Document revision date: 28 June 1999

Contents

Preface
Preface	Preface
Chapter 1
1	Administration Server Basics
1.1	Using the administration server
1.2	Using the Server Manager forms
1.3	Features new to the 3.x administration server
1.4	Before you install or configure your servers
1.4.1	Setting up the SuiteSpot user and group
1.4.2	Installing 2.x and 3.x servers together
1.5	Logging in to the administration server
1.5.1	When distributed administration is off
1.5.2	When distributed administration is on
1.6	Stopping the administration server
1.7	What to do next
Chapter 2
2	Configuring the Administration Server
2.1	Removing a server from your system
2.2	Configuring the system user and port number
2.3	Changing the superuser settings
2.4	Configuring distributed administration
2.4.1	The superuser password file
2.4.2	Enabling distributed administration
2.5	Working with log files
2.5.1	Viewing an access log file
2.5.2	Viewing the error log file
Chapter 3
3	Managing Clusters
3.1	What are clusters?
3.2	Before using clusters
3.3	Setting up a cluster
3.3.1	Adding a server to the server list
3.3.2	Modifying cluster information
3.3.3	Removing servers from a cluster
3.3.4	Administering a cluster of servers
Chapter 4
4	Controlling Access to Your Server
4.1	What is access control?
4.1.1	User-Group authentication
4.1.2	Host-IP authentication
4.1.3	Access control files
4.1.4	How does access control work?
4.2	Restricting access
4.3	Specifying users and groups
4.3.1	Specifying host names and IP addresses
4.3.2	Access to programs
4.3.3	Writing customized expressions
4.3.4	Turning access control on and off
4.3.5	Responding when access is denied
Chapter 5
5	Understanding Encryption and SSL
5.1	Internet security issues
5.1.1	Taking precautions
5.1.2	What is encryption?
5.1.3	Public-key encryption
5.1.3.1	How servers use encryption
5.1.4	Signing files
5.1.5	How does encryption work?
5.1.6	How safe is encryption?
5.1.7	Authentication and Certificates
5.1.8	Chaining certificates
5.1.9	What's in a certificate?
5.1.9.1	Choosing Certificate Authorities
5.2	Using client certificates
5.2.1	Mapping client certificates to LDAP
5.2.2	Using the certmap.conf file
5.2.2.1	Creating custom properties
5.2.2.2	Example mappings
5.2.3	Putting all the pieces together: SSL
5.2.4	Increasing server security
5.2.5	Limit physical access
5.2.6	Limit administration access
5.2.7	Choose good passwords
5.2.8	Secure your key-pair file
5.2.9	Limit other applications on the server
5.2.10	Limit ports
5.2.11	Know your server's limits
5.3	Enabling SSL encryption
5.3.1	What is an alias?
5.3.1.1	Creating an alias
5.3.1.2	Removing an alias
5.3.1.3	Listing aliases
5.3.2	Generating a key-pair file
5.3.3	Changing your key-pair file password
5.3.4	Requesting a certificate
5.3.4.1	Information CAs need
5.3.5	Installing the certificate
5.3.6	Managing server certificates
5.3.7	Converting 2x certificate databases
5.3.8	Activating SSL encryption
5.3.9	Setting security (SSL) preferences
5.3.10	Changes to the ns-admin.conf file
5.3.11	Security
5.3.12	SSL2
5.3.13	SSL3
5.3.14	Keyfile
5.3.15	Certfile
5.3.16	Ciphers
5.3.17	SSL3Ciphers
Chapter 6
6	User and Group Management
6.1	The directory service
6.1.1	Netscape Directory Server
6.1.2	The local directory
6.2	Directory service clients
6.2.1	Gateways
6.2.2	Command-line clients
6.3	Authenticating users to directory services
6.4	Distinguished names
6.4.1	Distinguished name syntax
6.4.2	Using uid-based distinguished names
6.4.3	Distinguished name usage
6.4.4	Distinguished name examples
6.4.5	Distinguished name attributes
6.4.6	Using commas in distinguished names
6.5	Planning your directory structure
6.5.1	Disadvantages of organizational units
6.5.2	Advantages of organizational units
6.5.3	Recommendations for using organizational units
6.5.4	Configuring directory services
6.5.5	Using the local database
6.5.6	Using a directory server
6.6	Converting a database
6.6.1	Converting individual databases
6.6.2	Migrating a server configuration
Chapter 7
7	Managing Users and Groups
7.1	Creating users
7.1.1	Notes on user entries
7.2	Managing users
7.2.1	Finding user entries
7.2.1.1	The "Find all users whose" field
7.2.2	Editing user information
7.2.3	Managing a user's password
7.2.4	Managing user licenses
7.2.5	Renaming users
7.2.6	Removing users
7.3	Creating groups
7.4	Managing groups
7.4.1	Finding group entries
7.4.1.1	The "Find all groups whose" field
7.4.2	Editing group attributes
7.4.3	Adding group members
7.4.4	Adding groups to the group members list
7.4.5	Removing entries from the group members list
7.4.6	Managing owners
7.4.7	Managing see alsos
7.4.8	Removing groups
7.4.9	Renaming groups
7.5	Creating organizational units
7.5.1	Notes on organizational units
7.6	Managing organizational units
7.6.1	Finding organizational units
7.6.2	The Find all units whose: field
7.6.3	Editing organizational unit attributes
7.6.4	Renaming organizational units
7.6.5	Deleting organizational units
7.6.6	Importing a directory from LDIF
7.7	Exporting a database to LDIF
Chapter 8
8	Modifying the Directory
8.1	ldapmodify
8.2	LDIF update statements
8.2.1	Change types
8.2.1.1	Adding new entries with changetype: add
8.2.1.2	Deleting entries with changetype: delete
8.2.1.3	Renaming entries with changetype: modrdn
8.2.1.4	Modifying entries with changetype: modify
8.2.2	Adding an entry
8.2.3	Deleting an entry
8.2.4	Renaming an entry
8.2.5	Modifying an entry
8.2.5.1	Deleting an attribute value
8.2.5.2	Adding attributes
8.2.5.3	Changing an attribute value
8.3	Using ldapmodify
8.3.1	Using quotation marks
8.3.2	Providing input from the command line
8.3.3	Commonly used ldapmodify parameters
8.3.4	Additional ldapmodify parameters
8.3.5	ldapmodify example with local directory
8.3.6	ldapmodify example with directory server
Chapter 9
9	Finding Directory Entries
9.1	ldapsearch
9.2	Search filters
9.2.1	Search filter syntax
9.2.2	Using attributes in search filters
9.2.3	Using operators in search filters
9.2.4	Using multiple search filters
9.2.4.1	Boolean operators
9.2.4.2	Search filter examples
9.3	Using ldapsearch
9.3.1	Using quotation marks
9.3.2	Commonly used ldapsearch parameters
9.3.3	Additional ldapsearch parameters
9.3.4	ldapsearch example with local directory
9.3.5	ldapsearch example with directory server
Chapter 10
10	Using LDIF
10.1	The LDIF format
10.1.1	Continued lines
10.2	Creating databases using LDIF
10.2.1	Creating LDIF entries
10.2.1.1	Specifying entries for an organizational person
10.2.1.2	LDIF file example
Appendix A
Appendix A	Object Classes and Attributes
A.1	Schema definition
A.1.1	A consistent schema
A.1.2	Customizing the schema
A.1.3	Building custom clients
A.1.4	A note about attribute values
A.1.5	Object classes
A.1.6	Attributes
A.1.7	Required versus optional attributes
A.2	Object Class Definitions
A.2.1	Groups
A.2.2	Replication
A.2.3	Locations
A.2.4	Organizations
A.2.5	People
A.3	Attribute definitions
A.3.1	administratorContactInfo
A.3.2	adminURL
A.3.3	businessCategory
A.3.4	carLicense
A.3.5	changeLogMaximumAge
A.3.6	changeLogMaximumSize
A.3.7	commonName
A.3.8	countryName
A.3.9	departmentNumber
A.3.10	description
A.3.11	employeeNumber
A.3.12	employeeType
A.3.13	facsimileTelephoneNumber
A.3.14	generation
A.3.15	givenName
A.3.16	homeTelephoneNumber
A.3.17	homePostalAddress
A.3.18	initials
A.3.19	installationTimeStamp
A.3.20	jpegPhoto
A.3.21	labeledURI
A.3.22	localityName
A.3.23	mail
A.3.24	mailAccessDomain
A.3.25	mailAlternateAddress
A.3.26	mailAutoReplyMode
A.3.27	mailAutoReplyText
A.3.28	mailDeliveryOption
A.3.29	mailEnhancedUniqueMember
A.3.30	mailForwardingAddress
A.3.31	mailHost
A.3.32	mailMessageStore
A.3.33	mailProgramDeliveryInfo
A.3.34	mailQuota
A.3.35	manager
A.3.36	member
A.3.37	mgrpAllowedBroadcaster
A.3.38	mgrpAllowedDomain
A.3.39	mgrpDeliverTo
A.3.40	mgrpErrorsTo
A.3.41	mgrpModerator
A.3.42	mgrpMsgMaxSize
A.3.43	mgrpMsgRejectAction
A.3.44	mgrpMsgRejectText
A.3.45	mgrpRFC822Mail Member
A.3.46	mobileTelephoneNumber
A.3.47	multiLineDescription
A.3.48	ngcomponent
A.3.49	nsLicensedFor
A.3.50	nsLicenseStartTime
A.3.51	nsLicenseEndTime
A.3.52	nsaclrole
A.3.53	nscreator
A.3.54	nsflags
A.3.55	nsprettyname
A.3.56	nsnewsACL
A.3.57	organizationName
A.3.58	organizationalUnitName
A.3.59	owner
A.3.60	pagerTelephoneNumber
A.3.61	physicalDeliveryOfficeName
A.3.62	postalAddress
A.3.63	postalCode
A.3.64	postOfficeBox
A.3.65	preferredDeliveryMethod
A.3.66	replicaBinddn
A.3.67	replicaBindMethod
A.3.68	replicaCredentials
A.3.69	replicaHost
A.3.70	replicaPort
A.3.71	replicaRoot
A.3.72	replicaUpdateFailedAt
A.3.73	replicaUpdateReplayed
A.3.74	replicaUpdateSchedule
A.3.75	replicaUseSSL
A.3.76	roomNumber
A.3.77	secretary
A.3.78	seeAlso
A.3.79	serverHostname
A.3.80	serverProductName
A.3.81	serverRoot
A.3.82	serverVersionNumber
A.3.83	stateOrProvinceName
A.3.84	streetAddress
A.3.85	subtreeACI
A.3.86	surname
A.3.87	telephoneNumber
A.3.88	title
A.3.89	userid
A.3.90	userPassword
Figures
1-1	Configuring Server
1-2	Server Administration Page
1-3	Category Buttons
1-4	General Administration
1-5	Server Manager
1-6	Button
3-1	Servers in a Cluster
3-2	Master Administration Servers
3-3	Cluster Servers Control
4-1	Authentication Window
4-2	ACL Form
4-3	Form Name
5-1	The Encryption Process
5-2	How SSL Relates to TCP/IP and Application Protocols
5-3	Certificate Information
6-1	Directory Structure
7-1	Left-Most Pull-Down List
7-2	Center Pull-Down List
7-3	Right-Most Text Field
7-4	Left-Most Pull-Down List
7-5	Middle Pull-Down List
7-6	Right -Most Text Field
7-7	Left-Most Pull-Down List
7-8	Middle Pull-Down List
7-9	Right-Most Text Field

	privacy and legal statement
6562PRO_CONTENTS.HTML