Mon Aug 13 22:28:12 UTC 2007

Author: nkinder

Update of /cvs/dirsec/directoryconsole/help/en/help
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29173/help/en/help

Added Files:
	account_mgmt.html adv_search.html configtab_chaindb.html 
	configtab_chaindb2.html configtab_chaindb3.html 
	configtab_chaindb4.html configtab_chaindb5.html 
	configtab_chaindb6.html configtab_chaindb7.html 
	configtab_db.html configtab_db10.html configtab_db11.html 
	configtab_db12.html configtab_db13.html configtab_db14.html 
	configtab_db15.html configtab_db2.html configtab_db3.html 
	configtab_db4.html configtab_db5.html configtab_db6.html 
	configtab_db7.html configtab_db8.html configtab_db9.html 
	configtab_ldbmdb.html configtab_logs.html configtab_logs2.html 
	configtab_logs3.html configtab_maptree.html 
	configtab_maptree2.html configtab_maptree3.html 
	configtab_maptree4.html configtab_maptree5.html 
	configtab_maptree6.html configtab_maptree7.html 
	configtab_plugins.html configtab_replication.html 
	configtab_replication2.html configtab_replication3.html 
	configtab_replication4.html configtab_replication5.html 
	configtab_replication6.html configtab_replication7.html 
	configtab_replication8.html configtab_rootnode.html 
	configtab_rootnode2.html configtab_rootnode3.html 
	configtab_rootnode4.html configtab_rootnode5.html 
	configtab_rootnode6.html configtab_rootnode7.html 
	configtab_rootnode8.html configtab_rootnode9.html 
	configtab_schema.html configtab_schema2.html 
	configtab_schema3.html configtab_schema4.html 
	configtab_schema5.html configtab_synchronization1.html 
	configtab_synchronization2.html 
	configtab_synchronization3.html dir_browser.html 
	dir_browser2.html dir_browser3.html dir_browser4.html 
	dirtab_cos.html dirtab_cos2.html dirtab_cos3.html 
	dirtab_role.html dirtab_role2.html dirtab_role3.html 
	dirtab_role4.html dirtab_role5.html dirtab_role6.html 
	dirtab_role7.html helpmenu.html ldapurl.html new_instance.html 
	property_editor.html property_editor2.html 
	property_editor3.html property_editor4.html 
	replication_wizard.html replication_wizard2.html 
	replication_wizard3.html replication_wizard4.html 
	replication_wizard5.html replication_wizard6.html 
	statustab_general.html statustab_logs.html 
	statustab_logs2.html statustab_logs3.html 
	statustab_performance.html statustab_performance2.html 
	statustab_replication.html synchronization_wizard1.html 
	synchronization_wizard2.html synchronization_wizard3.html 
	taskstab_bkup_restore.html taskstab_bkup_restore2.html 
Log Message:
Resolves: 252036
Summary: Added online help files to fedora-ds-console package.

--- NEW FILE account_mgmt.html ---
<p class="topic">
<a name="User Account"> </a>
User Account
</p>

Use this tab to manage the user account. You can use it to inactivate or activate a user account, as well as set resource limits for a particular user.


Activation. This section provides information about whether the account is active or inactive. If the account is active, you can click the Inactivate button to inactivate it. If the account is inactive, click the Activate button to activate it.


Resource limits. This section lets you set resource limits for a particular user.

<ul>

<li>
Look through limit. Specifies how many entries can be examined for a search operation.
<img src="/manual/en/slapd/help/pixel.gif" align="top" height="22" alt="" />
</li>

<li>
Size limit. Specifies the maximum number of entries the server returns to a client application in response to a search operation.
<img src="/manual/en/slapd/help/pixel.gif" align="top" height="22" alt="" />
</li>

<li>
Time limit. Specifies the maximum time the server spends processing a search operation.
</li>

<li>
Idle timeout. Specifies the time a connection to the server can be idle before the connection is dropped. 
</li>
</ul>

--- NEW FILE adv_search.html ---
<p class="topic">
<a name="Advanced Search"> </a>
Advanced Search
</p>

Use this dialog box to search the user directory with a search filter.


Search Filter. Enter the search filter you want to use in this text box and then click OK.

--- NEW FILE configtab_chaindb.html ---
<p class="topic">
Create New Database Link
</p>

The database link contacts other servers on behalf of a client application and returns the combined results to the client application after finishing the operation. Use the following attributes to configure a new database link:

Database link name. Unique name of the database link.

Bind DN. DN of an administrative user by the database link to bind to the remote server. If this field is left blank, the database link binds as anonymous. Note that the bind DN cannot be the directory manager.

Password. Password for the administrative user, in plain text. If no password is provided, it means that the database link can bind as anonymous.

Remote server(s) information. In this section you provide information about the remote data sources used by the database link.

Use a secure LDAP connection between servers. Selecting this checkbox indicates that the connection between the server and the remote server is secure.

Remote Server. The name of the remote data source.

Remote server port. The port number on the remote data source used by the database link.

Failover Server(s). You can specify optional servers for failover in the event that the primary remote server is unavailable. This field contains the name of an alternative remote server. Click Add to add the name and port number to the list.

Port. Port number of an alternative remote server.

LDAP URL. This field contains a dynamically created LDAP URL that combines the server names and port numbers you specified in the remote server information fields.

--- NEW FILE configtab_chaindb2.html ---
<p class="topic">
<a name="Database Link Settings"> </a>
Database Link Settings
</p>

Use the Settings tab to set the default settings for all new database links.


LDAP controls forwarded by database link. This list contains the OIDs of LDAP controls which are allowed to chain. By default, requests made by the following controls are forwarded to the remote server by the database link:

<ul>

<li>
Virtual list view (VLV) control. This control provides lists of parts of entries rather than returning all entry information. The OID of this control is 2.16.840.1.113730.3.4.9.
</li>

<li>
Server side sorting control. This control sorts entries according to their attribute values. The OID for this control is 1.2.840.113556.1.4.473.
</li>

<li>
Managed DSA control. This control returns smart referrals as entries rather than following the referral. This allows you to modify or delete the smart referral itself. The OID for this control is 2.16.840.1.113730.3.4.2.
</li>

<li>
Loop detection control. This control contains a count that is decremented each time the server tries to chain. When the server receives a count of 0 it determines that a loop has been detected and notifies the client application. The OID for this control is 1.3.6.1.4.1.1466.29539.12.
</li>
</ul>

Click Add to select an LDAP control OID from a list.


Components allowed to chain. A component is any functional unit in the server that uses internal operations. You may need to control the chaining policy of some components so that they can complete their operations successfully. By default, all internal operations are not chained. You can override this default by specifying components in this list. 


Click Add and select the component you want to allow to chain from the list.

--- NEW FILE configtab_chaindb3.html ---
<p class="topic">
<a name="Select Controls to Add"> </a>
Select Controls to Add
</p>

Select an OID from the list and click OK. The following table describes the OIDs listed in the UI by default:

 

<a name="LDAP Control OIDs  "> </a>
Table 1	   LDAP Control OIDs

</p>

<br/>
<table width="90%" border="1" cellspacing="0" cellpadding="4">
<tr bgcolor="#CCCCCC" align="left" valign="top">
<th valign="top" align="left">
<p class="tablehead">
OID
</p>
</th>
<th valign="top" align="left">
<p class="tablehead">
LDAP Control Description
</p>
</th>

</tr>
<tr>
<td valign="top">

2.16.840.1.113730.3.4.3
</td>
<td valign="top">

Persistent search control.

This control is used with a search request to indicate that the server should not complete the request when all the matching entries have been returned. Instead, the server should keep the operation active and send results to the client whenever an entry matching the search filter is added, deleted, or modified.
</td>

</tr>
<tr>
<td valign="top">

2.16.840.1.113730.3.4.4
</td>
<td valign="top">

Password expired notification control.

This control notifies a client application that their password has expired.
</td>

</tr>
<tr>
<td valign="top">

2.16.840.1.113730.3.4.5
</td>
<td valign="top">

Password expiring notification control.

This control notifies a client application that their password will expire in a given amount of time.
</td>

</tr>
<tr>
<td valign="top">

2.16.840.1.113730.3.4.16
</td>
<td valign="top">

Authentication request control.

This control can be provided with a bind request to indicate to the server that an authentication response control is desired with the bind response.
</td>

</tr>
<tr>
<td valign="top">

2.16.840.1.113730.3.4.15
</td>
<td valign="top">

Authentication response control.

This control is returned with the client application bind request to provide LDAP clients with the DN and authentication method used (useful when SASL or certificate is employed).
</td>

</tr>
<tr>
<td valign="top">

2.16.840.1.113730.3.4.17
</td>
<td valign="top">

Real attribute only request control.

This control requests that the server return only attributes that are truly contained in the entries returned and that the directory does not try to resolve virtual attributes.
</td>

</tr>
<tr>
<td valign="top">

2.16.840.1.113730.3.4.14
</td>
<td valign="top">

Search on specific database control.

This control can be used with search operations to specify that the search must be done on the database which is named in the control.
</td>

</tr>
<tr>
<td valign="top">

2.16.840.1.113730.3.4.12
</td>
<td valign="top">

Proxied authorization control.

This control allows the client to assume the identity of another entry for the duration of a request.
</td>

</tr>
<tr>
<td valign="top">

2.16.840.1.113730.3.4.13
</td>
<td valign="top">

Replication update information control.

This control carries the universally unique identifier (UUID) and change sequence number (CSN) of a replicated operation.
</td>

</tr>

</table>

--- NEW FILE configtab_chaindb4.html ---
<p class="topic">
<a name="Select Components to Add"> </a>
Select Components to Add
</p>

Select a component from the list. By default, the list contains the following components:

 

<a name="Components Available for Chaining  "> </a>
Table 2	   Components Available for Chaining

</p>

<br/>
<table width="90%" border="1" cellspacing="0" cellpadding="4">
<tr bgcolor="#CCCCCC" align="left" valign="top">
<th valign="top" align="left">
<p class="tablehead">
Component DN
</p>
</th>
<th valign="top" align="left">
<p class="tablehead">
Description
</p>
</th>

</tr>
<tr>
<td valign="top">

cn=resource limits, cn=components, cn=config
</td>
<td valign="top">

Resource limits plug-in. 

Resource limits can be applied to remote users if the resource limit plug-in is allowed to chain.
</td>

</tr>
<tr>
<td valign="top">

cn=certificate-based authentication cn=components, cn=config
</td>
<td valign="top">

Certificate-based authentication plug-in. 

This component is used when the SASL-external bind method is used. It retrieves the user certificate from the local remote data source. If you allow this component to chain, certificate-based authentication can work with a database link.
</td>

</tr>
<tr>
<td valign="top">

cn=ACL plugin, cn=plugins, cn=config
</td>
<td valign="top">

ACL plug-in. 

Operations used to retrieve and update ACI attributes are not chained because it is not safe to mix local and remote ACI attributes. However, requests used to retrieve user entries may be chained.
</td>

</tr>
<tr>
<td valign="top">

cn=old plugin, cn=plugins, cn=config
</td>
<td valign="top">

Directory Server plug-ins.

All Directory Server plug-ins share the same chaining policy, so selecting this option from the list enables them all to chain.
</td>

</tr>
<tr>
<td valign="top">

cn=referential integrity postoperation, cn=plugins, cn=config
</td>
<td valign="top">

Referential integrity plug-in.

This plug-in ensures that updates made to attributes containing DNs are propagated to all entries that contain pointers to the attribute. For example, if you delete an entry that is a member of a group, the entry is automatically removed from the group.
</td>

</tr>
<tr>
<td valign="top">

cn=attribute uniqueness, cn=plugins, cn=config
</td>
<td valign="top">

Attribute uniqueness plug-in.

Confirms that the value of a particular attribute is unique across the local server.
</td>

</tr>

</table>

--- NEW FILE configtab_chaindb5.html ---
<p class="topic">
Default Creation Parameters
</p>

Use this dialog box to set the default attributes for all of your database links.


Control Client Return. These options help you specify how the database link responds to client application requests.

<ul>
<li>
Return referral on scoped search. Select this option to return referrals to client applications in response to scoped searches. Choosing to return referrals optimizes directory server performance, as referrals are more efficient than searching for data in remote databases.
</li>

<li>
Size limit X entries. Specifies the number of entries the database link returns in response to a search request. The default size limit is 2000 entries. 
</li>

<li>
Time limit X seconds. Specifies the search time limit for the database link. The default value is 3600 seconds.
</li>
</ul>

Cascading Chaining. Use the following options to configure cascading chaining, when one database link points to another database link.

<ul>
<li>
Check local ACI. Select this checkbox to enable evaluation of local ACIs on all database links involved in a chaining operation. 
</li>

<li>
<b>Maximum hops.</b> Specifies the number of hops, or times one database link contacts another, allowed. When one database link connects to another, this count decrements. Each subsequent database link contacted further decrements the count. If a server receives a count of 0 it determines that a loop has been detected and notifies the client application. The range is 0 to 20.
</li>
  <dl>
     <dt>
The default maximum hops value is 10.
<br /> </dt>  </dl>
</ul>

Connection Management. Use these options to configure the pool of connections maintained by the database link with the remote server.

<ul>
<li>
Maximum TCP connection(s). Maximum number of TCP connections the database link establishes with the remote server. The default value is 3 connections. The range is 1 to 50.
</li>

<li>
Bind timeout. Amount of time, in seconds, before the bind attempt times out. The default value is 15 seconds. The range is 0 to 3600 seconds.
</li>

<li>
Maximum binds per connection. Maximum number of outstanding bind operations per TCP connection. The default value is 10 outstanding bind operations. The range is 0 to 25.
</li>

<li>
Timeout before abandon. The number of seconds that pass before the server checks for abandon operations. The default value is 10 second The range is 0 to 2147483647.
</li>

<li>
Maximum LDAP connection(s). Maximum number of LDAP connections the database link establishes with the remote server. The default value is 10 connections. The range is 1 to 50.
</li>

<li>
Maximum bind retries. Number of times a database link attempts to bind with the remote database. A value of zero indicates that the database link will try to bind only once. The default value is 3 attempts. The range of values is 0 to 10.
</li>

<li>
Maximum operations per connection. Maximum number of outstanding operations per connection. The default value is 10 operations per second. The range is 0 to 50.
</li>

<li>
<b>Connection life (sec). </b>You can keep connections between the database link and the remote database open for an unspecified time, or you can close them after a specific period. It is faster to keep the connections open, but it uses more resources. 
</li>
  <dl>
     <dt>
A value of 0 indicates that there is no limit. By default, the value is set to 0. The range is 0 to 2147483647 seconds.
<br /> </dt>  </dl>
</ul>

--- NEW FILE configtab_chaindb6.html ---
<p class="topic">
Database Link Limits and Controls
</p>

Use the Limits and Controls tab to override the defaults set in Default Creation Parameters tab of the Database link Settings node. You can customize how the database link returns data to client applications and manages connection, and you can configure cascading chaining (in which one database link connects to another).


Control Client Return. These options help you specify how the database link responds to client application requests.

<ul>
<li>
Return referral on scoped search. Select this option to return referrals to client applications in response to scoped searches. Choosing to return referrals optimizes directory server performance, as referrals are more efficient than searching for data in remote databases.
</li>

<li>
Size limit X entries. Specifies the number of entries the database link returns in response to a search request. The default size limit is 2000 entries. The range is from -1 (no limit) to 2147483647.
</li>

<li>
Time limit X seconds. Specifies the search time limit for the database link. After the time limit has passed, the connection is timed out. The default value is 3600 seconds. The value range is -1 (for no limit) to 2147483647.
</li>
</ul>

Cascading Chaining. Use the following options to configure cascading chaining, when one database link points to another database link.

<ul>
<li>
Check local ACI. Select this checkbox to enable evaluation of local ACIs on all database links involved in a chaining operation. 
</li>

<li>
<b>Maximum hops.</b> Specifies the number of hops, or times a database link contacts another, allowed. When one database link connects to another, this count decrements. Each subsequent database link contacted further decrements the count. If a server receives a count of 0 it determines that a loop has been detected and notifies the client application.
</li>
  <dl>
     <dt>
The default maximum hops value is 10. The range of values is 0 to 20.
<br /> </dt>  </dl>
</ul>

Connection Management. Use these options to configure the pool of connections maintained by the database link with the remote server.

<ul>
<li>
Maximum TCP connection(s). Maximum number of TCP connections the database link establishes with the remote server. The default value is 3 connections. The value range is 0 to 50.
</li>

<li>
Bind timeout. Amount of time, in seconds, before the bind attempt times out. The default value is 15 seconds.
</li>

<li>
Maximum binds per connection. Maximum number of outstanding bind operations per TCP connection. The default value is 10 outstanding bind operations. The range of values is from 1 to 25.
</li>

<li>
Timeout before abandon. The number of seconds that pass before the server checks for abandon operations. The default value is 10 seconds. The range is 0 to 2147483647.
</li>

<li>
Maximum LDAP connection(s). Maximum number of LDAP connections the database link establishes with the remote server. The default value is 10 connections. The value range is 1 to 50.
</li>

<li>
Maximum bind retries. Number of times a database link attempts to bind with the remote database. A value of zero indicates that the database link will try to bind only once. The default value is 3 attempts. The range is from 0 to 10.
</li>

<li>
Maximum operations per connection. Maximum number of outstanding operations per connection. The default value is 10 operations per second. The range is from 0 to 50.
</li>

<li>
Connection life (sec). You can keep connections between the database link and the remote database open for an unspecified time, or you can close them after a specific period. It is faster to keep the connections open, but it uses more resources. The range is from 0 (no limit) to 2147483647 seconds.
</li>
</ul>

--- NEW FILE configtab_chaindb7.html ---
<p class="topic">
Database Link Authentication
</p>

Use the authentication tab to set the attributes required for your new database link to connect with a remote data source on another server.

Suffix managed by this database link. The suffix of your directory information tree managed by this database link.

Remote server URL. The LDAP URL of the remote server to which this database link connects. The LDAP URL syntax is <code>ldap://</code>server<code>:[</code>port<code>][</code> server<code>[:</code>port<code>]]/</code>

Database link bind DN. The DN used by the database link to bind with the remote server. This DN cannot be the directory manager.

Database link password. Password used by the database link to bind with the remote server.

Confirm database link password. Confirm the remote password.

Remote server checklist. Lists what you need to configure on the remote server for database link to successfully chain operations.

<ul>
<li>
User entry. You need to create an entry in the remote database that corresponds to the DN you specified as the remote server bind DN for the database link.
</li>

<li>
Suffix. The suffix associated with the database link must be present on the remote server.
</li>

<li>
ACI. Provides a sample proxy authorization ACI that need to be added to the naming context on the remote database to which the database link points. This ACI gives the proxy administrative user access only to the data contained within the subtree on which it is specified.
</li>
</ul>

--- NEW FILE configtab_db.html ---
<p class="topic">
Indexes
</p>

Use the tables contained by this tab to set up the indexes for your database. Browsing indexes are set up on the Directory tab of the Directory Server Console.

This tab displays two sets of indexes, system indexes and additional indexes.

System Indexes (Read-Only). Directory Server creates system indexes by default. They are used internally by the server and cannot be removed.

Additional Indexes. You can specify a standard set of indexes for Directory Server to maintain.

<ul>
<li>
Attribute name. Contains the name of the attribute to be indexed.
</li>

<li>
Approximate. Select this checkbox to configure the server to create and maintain an approximate, or "sounds-like," index for the attribute; clear this checkbox to discontinue indexing on this attribute.
</li>

<li>
Equality. Select this checkbox to configure the server to create and maintain an equality index for the attribute; clear this checkbox to discontinue indexing on this attribute.
</li>

<li>
Presence. Select this checkbox to configure the server to create and maintain a presence index for the attribute; clear this checkbox to discontinue indexing on this attribute.
</li>

<li>
Substring. Select this checkbox to configure the server to create and maintain a substring index for the attribute; clear this checkbox to discontinue indexing on this attribute.
</li>

<li>
Matching rule. Enter the matching rule OID (if any) you want the server to use when client applications search the directory using this attribute. 
</li>
</ul>

Add attribute. If the attribute you want to index is not listed in the table, click the "Add Attribute" button. This brings up the Select Attribute dialog box. Select the attribute you want to add and click OK.

Delete attribute. To remove all of the indexes for a particular attribute, select the attribute in the table, click Delete Attribute, and then click Save.

--- NEW FILE configtab_db10.html ---
<p class="topic">
Export Single Database
</p>

Use this dialog box to export a single database to LDIF.

LDIF file (on remote machine). Enter the full path to the LDIF file. Click Browse to locate it on your machine. By default, if you are running the console locally, the file is stored in the current directory.

<p class="text">
When the Browse button is not enabled, by default the file is stored in /<code>opt/<span class="variable">productID</span>/slapd-</code><span class="variable">serverID</span><code>/ldif</code>
</p>

--- NEW FILE configtab_db11.html ---
<p class="topic">
LDBM Plug-in Settings
</p>

Use this tab to configure general database settings.

Maximum cache size. Memory available on disk for all indexes. By default, the value is 10000000 bytes.

Look-through limit. Maximum number of entries the directory checks in response to a search request. The default value is 5000 entries.

Database mode files. Specific permissions applied to the database, in octal.

Import cache size. Memory available on disk for the database to cache information during an import operation, in bytes.

--- NEW FILE configtab_db12.html ---
<p class="topic">
Default Indexes
</p>

Use this tab to configure the default indexes for your databases.

Attribute name. Contains the name of the attribute to be indexed.

Approximate. Select this checkbox to configure the server to create and maintain an approximate, or "sounds-like," index for the attribute; clear this checkbox to discontinue indexing on this attribute.

Equality. Select this checkbox to configure the server to create and maintain an equality index for the attribute; clear this checkbox to discontinue indexing on this attribute.

Presence. Select this checkbox to configure the server to create and maintain a presence index for the attribute; clear this checkbox to discontinue indexing on this attribute.

Substring. Select this checkbox to configure the server to create and maintain a substring index for the attribute; clear this checkbox to discontinue indexing on this attribute.

Matching rule. Enter the matching rule OID (if any) you want the server to use when client applications search the directory using this attribute.

Add attribute. If the attribute you want to index is not listed in the table, click the "Add Attribute" button. This brings up the Select Attribute dialog box. Select the attribute you want to add and click OK.

Delete attribute. To remove all of the indexes for a particular attribute, select the attribute in the table, click Delete Attribute, and then click Save.

--- NEW FILE configtab_db13.html ---
<p class="topic">
Attribute Encryption Tab
</p>

By configuring attribute encryption, or database encryption, it is possible to encrypt highly sensitive information as it is stored within the database. The values of these attributes are encrypted and can only be read during a secure session. Use this tab to select attributes to encrypt.

Encrypted Attributes. Text box of encrypted attributes.

<ul>
<li>
Attribute name. The name of the attribute that is encrypted.
</li>

<li>
Encryption Algorithm. The encryption cipher used to encrypt that attribute.
</li>
</ul>

Add attribute. Brings up a list of all system attributes that can be encrypted.

Delete attribute. Deletes an encrypted attribute. This does not delete the attribute or its value; it disables encryption.

--- NEW FILE configtab_db14.html ---
<p class="topic">
Attribute Encryption - Add Attribute Button
</p>

A list of all system attributes that can be encrypted, in the "Select Attribute to Encrypt" box.

Select an attribute you wish to encrypt, and click OK. This will bring up the "Select Encryption Method" box.

--- NEW FILE configtab_db15.html ---
<p class="topic">
Attribute Encryption - Select Encryption Method Box
</p>

After selecting an attribute to encrypt and clicking okay, the "Select Encryption Method" box comes up, with a list of encryption ciphers available for attribute encryption.

<p class="text">
There are currently two supported ciphers:
</p>

<ul>
  <li>AES</li>
  <li>3DES</li>
</ul>

You may only select one. Click OK to add a cipher and complete the encrypted attribute or cancel to close out the selection.

--- NEW FILE configtab_db2.html ---
<p class="topic">
Passwords Tab
</p>

Use this tab to set up a password policy for the directory.

Enable fine-grained password policy. When selected, enables the fine-grained (subtree and user level) password policy.

User must change password after reset. When selected, users must change their passwords when they first log in or after the administrator resets the passwords.

User may change password. When selected, allows users to change their own passwords.

Allow changes in X day(s). Defines how often users can change their password. Use this value in conjunction with "Keep password history" to discourage users from recycling old passwords.

Keep password history. Specifies that the server keep a list of user passwords. Use this in conjunction with "Allow changes in X day(s)" to discourage users from reusing old passwords. If you select this option, enter the number of passwords users must cycle through before they can reuse a password.

Remember X passwords. If the server is keeping a password history, this option specifies how many old passwords the server should store in the history list. The valid value range is from 2 to 24. The default value is 6.

Password never expires. Select this if you do not require users to change their passwords periodically.

Password expires after X days. Select this if you want users to change their passwords periodically. If you select the option, in the text box, you must enter the number of days in which the password will expire.

Note that the maximum value for the password age is derived by subtracting January 18, 2038 from today's date. The value you enter must not be set to the maximum value or too close to the maximum value. If you set the value to the maximum value, Directory Server may fail to start because the number of seconds will go past the epoch date. In such an event, the error log will indicate that the password maximum age is invalid. To resolve this problem, you must correct the <code>paswordMaxAge</code> attribute value in the <code>dse.ldif</code> file.

A common policy is to have passwords expire every 30 to 90 days. By default, the password maximum age is set to 8640000 seconds (100 days).

Send warning X day(s) before password expires. Indicates the number of days before a user's password is due to expire that the user will be sent a warning message. The valid value range is from 1 to 24,855 days. The default value is 1 day.

Allow up to X login attempt(s) after password expires. Indicates the number of grace logins permitted after a user's password has expired. Grace logins are not permitted by default.

Check password syntax. Select this checkbox to enforce password syntax checking. Syntax checking ensures that the password strings conform to the syntax guidelines, such as minimum password length.

Password minimum length. If syntax checking is on, this option specifies the minimum number of characters that must be used in directory server passwords. The valid value range is from 2 to 512 characters. The default value is 6.

Password encryption. Identifies how user passwords are stored in the directory. You can specify one of the following encryption formats:

<ul>
<li>
Salted Secure Hashing Algorithm (SSHA). This method is recommended as the most secure. SSHA is the default encryption method.
</li>

<li>
UNIX crypt algorithm (CRYPT). Provided for compatibility with UNIX passwords.
</li>

<li>
Secure Hashing Algorithm (SHA). A one-way has algorithm that is the default encryption schema in Directory Server 4.x.
</li>

<li>
No encryption (CLEAR). This encryption type indicates that the password will appear in plain text.
</li>
</ul>

Passwords stored using SSHA, CRYPT, or SHA formats cannot be used for secure login through SASL Digest MD5.

--- NEW FILE configtab_db3.html ---
<p class="topic">
Account Lockout Tab
</p>

You can set up a account lockout policy for the directory using the Account Lockout tab.

Accounts may be locked out. Select this option to enable account lockout because of repeated login failures. Clear this checkbox if you do not want users to be locked out of the directory after a series of failed bind attempts.

Lockout account after X login failures. Specify the number of times a user can fail to bind before they are locked out of the directory. Valid values are 1 to 32,767 attempts. This option is available only if account lockout is enabled.

Reset failure count after X minutes. Indicates the amount of time that must elapse before the failure counter is reset. This option is available only if account lockout is enabled. Valid values are 1 to 35,791,394 minutes.

Lockout forever. Select this option to indicate that user accounts that have been locked must be reset by the administrator before users can access the directory. If you select this option, you cannot set a lockout duration.

Lockout duration X minutes. Select this option to indicate the amount of time a user will be locked out of the directory after a series of failed bind attempts. If you select this option, you must enter a number of minutes in the text box. Valid values are 1 to 35,791,394 minutes. This option is available only if account lockout is enabled.

--- NEW FILE configtab_db4.html ---
<p class="topic">
Select Attribute
</p>

Use this dialog box to specify an attribute for which you want the server to maintain an index.

Attributes list. This list contains all of the attributes currently in the directory schema. Select the attribute for which you want to maintain an index and click OK.

--- NEW FILE configtab_db5.html ---
<p class="topic">
Database Settings
</p>

Use this tab to configure the settings for a particular database instance. These settings take precedent over the default settings you have described for databases in general.

Suffix. Suffix maintained by this database.

Database location. Full path to the database location on the server.

Maximum entries in cache. Maximum number of entries stored in the database cache for processing client search requests. A value of -1 indicates no limit. For performance tuning purposes.

Memory available for cache. Maximum memory available to the database for storing cached entries, in bytes. For performance tuning purposes.

Database is read-only. Select this checkbox to make the database read-only.

--- NEW FILE configtab_db6.html ---
<p class="topic">
Import Database
</p>

Use this dialog box to append data to all of your databases using LDAP. You can also use this option to modify and delete entries.

LDIF file (on Console's machine). Enter the full path to the LDIF file you want to import. Click Browse to select the file you want to import. By default, the console uses your current path.

Add only. The LDIF file may contain modify and delete instructions in addition to the default add instructions. If you want the server to ignore operations other than add, select this checkbox.

Continue on error. Select this checkbox if you want the server to continue with the import even if errors occur. For example, use this option if you are importing an LDIF file that contains some entries that already exist in the database in addition to new ones. The server notes existing entries in the rejects file while adding all new entries.

File for rejects. Enter the full path to the file in which you want the server to record all entries it cannot import. For example, the server cannot import an entry that already exists in the database or an entry that has no parent object. By default, the server creates the rejects file in the current directory.

--- NEW FILE configtab_db7.html ---
<p class="topic">
Import
</p>

Use this dialog box to import data to one database or all of your databases. This method overwrites any data contained by the database.

LDIF file. Enter the full path to the LDIF file you want to import. Click Browse to locate the file on your machine.

The following two options apply only if you operate the console from a machine remote to the server containing the LDIF file.

From local machine. Select this radio button to indicate that the LDIF file is located on the local server. By default, the console looks for a file stored in the current directory.

From server machine. Select this radio button to indicate that the LDIF file is located on a remote server. By default, the console looks for the file in the following directory: <code>/opt/productID/slapd-</code>serverID<code>/ldif</code>.

--- NEW FILE configtab_db8.html ---
<p class="topic">
Initialize Database
</p>

Use this dialog box to overwrite any existing data in your database by importing a file from LDIF.

LDIF file. Enter the full path to the LDIF file you want to import. Click Browse to locate it on your machine.

<p class="text">
If you are operating the console from a machine remote to the server containing the LDIF file, select one of the following options:
</p>

<ul>
<li>
From local machine. Indicates that the LDIF file is located on the local server. By default, the console looks in the current directory for the LDIF file.
</li>

<li>
From server machine. Indicates that the LDIF file is located on a remote server. 
</li>
</ul>

--- NEW FILE configtab_db9.html ---
<p class="topic">
Export Databases
</p>

Use this dialog box to export your databases to LDIF.

LDIF File. Enter the name you want the server to use for the LDIF file. If you are running Directory Server Console on the server's host machine, click Browse to select the file to which you want to export.

To Local Machine. Choose this option to export the database to a local file. This option is not visible if you are running Directory Server Console on the directory's host.

To Server Machine. Choose this option to export the database to a file on the server's host machine. If you choose this option, you cannot Browse to select a different file. This option is not visible if you are running Directory Server Console on the directory's host.

All Databases. Select this option to export the all of your databases to LDIF.

Subtree. Select this option if you want the server to export only a portion of the directory to LDIF. If you choose this option, you must also select the subtree you want the server to export.

Subtree text box. If you selected the Subtree radio button, you can enter the subtree you want the server to export to LDIF in this text box. You can also click Browse to browse the directory and select a subtree.

--- NEW FILE configtab_ldbmdb.html ---
<p class="topic">
Create New Database
</p>

Use this dialog box to create a new database.

Suffix Name. This field appears only when you create a new database in an existing suffix. Gives the name of the suffix contained by the database.

Database information. Use these options to specify the database name and location.

Database Name. Enter a unique name for the database. This value cannot contain commas or equals signs (=).

Create database in. Enter the full path to the location on your machine where you want the new database to reside. Click Browse to locate a directory.

--- NEW FILE configtab_logs.html ---
<p class="topic">
Access Log
</p>

Use this tab to configure various settings for the directory's access log. The access log contains detailed information about client connections to the directory.

Enable logging. Select this checkbox to configure the server to keep an access log; clear this checkbox to disable access logging.

View Log. Click this button to view the access log for the directory.

Log File. Contains the full path and name of the access log file. By default, the value is:

<p class="code">
<code><span class="variable">serverRoot</span>/slapd-<span class="variable">serverID</span>/logs/access</code>
</p>

Creation Policy. These options allow you to specify how often the server archives the current access log and starts a new log file.

Access mode. Indicates the access mode or UNIX file permissions with which log files are to be created. The default value is 600.

The valid values are any combination of 000 to 777, as they mirror numbered or absolute UNIX file permissions. That is, the value must be a combination of a 3-digit number, the digits varying from 0 through 7:

<p class="text">
0 - None<br />1 - Execute only<br />2 - Write only<br />3 - Write and execute<br />4 - Read only<br />5 - Read and execute<br />6 - Read and write<br />7 - Read, write, and execute
</p>

In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the group's permissions, and the third digit represents everyone's permissions. When changing the default value, keep in mind that 000 will not allow access to the logs and allowing write permissions to everyone can result in the logs being overwritten or deleted by anyone.

Note that the newly configured access mode will only affect new logs that are created; the mode will be set when the log rotates to a new file.

Maximum number of logs. The number of logs to archive per directory. When the server exceeds this amount, it deletes old archive logs. The default value is 10.

File size for each log. The maximum file size (in MB) for active access log files. Once a file reaches the size you specify, the server archives the file and starts a new one. To specify no maximum, enter a value of -1.

Create a new log every. How often you want the server to start a new access log. The server archives a log file if the size of the file reaches the maximum file size or the specified time limit has elapsed, whichever comes first.

Deletion Policy. These options allow you to configure the server to delete unneeded archived access log files.

When total log exceeds. The server will delete the oldest archived access log once the total of all the logs reaches this amount. The value is given in MB.

When free disk space is less than. The server will delete the oldest archived access log if the available disk space is less than this amount. The value is given in MB.

When a file is older than. The server will delete an archived access log when the file is older than the age you specify.

--- NEW FILE configtab_logs2.html ---
<p class="topic">
Error Log
</p>

Use this tab to configure the directory's error log. The error log contains detailed messages about errors and events the server experiences during normal operations.

Enable logging. Select this checkbox to configure the server to keep an error log; clear this checkbox to disable error logging.

View Log. Click this button to view the error log for the directory.

Log File. Contains the full path and filename of the error log. By default, the value is:

<p class="code">
<span class="variable">serverRoot</span>/slapd-</font><span class="variable">serverID</span>/logs/errors
</font>
</p>

Creation Policy. These options allow you to specify how often the server archives the current error log and starts a new log file.

Access mode. Indicates the access mode or UNIX file permissions with which log files are to be created. The default value is 600.

The valid values are any combination of 000 to 777, as they mirror numbered or absolute UNIX file permissions. That is, the value must be a combination of a 3-digit number, the digits varying from 0 through 7:

<p class="text">
0 - None<br />1 - Execute only<br />2 - Write only<br />3 - Write and execute<br />4 - Read only<br />5 - Read and execute<br />6 - Read and write<br />7 - Read, write, and execute
</p>

In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the group's permissions, and the third digit represents everyone's permissions. When changing the default value, keep in mind that 000 will not allow access to the logs and allowing write permissions to everyone can result in the logs being overwritten or deleted by anyone.

Note that the newly configured access mode will only affect new logs that are created; the mode will be set when the log rotates to a new file.

Maximum number of logs. The number of logs to archive per directory. The default value is 1 log, meaning that the server does not rotate the log and it grows indefinitely.

File size for each log. The maximum file size (in MB) for active error log files. Once a file reaches the size you specify, the server archives the file and starts a new one.

Create a new log every. How often you want the server to start a new error log. The server archives a log file if the size of the file reaches the maximum file size or the specified time limit has elapsed, whichever comes first.

Deletion Policy. These options allow you to configure the server to delete unneeded archived error log files.

When total log exceeds. The server will delete the oldest archived error log once the total of all the logs reaches this amount.

When free disk space is less than. The server will delete the oldest archived error log if the available disk space is less than this amount.

When a file is older than. The server will delete an archived error log when the file is older than the age you specify.

Log Level. Specifies the kinds of error and event messages the server should store in the error log. By default, no options are selected. Selecting any option will cause the error log to grow very rapidly because additional information is written for every request the server receives.

--- NEW FILE configtab_logs3.html ---
<p class="topic">
Audit Log
</p>

Use this tab to configure the directory's audit log. The audit log contains detailed information about changes made to each database as well as to the overall server configuration.

Enable logging. Select this checkbox to configure the server to keep an audit log; clear this checkbox to disable audit logging.

View Log. Click this button to view the audit log for the directory.

Log File. Contains the full path and name of the audit log. By default, the value is:

<p class="code">
<span class="variable">serverRoot</span>/slapd-<span class="variable">serverID</span>/logs/audit
</p>

Creation Policy. These options allow you to specify how often the server archives the current audit log and starts a new log file.

Access mode. Indicates the access mode or UNIX file permissions with which log files are to be created. The default value is 600.

The valid values are any combination of 000 to 777, as they mirror numbered or absolute UNIX file permissions. That is, the value must be a combination of a 3-digit number, the digits varying from 0 through 7:

<p class="text">
0 - None<br />1 - Execute only<br />2 - Write only<br />3 - Write and execute<br />4 - Read only<br />5 - Read and execute<br />6 - Read and write<br />7 - Read, write, and execute
</p>

In the 3-digit number, the first digit represents the owner's permissions, the second digit represents the group's permissions, and the third digit represents everyone's permissions. When changing the default value, keep in mind that 000 will not allow access to the logs and allowing write permissions to everyone can result in the logs being overwritten or deleted by anyone.

Note that the newly configured access mode will only affect new logs that are created; the mode will be set when the log rotates to a new file.

Maximum number of logs. The number of logs to archive per directory.

File size for each log. The maximum file size (in MB) for active audit log files. Once a file reaches the size you specify, the server archives the file and starts a new one.

Create a new log every. How often you want the server to start a new audit log. The server archives a log file if the size of the file reaches the maximum file size or the specified time limit has elapsed, whichever comes first.

Deletion Policy. These options allow you to configure the server to delete unneeded archived audit log files.

When total log exceeds. The server will delete the oldest archived audit log once the total of all the logs reaches this amount.

When free disk space is less than. The server will delete the oldest archived audit log if the available disk space is less than this amount.

When a file is older than. The server will delete an archived audit log when the file is older than the age you specify.

--- NEW FILE configtab_maptree.html ---
<p class="topic">
Suffix Settings
</p>

Use this tab to specify settings for a particular root or sub suffix.

Suffix name. This field gives the name of the suffix. If the suffix is a root suffix, the console states "This is a root suffix." If the suffix is a sub suffix, the root suffix to which it belongs is named in the "Suffix belongs to" field.

Enable this suffix. By default, this checkbox is selected. To disable the suffix (for example, when you take a database down for maintenance), deselect this checkbox.

Suffix request processing. These options help you configure how requests from client applications are managed by this suffix.

Use the Databases. Select this option if you want the databases and database links to be used for processing all requests made by client applications.

Return Referrals for all Operations. Select this option to return a referral in response to all client application requests. For example, you might when a database is taken off line.

Return Referrals for Update Operations. Select this option to return a referral only during update requests. This is useful for redirecting client requests made to read-only databases.

--- NEW FILE configtab_maptree2.html ---
<p class="topic">
Database List
</p>

This dialog box lists all of the databases in your directory. Select one from the list and click OK. You can highlight multiple databases by holding down the Shift key while you select databases with your mouse.

--- NEW FILE configtab_maptree3.html ---
<p class="topic">
Databases
</p>

Use this tab to specify the databases for the suffix.

Database information. Enter the database or databases that contain entries for this suffix in this box. Click Add to browse a list of available databases. Click Delete to remove a database from the list.

Distribution Logic for Multiple Databases. Use the options in this section to specify custom distribution logic for your directory. You use distribution logic when you distribute a single suffix across multiple databases. You need to specify the following:

<ul>
<li>
Distribution library. Enter the name of your distribution library. Click Browse to locate a library in a different directory.
</li>

<li>
Function name. Enter the name of your distribution function.
</li>
</ul>

--- NEW FILE configtab_maptree4.html ---
<p class="topic">
Referrals
</p>

Use this tab to configure the referrals returned by the suffix.

Enter a new referral. Enter a referral in LDAP URL format, or click Construct to be guided through the process. Click Add to add the referral to the list.

Current referrals for this suffix. Lists the referrals currently in place for this suffix. The entire list of referrals is returned to client applications in response to a request, when you select Referral or Referral on Update in the Suffix Settings tab. Click Delete to remove a referral from the list.

--- NEW FILE configtab_maptree5.html ---
<p class="topic">
Creating a New Root Suffix
</p>

Use this dialog box to create a new root suffix.

New suffix. Enter a unique name for the new root suffix. The suffix must be named according to dc naming conventions. For example, <code>dc=example,dc=com</code> could be the name of a new root suffix.

Create associated database automatically. Select this checkbox to automatically create a database for the new root suffix.

Database name. If you select the "Create associated database automatically" checkbox, enter the name of the new database in this field.

--- NEW FILE configtab_maptree6.html ---
<p class="topic">
Creating a New Sub Suffix
</p>

Use this dialog box to create a new sub suffix under an already existing root suffix.

New suffix. Enter the new sub suffix name in this field. The suffix must be named according to dc naming conventions. For example, <code>o=people</code> could be the name of a new sub suffix.

Suffix belongs to. Indicates the root suffix this sub suffix is beneath.

Complete suffix name. Combines the new suffix name with the root suffix name.

Create associated database automatically. Select this checkbox to automatically create a database for the new sub suffix.

Database name. If you select the "Create associated database automatically" checkbox, enter the name of the new database in this field.

--- NEW FILE configtab_maptree7.html ---
<p class="topic">
Remove Suffix
</p>

Use this dialog box to delete a suffix and its sub suffixes. Deleting a suffix also deletes the databases and replication agreements of the suffix.

Delete this suffix and all of its sub suffixes. Select this option to delete this suffix and all sub suffixes beneath it. Selecting this option also deletes all databases and replication agreements of this suffix.

Delete this suffix only. Select this option to delete only this suffix, its associated database and replication agreements. Any sub suffixes beneath this suffix will move up a level after the deletion. For example, if you delete a root suffix only, the sub suffix directly beneath becomes a root suffix after the deletion.

--- NEW FILE configtab_plugins.html ---
<p class="topic">
Plug-ins
</p>

When you select a plug-in, the right pane displays basic information about the plug-in. You cannot modify plug-ins from the Directory Server Console.

Enable plug-in. Select this checkbox to enable the plug-in; clear the checkbox to disable the plug-in. After enabling or disabling a plug-in, you must restart the directory.

Plug-in ID. Gives the name of the plug-in.

Description. Contains descriptive text about the plug-in.

Version. Gives the version number of the plug-in.

Vendor. Identifies the manufacturer of the plug-in.

Plug-in type. Defines the type of plug-in, such as preoperational or postoperational.

Initialization function. Identifies the function that the server calls to initialize the plug-in.

Plug-in module path. Gives the name and path of the shared object or dynamic link library that contains the plug-in.

Arguments. Specifies any additional arguments that are passed to the initialization function.

--- NEW FILE configtab_replication.html ---
<p class="topic">
Legacy Consumer Settings
</p>

The replication model used in Directory Server 4.1x and the current replication model are different. The former replication model is termed Legacy Replication. Only use this tab if you wish to accept replication updates from a 4.1x Directory Server using legacy replication.

Enable Legacy Consumer. Select this checkbox if you want this current Directory Server, to act as a legacy consumer. This means that this server can accept updates from a 4.1x supplier server. You must check this checkbox to activate the other fields in this window.

Supplier DN. Use this field to specify the distinguished name that any supplier server must use to bind to this consumer server to send replication updates. The supplier DN must correspond to an entry that is stored on the consumer server. This entry must not be part of the replicated database.

New supplier password. If a password is specified, the supplier server uses this password to bind to the consumer server.

Confirm new supplier password. Confirms that the password entered in the "New supplier password" field is correct.

--- NEW FILE configtab_replication2.html ---
<p class="topic">
Supplier Settings
</p>

Use this tab to configure a server as a supplier server. You must specify supplier attributes on any server that holds the master copy of a directory database.

Enable Changelog. Check this box if you want this server to record all update operations in a change log so that these changes can be replayed on a consumer server.

Changelog database directory. The directory in which the supplier server stores the change log.

Browse. If you want the server to display a file selector so that you can select a directory for storing the change log database, click this button.

Use default. If you want the server to suggest a default path name for the change log database, click this button.

Max changelog records. The maximum number of entries recorded in the change log. If you select the Unlimited checkbox, no maximum size is set for the change log.

Max changelog age. When an entry in the change log reaches the age specified here, the server removes the entry from the change log. If you select the Unlimited checkbox, the server does not remove entries from the change log based on age.

To remove a change log database that has grown too big, you must manually delete it.

--- NEW FILE configtab_replication3.html ---
<p class="topic">
Replica Settings
</p>

Use this tab to configure replication settings for the database selected in the left navigation tree.

Enable Replica. Select this checkbox to enable replication. You must select this checkbox to activate all other fields in the window.

Single Master. Select this radio button if you want this Directory Server to act as the single supplier server for this database.

Multiple Master. Select this radio button if you want this Directory Server to act as one of the supplier servers that can replicate this database to consumers.

Hub. Select this radio button if you want this Directory Server to accept updates from a supplier server, and replicate changes to consumer servers.

Dedicated Consumer. Select this radio button if you want this Directory Server to accept updates from a supplier server. A dedicated consumer can service search operations but not update operations. Update operations will be referred to a supplier server.

Replica ID. An integer between 1 and 255 that identifies the replica. The replica IDs of the master replicas must be unique. In other words, master replicas involved in the same multi-master configuration must have different replica IDs. However, two master replicas (corresponding to different suffixes) on the same server can have the same replica ID.

If the ID is incorrect, the field labels turn red and the Save button is disabled.

Purge delay. The delay you specify in these fields determines how often the state information stored in the replicated entries is purged. Check the Never checkbox if you want to save this information indefinitely.

Updatable by a 4.x Replica. Check this checkbox if you want this Directory Server to act as a legacy consumer of a 4.x supplier server.

Current Supplier DNs. This field lists the supplier bind DNs that supplier servers must use to update this replica. You can now specify multiple supplier bind DNs per replica, but only one supplier DN per replication agreement. Use the "Enter a new Supplier DN" field to specify a new supplier DN and click Add to add it to this list. If you have configured replication over SSL, specify the DN of the entry that contains the supplier's certificate in the "Enter a new Supplier DN" field and click Add to add it to this list.

Current URLs for referrals (Optional). Directory Server uses the information contained in the replication agreement to create referrals from the consumer server to the appropriate supplier servers. This field lists the URLs you specify in addition to the automatic URLs which will be set up automatically. If you want the consumer to return an <code>ldaps://</code> URL, so that clients will bind to the supplier servers using SSL, enter the URL in the "Enter a new URL" field and click Add to add it to this list of current URLs. In the same way, if you have a cascading replication scenario and you want the referral returned to clients to point to the original supplier instead of the hub supplier, enter the corresponding URL in the "Enter a new URL" field and click Add to add it to this list of current URLs.

--- NEW FILE configtab_replication4.html ---
<p class="topic">
Replication Summary
</p>

You use the replication agreement Summary tab to view status or change the name of the replication agreement.

Description. Contains the description of the replication agreement.

General. Displays information about:

<ul>
<li>
Supplier—The name of the supplier server in the agreement.
</li>

<li>
Consumer—The name of the consumer server in the agreement.
</li>

<li>
Replicated subtree—The subtree replicated in the agreement.
</li>
</ul>

Status. This area displays information about the replication agreement, including the number of the last change sent to the consumer server, current status of the replication agreement, and the replication history.

--- NEW FILE configtab_replication5.html ---
<p class="topic">
Replication Schedule
</p>

Use this tab when you modify a replication agreement to identify the time of day and day of week replication occurs. No new replication processes will be started outside the specified replication interval.

Always Keep Directories in Sync. Select this option if you do not want to set time restrictions on the replication agreement.

Sync on the following days. When selected, you can select the checkbox(es) next to the day(s) of the week when replication can occur. Click All to select every day of the week.

Replication will take place between. Enter the hours during which replication takes place in the boxes provided.

--- NEW FILE configtab_replication6.html ---
<p class="topic">
Replication Connection
</p>

Use the Connection tab to display the type of connection used by your replica during replication. You can use this tab to modify the user bind name and password. You cannot change the connection type. To change the connection type, re-create the replication agreement.

Using Encrypted SSL Connection. When selected, specifies that the supplier and consumer servers use SSL for secure communication.

SSL Client Authentication. When selected, this option specifies that the supplier and consumer servers use certificates for secure communication. SSL client authentication is not used unless the "Using Encrypted SSL Connection" checkbox is selected. The Bind As and Password fields are unavailable with this option because the server will use its security certificate to authenticate to the consumer server.

<p class="text">
To select this option, you must first do the following:
</p>

<ul>
<li>
Configure SSL for both your supplier and consumer server.
</li>

<li>
Configure your consumer server to recognize your supplier server's certificate as the supplier DN.
</li>
</ul>

Simple Authentication. When selected, this option specifies that the supplier and consumer servers use simple authentication during communication.

Bind As. You can update the supplier bind DN in the Bind As text box.

Password. You can update the password corresponding to the supplier bind DN in the Password field.

--- NEW FILE configtab_replication7.html ---
<p class="topic">
Consumer Server Information
</p>

Use this dialog box to manually enter the host and port number of the consumer server.

Host Name. Enter the host name of the supplier or consumer server as appropriate.

Port Number. Enter the port number of the supplier or consumer server as appropriate.

--- NEW FILE configtab_replication8.html ---
<p class="topic">
Export Replica
</p>

Use this dialog box to export a replica to LDIF.

LDIF file (on remote machine). Enter the full path to the LDIF file. Click Browse to locate it on your machine. By default, if you are running the console locally, the file is stored in the current directory.

<p class="text">
When the Browse button is not enabled, by default the file is stored in the <span class="variable">serverRoot<code>/slapd-</code><span class="variable">serverID</span><code>/ldif</code>
</p>

--- NEW FILE configtab_rootnode.html ---
<p class="topic">
Settings Tab
</p>

Use this tab to configure the basic LDAP and network settings for your directory.

Port. Port number used for non-SSL communications. By default, the port number is 389.

Encrypted Port. Port number used for SSL communications. This port number must be different from the port used for non-SSL communications. The default encrypted port number is 636.

Referrals to. LDAP URL of the default referral returned to client applications who submit requests based at a DN not maintained by your directory.

Make entire server read-only. Causes the server to be placed in read-only mode. Selecting this option also places all databases managed by the server into read-only mode, meaning you cannot create, modify, or delete any entries.

Track entry modification times. Specifies whether the directory maintains modification attributes for directory entries. Choosing to track modification times means that new or modified entries will contain the following attributes: <code>modifiersNames</code>, <code>modifyTimestamp</code>, <code>creatorsName</code>, and <code>createTimestamp</code>.

Enable schema checking. Specifies that schema checking is performed when directory entries are created or modified.

--- NEW FILE configtab_rootnode2.html ---
<p class="topic">
Performance Tab
</p>

Use this tab to tune the performance of your directory.

Size limit. The maximum number of entries the directory returns to a client application in response to a search operation. To set no limit, enter<code> -1</code> in the text box.

Time limit. The maximum amount of time (in seconds) the server spends performing a search request. To set no limit, enter <code>-1 </code>in the text box.

Idle timeout. The time (in seconds) the server maintains an idle connection before terminating the connection. A value of <code>0</code> indicates no limit.

Max number of file descriptors. The maximum number of file descriptors available to the directory. This option is not available for Directory Servers running on Windows.

--- NEW FILE configtab_rootnode3.html ---
<p class="topic">
Encryption Tab
</p>

Use this tab to configure SSL for your directory.

Enable SSL for this server. Select this checkbox to enable SSL communications for the directory. Clear the checkbox to disable SSL.

Use this cipher family. Select the checkbox next to the cipher family or families you want the server to use for SSL communications.

Security Device. Select the device you want the server to use.

Certificate. Select the certificate you want the server to use. You must have a certificate set up on your system to use SSL.

Cipher settings. Opens the Encryption Preferences dialog box, where you can select which ciphers you want the server to use from the cipher families you have already selected. By default, Directory Server comes with the following SSL ciphers:

 
 
<table width="90%" border="1" cellspacing="0" cellpadding="4">
<tr>
<td valign="top">

SSL Cipher
</td>
<td valign="top">

Description
</td>

</tr>
<tr>
<td valign="top">

None
</td>
<td valign="top">

No encryption, only MD5 message authentication (rsa_null_md5).
</td>

</tr>
<tr>
<td valign="top">
<p class="tabletext">
RC4
</p></td>
<td valign="top">
<p class="tabletext">
RC4 cipher with 128-bit encryption and MD5 message authentication (rsa_rc4_128_md5).
</p></td>

</tr>
<tr>
<td valign="top">
<p class="tabletext">
RC4 (Export)
</p></td>
<td valign="top">
<p class="tabletext">
RC4 cipher with 40-bit encryption and MD5 message authentication (rsa_rc4_40_md5).
</p></td>

</tr>
<tr>
<td valign="top">
<p class="tabletext">
RC2 (Export)
</p></td>
<td valign="top">
<p class="tabletext">
RC2 cipher with 40-bit encryption and MD5 message authentication (rsa_rc2_40_md5).
</p></td>

</tr>
<tr>
<td valign="top">
<p class="tabletext">
DES
</p></td>
<td valign="top">
<p class="tabletext">
DES with 56-bit encryption and SHA message authentication (rsa_des_sha).
</p></td>

</tr>
<tr>
<td valign="top">

DES (FIPS)
</td>
<td valign="top">

FIPS DES with 56-bit encryption and SHA message authentication. This cipher meets the FIPS 140-1 U.S. government standard for implementations of cryptographic modules (rsa_fips_des_sha).
</td>

</tr>
<tr>
<td valign="top">
<p class="tabletext">
Triple-DES
</p></td>
<td valign="top">
<p class="tabletext">
Triple DES with 168-bit encryption and SHA message authentication (rsa_3des_sha).
</p></td>

</tr>
<tr>
<td valign="top">

Triple-DES (FIPS)
</td>
<td valign="top">

FIPS Triple DES with 168-bit encryption and SHA message authentication. This cipher meets the FIPS 140-1 U.S. government standard for implementations of cryptographic modules. (rsa_fips_3des_sha)
</td>

</tr>
</table>

<br />
<br />

Do not allow client authentication. Select this option if you want client applications to connect to the server using only simple authentication.

Allow client authentication. Select this option if you want client applications to be able to connect to the server using either simple authentication or client authentication.

If you are using certificate-based authentication with replication, then you must select either "Allow client authentication" or "Require client authentication" on the consumer server.

Require client authentication. Select this option if you want client applications to connect to the server using client authentication only. If you select this option, simple authentication is not allowed.

Use SSL in Management Console. Select this checkbox if you want the communication between the Management Console and the directory to be secured using SSL.

If you use this option with client authentication, communication between the Management Console and the server will take place over a secure channel, but without client authentication.

Check hostname against name in certificate for outbound SSL connections. Select this check box if you want an SSL-enabled Directory Server (with certificate based client authentication turned on) to verify authenticity of a request by matching the hostname against the value assigned to the Common Name (CN) attribute of the subject name in the certificate being presented.

By default, this feature is disabled. If you enable it and if the hostname does not match the CN attribute of the certificate, appropriate error and audit messages are logged. For example, in a replicated environment, messages similar to these are logged in the supplier server's log files if it finds that the peer server's hostname doesn't match the name specified in its certificate:


<code>[DATE] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81 (runtime error -12276 - Unable to communicate securely with peer: requested domain name does not match the server's certificate.)</code>

<p class="text">
<code>[DATE] NSMMReplicationPlugin - agmt="cn=to ultra60 client auth" (ultra60:1924): Replication bind with SSL client authentication failed: LDAP error 81 (Can't contact LDAP server)</code>
</p>

It is recommended that you turn this attribute on to protect Directory Server's outbound SSL connections against a Man In The Middle (MITN) attack.

--- NEW FILE configtab_rootnode4.html ---
<p class="topic">
Cipher Settings
</p>

Use this dialog box to select specific ciphers to use with SSL. You have to enable SSL to access this dialog box.

Select the checkboxes next to the ciphers you want your server to use. The Management Console requires particular ciphers to work with SSL.

--- NEW FILE configtab_rootnode5.html ---
<p class="topic">
SNMP Tab
</p>

Use this tab to set up SNMP for the directory.

Name. The directory server name. This information is presented to clients viewing SNMP statistics.

Description. Describes the directory server instance. This description is presented to clients viewing SNMP statistics.

Organization. Organization name presented to clients viewing SNMP statistics.

Location. The location of the directory. This information is presented to clients viewing the SNMP statistics.

Contact. The email address of the person responsible for maintaining the directory.

--- NEW FILE configtab_rootnode6.html ---
<p class="topic">
Manager Tab
</p>

Use this tab to configure the directory manager, the privileged database administrator.

Directory Manager DN. Contains the DN for the directory manager. By default, this user is <code>cn=Directory Manager</code>.

Manager password encryption. Defines how the directory stores the directory manager password in the directory. By default, the directory gives you the following encryption options:

<ul>
<li>
Salted Secure Hashing Algorithm (SSHA). This method is recommended as the most secure. SSHA is the default encryption method.
</li>

<li>
UNIX crypt algorithm (CRYPT). Provided for compatibility with UNIX passwords.
</li>

<li>
Secure Hashing Algorithm (SHA). A one-way has algorithm that is the default encryption schema in Directory Server 4.x.
</li>

<li>
No encryption (CLEAR). This encryption type indicates that the password will appear in plain text.
</li>
</ul>

New password. To change the directory manager password, enter the new password in this text box.

Confirm password. Re-enter the new directory manager password in this text box for verification.

--- NEW FILE configtab_rootnode7.html ---
<p class="topic">
SASL Mapping Tab
</p>

SASL uses special identities to map a client to an entry or DN in the directory. Use this tab to configure SASL mapping to use SASL for encrypted sessions.

Mappings. Text box of SASL identites that have been created. Highlight one of these to modify or delete it.

<ul>
<li>
<b>Name.</b> The name of the SASL identity.
</li>

<li>
Regular Expression. A regular expression that maps the SASL identity.
</li>

<li>
Search Base DN. The base DN for the SASL mapping identity search.
</li>

<li>
Search Filter. The search filter for the SASL mapping identity search.
</li>
</ul>

Add. This button will bring up the New SASL Mapping text box to create a new SASL mapping identity.

Modify. This will bring up the Modify SASL Mapping text box, which will allow you to modify the search base DN, search filter, and/or regular expression of a SASL mapping identity.

Delete. Deletes a SASL mapping identity.

--- NEW FILE configtab_rootnode8.html ---
<p class="topic">
SASL Mapping - Add Button
</p>

Use this tab to add a new SASL mapping identity.

Name. The name of the new identity.

Regular Expression. A regular expression to map the new identity.

Search Base DN. The base DN for the SASL mapping identity search.

Search Filter. The search filter for the SASL mapping identity search.

--- NEW FILE configtab_rootnode9.html ---
<p class="topic">
SASL Mapping - Modify Button
</p>

Use this tab to change a SASL mapping identity.

Name. The name of the SASL identity. This field is grayed out, and the name cannot be changed.

Regular Expression. A regular expression to map the new identity; this can be changed.

Search Base DN. The base DN for the SASL mapping identity search; this can be changed.

Search Filter. The search filter for the SASL mapping identity search; this can be changed.

--- NEW FILE configtab_schema.html ---
<p class="topic">
Object Classes
</p>

Use this tab to view information about all object classes that currently exist in your directory schema. You can also delete an object class that you have created using this tab. You cannot edit or delete standard object classes.

Parent. Identifies the object class from which the object class currently selected in the Object Classes list inherits attributes and structure.

OID. Object identifier (OID) for the object class selected in the Object Classes list. An OID is a string, usually of decimal numbers, that uniquely identifies an object, (such as an object class or an attribute) in an object-oriented system. If no OID is assigned, the directory automatically uses ObjectClass_name<code>-oid</code>. For example, if you created the object class <code>division</code> without supplying an OID, the directory automatically uses <code>division-oid</code> as the OID.

Object Classes. Contains a list of all the user-defined and standard object classes that currently exist in the schema.

Required Attributes. Lists the required attributes for the object class selected in the Object Classes list. When you add an entry to the directory using this object class, you must add values for the required attributes to the entry. The list also includes inherited attributes.

Allowed Attributes. Lists the optional attributes for the object class selected in the Object Classes list. When you add an entry to the directory using this object class, you may add values for the allowed attributes to the entry. The list also includes inherited attributes.

Create. Click this button to create a new object class.

Edit. To edit a user-defined object class, select it in the Object Classes list and then click Edit.

Delete. Select a user-defined object class from the Object Classes list and then click Delete to delete it from the schema. You cannot delete the standard object classes that came with the directory.

--- NEW FILE configtab_schema2.html ---
<p class="topic">
Create Object Class
</p>

Use this dialog box to create a new or edit an existing object class in your directory. You cannot modify the standard object classes that come with Directory Server. You can modify only those object classes that you define.

Name. Enter a unique name for the object class.

Parent. Identifies the object class from which the new object class will inherit attributes and structure. You can choose from any existing object class.

OID (Optional). Allows you to change the object identifier (OID) for the object class. An OID is a string, usually of decimal numbers, that uniquely identifies an object (such as an object class or an attribute) in an object-oriented system. This field is optional. If you do not specify an OID, the directory automatically uses ObjectClass_name<code>-oid</code>. For example, if you create the object class <code>division</code> without supplying an OID, the directory automatically creates the OID <code>division-oid</code>.

Available attributes. Lists all of the attributes in the schema not inherited from the parent object class. You can add attributes to a user-defined object class by selecting the attribute in the list and then clicking the Add button to the left of either the Required Attributes or Allowed Attributes list box.

To delete an attribute that you previously added, highlight the attribute in the Required Attributes list or the Allowed Attributes list and then click the corresponding Remove button.

Required attributes. Lists the required attributes for the object class including inherited attributes. To add an attribute to the required attributes list, select it in the Available Attributes list and then click the Add button next to the Required Attributes list box.

Allowed attributes. Lists the allowed attributes for the object class including inherited attributes. To add an attribute to the allowed attributes list, select it in the Available Attributes list and then click the Add button next to the Allowed Attributes list box.

--- NEW FILE configtab_schema3.html ---
<p class="topic">
Attributes
</p>

Use this tab to view information about existing attributes, to create new attributes, or to delete attributes you previously created.

Standard Attributes (Read-Only). The Standard Attributes table lists all standard attributes along with their OIDs and corresponding attribute syntax. The alphabetical listing of all available attributes helps you determine whether or not you need to create a new attribute. The information in the table is defined below.

<ul>
<li>
Name—The unique name of the attribute.
</li>

<li>
OID—The object identifier of the attribute.
</li>

<li>
Syntax—Displays the syntax of the attribute. For example, the syntax type of Case Ignore String indicates that values for this attribute are not case sensitive.
</li>

<li>
Multi—Defines whether the attribute is multi-valued. If the checkbox in this column is selected, the attribute can be multi-valued. The directory allows more than one instance of a multi-valued attribute per entry.
</li>
</ul>

User Defined Attributes. Table that lists the user-defined attributes in the directory schema. The information displayed for each attribute is the same for user-defined attributes as for standard attributes (see above).

Create. Click this button to create a new attribute.

<a name="28772"> </a>
Edit. Click this button to edit the currently selected attribute in the tables above.

Delete. You can delete user-defined attributes by selecting them from the User Defined Attributes table and then clicking Delete. Make sure that no object classes are using the attribute before you delete it.

--- NEW FILE configtab_schema4.html ---
<p class="topic">
Create Attribute Dialog Box
</p>

This dialog box allows you to create new attributes or edit existing ones.

Attribute name. A unique string that identifies the attribute you are creating.

Attribute OID (optional). The Attribute OID field is an optional field that you can use to supply an object identifier (OID) for the new attribute. If you do not supply an OID, the directory automatically uses attribute_name<code>-oid</code>. For example, if you create a new attribute called <code>birthdate</code>, the default OID is <code>birthdate-oid</code>.

Attribute aliases (optional). You can specify a nickname for the new attribute. For example, <code>cn</code> is an alias for the <code>CommonName</code> attribute.

Attribute description (optional). Enter a short description of the new attribute.

Syntax. Select a syntax that describes the data to be held by the attribute. Available syntaxes are Integer, IA5String, Case Exact String, Case Ignore String, URI, GeneralizedTime, DistinguishedName (DN), TelephoneNumber, Boolean, Binary, DirectoryString, CountryName, PostalAddress, and Octet String. The default value is DirectoryString.

Multi-valued. When selected, this option specifies that the attribute you are creating is multi-valued, meaning an entry may contain more than one instance of this attribute.

--- NEW FILE configtab_schema5.html ---
<p class="topic">
Matching Rules
</p>

Use the Matching Rules tab to view all the matching rules used by the directory. The table includes matching rules from plug-ins you have created.You cannot edit the standard matching rules.

Matching rules provide guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. For example, a matching rule in an international search might tell the server to search for attribute values that come at or after llama in the Spanish collation order.

Name. Contains a list of all the user-defined and standard matching rules currently available to the directory. Standard matching rules are named according to the following syntax:

<p class="text">
<span class="variable">AttributeSyntax SearchType</span>-<code>Lang</code>
</p>

Where AttributeSyntax is the type of attribute on which this matching rule may be applied, SearchType is the type of search for which this matching rule may be applied, and Lang is the abbreviated code for the locale of the matching rule.

<p class="text">
The possible name types include:
</p>

<ul>
<li>
caseIgnoreOrderingMatch-(Lang)
</li>

<li>
caseExactOrderingMatch-(Lang)
</li>

<li>
caseIgnoreSubstringMatch-(Lang)
</li>

<li>
caseExactSubstringMatch-(Lang)
</li>
</ul>

OID. The object identifier of the matching rule's locale. Each locale supported by the directory has an associated collation order OID.

Syntax. Displays the syntax of the matching rule's locale. Matching rule syntax is defined as "Directory String" and is used internally by the directory.

Description. Contains the two character language tag of the locale. If necessary to distinguish regional differences in language, the language tag may also contain a country code, which is a two-character uppercase string (as defined in ISO standard 3166). The language code and country code are separated by a hyphen. For example, the language tag used to identify the British English locale is en-GB.

--- NEW FILE configtab_synchronization1.html ---
<p class="topic">
Synchronization Summary
</p>

You use the synchronization agreement Summary tab to view status or change the name of the synchronization agreement.

Description. Contains the text description of the synchronization agreement.

General. Displays information about:

<ul>
<li>
Supplier—The name of the supplier server in the agreement.
</li>

<li>
Consumer—The name of the Windows server in the agreement.
</li>

<li>
Windows Subtree—The Windows subtree synchronized in the agreement.
</li>

<li>
DS Subtree—The Directory Server subtree synchronized in the agreement.
</li>

<li>
Replicated subtree—The Directory Server suffix synchronized in the agreement.
</li>
</ul>

Status. This area displays information about the synchronization agreement, including the number of the last change sent to the consumer server, current status of the synchronization agreement, and the synchronization history.

--- NEW FILE configtab_synchronization2.html ---
<p class="topic">
Synchronization Schedule
</p>

This tab shows the synchronization schedule for a database, which is always in sync at a set interval. Changes to the schedulecannot be saved.

Always Keep Directories in Sync. The Directory Server and Windows peer server(s) are always kept in sync at 5 minute intervals.

Sync on the following days. This option is not available for synchronization.

Replication will take place between. This option is not available for synchronization.

--- NEW FILE configtab_synchronization3.html ---
<p class="topic">
Synchronization Connection
</p>

Use the Connection tab to display the type of connection used by your servers during synchronization. You can use this tab to modify the user bind name and password. You cannot change the connection type since this would require changing the port number. To change the connection type, re-create the synchronization agreement.

Using Encrypted SSL Connection. When selected, specifies that the supplier and consumer servers use SSL for secure communication.

SSL Client Authentication. Client authentication is no used for synchronization; this option is ignored if selected.

Simple Authentication. This is the default authentication type for synchronization.

Bind As. You can update the bind DN in the Bind As text box.

Password. You can update the password corresponding to the bind DN in the Password field.

--- NEW FILE dir_browser.html ---
<p class="topic">
Directory Browser
</p>

Use this dialog box to browse through the contents of the directory and select a subtree to export or replicate.

--- NEW FILE dir_browser2.html ---
<p class="topic">
Passwords Tab
</p>

Use this tab to set up a password policy for the currently selected subtree or user.

Create subtree/user level password policy. The caption of this checkbox reflects whether you opted to create a subtree or user level password policy. Selecting the checkbox adds the attributes required for defining the subtree- or user-level password policy. Once the policy is created, the caption changes to reflect that the existing policy can be modified or deleted. To delete the policy, unselect the checkbox.