eTrust® Directory Administrator Guide r8.1 Second Edition This documentation (the “Documentation”) and related computer software program (the “Software”) (hereinafter collectively referred to as the “Product”) is for the end user’s informational purposes only and is subject to change or withdrawal by CA at any time. This Product may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. This Product is proprietary information of CA and protected by the copyright laws of the United States and international treaties. Notwithstanding the foregoing, licensed users may print a reasonable number of copies of the Documentation for their own internal use, and may make one copy of the Software as reasonably required for back-up and disaster recovery purposes, provided that all CA copyright notices and legends are affixed to each reproduced copy. Only authorized employees, consultants, or agents of the user who are bound by the provisions of the license for the Software are permitted to have access to such copies. The right to print copies of the Documentation and to make a copy of the Software is limited to the period during which the license for the Product remains in full force and effect. Should the license terminate for any reason, it shall be the user’s responsibility to certify in writing to CA that all copies and partial copies of the Product have been returned to CA or destroyed. EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS PRODUCT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS PRODUCT, INCLUDING WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED OF SUCH LOSS OR DAMAGE. The use of this Product and any product referenced in the Documentation is governed by the end user’s applicable license agreement. The manufacturer of this Product is CA. This Product is provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7013(c)(1)(ii), as applicable, or their successors. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. Copyright © 2005 CA. All rights reserved. Contents Chapter 1: Introduction 1 What is eTrust Directory? .......................................................................................................1 eTrust Directory Modules........................................................................................................2 Documentation ..................................................................................................................... 7 Formatting Conventions ......................................................................................................... 9 CA Product References...........................................................................................................9 Chapter 2: DXserver Overview 11 What is DXserver?...............................................................................................................11 Configuration Files .............................................................................................................. 13 eTrust Directory Commands ................................................................................................. 18 DXserver Script Language .................................................................................................... 19 DXconsole.......................................................................................................................... 22 Databases.......................................................................................................................... 35 Chapter 3: General Administration 39 Defining DSAs with the set dsa Command............................................................................... 39 Alarms, Traces, and Logs ..................................................................................................... 42 Associations ....................................................................................................................... 45 Local Operations ................................................................................................................. 53 The Directory Information Base............................................................................................. 57 Cache DSAs ....................................................................................................................... 67 Cache-Only DSAs................................................................................................................ 80 Virtual Attributes ................................................................................................................ 84 Virtual Directory ................................................................................................................. 96 Knowledge Flags ................................................................................................................108 Chapter 4: Schema Definition 113 What Is a Schema? ............................................................................................................113 Supported Schema Protocols ...............................................................................................114 Configuring Schema ...........................................................................................................115 Attributes .........................................................................................................................119 Object Classes...................................................................................................................130 Dynamic Objects................................................................................................................134 Name Bindings ..................................................................................................................143 Contents iii Defining Local Schema........................................................................................................146 Chapter 5: Distribution and DSP 149 Distribution Protocols..........................................................................................................149 Managing DSP ...................................................................................................................150 Configuring a DSA..............................................................................................................157 Configuring Another DSA.....................................................................................................160 Configuring a Domain of DSAs .............................................................................................163 Alternative DSAs................................................................................................................168 Aliases .............................................................................................................................178 Chapter 6: Security 179 Protecting Communications with SSL Encryption .....................................................................179 Authentication ...................................................................................................................193 How Password Management Works .......................................................................................206 Managing Passwords ..........................................................................................................212 Access Control Overview .....................................................................................................220 Static Access Controls.........................................................................................................224 Dynamic Access Controls.....................................................................................................233 Groups, Roles, and Proxies ..................................................................................................235 Access-Controlled Routing ...................................................................................................243 Chapter 7: Replication 245 Replication Concepts ..........................................................................................................245 About Multiwrite Replication.................................................................................................250 Work with Multiwrite Replication...........................................................................................266 DISP Replication ................................................................................................................274 Manually Synchronizing Replicas Using Database Tools ............................................................283 Chapter 8: LDAP and DXlink 285 LDAP Integration with eTrust Directory..................................................................................285 LDAP Clients......................................................................................................................286