2.1. Server Configuration - Overview

2.1. Server Configuration - Overview

When the Directory Server is set up, its default configuration is stored as a series of LDAP entries within the directory, under the subtree cn=config. When the server is started, the contents of the cn=config subtree are read from a file (dse.ldif) in LDIF format. This dse.ldif file contains all of the server configuration information. The latest version of this file is called dse.ldif, the version prior to the last modification is called dse.ldif.bak, and the latest file with which the server successfully started is called dse.ldif.startOK.

Many of the features of the Directory Server are designed as discrete modules that plug into the core server. The details of the internal configuration for each plug-in are contained in separate entries under cn=plugins,cn=config. For example, the configuration of the Telephone Syntax Plug-in is contained in this entry: 

cn=Telephone Syntax,cn=plugins,cn=config

Similarly, database-specific configuration is stored under cn=ldbm database,cn=plugins,cn=config for local databases and cn=chaining database,cn=plugins,cn=config for database links.

The following diagram illustrates how the configuration data fits within the cn=config directory information tree.

Directory Information Tree Showing Configuration Data
Figure 2.1. Directory Information Tree Showing Configuration Data

2.1.1. LDIF and Schema Configuration Files

The Directory Server configuration data is automatically output to files in LDIF format that are located in the /var/lib/dirsrv/slapd-instance_name/ldif directory on Red Hat Enterprise Linux and Solaris and /var/opt/dirsrv/slapd-serverID/ldif on HP-UX. Thus, if a server identifier is phonebook, then for a Directory Server on Red Hat Enterprise Linux 5, the configuration LDIF files are all stored under /var/lib/dirsrv/slapd-phonebook/ldif.

This directory also contains other server instance-specific configuration files.

Schema configuration is also stored in LDIF format, and these files are located in /etc/dirsrv/slapd-instance_name/schema.

The following table lists all of the configuration files that are supplied with the Directory Server, including those for the schema of other compatible servers. Each file is preceded by a number which indicates the order in which they should be loaded (in ascending numerical and then alphabetical order).

Configuration Filename Purpose
dse.ldif Contains front-end Directory Specific Entries created by the directory at server startup. These include the Root DSE ("") and the contents of cn=config and cn=monitor (acis only).
00core.ldif Contains only those schema definitions necessary for starting the server with the bare minimum feature set (no user schema, no schema for any non-core features). The rest of the schema used by users, features, and applications is found in 01common.ldif and the other schema files. Do not modify this file.
01common.ldif Contains LDAPv3 standard operational schema, such as subschemaSubentry, LDAPv3 standard user and organization schema defined in RFC 2256 (based on X.520/X.521), inetOrgPerson and other widely-used attributes, and the operational attributes used by Directory Server configuration. Modifying this file causes interoperability problems. User-defined attributes should be added through the Directory Server Console.
05rfc2247.ldif Schema from RFC 2247 and related pilot schema, from "Using Domains in LDAP/X500 Distinguished Names."
05rfc2927.ldif Schema from RFC 2927, "MIME Directory Profile for LDAP Schema." Contains the ldapSchemas operational attribute required for the attribute to show up in the subschema subentry.
10presence.ldif Legacy. Schema for instant messaging presence (online) information; the file lists the default object classes with the allowed attributes that must be added to a user's entry in order for instant-messaging presence information to be available for that user.
10rfc2307.ldif Schema from RFC 2307, "An Approach for Using LDAP as a Network Information Service." This may be superseded by 10rfc2307bis, the new version of rfc2307, when that schema becomes available.
20subscriber.ldif Contains new schema elements and the Nortel subscriber interoperability specification. Also contains the adminRole and memberOf attributes and inetAdmin object class, previously stored in the 50ns-delegated-admin.ldif file.
25java-object.ldif Schema from RFC 2713, "Schema for Representing Java® Objects in an LDAP Directory."
28pilot.ldif Contains pilot directory schema from RFC 1274, which is no longer recommended for new deployments. Future RFCs which succeed RFC 1274 may deprecate some or all of 28pilot.ldif attribute types and classes.
30ns-common.ldif Schema that contains objects classes and attributes common to the Directory Server Console framework.
50ns-admin.ldif Schema used by Red Hat Administration Server.
50ns-certificate.ldif Schema for Red Hat Certificate Management System.
50ns-directory.ldif Contains additional configuration schema used by Directory Server 4.12 and earlier versions of the directory, which is no longer applicable to current releases of Directory Server. This schema is required for replicating between Directory Server 4.12 and current releases.
50ns-mail.ldif Schema used by Netscape Messaging Server to define mail users and mail groups.
50ns-value.ldif Schema for servers' value item attributes.
50ns-web.ldif Schema for Netscape Web Server.
60pam-plugin.ldif Reserved for future use.
99user.ldif User-defined schema maintained by Directory Server replication consumers which contains the attributes and object classes from the suppliers.
Table 2.1. Directory Server LDIF Configuration Files

2.1.2. How the Server Configuration Is Organized

The dse.ldif file contains all configuration information including directory-specific entries created by the directory at server startup, such as entries related to the database. The file includes the root Directory Server entry (or DSE, named by "") and the contents of cn=config and cn=monitor.

When the server generates the dse.ldif file, it lists the entries in hierarchical order in the order that the entries appear in the directory under cn=config, which is usually the same order in which an LDAP search of subtree scope for base cn=config returns the entries.

dse.ldif also contains the cn=monitor entry, which is mostly read-only, but can have ACIs set on it.

NOTE

The dse.ldif file does not contain every attribute in cn=config. If the attribute has not been set by the administrator and has a default value, the server will not write it to dse.ldif. To see every attribute in cn=config, use ldapsearch.

2.1.2.1. Configuration Attributes

Within a configuration entry, each attribute is represented as an attribute name. The value of the attribute corresponds to the attribute's configuration.

The following code sample is an example of part of the dse.ldif file for a Directory Server. The example shows, among other things, that schema checking has been enabled; this is represented by the attribute nsslapd-schemacheck, which takes the value on. 

dn: cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsslapdConfig
nsslapd-accesslog-logging-enabled: on
nsslapd-enquote-sup-oc: off
nsslapd-localhost: phonebook.example.com
nsslapd-schemacheck: on
nsslapd-port: 389
nsslapd-localuser: nobody
...

2.1.2.2. Configuration of Plug-in Functionality

The configuration for each part of Directory Server plug-in functionality has its own separate entry and set of attributes under the subtree cn=plugins,cn=config. The following code sample is an example of the configuration entry for an example plug-in, the Telephone Syntax plug-in. 

dn: cn=Telephone Syntax,cn=plugins,cn=config
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
cn: Telephone Syntax
nsslapd-pluginType: syntax
nsslapd-pluginEnabled: on

Some of these attributes are common to all plug-ins, and some may be particular to a specific plug-in. Check which attributes are currently being used by a given plug-in by performing an ldapsearch on the cn=config subtree.

For a list of plug-ins supported by Directory Server, general plug-in configuration information, the plug-in configuration attribute reference, and a list of plug-ins requiring restart for configuration changes, see Chapter 3, Plug-in Implemented Server Functionality Reference.

2.1.2.3. Configuration of Databases

The cn=NetscapeRoot and cn=UserRoot subtrees under the database plug-in entry contain configuration data for the databases containing the o=NetscapeRoot suffix and the default suffix created during setup, such as dc=example,dc=com.

These entries and their children have many attributes used to configure different database settings, like the cache sizes, the paths to the index files and transaction logs, entries and attributes for monitoring and statistics; and database indexes.

2.1.2.4. Configuration of Indexes

Configuration information for indexing is stored as entries in the Directory Server under the following information-tree nodes:

  • cn=index,cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config

  • cn=index,cn=UserRoot,cn=ldbm database,cn=plugins,cn=config

  • cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config

For more information about indexes in general, see the Directory Server Administration Guide. For information about the index configuration attributes, see Section 3.4.1, “Database Attributes under cn=config, cn=ldbm database, cn=plugins, cn=config”.


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.