.ietf.org/html/draft-behera-ldap-password-policy' @@ -146,9 +186,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="permissive-modify-request-control"> <term>Permissive Modify Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Permissive modify</secondary> </indexterm> <para>Object Identifier: 1.2.840.113556.1.4.1413</para> <para>Microsoft defined this control that, "Allows an LDAP modify to work under less restrictive conditions. Without it, a delete will fail if an @@ -159,9 +203,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="persistent-search-request-control"> <term>Persistent Search Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Persistent search</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.3</para> <para>Internet-Draft: <link xlink:href='http://tools.ietf.org/html/draft-ietf-ldapext-psearch' @@ -170,9 +218,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="post-read-request-control"> <term>Post-Read Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Post-read</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.1.13.2</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc4527'>RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls</link> @@ -180,19 +232,27 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="post-read-response-control"> <term>Post-Read Response Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Post-read</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.1.13.2</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc4527'>RFC 4527 <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc4527'>RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls</link> </para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="pre-read-request-control"> <term>Pre-Read Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Pre-read</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.1.13.1</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc4527'>RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls</link> @@ -200,9 +260,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="pre-read-response-control"> <term>Pre-Read Response Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Pre-read</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.1.13.1</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc4527'>RFC 4527 - Lightweight Directory Access Protocol (LDAP) Read Entry Controls</link> @@ -210,9 +274,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="proxied-authorization-v1-request-control"> <term>Proxied Authorization v1 Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Proxied authorization</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.12</para> <para>Internet-Draft: <link xlink:href='http://tools.ietf.org/html/draft-weltman-ldapv3-proxy-04' @@ -221,9 +289,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="proxied-autorization-v2-request-control"> <term>Proxied Authorization v2 Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Proxied authorization</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.18</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc4370'>RFC 4370 - Lightweight Directory Access Protocol (LDAP) Proxied Authorization @@ -231,18 +303,26 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="public-changelog-exchange-control"> <term>Public Changelog Exchange Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Public changelog exchange</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.4.1.26027.1.5.4</para> <para>OpenDJ specific, for using the bookmark cookie when reading the external change log.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="server-side-sort-request-control"> <term>Server Side Sort Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Server side sort</secondary> </indexterm> <para>Object Identifier: 1.2.840.113556.1.4.473</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc2891'>RFC 2891 - LDAP Control Extension for Server Side Sorting of Search Results</link> @@ -250,9 +330,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="server-side-sort-response-control"> <term>Server Side Sort Response Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Server side sort</secondary> </indexterm> <para>Object Identifier: 1.2.840.113556.1.4.474</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc2891'>RFC 2891 - LDAP Control Extension for Server Side Sorting of Search Results</link> @@ -260,9 +344,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="simple-paged-results-control"> <term>Simple Paged Results Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Simple paged results</secondary> </indexterm> <para>Object Identifier: 1.2.840.113556.1.4.319</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc2696'>RFC 2696 - LDAP Control Extension for Simple Paged Results Manipulation</link> @@ -270,9 +358,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="subentries-request-controls"> <term>Subentries Request Controls</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Subentries</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.4.1.4203.1.10.1</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc3672' @@ -284,9 +376,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="subtree-delete-request-control"> <term>Subtree Delete Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Subtree delete</secondary> </indexterm> <para>Object Identifier: 1.2.840.113556.1.4.805</para> <para>Internet-Draft: <link xlink:href='http://tools.ietf.org/html/draft-armijo-ldap-treedelete' @@ -294,9 +390,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="virtual-list-view-request-control"> <term>Virtual List View Request Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Virtual list view (browsing)</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.9</para> <para>Internet-Draft: <link xlink:href='http://tools.ietf.org/html/draft-ietf-ldapext-ldapv3-vlv' @@ -305,9 +405,13 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="virtual-list-view-response-control"> <term>Virtual List View Response Control</term> <listitem> <indexterm> <primary>LDAP controls</primary> <secondary>Virtual list view (browsing)</secondary> </indexterm> <para>Object Identifier: 2.16.840.1.113730.3.4.10</para> <para>Internet-Draft: <link xlink:href='http://tools.ietf.org/html/draft-ietf-ldapext-ldapv3-vlv' @@ -316,5 +420,4 @@ </listitem> </varlistentry> </variablelist> </appendix> opendj3/src/main/docbkx/admin-guide/appendix-extended-ops.xml
@@ -37,9 +37,13 @@ <para>OpenDJ software supports the following LDAP extended operations.</para> <variablelist> <varlistentry> <varlistentry xml:id="cancel-extended-request"> <term>Cancel Extended Request</term> <listitem> <indexterm> <primary>LDAP extended operations</primary> <secondary>Cancel</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.1.8</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc3909'>RFC 3909 - Lightweight Directory Access Protocol (LDAP) Cancel Operation</link> @@ -47,30 +51,39 @@ </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="password-modify-extended-request"> <term>Password Modify Extended Request</term> <listitem> <indexterm> <primary>LDAP extended operations</primary> <secondary>Password modify</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.4.1.4203.1.11.1</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc3909'>RFC 3062 - LDAP Password Modify Extended Operation</link></para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="start-transport-layer-security-extended-request"> <term>Start Transport Layer Security Extended Request</term> <listitem> <indexterm> <primary>LDAP extended operations</primary> <secondary>StartTLS</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.4.1.1466.20037</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc4511'>RFC 4511 - Lightweight Directory Access Protocol (LDAP): The Protocol</link></para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="who-am-i-extended-request"> <term>Who am I? Extended Request</term> <listitem> <indexterm> <primary>LDAP extended operations</primary> <secondary>Wha am I?</secondary> </indexterm> <para>Object Identifier: 1.3.6.1.4.1.4203.1.11.3</para> <para>RFC: <link xlink:href='http://tools.ietf.org/html/rfc4532'>RFC 4532 - Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation</link> @@ -78,6 +91,4 @@ </listitem> </varlistentry> </variablelist> </appendix>
@@ -33,7 +33,8 @@ <para>OpenDJ software installs and creates the following files and directories. The following list is not necessarily exhaustive.</para> <indexterm><primary>File layout</primary></indexterm> <indexterm><primary>Installed files</primary></indexterm> <variablelist> <varlistentry> <term><filename>QuickSetup.app</filename></term> @@ -260,6 +261,4 @@ </listitem> </varlistentry> </variablelist> </appendix>
@@ -36,9 +36,9 @@ specific locales. OpenDJ software is also itself localized for a smaller variety of languages.</para> <section> <section xml:id="supported-languages"> <title>OpenDJ Languages</title> <indexterm><primary>Languages</primary></indexterm> <para>OpenDJ <?eval ${product.version}?> software has been localized in the following languages.</para> @@ -57,9 +57,9 @@ </note> </section> <section> <section xml:id="supported-locales"> <title>Directory Support For Locales and Language Subtypes</title> <indexterm><primary>Locales</primary></indexterm> <para>OpenDJ software supports the following locales, with their associated language and country codes, and their collation order object identifiers. Locale support depends on the underlying Java @@ -797,8 +797,8 @@ </variablelist> <para>OpenDJ software supports the following language subtypes.</para> <itemizedlist> <indexterm><primary>Language subtypes</primary></indexterm> <itemizedlist xml:id="supported-language-subtypes"> <listitem><para>Albanian, sq</para></listitem> <listitem><para>Arabic, ar</para></listitem> <listitem><para>Belarusian, be</para></listitem> @@ -839,8 +839,5 @@ <listitem><para>Ukranian, uk</para></listitem> <listitem><para>Vietnamese, vi</para></listitem> </itemizedlist> </section> </appendix>
@@ -35,51 +35,55 @@ <!-- Protocol, port number, description (what for), on by default? --> <variablelist> <varlistentry> <varlistentry xml:id="ldap-port"> <term>LDAP: 389 (1389)</term> <listitem> <indexterm><primary>Ports</primary><secondary>389 (1389)</secondary></indexterm> <para>OpenDJ directory server listens for LDAP requests from client applications on port 389 by default. OpenDJ directory server uses port 1389 by default for non-root users. LDAP is enabled by default.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="ldaps-port"> <term>LDAPS: 636 (1636)</term> <listitem> <indexterm><primary>Ports</primary><secondary>636 (1636)</secondary></indexterm> <para>OpenDJ directory server listens for LDAPS requests from client applications on port 636 by default. OpenDJ directory server uses port 1636 by default for non-root users. LDAPS is not enabled by default.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="admin-port"> <term>Administrative connections: 4444</term> <listitem> <indexterm><primary>Ports</primary><secondary>4444</secondary></indexterm> <para>OpenDJ directory server listens for administrative traffic on port 4444 by default. The administration connector is enabled by default.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="snmp-port"> <term>SNMP: 161</term> <listitem> <indexterm><primary>Ports</primary><secondary>161</secondary></indexterm> <para>OpenDJ directory server listens for SNMP traffic on port 161 by default. SNMP is not enabled by default.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="jmx-port"> <term>JMX: 1689</term> <listitem> <indexterm><primary>Ports</primary><secondary>1689</secondary></indexterm> <para>OpenDJ directory server listens for Java Management eXtension traffic on port 1689 by default. JMX is not enabled by default.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="repl-port"> <term>Replication: 8989</term> <listitem> <indexterm><primary>Ports</primary><secondary>8989</secondary></indexterm> <para>OpenDJ directory server listens for replication traffic on port 8989 by default. Replication is not enabled by default.</para> </listitem> </varlistentry> </variablelist> </appendix>
@@ -36,604 +36,871 @@ <!-- Document [link], description --> <variablelist> <varlistentry> <varlistentry xml:id="rfc1274"> <term><link xlink:href='http://tools.ietf.org/html/rfc1274'>RFC 1274: The COSINE and Internet X.500 Schema</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 1274</secondary> </indexterm> <para>X.500 Directory Schema, or Naming Architecture, for use in the COSINE and Internet X.500 pilots.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc1321"> <term><link xlink:href='http://tools.ietf.org/html/rfc1321'>RFC 1321: The MD5 Message-Digest Algorithm</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 1321</secondary> </indexterm> <para>MD5 message-digest algorithm that takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc1777"> <term><link xlink:href='http://tools.ietf.org/html/rfc1777'>RFC 1777: Lightweight Directory Access Protocol (LDAPv2)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 1777</secondary> </indexterm> <para>Provide access to the X.500 Directory while not incurring the resource requirements of the Directory Access Protocol.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc1778"> <term><link xlink:href='http://tools.ietf.org/html/rfc1778'>RFC 1778: The String Representation of Standard Attribute Syntaxes</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 1778</secondary> </indexterm> <para>Defines the requirements that must be satisfied by encoding rules used to render X.500 Directory attribute syntaxes into a form suitable for use in the LDAP, then defines the encoding rules for the standard set of attribute syntaxes.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc1779"> <term><link xlink:href='http://tools.ietf.org/html/rfc1779'>RFC 1779: A String Representation of Distinguished Names</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 1779</secondary> </indexterm> <para>Defines a string format for representing names, which is designed to give a clean representation of commonly used names, whilst being able to represent any distinguished name.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2079"> <term><link xlink:href='http://tools.ietf.org/html/rfc2079'>RFC 2079: Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2079</secondary> </indexterm> <para>Defines a new attribute type and an auxiliary object class to allow URIs, including URLs, to be stored in directory entries in a standard way.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2222"> <term><link xlink:href='http://tools.ietf.org/html/rfc2222'>RFC 2222: Simple Authentication and Security Layer (SASL)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2222</secondary> </indexterm> <para>Describes a method for adding authentication support to connection-based protocols.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2246"> <term><link xlink:href='http://tools.ietf.org/html/rfc2246'>RFC 2246: The TLS Protocol Version 1.0</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2246</secondary> </indexterm> <para>Specifies Version 1.0 of the Transport Layer Security protocol.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2247"> <term><link xlink:href='http://tools.ietf.org/html/rfc2247'>RFC 2247: Using Domains in LDAP/X.500 Distinguished Names</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2247</secondary> </indexterm> <para>Defines an algorithm by which a name registered with the Internet Domain Name Service can be represented as an LDAP distinguished name.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2251"> <term><link xlink:href='http://tools.ietf.org/html/rfc2251'>RFC 2251: Lightweight Directory Access Protocol (v3)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2251</secondary> </indexterm> <para>Describes a directory access protocol designed to provide access to directories supporting the X.500 models, while not incurring the resource requirements of the X.500 Directory Access Protocol.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2252"> <term><link xlink:href='http://tools.ietf.org/html/rfc2252'>RFC 2252: Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2252</secondary> </indexterm> <para>Defines a set of syntaxes for LDAPv3, and the rules by which attribute values of these syntaxes are represented as octet strings for transmission in the LDAP protocol.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2253"> <term><link xlink:href='http://tools.ietf.org/html/rfc2253'>RFC 2253: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names</link></term> <listitem> <para></para> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2253</secondary> </indexterm> <para>Defines a common UTF-8 format to represent distinguished names unambiguously.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2254"> <term><link xlink:href='http://tools.ietf.org/html/rfc2254'>RFC 2254: The String Representation of LDAP Search Filters</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2254</secondary> </indexterm> <para>Defines the string format for representing names, which is designed to give a clean representation of commonly used distinguished names, while being able to represent any distinguished name.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2255"> <term><link xlink:href='http://tools.ietf.org/html/rfc2255'>RFC 2255: The LDAP URL Format</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2255</secondary> </indexterm> <para>Describes a format for an LDAP Uniform Resource Locator.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2256"> <term><link xlink:href='http://tools.ietf.org/html/rfc2256'>RFC 2256: A Summary of the X.500(96) User Schema for use with LDAPv3</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2256</secondary> </indexterm> <para>Provides an overview of the attribute types and object classes defined by the ISO and ITU-T committees in the X.500 documents, in particular those intended for use by directory clients.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2307"> <term><link xlink:href='http://tools.ietf.org/html/rfc2307'>RFC 2307: An Approach for Using LDAP as a Network Information Service</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2307</secondary> </indexterm> <para>Describes an experimental mechanism for mapping entities related to TCP/IP and the UNIX system into X.500 entries so that they may be resolved with the Lightweight Directory Access Protocol.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2377"> <term><link xlink:href='http://tools.ietf.org/html/rfc2377'>RFC 2377: Naming Plan for Internet Directory-Enabled Applications</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2377</secondary> </indexterm> <para>Proposes a new directory naming plan that leverages the strengths of the most popular and successful Internet naming schemes for naming objects in a hierarchical directory.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2696"> <term><link xlink:href='http://tools.ietf.org/html/rfc2696'>RFC 2696: LDAP Control Extension for Simple Paged Results Manipulation</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2696</secondary> </indexterm> <para>Allows a client to control the rate at which an LDAP server returns the results of an LDAP search operation.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2713"> <term><link xlink:href='http://tools.ietf.org/html/rfc2713'>RFC 2713: Schema for Representing Java(tm) Objects in an LDAP Directory</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2713</secondary> </indexterm> <para>Defines a common way for applications to store and retrieve Java objects from the directory.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2714"> <term><link xlink:href='http://tools.ietf.org/html/rfc2714'>RFC 2714: Schema for Representing CORBA Object References in an LDAP Directory</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2714</secondary> </indexterm> <para>Define a common way for applications to store and retrieve CORBA object references from the directory.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2739"> <term><link xlink:href='http://tools.ietf.org/html/rfc2739'>RFC 2739: Calendar Attributes for vCard and LDAP</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2739</secondary> </indexterm> <para>Defines a mechanism to locate a user calendar and free/busy time using the LDAP protocol.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2798"> <term><link xlink:href='http://tools.ietf.org/html/rfc2798'>RFC 2798: Definition of the inetOrgPerson LDAP Object Class</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2798</secondary> </indexterm> <para>Define an object class called inetOrgPerson for use in LDAP and X.500 directory services that extends the X.521 standard organizationalPerson class.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2829"> <term><link xlink:href='http://tools.ietf.org/html/rfc2829'>RFC 2829: Authentication Methods for LDAP</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2829</secondary> </indexterm> <para>Specifies particular combinations of security mechanisms which are required and recommended in LDAP implementations.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2830"> <term><link xlink:href='http://tools.ietf.org/html/rfc2830'>RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2830</secondary> </indexterm> <para>Defines the "Start Transport Layer Security (TLS) Operation" for LDAP.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2849"> <term><link xlink:href='http://tools.ietf.org/html/rfc2849'>RFC 2849: The LDAP Data Interchange Format (LDIF) - Technical Specification</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2849</secondary> </indexterm> <indexterm> <primary>LDIF</primary> <secondary>Specification</secondary> </indexterm> <para>Describes a file format suitable for describing directory information or modifications made to directory information.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc2926"> <term><link xlink:href='http://tools.ietf.org/html/rfc2926'>RFC 2926: Conversion of LDAP Schemas to and from SLP Templates</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 2926</secondary> </indexterm> <para>Describes a procedure for mapping between Service Location Protocol service advertisements and lightweight directory access protocol descriptions of services.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3045"> <term><link xlink:href='http://tools.ietf.org/html/rfc3045'>RFC 3045: Storing Vendor Information in the LDAP root DSE</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3045</secondary> </indexterm> <para>Specifies two Lightweight Directory Access Protocol attributes, vendorName and vendorVersion that MAY be included in the root DSA-specific Entry (DSE) to advertise vendor-specific information.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3062"> <term><link xlink:href='http://tools.ietf.org/html/rfc3062'>RFC 3062: LDAP Password Modify Extended Operation</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3062</secondary> </indexterm> <para>Describes an LDAP extended operation to allow modification of user passwords which is not dependent upon the form of the authentication identity nor the password storage mechanism used.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3112"> <term><link xlink:href='http://tools.ietf.org/html/rfc3112'>RFC 3112: LDAP Authentication Password Schema</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3112</secondary> </indexterm> <para>Describes schema in support of user/password authentication in a LDAP directory including the authPassword attribute type. This attribute type holds values derived from the user's password(s) (commonly using cryptographic strength one-way hash).</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3377"> <term><link xlink:href='http://tools.ietf.org/html/rfc3377'>RFC 3377: Lightweight Directory Access Protocol (v3): Technical Specification</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3377</secondary> </indexterm> <para>Specifies the set of RFCs comprising the Lightweight Directory Access Protocol Version 3 (LDAPv3), and addresses the "IESG Note" attached to RFCs 2251 through 2256.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3383"> <term><link xlink:href='http://tools.ietf.org/html/rfc3383'>RFC 3383: Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3383</secondary> </indexterm> <para>Provides procedures for registering extensible elements of the Lightweight Directory Access Protocol (LDAP).</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3546"> <term><link xlink:href='http://tools.ietf.org/html/rfc3546'>RFC 3546: Transport Layer Security (TLS) Extensions</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3546</secondary> </indexterm> <para>Describes extensions that may be used to add functionality to Transport Layer Security.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3671"> <term><link xlink:href='http://tools.ietf.org/html/rfc3671'>RFC 3671: Collective Attributes in the Lightweight Directory Access Protocol (LDAP)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3671</secondary> </indexterm> <para>Summarizes the X.500 information model for collective attributes and describes use of collective attributes in LDAP.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3672"> <term><link xlink:href='http://tools.ietf.org/html/rfc3672'>RFC 3672: Subentries in the Lightweight Directory Access Protocol (LDAP)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3672</secondary> </indexterm> <para>Adapts X.500 subentries mechanisms for use with the Lightweight Directory Access Protocol (LDAP).</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3673"> <term><link xlink:href='http://tools.ietf.org/html/rfc3673'>RFC 3673: Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3673</secondary> </indexterm> <para>Describes an LDAP extension which clients may use to request the return of all operational attributes.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3674"> <term><link xlink:href='http://tools.ietf.org/html/rfc3674'>RFC 3674: Feature Discovery in Lightweight Directory Access Protocol (LDAP)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3674</secondary> </indexterm> <para>Introduces a general mechanism for discovery of elective features and extensions which cannot be discovered using existing mechanisms.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3771"> <term><link xlink:href='http://tools.ietf.org/html/rfc3771'>RFC 3771: Lightweight Directory Access Protocol (LDAP) Intermediate Response Message</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3771</secondary> </indexterm> <para>Defines and describes the IntermediateResponse message, a general mechanism for defining single-request/multiple-response operations in Lightweight Directory Access Protocol.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3829"> <term><link xlink:href='http://tools.ietf.org/html/rfc3829'>RFC 3829: Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3829</secondary> </indexterm> <para>Extends the Lightweight Directory Access Protocol bind operation with a mechanism for requesting and returning the authorization identity it establishes.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3876"> <term><link xlink:href='http://tools.ietf.org/html/rfc3876'>RFC 3876: Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3876</secondary> </indexterm> <para>Describes a control for the Lightweight Directory Access Protocol version 3 that is used to return a subset of attribute values from an entry.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc3909"> <term><link xlink:href='http://tools.ietf.org/html/rfc3909'>RFC 3909: Lightweight Directory Access Protocol (LDAP) Cancel Operation</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 3909</secondary> </indexterm> <para>Describes a Lightweight Directory Access Protocol extended operation to cancel (or abandon) an outstanding operation, with a response to indicate the outcome of the operation.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4346"> <term><link xlink:href='http://tools.ietf.org/html/rfc4346'>RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4346</secondary> </indexterm> <para>Specifies Version 1.1 of the Transport Layer Security protocol.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4370"> <term><link xlink:href='http://tools.ietf.org/html/rfc4370'>RFC 4370: Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4370</secondary> </indexterm> <para>Defines the Proxy Authorization Control, that allows a client to request that an operation be processed under a provided authorization identity instead of under the current authorization identity associated with the connection.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4403"> <term><link xlink:href='http://tools.ietf.org/html/rfc4403'>RFC 4403: Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4403</secondary> </indexterm> <para>Defines the Lightweight Directory Access Protocol schema for representing Universal Description, Discovery, and Integration data types in an LDAP directory.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4422"> <term><link xlink:href='http://tools.ietf.org/html/rfc4422'>RFC 4422: Simple Authentication and Security Layer (SASL)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4422</secondary> </indexterm> <para>Describes a framework for providing authentication and data security services in connection-oriented protocols via replaceable mechanisms.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4505"> <term><link xlink:href='http://tools.ietf.org/html/rfc4505'>RFC 4505: Anonymous Simple Authentication and Security Layer (SASL) Mechanism</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4505</secondary> </indexterm> <para>Describes a new way to provide anonymous login is needed within the context of the Simple Authentication and Security Layer framework.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4510"> <term><link xlink:href='http://tools.ietf.org/html/rfc4510'>RFC 4510: Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4510</secondary> </indexterm> <para>Provides a road map of the LDAP Technical Specification.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4511"> <term><link xlink:href='http://tools.ietf.org/html/rfc4511'>RFC 4511: Lightweight Directory Access Protocol (LDAP): The Protocol</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4511</secondary> </indexterm> <para>Describes the protocol elements, along with their semantics and encodings, of the Lightweight Directory Access Protocol.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4512"> <term><link xlink:href='http://tools.ietf.org/html/rfc4512'>RFC 4512: Lightweight Directory Access Protocol (LDAP): Directory Information Models</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4512</secondary> </indexterm> <para>Describes the X.500 Directory Information Models as used in LDAP.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4513"> <term><link xlink:href='http://tools.ietf.org/html/rfc4513'>RFC 4513: Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4513</secondary> </indexterm> <para>Describes authentication methods and security mechanisms of the Lightweight Directory Access Protocol.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4514"> <term><link xlink:href='http://tools.ietf.org/html/rfc4514'>RFC 4514: Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4514</secondary> </indexterm> <para>Defines the string representation used in the Lightweight Directory Access Protocol to transfer distinguished names.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4515"> <term><link xlink:href='http://tools.ietf.org/html/rfc4515'>RFC 4515: Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4515</secondary> </indexterm> <para>Defines a human-readable string representation of LDAP search filters that is appropriate for use in LDAP URLs and in other applications.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4516"> <term><link xlink:href='http://tools.ietf.org/html/rfc4516'>RFC 4516: Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4516</secondary> </indexterm> <para>Describes a format for a Lightweight Directory Access Protocol Uniform Resource Locator.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4517"> <term><link xlink:href='http://tools.ietf.org/html/rfc4517'>RFC 4517: Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4517</secondary> </indexterm> <para>Defines a base set of syntaxes and matching rules for use in defining attributes for LDAP directories.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4519"> <term><link xlink:href='http://tools.ietf.org/html/rfc4519'>RFC 4519: Lightweight Directory Access Protocol (LDAP): Schema for User Applications</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4519</secondary> </indexterm> <para>Provides a technical specification of attribute types and object classes intended for use by LDAP directory clients for many directory services, such as White Pages.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4524"> <term><link xlink:href='http://tools.ietf.org/html/rfc4524'>RFC 4524: COSINE LDAP/X.500 Schema</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4524</secondary> </indexterm> <para>Provides a collection of schema elements for use with the Lightweight Directory Access Protocol from the COSINE and Internet X.500 pilot projects.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4525"> <term><link xlink:href='http://tools.ietf.org/html/rfc4525'>RFC 4525: Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4525</secondary> </indexterm> <para>Describes an extension to the Lightweight Directory Access Protocol Modify operation to support an increment capability.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4526"> <term><link xlink:href='http://tools.ietf.org/html/rfc4526'>RFC 4526: Lightweight Directory Access Protocol (LDAP) Absolute True and False Filters</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4526</secondary> </indexterm> <para>Extends the Lightweight Directory Access Protocol to support absolute True and False filters based upon similar capabilities found in X.500 directory systems.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4527"> <term><link xlink:href='http://tools.ietf.org/html/rfc4527'>RFC 4527: Lightweight Directory Access Protocol (LDAP) Read Entry Controls</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4527</secondary> </indexterm> <para>Specifies an extension to the Lightweight Directory Access Protocol to allow the client to read the target entry of an update operation.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4528"> <term><link xlink:href='http://tools.ietf.org/html/rfc4528'>RFC 4528: Lightweight Directory Access Protocol (LDAP) Assertion Control</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4528</secondary> </indexterm> <para>Defines the Lightweight Directory Access Protocol Assertion Control, which allows a client to specify that a directory operation should only be processed if an assertion applied to the target entry of the operation is true.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4529"> <term><link xlink:href='http://tools.ietf.org/html/rfc4529'>RFC 4529: Requesting Attributes by Object Class in the Lightweight Directory Access Protocol (LDAP)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4529</secondary> </indexterm> <para>Extends LDAP to support a mechanism that LDAP clients may use to request the return of all attributes of an object class.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4530"> <term><link xlink:href='http://tools.ietf.org/html/rfc4530'>RFC 4530: Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4530</secondary> </indexterm> <para>Describes the LDAP/X.500 'entryUUID' operational attribute and associated matching rules and syntax.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4532"> <term><link xlink:href='http://tools.ietf.org/html/rfc4532'>RFC 4532: Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4532</secondary> </indexterm> <para>Provides a mechanism for Lightweight Directory Access Protocol clients to obtain the authorization identity the server has associated with the user or application entity.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="rfc4616"> <term><link xlink:href='http://tools.ietf.org/html/rfc4616'>RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>RFC 4616</secondary> </indexterm> <para>Defines a simple clear-text user/password Simple Authentication and Security Layer mechanism called the PLAIN mechanism.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="fips180-1"> <term><link xlink:href='http://www.itl.nist.gov/fipspubs/fip180-1.htm' >FIPS 180-1: Secure Hash Standard (SHA-1)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>FIPS 180-1</secondary> </indexterm> <para>Specifies a Secure Hash Algorithm, SHA-1, for computing a condensed representation of a message or a data file.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="fips180-2"> <term><link xlink:href='http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf' >FIPS 180-2: Secure Hash Standard (SHA-1, SHA-256, SHA-384, SHA-512)</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>FIPS 180-2</secondary> </indexterm> <para>Specifies four Secure Hash Algorithms for computing a condensed representation of electronic data.</para> </listitem> </varlistentry> <varlistentry> <varlistentry xml:id="dsmlv2"> <term><link xlink:href='http://www.oasis-open.org/committees/dsml/docs/DSMLv2.xsd' >DSMLv2: Directory Service Markup Language</link></term> <listitem> <indexterm> <primary>Supported standards</primary> <secondary>DSMLv2</secondary> </indexterm> <para>Provides a method for expressing directory queries and updates as XML documents.</para> </listitem> </varlistentry> </variablelist> </appendix>
@@ -56,9 +56,9 @@ <para>This chapter shows you how to set up account lockout policies, and how to intervene manually to lock and unlock accounts.</para> <section> <section xml:id="configure-account-lockout"> <title>Configuring Account Lockout</title> <indexterm><primary>Accounts</primary><secondary>Lockout</secondary></indexterm> <para>Account lockout is configured as part of password policy. This section demonstrates configuring account lockout as part of the default password policy. Users are allowed three consecutive failures before being locked out @@ -100,7 +100,7 @@ Result Code: 49 (Invalid Credentials)</screen> </section> <section> <section xml:id="manage-accounts"> <title>Managing Accounts Manually</title> <para>This section covers disabling and enabling accounts by using the @@ -114,9 +114,9 @@ version 3.0;acl "Admins can run amok"; allow(all) groupdn = "ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";)</literallayout> <procedure> <procedure xml:id="disable-account"> <title>To Disable an Account</title> <indexterm><primary>Accounts</primary><secondary>Disabling</secondary></indexterm> <step> <para>Set the account status to disabled with the <command>manage-account</command> command.</para> @@ -128,9 +128,9 @@ </step> </procedure> <procedure> <procedure xml:id="reactivate-account"> <title>To Activate a Disabled Account</title> <indexterm><primary>Accounts</primary><secondary>Activating</secondary></indexterm> <step> <para>Clear the disabled status using the <command>manage-account</command> command.</para> @@ -143,14 +143,17 @@ </procedure> </section> <section> <section xml:id="account-status-notification"> <title>Managing Account Status Notification</title> <indexterm> <primary>Accounts</primary> <secondary>Status notifications</secondary> </indexterm> <para>OpenDJ can send mail about account status changes. OpenDJ needs an SMTP server to send messages. By default, message templates are in English.</para> <procedure> <procedure xml:id="mail-account-status-notifications"> <title>To Mail Users About Account Status</title> <step> opendj3/src/main/docbkx/admin-guide/chap-admin-tools.xml
@@ -48,9 +48,9 @@ <para>This chapter takes a quick look at the tools for managing directory services.</para> <section> <section xml:id="control-panel"> <title>Control Panel</title> <indexterm><primary>Control panel</primary></indexterm> <para>OpenDJ Control Panel offers a graphical user interface for managing both local and remote servers. You choose the server to manage when you start the Control Panel. The Control Panel connects to the @@ -160,8 +160,9 @@ </section> <section> <section xml:id="cli-overview"> <title>Command-Line Tools</title> <indexterm><primary>Commands</primary></indexterm> <para>All OpenDJ command-line tools take the --help option.</para> @@ -400,9 +401,6 @@ <para>Register OpenDJ as a Windows Service.</para> </listitem> </varlistentry> </variablelist> </section> </chapter>
@@ -30,7 +30,7 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Implementing Attribute Value Uniqueness</title> <para>Some attribute values ought to remain unique. If you are using <literal>uid</literal> values as RDNs to distinguish between millions of user entries stored under <literal>ou=People</literal>, then you do not @@ -40,6 +40,8 @@ want to share that credit card or mobile number with another customer. The same is true for your email address.</para> <indexterm><primary>Unique attribute values</primary></indexterm> <para>The difficulty for you as directory administrator lies in implementing attribute value uniqueness without sacrificing the high availability that comes from using OpenDJ's loosely consistent, @@ -53,7 +55,7 @@ <para>This chapter shows you how to set up attribute value uniqueness in your directory environment.</para> <procedure> <procedure xml:id="enable-unique-uids"> <title>To Enable Unique UIDs</title> <para>OpenDJ provides a unique attribute plugin that you configure by using @@ -86,9 +88,9 @@ </step> </procedure> <procedure> <procedure xml:id="enable-unique-attributes"> <title>To Enable Unique Values For Other Attributes</title> <para>You can also configure the unique attribute plugin for use with other attributes, such as <literal>mail</literal>, <literal>mobile</literal>, or attributes you define, for example <literal>cardNumber</literal>.</para> @@ -128,9 +130,12 @@ </step> </procedure> <procedure> <procedure xml:id="unique-attributes-repl"> <title>To Ensure Unique Attribute Values With Replication</title> <indexterm> <primary>Replication</primary> <secondary>Unique attributes</secondary> </indexterm> <para>The unique attribute plugin ensures unique attribute values on the directory server where the attribute value is updated. If client applications separately write the same attribute value at the same time on different @@ -160,7 +165,6 @@ partition.</para> </step> </stepalternatives> </step> </step> </procedure> </chapter>
@@ -37,9 +37,9 @@ of backup archives, as well as backing up server configuration information.</para> <section> <section xml:id="backup"> <title>Backing Up Directory Data</title> <indexterm><primary>Backup</primary></indexterm> <para>A <filename>bak/</filename> directory is provided when you install OpenDJ, as a location to save binary backups. When you create a backup, the <filename>bak/backup.info</filename> contains information about the @@ -49,7 +49,7 @@ backups only of the directory data. Backups of server configuration are found in <filename>config/archived-configs/</filename>.</para> <procedure> <procedure xml:id="backup-immediately"> <title>To Back Up Data Immediately</title> <step> @@ -91,7 +91,7 @@ </step> </procedure> <procedure> <procedure xml:id="schedule-backup"> <title>To Schedule Data Backup</title> <para>You can schedule data backup using <command>crontab</command> @@ -109,13 +109,15 @@ </procedure> </section> <section> <section xml:id="restore-data"> <title>Restoring Directory Data From Backup</title> <indexterm><primary>Backup</primary></indexterm> <indexterm><primary>Restore from backup</primary></indexterm> <para>When you restore data, the procedure to follow depends on whether the OpenDJ directory server is replicated.</para> <procedure> <procedure xml:id="restore-standalone-server"> <title>To Restore a Stand-alone Server</title> <step> @@ -155,9 +157,13 @@ </step> </procedure> <procedure> <procedure xml:id="restore-replica"> <title>To Restore a Replica</title> <indexterm> <primary>Replication</primary> <secondary>Restoring from backup</secondary> </indexterm> <para>When you restore a replicated server from backup, make sure the backup is newer than the last purge of the replication change log (default: 3 days).</para> @@ -214,4 +220,3 @@ </procedure> </section> </chapter>
@@ -44,9 +44,13 @@ <para>This chapter demonstrates how to work with groups.</para> <section> <section xml:id="static-groups"> <title>Creating Static Groups</title> <indexterm> <primary>Groups</primary> <secondary>Static</secondary> </indexterm> <para>A <firstterm>static group</firstterm> is expressed as an entry that enumerates all the entries that belong to the group. Static group entries grow as their membership increases.</para> @@ -103,9 +107,13 @@ cn: My Static Group</screen> </section> <section> <section xml:id="dynamic-groups"> <title>Creating Dynamic Groups</title> <indexterm> <primary>Groups</primary> <secondary>Dynamic</secondary> </indexterm> <para>A <firstterm>dynamic group</firstterm> specifies members using LDAP URLs. Dynamic groups entries can stay small even as their membership increases.</para> @@ -161,9 +169,13 @@ mail: rjensen@example.com</screen> </section> <section> <section xml:id="virtual-static-groups"> <title>Creating Virtual Static Groups</title> <indexterm> <primary>Groups</primary> <secondary>Virtual static</secondary> </indexterm> <para>OpenDJ lets you create <firstterm>virtual static groups</firstterm>, which let applications see dynamic groups as what appear to be static groups.</para> @@ -244,8 +256,12 @@ ds-target-group-dn: cn=My Dynamic Group,ou=Groups,dc=example,dc=com</screen> </section> <section> <section xml:id="group-membership"> <title>Looking Up Group Membership</title> <indexterm> <primary>Groups</primary> <secondary>Membership</secondary> </indexterm> <para>OpenDJ lets you look up which groups a user belongs to by using the <literal>isMemberOf</literal> attribute.</para> @@ -259,9 +275,13 @@ <para>You must request <literal>isMemberOf</literal> explicitly.</para> </section> <section> <section xml:id="referential-integrity"> <title>Configuring Referential Integrity</title> <indexterm> <primary>Groups</primary> <secondary>Referential integrity</secondary> </indexterm> <para>When you delete or rename an entry that belongs to static groups, that entry's DN must be removed or changed in the list of each group to which it belongs. You can configure OpenDJ to resolve membership on your behalf after @@ -303,4 +323,3 @@ uniqueMember: uid=tmorris,ou=People,dc=example,dc=com</screen> </section> </chapter>
@@ -30,7 +30,20 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Importing & Exporting LDIF Data</title> <indexterm><primary>Provisioning</primary></indexterm> <indexterm><primary>Importing data</primary></indexterm> <indexterm><primary>Restoring from LDIF</primary></indexterm> <indexterm><primary>Exporting data</primary></indexterm> <indexterm><primary>Backup</primary></indexterm> <indexterm> <primary>LDIF</primary> <secondary>Import</secondary> </indexterm> <indexterm> <primary>LDIF</primary> <secondary>Export</secondary> </indexterm> <para>LDAP Data Interchange Format provides a mechanism for representing directory data in text format. LDIF data is typically used to initialize directory databases, but also may be used to move data between different @@ -41,9 +54,9 @@ This chapter also covers creating test data in LDIF format, and manipulating LDIF data with command-line tools.</para> <procedure> <procedure xml:id="generate-ldif"> <title>To Generate Test LDIF Data</title> <indexterm><primary>Importing data</primary><secondary>Test data</secondary></indexterm> <para>When you install OpenDJ, you have the option of importing sample data generated at installation time. This procedure demonstrates how to generate LDIF on the command line using the @@ -92,7 +105,7 @@ </step> </procedure> <procedure> <procedure xml:id="import-ldif"> <title>To Import LDIF Data</title> <para>You can also use the OpenDJ Control Panel to import data (Directory @@ -198,7 +211,7 @@ </step> </procedure> <procedure> <procedure xml:id="export-ldif"> <title>To Export LDIF Data</title> <para>You can also use the OpenDJ Control Panel to export data (Directory @@ -230,13 +243,17 @@ </step> </procedure> <section> <section xml:id="ldif-tools"> <title>Other Tools For Working With LDIF Data</title> <indexterm> <primary>LDIF</primary> <secondary>Tools</secondary> </indexterm> <para>This section demonstrates the <command>ldifsearch</command>, <command>ldifmodify</command>, and <command>ldif-diff</command> tools.</para> <section> <section xml:id="ldifsearch-example"> <title>Searching in LDIF With <command>ldifsearch</command></title> <para>The <command>ldifsearch</command> command lets you search LDIF files @@ -245,9 +262,7 @@ <screen>$ ldifsearch -b dc=example,dc=org -l generated.ldif "(sn=Grenier)" mobile dn: uid=user.4630,ou=People,dc=example,dc=org mobile: +1 728 983 6669 </screen> mobile: +1 728 983 6669</screen> <para>The <option>-l <replaceable>ldif-file</replaceable></option> option compares to the hostname and port options used to connect to an LDAP @@ -255,7 +270,7 @@ <command>ldapsearch</command> users.</para> </section> <section> <section xml:id="ldifmodify-example"> <title>Updating LDIF With <command>ldifmodify</command></title> <para>The <command>ldifmodify</command> command lets you apply changes to @@ -276,7 +291,7 @@ same size as the source LDIF file.</para> </section> <section> <section xml:id="ldif-diff-example"> <title>Comparing LDIF With <command>ldif-diff</command></title> <para>The <command>ldif-diff</command> command reports differences between opendj3/src/main/docbkx/admin-guide/chap-indexing.xml
@@ -30,7 +30,10 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Indexing Attribute Values</title> <indexterm> <primary>Indexes</primary> </indexterm> <para>OpenDJ provides several indexing schemes to speed up searches.</para> <para>When a client requests a directory search operation, the client sends @@ -53,14 +56,18 @@ index attribute values. This chapter also lists the default indexing configuration for OpenDJ directory server.</para> <section> <section xml:id="indexes-overview"> <title>Index Types & What Each Does</title> <para>OpenDJ provides several different index types, each corresponding to a different type of search.</para> <section> <section xml:id="indexes-approximate"> <title>Approximate Index</title> <indexterm> <primary>Indexes</primary> <secondary>Approximate</secondary> </indexterm> <para>An approximate index is used to match values that "sound like" those provided in the filter. An approximate index on <literal>cn</literal> @@ -73,8 +80,12 @@ cn: Babs Jensen</screen> </section> <section> <section xml:id="indexes-equality"> <title>Equality Index</title> <indexterm> <primary>Indexes</primary> <secondary>Equality</secondary> </indexterm> <para>An equality index is used to match values that correspond exactly (though generally without case sensitivity) to the value provided in @@ -86,8 +97,12 @@ mail: bjensen@example.com</screen> </section> <section> <section xml:id="indexes-ordering"> <title>Ordering Index</title> <indexterm> <primary>Indexes</primary> <secondary>Ordering</secondary> </indexterm> <para>An ordering index is used to match values for a filter that specifies a range. The <literal>ds-sync-hist</literal> has an ordering @@ -110,8 +125,12 @@ uid: pchassin</screen> </section> <section> <section xml:id="indexes-presence"> <title>Presence Index</title> <indexterm> <primary>Indexes</primary> <secondary>Presence</secondary> </indexterm> <para>A presence index is used to match the fact that an attribute is present on the entry, regardless of the value. The <literal>aci</literal> @@ -124,8 +143,12 @@ dn: ou=People,dc=example,dc=com</screen> </section> <section> <section xml:id="indexes-substring"> <title>Substring Index</title> <indexterm> <primary>Indexes</primary> <secondary>Substring</secondary> </indexterm> <para>A substring index is used to match values specified with wildcards in the filter. Substring indexes can be expensive to maintain, especially @@ -149,8 +172,12 @@ cn: Barbara Maddox</screen> </section> <section> <section xml:id="indexes-vlv"> <title>Virtual List View (Browsing) Index</title> <indexterm> <primary>Indexes</primary> <secondary>Virtual list view (browsing)</secondary> </indexterm> <para>A VLV or browsing index are designed to help the server respond to client applications that need virtual list view results, for example to @@ -163,8 +190,12 @@ </section> </section> <section> <section xml:id="configure-indexes"> <title>Configuring & Rebuilding Indexes</title> <indexterm> <primary>Indexes</primary> <secondary>Configuring</secondary> </indexterm> <para>You modify index configurations using the <command>dsconfig</command> command. The configuration changes then take effect after you rebuild the @@ -177,7 +208,7 @@ the suffixes in different backends.</para> </tip> <section> <section xml:id="configure-standard-index"> <title>Configuring a Standard Index</title> <para>You can configure standard indexes from the Control Panel, and also @@ -185,7 +216,7 @@ you finish configuring the index, you must rebuild the index for the changes to take effect.</para> <example> <example xml:id="create-index-example"> <title>Create a New Index</title> <para>The following example creates a new substring index for @@ -196,8 +227,12 @@ --set index-type:substring -n</screen> </example> <example> <example xml:id="approx-index-example"> <title>Configure an Approximate Index</title> <indexterm> <primary>Indexes</primary> <secondary>Approximate</secondary> </indexterm> <para>The following example configures and approximate index for <literal>cn</literal> (common name).</para> @@ -208,8 +243,12 @@ </example> </section> <section> <section xml:id="configure-vlv"> <title>Configuring a Virtual List View Index</title> <indexterm> <primary>Indexes</primary> <secondary>Virtual list view (browsing)</secondary> </indexterm> <para>In the OpenDJ Control Panel, select Manage Indexes > New VLV Index..., and then set up your VLV index using the New VLV @@ -226,15 +265,19 @@ VLV index configuration, and then to build the index.</para> </section> <section> <section xml:id="rebuild-index"> <title>Rebuilding Indexes</title> <indexterm> <primary>Indexes</primary> <secondary>Rebuilding</secondary> </indexterm> <para>After you change an index configuration, or when you find that an index is corrupt, you can rebuild the index. If you rebuild the index while the server is online, then you must schedule the rebuild process as a task.</para> <example> <example xml:id="rebuild-index-example"> <title>Rebuild Index</title> <para>The following example rebuilds the <literal>cn</literal> index @@ -246,8 +289,12 @@ </example> </section> <section> <section xml:id="index-entry-limits"> <title>Changing Index Entry Limits</title> <indexterm> <primary>Indexes</primary> <secondary>Entry limits</secondary> </indexterm> <para>Indexing data makes sense when maintaining the index is quicker and cheaper than searching through all entries.</para> @@ -281,7 +328,7 @@ <para>You can change the index entry limit on a per index basis.</para> <example> <example xml:id="change-index-entry-limit"> <title>Change Index Entry Limit</title> <para>The following example changes the index entry limit for the @@ -298,14 +345,18 @@ </section> </section> <section> <section xml:id="verify-index"> <title>Verifying Indexes</title> <indexterm> <primary>Indexes</primary> <secondary>Verifying</secondary> </indexterm> <para>You can verify that indexes correspond to current directory data, and that indexes do not contain errors using the <command>verify-index</command> command.</para> <example> <example xml:id="verify-index-example"> <title>Verify Index</title> <para>The following example verifies the <literal>cn</literal> (common @@ -333,8 +384,12 @@ </example> </section> <section> <section xml:id="debug-search-indexes"> <title>Checking Indexes For a Search</title> <indexterm> <primary>Indexes</primary> <secondary>Debugging searches</secondary> </indexterm> <para>When searching, you can improve performance by making sure your search is indexed as you expect. One way of checking is to request the @@ -362,8 +417,12 @@ candidate entries goes beyond the search or look-though limit.</para> </section> <section> <section xml:id="default-indexes"> <title>Default Indexes</title> <indexterm> <primary>Indexes</primary> <secondary>Default settings</secondary> </indexterm> <para>When you first install OpenDJ directory server and import your data from LDIF, the following indexes are configured.</para> opendj3/src/main/docbkx/admin-guide/chap-ldap-operations.xml
@@ -38,8 +38,9 @@ <!-- TODO: search, compare, add, modify, modifyDN, delete, but also authrate, searchrate, modrate, and ldappasswordmodify, who am I?, cancel --> <section> <section xml:id="search-ldap"> <title>Searching the Directory</title> <indexterm><primary>Searching data</primary></indexterm> <para>Searching the directory resembles searching for a phone number in a paper phone book. You can look up a phone number because you know the @@ -83,7 +84,7 @@ If you do not specify attributes, then the search returns all user attributes for the entry.</para> <example> <example xml:id="simple-filter-search"> <title>Search: Simple Filter</title> <para>The following example searches for entries with UID containing @@ -115,7 +116,7 @@ Result Code: 0 (Success)</screen> </example> <example> <example xml:id="complex-filter-search"> <title>Search: Complex Filter</title> <para>The following example returns entries with <literal>uid</literal> @@ -169,13 +170,14 @@ </example> </section> <section> <section xml:id="compare-ldap"> <title>Comparing Attribute Values</title> <indexterm><primary>Comparing attribute values</primary></indexterm> <para>The compare operation checks whether an attribute value you specify matches the attribute value stored on one or more directory entries.</para> <example> <example xml:id="compare-example"> <title>Compare: Checking <literal>authPassword</literal></title> <para>In this example, Kirsten Vaughan checks whether the hashed password @@ -192,20 +194,21 @@ </example> </section> <section> <section xml:id="write-ldap"> <title>Updating the Directory</title> <indexterm><primary>Updating data</primary></indexterm> <indexterm><primary>LDIF</primary><secondary>Examples</secondary></indexterm> <para>Authorized users can change directory data using the LDAP add, modify, modify DN, and delete operations.</para> <section> <section xml:id="add-ldap"> <title>Adding Entries</title> <para>With the <command>ldapmodify -a</command> command, authorized users can add entire entries from the same sort of LDIF file used to import and export data.</para> <example> <example xml:id="add-two-users"> <title>Add: Two New Users</title> <screen>$ cat new-users.ldif @@ -234,14 +237,14 @@ </example> </section> <section> <section xml:id="modify-ldap"> <title>Modifying Entry Attributes</title> <para>With the <command>ldapmodify</command> command, authorized users can change the values of attributes in the directory using LDIF as specified in <link xlink:href='http://tools.ietf.org/html/rfc2849'>RFC 2849</link>.</para> <example> <example xml:id="modify-add-attribute"> <title>Modify: Adding Attributes</title> <para>The following example adds a description and JPEG photo to Sam @@ -262,7 +265,7 @@ MODIFY operation successful for DN uid=scarter,ou=people,dc=example,dc=com</screen> </example> <example> <example xml:id="modify-replace-attribute"> <title>Modify: Changing an Attribute Value</title> <para>The following example replaces the description on Sam Carter's @@ -280,7 +283,7 @@ MODIFY operation successful for DN uid=scarter,ou=people,dc=example,dc=com</screen> </example> <example> <example xml:id="modify-delete-attribute"> <title>Modify: Deleting an Attribute Value</title> <para>The following example deletes the JPEG photo on Sam Carter's @@ -298,7 +301,7 @@ </example> </section> <section> <section xml:id="rename-ldap"> <title>Renaming Entries</title> <para>The Relative Distinguished Name (RDN) refers to the part of an @@ -314,7 +317,7 @@ modifying the value of the naming attribute, but also modifying the entry's DN.</para> <example> <example xml:id="rename-modrdn"> <title>Rename: Modifying the DN</title> <para>Sam Carter is changing her last name to Jensen, and changing her @@ -351,7 +354,7 @@ </example> </section> <section> <section xml:id="rename-moddn"> <title>Moving Entries</title> <para>When you rename an entry with child entries, the directory has @@ -366,7 +369,7 @@ <para>With the <command>ldapmodify</command> command, authorized users can move entries in the directory.</para> <example> <example xml:id="move-entry-example"> <title>Move: Merging Customer and Employees Under <literal>ou=People</literal></title> @@ -425,13 +428,13 @@ </example> </section> <section> <section xml:id="delete-ldap"> <title>Deleting Entries</title> <para>With the <command>ldapmodify</command> command, authorized users can delete entries from the directory.</para> <example> <example xml:id="delete-subtree"> <title>Delete: Removing a Subtree</title> <para>The following example uses the subtree delete option to remove @@ -445,13 +448,14 @@ </section> </section> <section> <section xml:id="change-password"> <title>Changing Passwords</title> <indexterm><primary>Passwords</primary><secondary>Changing</secondary></indexterm> <para>With the <command>ldappasswordmodify</command> command, authorized users can change and reset user passwords.</para> <example> <example xml:id="password-reset"> <title>Password Reset</title> <para>The following example shows Kirsten Vaughan resetting Sam Carter's @@ -472,7 +476,7 @@ Password Is Reset: true</screen> </example> <example> <example xml:id="change-own-password"> <title>Change Own Password</title> <para>You can use the <command>ldappasswordmodify</command> command to @@ -523,9 +527,9 @@ </tip> </section> <section> <section xml:id="tools-properties"> <title>Configuring Default Settings</title> <indexterm><primary>Ports</primary><secondary>Settings for tools</secondary></indexterm> <para>You can use <filename>~/.opendj/tools.properties</filename> to set the defaults for bind DN, host name, and port number as in the following example.</para> @@ -542,9 +546,9 @@ <filename>%UserProfile%/.opendj/tools.properties</filename>.</para> </section> <section> <section xml:id="proxied-authz"> <title>Configuring Proxied Authorization</title> <indexterm><primary>Proxied authorization</primary></indexterm> <para>Proxied authorization provides a standard control as defined in <link xlink:href='http://tools.ietf.org/html/rfc4370'>RFC 4370</link> (and an earlier Internet-Draft) for binding with the user credentials of a proxy, who @@ -567,7 +571,7 @@ commands in the following procedure. My App uses proxied authorization to make a change to Babs's entry as Kirsten.</para> <procedure> <procedure xml:id="setup-proxied-authz"> <title>To Set Up Proxied Authorization</title> <step> <para>Grant access to applications that can use proxied authorization.</para> @@ -608,4 +612,3 @@ </procedure> </section> </chapter>
@@ -30,13 +30,13 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Configuring Servers For Client Application Access</title> <indexterm><primary>Ports</primary><secondary>Configuring</secondary></indexterm> <para>This chapter shows you how to configure OpenDJ directory server to listen for directory client requests, using connection handlers. You can view information about connection handlers in the OpenDJ Control Panel, and update the configuration using the <command>dsconfig</command> command.</para> <section> <section xml:id="configure-ldap-port"> <title>LDAP Client Access</title> <para>You configure LDAP client access by using the command-line tool @@ -49,7 +49,7 @@ installation time. If you install as a user who cannot use a port < 1024, then the default port number presented at installation time is 1389.</para> <procedure> <procedure xml:id="change-ldap-port"> <title>To Change the LDAP Port Number</title> <step> @@ -67,15 +67,14 @@ </procedure> </section> <section> <section xml:id="setup-server-cert"> <title>Preparing For Secure Communications</title> <subtitle>Setting Up a Self-Signed Certificate</subtitle> <indexterm><primary>Certificates</primary></indexterm> <para>You can set up a self-signed certificate as part of the OpenDJ installation process. You can also choose to import your own CA-signed certificate as part of the installation process.</para> <para>Other applications recognize certificates signed by CAs whose root certificates are installed already. If you need your server certificate to be recognized automagically by applications configured to use SSL out of the @@ -86,7 +85,7 @@ after installation. With the self-signed certificate you can set up, for example, secure communications with StartTLS and over LDAPS.</para> <procedure> <procedure xml:id="new-self-signed-cert"> <title>To Create & Install a Self-Signed Certificate</title> <para>First you create and sign a server certificate that you place in @@ -131,15 +130,15 @@ </procedure> </section> <section> <section xml:id="configure-starttls"> <title>LDAP Client Access With Transport Layer Security</title> <indexterm><primary>StartTLS</primary></indexterm> <para>StartTLS (Transport Layer Security) negotiations start on the unsecure LDAP port, and then protect communication with the client. You can opt to configure StartTLS during installation, or later using the <command>dsconfig</command> command.</para> <procedure> <procedure xml:id="setup-starttls-port"> <title>To Enable StartTLS on the LDAP Port</title> <step> @@ -156,9 +155,9 @@ </procedure> </section> <section> <section xml:id="configure-ssl"> <title>LDAP Client Access Over SSL</title> <indexterm><primary>SSL</primary></indexterm> <para>You configure LDAPS (LDAP/SSL) client access by using the command-line tool <command>dsconfig</command>. You can opt to configure LDAPS access when you install.</para> @@ -169,7 +168,7 @@ installation time. If you install as a user who cannot use a port < 1024, then the default port number presented at installation time is 1636.</para> <procedure> <procedure xml:id="setup-ssl-port"> <title>To Set Up LDAPS Access</title> <step> @@ -184,7 +183,7 @@ </step> </procedure> <procedure> <procedure xml:id="change-ssl-port"> <title>To Change the LDAPS Port Number</title> <step> @@ -202,11 +201,12 @@ </procedure> </section> <section> <section xml:id="setup-dsml"> <title>DSML Client Access</title> <indexterm><primary>DSML</primary></indexterm> <para>DSML client access is implemented as a servlet that runs in a web application container.</para> <para>Directory Services Markup Language (DSML) client access is implemented as a servlet that runs in a web application container.</para> <para>You configure DSML client access by editing the <filename>WEB-INF/web.xml</filename> after you deploy the web @@ -305,13 +305,14 @@ </mediaobject> </section> <section> <section xml:id="jmx-access"> <title>JMX Client Access</title> <indexterm><primary>JMX</primary></indexterm> <para>You configure JMX client access by using the command-line tool <command>dsconfig</command>.</para> <para>You configure Java Management Extensions (JMX) client access by using the command-line tool, <command>dsconfig</command>.</para> <procedure> <procedure xml:id="setup-jmx"> <title>To Set Up JMX Access</title> <step> @@ -328,8 +329,12 @@ </procedure> </section> <section> <section xml:id="ldif-access"> <title>LDIF File Access</title> <indexterm> <primary>LDIF</primary> <secondary>File as backend</secondary> </indexterm> <para>The LDIF connection handler lets you make changes to directory data by placing LDIF in a file system directory that OpenDJ server regularly @@ -338,7 +343,7 @@ <para>You configure LDIF file access by using the command-line tool <command>dsconfig</command>.</para> <procedure> <procedure xml:id="setup-ldif-access"> <title>To Set Up LDIF File Access</title> <step> @@ -357,6 +362,4 @@ </step> </procedure> </section> </chapter>
@@ -30,16 +30,18 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Monitoring Servers</title> <para>This chapter describes the monitoring capabilities that OpenDJ implements, and shows how to configure them.</para> <indexterm><primary>Monitoring</primary></indexterm> <para>OpenDJ Control Panel provides basic monitoring capabilities under Monitoring > Connection Handler, Monitoring > Connection Handler, and Monitoring > Manage Tasks. This chapter covers the other options for monitoring OpenDJ.</para> <section> <section xml:id="ldap-monitoring"> <title>LDAP-Based Monitoring</title> <para>OpenDJ exposes monitoring information over LDAP under the entry @@ -74,8 +76,9 @@ to limit read access under <literal>cn=monitor</literal>.</para> </section> <section> <section xml:id="snmp-monitoring"> <title>SNMP-Based Monitoring</title> <indexterm><primary>SNMP</primary></indexterm> <para>OpenDJ lets you monitor the server over the Simple Network Management Protocol (SNMP), with support for the Management Information Base described @@ -95,8 +98,9 @@ --set opendmk-jarfile:<replaceable>OpenDMK-install-dir</replaceable>/lib/jdmkrt.jar</screen> </section> <section> <section xml:id="jmx-monitoring"> <title>JMX-Based Monitoring</title> <indexterm><primary>JMX</primary></indexterm> <para>OpenDJ provides Java Management eXtensions (JMX) based monitoring. A number of tools support JMX, including <command>jconsole</command> and @@ -127,7 +131,7 @@ $ jvisualvm --openpid 3363 &</screen> </section> <section> <section xml:id="monitoring-status-and-tasks"> <title>Server Operation & Tasks</title> <para>OpenDJ comes with two commands for monitoring server processes and @@ -179,8 +183,13 @@ example-20110623030000000 Backup Waiting on start time</screen> </section> <section> <section xml:id="logging"> <title>Server Logs</title> <indexterm><primary>Logs</primary></indexterm> <indexterm> <primary>Replication</primary> <secondary>Log</secondary> </indexterm> <para>By default OpenDJ stores access and errors logs as well as a server process ID file under the <filename>logs/</filename> directory. @@ -273,8 +282,9 @@ list-retention-policies</command>.</para> </section> <section> <section xml:id="alert-notifications"> <title>Alert Notifications</title> <indexterm><primary>Alerts</primary></indexterm> <para>OpenDJ can send alerts to provide notifications of significant server events. Yet alert notifications are not enabled by default. You can use @@ -299,4 +309,3 @@ --set sender-address:opendj@example.com -X -n</screen> </section> </chapter>
@@ -30,13 +30,18 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Moving Servers</title> <indexterm><primary>Moving servers</primary></indexterm> <para>When you change where OpenDJ is deployed, you must take host names, port numbers, and certificates into account. The changes can also affect your replication configuration. This chapter shows what to do when moving a server.</para> <indexterm> <primary>Replication</primary> <secondary>Moving servers</secondary> </indexterm> <section> <section xml:id="moving-servers-overview"> <title>Overview</title> <para>From time to time you might change server hardware, file system layout, @@ -47,6 +52,7 @@ <itemizedlist> <para>Two aspects of the configuration are not portable.</para> <listitem> <indexterm><primary>Certificates</primary></indexterm> <para>Server certificates contain the host name of the system. Even if you did not set up secure communications when you installed the server, the server still has a certificate used for secure communications on the @@ -64,7 +70,7 @@ </itemizedlist> </section> <section> <section xml:id="before-moving-servers"> <title>Before You Move</title> <para>Take a moment to determine whether you find it quicker and easier to @@ -83,7 +89,7 @@ <command>dsconfig</command> and <command>dsreplication</command> commands.</para> <procedure> <procedure xml:id="remove-server"> <title>To Take the Server Out of Service</title> <step> @@ -131,14 +137,14 @@ </procedure> </section> <section> <section xml:id="moving-servers"> <title>Moving a Server</title> <para>Now that you have decided to move your server, and prepared for the move, you must not only move the files but also fix the configuration and the server certificates, and then enable replication.</para> <procedure> <procedure xml:id="mv-one-server"> <title>To Move the Server</title> <step> @@ -222,8 +228,9 @@ </step> </procedure> <procedure> <procedure xml:id="change-server-certificates"> <title>To Change Server Certificates</title> <indexterm><primary>Certificates</primary></indexterm> <note> <para>This procedure demonstrates using a new self-signed certificate to replace the existing certificate in the opendj3/src/main/docbkx/admin-guide/chap-privileges-acis.xml
@@ -41,8 +41,9 @@ <para>This chapter covers both access control instructions and privileges, demonstrating how to configure both.</para> <section> <section xml:id="about-acis"> <title>About Access Control Instructions</title> <indexterm><primary>Access control</primary></indexterm> <para>OpenDJ directory server access control instructions (ACIs) exist as <literal>aci</literal> attribute values in the directory data. ACIs apply @@ -113,8 +114,12 @@ specify multiple permissions-subjects pairs, at least one must match (<literal>OR</literal>).</para> <section> <section xml:id="aci-targets"> <title>ACI Targets</title> <indexterm> <primary>Access control</primary> <secondary>Targets</secondary> </indexterm> <para>The seven types of ACI targets identify the objects to which the ACI applies.</para> @@ -213,8 +218,12 @@ </variablelist> </section> <section> <section xml:id="aci-permissions"> <title>ACI Permissions</title> <indexterm> <primary>Access control</primary> <secondary>Permissions</secondary> </indexterm> <para>ACI permission definitions take one of the following forms.</para> @@ -304,8 +313,12 @@ </section> <section> <section xml:id="aci-subjects"> <title>ACI Subjects</title> <indexterm> <primary>Access control</primary> <secondary>Subjects</secondary> </indexterm> <para>ACI subjects match characteristics of the client connection to the server. Use subjects to restrict whether the ACI applies depending on who @@ -458,8 +471,9 @@ </section> </section> <section> <section xml:id="about-privileges"> <title>About Privileges</title> <indexterm><primary>Privileges</primary></indexterm> <para>Privileges provide access control for server administration independently from access control instructions.</para> @@ -600,7 +614,7 @@ <para>* = default directory root user privileges</para> </section> <section> <section xml:id="configure-privileges"> <title>Configuring Privileges</title> <para>For root directory administrators, by default <literal>cn=Directory @@ -610,7 +624,7 @@ <para>For non-root directory administrators, you add privileges with the <command>ldapmodify</command> command.</para> <procedure> <procedure xml:id="change-root-dn-privileges"> <title>To Change Root DN Privileges</title> <step> @@ -631,7 +645,7 @@ </step> </procedure> <procedure> <procedure xml:id="change-individual-privileges"> <title>To Add Privileges on an Individual Entry</title> <para>Privileges are specified using the <literal>ds-privilege-name</literal> @@ -689,7 +703,7 @@ </step> </procedure> <procedure> <procedure xml:id="change-group-privileges"> <title>To Add Privileges For a Group of Administrators</title> <para>For deployments with more than one administrator, you no doubt use @@ -738,8 +752,12 @@ </procedure> </section> <section> <section xml:id="configure-acis"> <title>Configuring Access Control</title> <indexterm> <primary>Access control</primary> <secondary>Examples</secondary> </indexterm> <para>Access control instructions are defined in the data, as values for <literal>aci</literal> attributes. They can be imported in LDIF. They can @@ -778,6 +796,10 @@ to entry updates and entry identification.</para> </listitem> <listitem> <indexterm> <primary>Replication</primary> <secondary>Data access</secondary> </indexterm> <para>Access to replication data is denied.</para> </listitem> </itemizedlist> @@ -790,7 +812,7 @@ <para>This section therefore focuses on ACI examples, rather than demonstrating how to directory data for each example.</para> <example> <example xml:id="access-control-anonymous-reads"> <title>ACI: Anonymous Reads & Searches</title> <para>This works when the only attributes you do not want world-readable @@ -801,7 +823,7 @@ </programlisting> </example> <example> <example xml:id="access-control-full-access"> <title>ACI: Full Access for Administrators</title> <para>Directory Administrators need privileges as well for full access to @@ -818,7 +840,7 @@ import and export operations.</para> </example> <example> <example xml:id="access-control-selfwrite-password"> <title>ACI: Change Own Password</title> <para>By default this capability is set in a global ACI.</para> @@ -827,7 +849,7 @@ words"; allow (write)(userdn = "ldap:///self");)</programlisting> </example> <example> <example xml:id="access-control-selfwrite-group"> <title>ACI: Manage Own Group Membership</title> <para>For some static groups such as carpoolers and social club members, @@ -837,7 +859,7 @@ userdn = "ldap:///uid=*,ou=People,dc=example,dc=com");)</programlisting> </example> <example> <example xml:id="access-control-self-service-group"> <title>ACI: Manage Self Service Groups</title> <para>Let users create and delete self-managed groups.</para> @@ -850,7 +872,7 @@ owner#USERDN");)</programlisting> </example> <example> <example xml:id="access-control-loopback-only"> <title>ACI: Permit Clear Text Access Over Loopback Only</title> <para>This ACI uses IP address and Security Strength Factor subjects.</para> @@ -863,9 +885,13 @@ </example> </section> <section> <section xml:id="get-effective-rights"> <title>Viewing Effective Rights</title> <indexterm> <primary>Access control</primary> <secondary>Effective rights</secondary> </indexterm> <para>Once you set up a number of ACIs, you might find it difficult to understand by inspection what rights a user actually has to a given entry. The Get Effective Rights control can help.</para> opendj3/src/main/docbkx/admin-guide/chap-pta.xml
@@ -30,7 +30,8 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Configuring Pass Through Authentication</title> <indexterm><primary>Pass through authentication</primary></indexterm> <para>This chapter focuses on pass through authentication (PTA), whereby you configure another server to determine the response to an authentication request. A typical use case for pass through authentication involves opendj3/src/main/docbkx/admin-guide/chap-pwd-policy.xml
@@ -30,7 +30,8 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Configuring Password Policy</title> <indexterm><primary>Password policy</primary></indexterm> <para>If you want to synchronize password policy across your organization and your applications go to the directory for authentication, then the directory can be a good place to enforce your password policy uniformly. @@ -43,7 +44,7 @@ <!-- TODO: A section with a larger set of examples would be nice. --> <section> <section xml:id="pwp-overview"> <title>About OpenDJ Password Policies</title> <para>OpenDJ password policies govern not only passwords, but also account @@ -53,7 +54,7 @@ and also subentry password policies as part of the (replicated) user data.</para> <section> <section xml:id="pwp-per-server"> <title>Server Based Password Policies</title> <para>You manage the password policies in the OpenDJ configuration by using @@ -132,13 +133,21 @@ passwords hashed by the client application.</para> </section> <section> <section xml:id="pwp-replicated"> <title>Subentry Based Password Policies</title> <indexterm> <primary>Replication</primary> <secondary>Password policy</secondary> </indexterm> <para>You manage subentry password policies by adding the subentries alongside the user data. Thus OpenDJ can replicate subentry password policies across servers.</para> <indexterm> <primary>Password policy</primary> <secondary>Behera Internet-Draft</secondary> </indexterm> <para>Subentry password policies support the Internet-Draft <link xlink:href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-09" >Password Policy for LDAP Directories</link> (version 09). A subentry @@ -236,7 +245,7 @@ </itemizedlist> </section> <section> <section xml:id="pwp-application"> <title>Which Password Policy Applies</title> <para>The password policy that applies to a user is identified by the @@ -248,16 +257,20 @@ </section> </section> <section> <section xml:id="configure-pwp"> <title>Configuring Password Policies</title> <para>You configure password policies using the <command>dsconfig</command> command. Notice that password policies are part of the server configuration, and therefore not replicated.</para> <procedure> <procedure xml:id="default-pwp"> <title>To Adjust the Default Password Policy</title> <indexterm> <primary>Password policy</primary> <secondary>Default</secondary> </indexterm> <para>You can reconfigure the default password policy for example to enforce password expiration, check that passwords do not match dictionary words, and prevent password reuse.</para> @@ -312,7 +325,7 @@ </step> </procedure> <procedure> <procedure xml:id="create-per-server-pwp"> <title>To Create a Server Based Password Policy</title> <para>You can add a password policy for example for new users who have not @@ -366,7 +379,7 @@ </step> </procedure> <procedure> <procedure xml:id="create-repl-pwp"> <title>To Create a Subentry Based Password Policy</title> <para>You can add a subentry to configure a password policy that applies to Directory Administrators.</para> @@ -413,7 +426,7 @@ </procedure> </section> <section> <section xml:id="assign-pwp"> <title>Assigning Password Policies</title> <para>You assign subentry based password policies for a subtree of the DIT by @@ -428,7 +441,7 @@ <para>You assign server based password policies by using the <literal>ds-pwp-password-policy-dn</literal> attribute.</para> <procedure> <procedure xml:id="assign-pwp-to-individual"> <title>To Assign a Password Policy to a User</title> <step> @@ -513,4 +526,3 @@ </procedure> </section> </chapter>
@@ -30,7 +30,8 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Working With Referrals</title> <indexterm><primary>Referrals</primary></indexterm> <para>Referrals point directory clients to another directory server. The client receiving a referral must then connect to the other server to complete the request. Referrals are used for example when a directory server is @@ -42,7 +43,7 @@ <command>ldapmodify</command> command. You can also use the Manage Entries window of the Control Panel to handle referrals.</para> <section> <section xml:id="referrals-overview"> <title>About Referrals</title> <para>Referrals are implemented as entries with <link @@ -60,7 +61,7 @@ applications must be capable of following the referral returned.</para> </section> <section> <section xml:id="managing-referrals"> <title>Managing Referrals</title> <para>To create an LDAP referral either you create a referral entry, or @@ -129,4 +130,3 @@ DSAIT control with the <command>ldapmodify</command> command.</para> </section> </chapter>
@@ -38,8 +38,16 @@ of OpenDJ installation, and in many cases let replication do its work in the background.</para> <section> <section xml:id="repl-quick-setup"> <title>Replication Quick Setup</title> <indexterm> <primary>Replication</primary> <secondary>Quick setup</secondary> </indexterm> <indexterm> <primary>High availability</primary> <see>Replication</see> </indexterm> <para>The easiest way to set up replication for the first time involves using the setup wizard.</para> @@ -95,8 +103,12 @@ </section> <section> <section xml:id="about-repl"> <title>About Replication</title> <indexterm> <primary>Replication</primary> <secondary>Overview</secondary> </indexterm> <para>Before you take replication further than setting up replication in the setup wizard, read this section to learn more about how OpenDJ @@ -145,14 +157,18 @@ more than one replication topology.</para> </section> <section> <section xml:id="configure-repl"> <title>Configuring Replication</title> <indexterm> <primary>Replication</primary> <secondary>Configuring</secondary> </indexterm> <para>For some deployments you choose not to configure replication using the setup wizard. This section shows how to configure replication with command-line tools.</para> <section> <section xml:id="enable-repl"> <title>Enabling Replication</title> <para>You can start the replication process by using the @@ -200,7 +216,7 @@ the new server as the second server.</para> </section> <section> <section xml:id="init-repl"> <title>Initializing Replicas</title> <para>Although you can enable replication before you have user data, you @@ -212,7 +228,7 @@ exported from another replica when adding a server to the topology, or by restoring a backup from an existing replica onto a new server.</para> <procedure> <procedure xml:id="init-repl-online"> <title>To Initialize Online</title> <step> @@ -236,7 +252,7 @@ </step> </procedure> <procedure> <procedure xml:id="init-repl-ldif"> <title>To Initialize All Servers From the Same LDIF</title> <para>Follow these steps to prepare a replication topology starting from @@ -265,7 +281,7 @@ </step> </procedure> <procedure> <procedure xml:id="init-repl-backup"> <title>To Create a New Replica From Existing Backup</title> <para>You can create a new replica from a backup of an existing replica. @@ -352,13 +368,17 @@ </procedure> </section> <section> <section xml:id="stop-repl"> <title>Stopping Replication</title> <indexterm> <primary>Replication</primary> <secondary>Stopping</secondary> </indexterm> <para>How you stop replication depends on whether the change is meant to be temporary, or meant to be permanent.</para> <procedure> <procedure xml:id="stop-repl-tmp"> <title>To Stop Replication Temporarily For a Replica</title> <para>If you need to stop a server from replicating temporarily, you can @@ -383,7 +403,7 @@ </step> </procedure> <procedure> <procedure xml:id="stop-repl-permanent"> <title>To Stop Replication Permanently For a Replica</title> <para>If you need to stop a server from replicating permanently, for @@ -419,9 +439,13 @@ </procedure> </section> <section> <section xml:id="repl-dedicated-servers"> <title>Stand-alone Replication Servers</title> <indexterm> <primary>Replication</primary> <secondary>Dedicated servers</secondary> </indexterm> <para>Replication in OpenDJ is designed to be both easy to implement in environments with a few servers, and also scalable in environments with many servers. You can enable the replication service on each OpenDJ @@ -438,7 +462,7 @@ in fully-meshed replication.</para> <procedure> <procedure xml:id="repl-setup-dedicated-server"> <title>To Set Up a Stand-alone Replication Server</title> <para>This example sets up a stand-alone replication server to handle @@ -544,15 +568,19 @@ </procedure> </section> <section> <section xml:id="repl-groups"> <title>Replication Groups</title> <indexterm> <primary>Replication</primary> <secondary>Grouping servers</secondary> </indexterm> <para>Replication lets you define groups so that replicas communicate first with replication servers in the group before going to replication servers outside the group. Groups are identified with unique numeric group IDs.</para> <procedure> <procedure xml:id="define-repl-groups"> <title>To Set Up Replication Groups</title> <para>For each group, set the appropriate group ID for the topology @@ -602,9 +630,13 @@ </tip> </section> <section> <section xml:id="read-only-repl"> <title>Read-Only Replicas</title> <indexterm> <primary>Replication</primary> <secondary>Read-only servers</secondary> </indexterm> <para>By default all directory servers in a replication topology are read-write. You can however choose to make replicas take updates only from the replication protocol, and refuse updates from client @@ -614,9 +646,13 @@ set-global-configuration-prop --set writability-mode:internal-only -X -n</screen> </section> <section> <section xml:id="repl-assured"> <title>Assured Replication</title> <indexterm> <primary>Replication</primary> <secondary>Assured</secondary> </indexterm> <para>In standard replication, when a client requests an update operation the directory server performs the update and, if the update is successful, sends information about the update to the replication service, and sends @@ -635,7 +671,7 @@ standard replication, yet it is also slower, potentially waiting for a timeout before failing when the network or other servers are down.</para> <procedure> <procedure xml:id="repl-safe-data"> <title>To Ensure Updates Reach Replication Servers</title> <para>Safe data mode requires the update be sent to @@ -656,9 +692,9 @@ --domain-name "dc=example,dc=com" --set assured-type:safe-data --set assured-sd-level:1 -X -n</screen> </step> </procedure> <procedure> </procedure> <procedure xml:id="repl-safe-read"> <title>To Ensure Updates Are Replayed Everywhere</title> <para>Safe read mode requires the update be replayed on all directory @@ -685,9 +721,13 @@ degraded status, assured replication ceases to have an effect.</para> </section> <section> <section xml:id="repl-subtree"> <title>Subtree Replication</title> <indexterm> <primary>Replication</primary> <secondary>Subtree</secondary> </indexterm> <para>OpenDJ lets you do subtree replication, for example replicating <literal>ou=People,dc=example,dc=com</literal>, but not the rest of <literal>dc=example,dc=com</literal>, by putting the subtree in a separate @@ -701,9 +741,13 @@ <literal>ou=People,dc=example,dc=com</literal> in its own topology.</para> </section> <section> <section xml:id="repl-fractional"> <title>Fractional Replication</title> <indexterm> <primary>Replication</primary> <secondary>Fractional</secondary> </indexterm> <para>OpenDJ lets you do fractional replication, whereby you specify the attributes to include in the replication process, or alternatively specify the attributes to exclude.</para> @@ -738,8 +782,15 @@ </section> </section> <section> <section xml:id="repl-change-notification"> <title>Change Notification For Your Applications</title> <indexterm> <primary>Replication</primary> <secondary>Change notification</secondary> </indexterm> <indexterm> <primary>External change log</primary> </indexterm> <para>Some applications require notification when directory data updates occur. For example, an application might need to sync directory data with @@ -750,7 +801,7 @@ provides an external change log mechanism to allow applications to be notified of changes to directory data.</para> <procedure> <procedure xml:id="enable-ecl"> <title>To Enable the External Change Log</title> <para>OpenDJ directory servers not using replication cannot expose an @@ -780,7 +831,7 @@ </step> </procedure> <procedure> <procedure xml:id="use-ecl"> <title>To Use the External Change Log</title> <para>You read the external change log over protocol. In addition, when you @@ -946,13 +997,18 @@ value for the cookie.</para> </step> </procedure> <para>The external change log can also operate in a mode compatible with the <link xlink:href="http://tools.ietf.org/html/draft-good-ldap-changelog-04" >Internet-Draft: Definition of an Object Class to Hold LDAP Change Records</link>. Thus, you can use the change log with legacy applications that require this format without using cookies that facilitate retrieving updates in a multi-master replication environment.</para> <para xml:id="ecl-legacy-format">The external change log can also operate in a mode compatible with the <link xlink:href="http://tools.ietf.org/html/draft-good-ldap-changelog-04" >Internet-Draft: Definition of an Object Class to Hold LDAP Change Records</link>. Thus, you can use the change log with legacy applications that require this format without using cookies that facilitate retrieving updates in a multi-master replication environment.</para> <indexterm> <primary>External change log</primary> <secondary>Legacy format</secondary> </indexterm> </section> </chapter>
@@ -30,11 +30,12 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Setting Resource Limits</title> <indexterm><primary>Resource limits</primary></indexterm> <para>This chapter shows you how to set resource limits that prevent directory clients from using an unfair share of system resources.</para> <section> <section xml:id="limit-search-resources"> <title>Limiting Search Resources</title> <para>Well-written directory client applications limit the scope of their @@ -76,7 +77,7 @@ </listitem> </itemizedlist> <procedure> <procedure xml:id="set-search-limits-per-user"> <title>To Set Search Limits For a User</title> <step> <para>Change the user entry to set the limits to override.</para> @@ -99,7 +100,7 @@ </step> </procedure> <procedure> <procedure xml:id="set-search-limits-per-group"> <title>To Set Search Limits For a Group</title> <step> <para>Create an LDAP subentry to specify the limits using collective @@ -133,7 +134,7 @@ </procedure> </section> <section> <section xml:id="limit-idle-time"> <title>Limiting Idle Time</title> <para>If you have applications that leave connections open for long @@ -149,7 +150,7 @@ <para>The example shown sets the idle time limit to 24 hours.</para> </section> <section> <section xml:id="limit-max-request-size"> <title>Limiting Maximum Request Size</title> <para>The default maximum request size of 5 MB, set using the advanced @@ -167,4 +168,3 @@ handler to 20 MB.</para> </section> </chapter>
@@ -30,6 +30,7 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Samba Password Synchronization</title> <indexterm><primary>Samba</primary></indexterm> <para>When you store Samba profiles in OpenDJ, Samba stores its own attributes as defined in the Samba schema. Samba does not use the LDAP standard opendj3/src/main/docbkx/admin-guide/chap-schema.xml
@@ -30,7 +30,8 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Managing Schema</title> <indexterm><primary>Schema</primary></indexterm> <para>Schema definitions describe the data, and especially the object classes and attribute types that can be stored in the directory. By default OpenDJ conforms strictly to LDAPv3 standards pertaining to schema definitions and @@ -48,7 +49,7 @@ This chapter also identifies the standard schema definitions available when you install OpenDJ.</para> <section> <section xml:id="about-schema"> <title>About Directory Schema</title> <para>Directory schema, described in <link @@ -111,9 +112,13 @@ installation time.</para> </section> <section> <section xml:id="update-schema"> <title>Updating Directory Schema</title> <indexterm> <primary>Replication</primary> <secondary>Schema definitions</secondary> </indexterm> <para>OpenDJ directory server is designed to permit updating the list of directory schema definitions while the server is running. As a result you can add support for new applications that require new attributes or new kinds @@ -196,8 +201,12 @@ </screen> </section> <section> <section xml:id="schema-legacy-support"> <title>Relaxing Schema Checking to Import Legacy Data</title> <indexterm> <primary>Schema</primary> <secondary>Legacy data</secondary> </indexterm> <para>By default, OpenDJ accepts data that follows the standards in terms of what is allowed and what is rejected. You might have legacy data from a @@ -230,8 +239,12 @@ set-global-configuration-prop --set check-schema:false -X -n</screen> </section> <section> <section xml:id="standard-schema"> <title>Standard Schema Included With OpenDJ</title> <indexterm> <primary>Schema</primary> <secondary>Bundled definitions</secondary> </indexterm> <para>The following files under <filename>config/schema/</filename> contain schema definitions out of the box.</para> @@ -371,6 +384,15 @@ </varlistentry> <varlistentry> <term> <filename>05-samba.ldif</filename> </term> <listitem> <para>This file contains schema definitions required when storing Samba user accounts in the directory server.</para> </listitem> </varlistentry> <varlistentry> <term> <filename>05-solaris.ldif</filename> </term> <listitem> @@ -390,4 +412,3 @@ </variablelist> </section> </chapter>
@@ -30,7 +30,6 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Managing Server Processes</title> <para>Using the OpenDJ Control Panel, you can start and stop local servers. You can also start and stop OpenDJ using command-line tools, and use the operating system's capabilities for starting OpenDJ at boot time.</para> @@ -42,8 +41,9 @@ happens during a system crash or when you kill the server process using system tools.</para> <section> <section xml:id="start-server"> <title>Starting a Server</title> <indexterm><primary>Start server</primary></indexterm> <itemizedlist> <para>Use one of the following techniques.</para> @@ -85,8 +85,9 @@ </itemizedlist> </section> <section> <section xml:id="stop-server"> <title>Stopping a Server</title> <indexterm><primary>Stop server</primary></indexterm> <itemizedlist> <para>Use one of the following techniques.</para> @@ -109,8 +110,9 @@ </itemizedlist> </section> <section> <section xml:id="restart-server"> <title>Restarting a Server</title> <indexterm><primary>Restart server</primary></indexterm> <itemizedlist> <para>Use one of the following techniques.</para> @@ -133,8 +135,12 @@ </itemizedlist> </section> <section> <section xml:id="crash-recovery"> <title>Server Recovery</title> <indexterm> <primary>Replication</primary> <secondary>Crash recovery</secondary> </indexterm> <para>OpenDJ tends to show resilience when restarting after a crash or after the server process is killed abruptly. OpenDJ might have to replay the last opendj3/src/main/docbkx/admin-guide/chap-troubleshooting.xml
@@ -31,11 +31,12 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Troubleshooting Server Problems</title> <indexterm><primary>Troubleshooting</primary></indexterm> <para>This chapter describes how to troubleshoot common server problems, and how to collect information necessary when seeking support help.</para> <section> <section xml:id="troubleshoot-identify-problem"> <title>Identifying the Problem</title> <para>In order to solve your problem methodically, save time by defining the @@ -72,7 +73,7 @@ start looking for solutions.</para> </section> <section> <section xml:id="troubleshoot-installation"> <title>Troubleshooting Installation & Upgrade</title> <para>Installation and upgrade procedures result in a log file tracing @@ -82,7 +83,7 @@ <literallayout class="monospaced">See /var/....log for a detailed log of this operation.</literallayout> </section> <section> <section xml:id="troubleshoot-import"> <title>Troubleshooting LDIF Import</title> <para>By default OpenDJ requires that LDIF data you import respect standards. @@ -119,7 +120,7 @@ default behavior to ensure automated checking.</para> </section> <section> <section xml:id="troubleshoot-secure-connections"> <title>Troubleshooting TLS/SSL Connections</title> <para>In order to trust the server certificate, client applications usually @@ -147,7 +148,7 @@ <screen>OPENDJ_JAVA_ARGS="-Djavax.net.debug=all" start-ds</screen> </section> <section> <section xml:id="troubleshoot-connections"> <title>Troubleshooting Client Operations</title> <para>By default OpenDJ logs information about all client operations in @@ -178,8 +179,12 @@ control when not using it as Directory Manager.</para> </section> <section> <section xml:id="troubleshoot-repl"> <title>Troubleshooting Replication</title> <indexterm> <primary>Replication</primary> <secondary>Troubleshooting</secondary> </indexterm> <para>Replication can generally recover from conflicts and transient issues. Replication does, however, require that update operations be copied @@ -215,7 +220,7 @@ from a recent backup or from a server that is up to date.</para> </section> <section> <section xml:id="troubleshoot-get-help"> <title>Asking For Help</title> <para>When you cannot resolve a problem yourself, and want to ask for help, @@ -259,5 +264,4 @@ </listitem> </itemizedlist> </section> </chapter> opendj3/src/main/docbkx/admin-guide/chap-tuning.xml
@@ -30,6 +30,7 @@ xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:xinclude='http://www.w3.org/2001/XInclude'> <title>Tuning Servers For Performance</title> <indexterm><primary>Performance tuning</primary></indexterm> <para>Server tuning refers to the art of adjusting server, JVM, and system configuration to meet the service level performance requirements of directory @@ -43,7 +44,7 @@ This chapter therefore aims to provide suggestions on how to measure and to improve directory service performance for better trade offs.</para> <section> <section xml:id="perf-define-starting-points"> <title>Defining Performance Requirements & Constraints</title> <para>Your key performance requirement is most likely to satisfy your @@ -52,7 +53,7 @@ expect, and determine what resources you will have to satisfy their expectations.</para> <section> <section xml:id="perf-sla"> <title>Service-Level Agreements</title> <para>Service-level agreement (SLA) is a formal name for what directory @@ -80,6 +81,10 @@ <listitem> <para>Directory service <firstterm>throughput</firstterm></para> <indexterm> <primary>Replication</primary> <secondary>Write throughput</secondary> </indexterm> <para>Directory service throughput can range up to many thousands of operations per second. In fact there is no upper limit for read operations such as searches, because only write operations must be replicated. To @@ -127,7 +132,7 @@ outcome.</para> </section> <section> <section xml:id="perf-constraints"> <title>Available Resources</title> <para>With your SLA in hand, take inventory of the server, networks, @@ -147,7 +152,7 @@ long you expect to have them, and why you need them. Also make note of what is missing and why.</para> <section> <section xml:id="perf-hardware"> <title>Server Hardware Recommendations</title> <para>Concerning server hardware, OpenDJ runs on systems with Java support, @@ -155,7 +160,7 @@ single-board, x86 systems due to low memory latency.</para> </section> <section> <section xml:id="perf-storage"> <title>Storage Recommendations</title> <para>OpenDJ is designed to work with local storage for the database, @@ -181,7 +186,7 @@ </section> </section> <section> <section xml:id="perf-testing"> <title>Testing Performance</title> <para>Even if you do not need high availability, you still need two of @@ -228,7 +233,7 @@ client applications.</para> </section> <section> <section xml:id="perf-tweaking"> <title>Tweaking OpenDJ Performance</title> <para>When your tests show that OpenDJ performance is lacking even though @@ -236,7 +241,7 @@ resources in place, you can tweak OpenDJ performance in a number of ways. This section mentions the most common tweaks.</para> <section> <section xml:id="perf-java"> <title>Java Settings</title> <para>Default Java settings let you evaluate OpenDJ using limited system @@ -303,7 +308,7 @@ </variablelist> </section> <section> <section xml:id="perf-data-storage"> <title>Data Storage Settings</title> <para>By default, OpenDJ does use compact data encoding, reducing size used @@ -323,8 +328,12 @@ Import task 20110627101758486 scheduled to start Jun 27, 2011 10:17:58 AM CEST</screen> </section> <section> <section xml:id="perf-import"> <title>LDIF Import Settings</title> <indexterm> <primary>Importing data</primary> <secondary>Performance</secondary> </indexterm> <para>You can tweak OpenDJ to speed up import of large LDIF files.</para> @@ -348,7 +357,7 @@ <command>import-ldif</command> command to skip validation.</para> </section> <section> <section xml:id="perf-db-cache"> <title>Database Cache Settings</title> <para>Database cache size is, by default, set as a percentage of the JVM @@ -383,7 +392,7 @@ depends on your operating system.</para> </section> <section> <section xml:id="perf-entry-cache"> <title>Entry Cache Settings</title> <para>OpenDJ implements an entry cache. The entry cache is not designed to @@ -398,7 +407,7 @@ --set max-entries:10 --set enabled:true -X -n</screen> </section> <section> <section xml:id="perf-logging"> <title>Logging Settings</title> <para>Debug logs trace the internal workings of OpenDJ, and therefore opendj3/src/main/docbkx/admin-guide/chap-virtual-attrs-collective-attrs.xml
@@ -40,8 +40,9 @@ <para>This chapter demonstrates how to define virtual and collective attributes, showing common solutions as examples of their use.</para> <section> <section xml:id="virtual-attributes"> <title>Virtual Attributes</title> <indexterm><primary>Virtual attributes</primary></indexterm> <para>OpenDJ defines a number of virtual attributes by default.</para> @@ -114,7 +115,11 @@ dn: dc=example,dc=com numSubordinates: 4 </screen> <indexterm> <primary>Replication</primary> <secondary>Not for virtual attributes</secondary> </indexterm> <para>You can use the existing virtual attribute types to create your own virtual attributes, and you can also use the <literal>user-defined</literal> type to create your own. The virtual @@ -135,8 +140,9 @@ attributes.</para> </section> <section> <section xml:id="collective-attributes"> <title>Collective Attributes</title> <indexterm><primary>Collective attributes</primary></indexterm> <para>Collective attributes provide a standard mechanism for defining attributes that appear on all the entries in a subtree potentially filtered
