eTrust® Directory
Administrator Guide r8.1
Second Edition
This documentation (the “Documentation”) and related computer software program (the “Software”) (hereinafter collectively referred to as the “Product”) is for the end user’s informational purposes only and is subject to change or withdrawal by CA at any time.
This Product may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. This Product is proprietary information of CA and protected by the copyright laws of the United States and international treaties.
Notwithstanding the foregoing, licensed users may print a reasonable number of copies of the Documentation for their own internal use, and may make one copy of the Software as reasonably required for back-up and disaster recovery purposes, provided that all CA copyright notices and legends are affixed to each reproduced copy. Only authorized employees, consultants, or agents of the user who are bound by the provisions of the license for the Software are permitted to have access to such copies.
The right to print copies of the Documentation and to make a copy of the Software is limited to the period during which the license for the Product remains in full force and effect. Should the license terminate for any reason, it shall be the user’s responsibility to certify in writing to CA that all copies and partial copies of the Product have been returned to CA or destroyed.
EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS PRODUCT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS PRODUCT, INCLUDING WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED OF SUCH LOSS OR DAMAGE.
The use of this Product and any product referenced in the Documentation is governed by the end user’s applicable license agreement.
The manufacturer of this Product is CA.
This Product is provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7013(c)(1)(ii), as applicable, or their successors.
All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Copyright © 2005 CA. All rights reserved.
Contents
Chapter 1: Introduction 1 What is eTrust Directory? ...... 1 eTrust Directory Modules...... 2 Documentation ...... 7 Formatting Conventions ...... 9 CA Product References...... 9
Chapter 2: DXserver Overview 11 What is DXserver?...... 11 Configuration Files ...... 13 eTrust Directory Commands ...... 18 DXserver Script Language ...... 19 DXconsole...... 22 Databases...... 35
Chapter 3: General Administration 39 Defining DSAs with the set dsa Command...... 39 Alarms, Traces, and Logs ...... 42 Associations ...... 45 Local Operations ...... 53 The Directory Information Base...... 57 Cache DSAs ...... 67 Cache-Only DSAs...... 80 Virtual Attributes ...... 84 Virtual Directory ...... 96 Knowledge Flags ...... 108
Chapter 4: Schema Definition 113 What Is a Schema? ...... 113 Supported Schema Protocols ...... 114 Configuring Schema ...... 115 Attributes ...... 119 Object Classes...... 130 Dynamic Objects...... 134 Name Bindings ...... 143
Contents iii
Defining Local Schema...... 146
Chapter 5: Distribution and DSP 149 Distribution Protocols...... 149 Managing DSP ...... 150 Configuring a DSA...... 157 Configuring Another DSA...... 160 Configuring a Domain of DSAs ...... 163 Alternative DSAs...... 168 Aliases ...... 178
Chapter 6: Security 179 Protecting Communications with SSL Encryption ...... 179 Authentication ...... 193 How Password Management Works ...... 206 Managing Passwords ...... 212 Access Control Overview ...... 220 Static Access Controls...... 224 Dynamic Access Controls...... 233 Groups, Roles, and Proxies ...... 235 Access-Controlled Routing ...... 243
Chapter 7: Replication 245 Replication Concepts ...... 245 About Multiwrite Replication...... 250 Work with Multiwrite Replication...... 266 DISP Replication ...... 274 Manually Synchronizing Replicas Using Database Tools ...... 283
Chapter 8: LDAP and DXlink 285 LDAP Integration with eTrust Directory...... 285 LDAP Clients...... 286 Schema Publishing ...... 288 LDAP Controls ...... 290 Integrating Other LDAP Servers ...... 293
Chapter 9: Monitoring the Directory 301 Supported Protocols ...... 301 General Monitoring...... 302
iv Administrator Guide
SNMP and the Directory Monitoring MIB ...... 304 CMIP and X.700 Management ...... 310
Chapter 10: Tools for Managing eTrust Directory 313 What Are the DXtools?...... 313 Using DXtools...... 313 Database Tools ...... 314 LDIF Tools ...... 316 DAP Tools ...... 320 Schema Tools...... 321
Chapter 11: About JXplorer 323 What Is JXplorer?...... 324 The JXplorer Browser...... 325 How JXplorer Connects to a Directory...... 333 How JXplorer Searches a Directory ...... 336 Bookmarks...... 343 How JXplorer Lets You Edit the Directory ...... 344 How JXplorer Reads the Schema ...... 358 How JXplorer Handles Importing and Exporting Data ...... 361 How JXplorer Works with Aliases ...... 362 How JXplorer Handles Passwords...... 367 How JXplorer Handles SSL, SASL, and Certificates ...... 370 JXplorer Logging ...... 373 Customize JXplorer...... 373 Troubleshooting ...... 373 LDAP and Directory Resources ...... 374
Chapter 12: Using JXplorer 375 Connect...... 375 Search the Directory...... 380 Display Directory Information ...... 386 Work with Directory Entries ...... 388 Work with Attributes...... 395 Add Binary Files...... 400 Launch and Save Binary Files...... 403 Import and Export Using LDIF Files...... 405 Manage Certificates ...... 408 Manage Bookmarks ...... 413 Configure JXplorer...... 415
Contents v
Chapter 13: Using JXweb 425 About JXweb ...... 426 Get Started with JXweb...... 428 Search the Directory...... 432 Create and Delete Entries...... 435 Modify Entries ...... 440 Change Entry Names ...... 443 Copy and Move Entries ...... 446 Manage Certificates ...... 447 View Schemas ...... 449 Configure JXweb ...... 453
Chapter 14: Using DXmanager 457 What is DXmanager...... 457 How DXmanager Works ...... 460 How Polling Works...... 462 What Are Alerts ...... 462 DXmanager Security...... 463 Setting Up and Securing DXmanager ...... 467 Working with DXmanager...... 478 Troubleshooting ...... 487
Chapter 15: Using The UDDI Server and UDDI Client 491 About the UDDI Server ...... 492 About UDDI Registries ...... 493 Sample Data ...... 494 Work with the UDDI Client...... 495 Use the UDDI Client in Languages Other Than English ...... 500 Using tModels...... 501
Chapter 16: Using the DSML Server 503 About DSML ...... 503 What Is the DSML Server?...... 503 How the DSML Server Works ...... 504 Connect to the DSML Server ...... 506 Change the DSML Properties...... 507
Chapter 17: Using the Sample DSAs, Applications, and Tools 509 Implementing the Samples...... 509
vi Administrator Guide
The Sample DSAs ...... 510 Sample Web Applications ...... 515 Sample Configuration Files ...... 520 Sample Tools...... 521
Chapter 18: Deploying a Directory 543 Directory Design ...... 543 Operations and Practices...... 548 Troubleshooting ...... 552
Chapter 19: Tailoring the RDBMS 555 Tips for Navigation ...... 555 Changing the Default Page Size...... 556 Stop and Restart Ingres on Windows...... 557 Stop and Restart Ingres on UNIX...... 558 Test Connection to the Database ...... 558 Increasing the Number of Cache Pages...... 559 Increasing the Number of Database Connections ...... 560 Other Customizations ...... 562
Chapter 20: Error and Diagnostic Logs 563 Types of Logs ...... 563 Working with Logs...... 568
Chapter 21: Installing eTrust Directory for Windows 571 Installation Overview...... 571 Upgrade eTrust Directory ...... 577 Install eTrust Directory Using the Product Explorer...... 580 Install eTrust Directory Using Commands ...... 588 Install eTrust Directory Silently ...... 594 Uninstall eTrust Directory ...... 598 Troubleshooting ...... 599
Chapter 22: Installing eTrust Directory for UNIX 601 Installation Overview...... 601 Upgrade eTrust Directory ...... 606 Install eTrust Directory Using the Installation Program ...... 607 Install eTrust Directory Using Commands ...... 624 Install eTrust Directory Silently ...... 626
Contents vii
Install on Solaris...... 630 Troubleshooting ...... 634
Glossary 637
viii Administrator Guide
Chapter 1: Introduction
This section contains the following topics: What is eTrust Directory? (see page 1) eTrust Directory Modules (see page 2) Documentation (see page 7) Formatting Conventions (see page 9) CA Product References (see page 9) Contact Customer Support (see page 9)
What is eTrust Directory?
eTrust® Directory consists of a suite of products that lets you build an industrial-strength directory service for directory-enabled applications. The product suite includes a high performance, state-of-the-art Directory server, graphical Directory browsers, and a set of tools for importing, exporting, and synchronizing data with other information systems.
eTrust Directory advanced features are: