3.1. Server Plug-in Functionality Reference

3.1. Server Plug-in Functionality Reference

The following tables provide a quick overview of the plug-ins provided with Directory Server, along with their configurable options, configurable arguments, default setting, dependencies, general performance-related information, and further reading. These tables assist in weighing plug-in performance gains and costs and choose the optimal settings for the deployment. The Further Information section cross-references further reading, where this is available.

3.1.1. 7-bit Check Plug-in

Plug-in Parameter Description
Plug-in Name 7-bit check (NS7bitAtt)
DN of Configuration Entry cn=7-bit check, cn=plugins, cn=config
Description Checks certain attributes are 7-bit clean
Configurable Options on | off
Default Setting on
Configurable Arguments List of attributes (uid mail userpassword) followed by "," and then suffixes on which the check is to occur.
Dependencies None
Performance Related Information None
Further Information If the Directory Server uses non-ASCII characters, such as Japanese, turn this plug-in off.

3.1.2. ACL Plug-in

Plug-in Parameter Description
Plug-in Name ACL Plug-in
DN of Configuration Entry cn=ACL Plugin, cn=plugins, cn=config
Description ACL access check plug-in
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Access control incurs a minimal performance hit. Leave this plug-in enabled since it is the primary means of access control for the server.
Further Information See the "Managing Access Control" chapter in the Directory Server Administration Guide.

3.1.3. ACL Preoperation Plug-in

Plug-in Parameter Description
Plug-in Name ACL Preoperation
DN of Configuration Entry cn=ACL preoperation, cn=plugins, cn=config
Description ACL access check plug-in
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies Database
Performance Related Information Access control incurs a minimal performance hit. Leave this plug-in enabled since it is the primary means of access control for the server.
Further Information See the "Managing Access Control" chapter in the Directory Server Administration Guide.

3.1.4. Attribute Uniqueness Plug-in

Plug-in Parameter Description
Plug-in Name Attribute Uniqueness Plug-in
DN of Configuration Entry cn=Attribute Uniqueness, cn=plugins, cn=config
Description Checks that the values of specified attributes are unique each time a modification occurs on an entry. For example, most sites require that a user ID and email address be unique.
Configurable Options on | off
Default Setting off
Configurable Arguments To check for UID attribute uniqueness in all listed subtrees, enter uid "DN" "DN".... However, to check for UID attribute uniqueness when adding or updating entries with the requiredObjectClass, enter attribute="uid" MarkerObjectclass = "ObjectClassName" and, optionally requiredObjectClass = "ObjectClassName". This starts checking for the required object classes from the parent entry containing the ObjectClass as defined by the MarkerObjectClass attribute.
Dependencies Database
Performance Related Information

Directory Server provides the UID Uniqueness Plug-in by default. To ensure unique values for other attributes, create instances of the Attribute Uniqueness Plug-in for those attributes. See the "Using the Attribute Uniqueness Plug-in" in the Directory Server Administration Guide for more information about the Attribute Uniqueness Plug-in.

The UID Uniqueness Plug-in is off by default due to operation restrictions that need to be addressed before enabling the plug-in in a multi-master replication environment. Turning the plug-in on may slow down Directory Server performance.

Further Information See the"Using the Attribute Uniqueness Plug-in" in the Directory Server Administration Guide.

3.1.5. Binary Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Binary Syntax
DN of Configuration Entry cn=Binary Syntax, cn=plugins, cn=config
Description Syntax for handling binary data
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.6. Boolean Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Boolean Syntax
DN of Configuration Entry cn=Boolean Syntax, cn=plugins, cn=config
Description Syntax for handling booleans
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.7. Case Exact String Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Case Exact String Syntax
DN of Configuration Entry cn=Case Exact String Syntax, cn=plugins, cn=config
Description Syntax for handling case-sensitive strings
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.8. Case Ignore String Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Case Ignore String Syntax
DN of Configuration Entry cn=Case Ignore String Syntax, cn=plugins, cn=config
Description Syntax for handling case-insensitive strings
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.9. Chaining Database Plug-in

Plug-in Parameter Description
Plug-in Name Chaining Database
DN of Configuration Entry cn=Chaining database, cn=plugins, cn=config
Description Syntax for handling DNs
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information There are many performance related tuning parameters involved with the chaining database. See the "Maintaining Database Links" section in the Directory Server Administration Guide.
Further Information A chaining database is also known as a database link. Database links are described in the "Configuring Directory Databases" chapter in the Directory Server Administration Guide.

3.1.10. Class of Service Plug-in

Plug-in Parameter Description
Plug-in Name Class of Service
DN of Configuration Entry cn=Class of Service, cn=plugins, cn=config
Description Allows for sharing of attributes between entries
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Leave this plug-in running at all times.
Further Information See the "Advanced Entry Management" chapter in the Directory Server Administration Guide.

3.1.11. Country String Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Country String Syntax Plug-in
DN of Configuration Entry cn=Country String Syntax, cn=plugins, cn=config
Description Syntax for handling countries
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.12. Distinguished Name Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Distinguished Name Syntax
DN of Configuration Entry cn=Distinguished Name Syntax, cn=plugins, cn=config
Description Syntax for handling DNs
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.13. Generalized Time Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Generalized Time Syntax
DN of Configuration Entry cn=Generalized Time Syntax, cn=plugins, cn=config
Description Syntax for dealing with dates, times and time zones
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information The Generalized Time String consists of a four digit year, two digit month (for example, 01 for January), two digit day, two digit hour, two digit minute, two digit second, an optional decimal part of a second, and a time zone indication. Red Hat strongly recommends using the Z time zone indication, which indicates Greenwich Mean Time.

3.1.14. HTTP Client Plug-in

Plug-in Parameter Description
Plug-in Name HTTP Client
DN of Configuration Entry cn=HTTP Client, cn=plugins, cn=config
Description HTTP client plug-in
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies Database
Performance Related Information
Further Information

3.1.15. Integer Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Integer Syntax
DN of Configuration Entry cn=Integer Syntax, cn=plugins, cn=config
Description Syntax for handling integers
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.16. Internationalization Plug-in

Plug-in Parameter Description
Plug-in Name Internationalization Plug-in
DN of Configuration Entry cn=Internationalization Plugin, cn=plugins, cn=config
Description Syntax for handling DNs
Configurable Options on | off
Default Setting on
Configurable Arguments The Internationalization Plug-in has one argument, which must not be modified, which specifies the location of the /etc/dirsrv/config/slapd-collations.conf file. This file stores the collation orders and locales used by the Internationalization Plug-in.
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information See the "Internationalization" appendix and the section on "Searching an Internationalized Directory" in the "Finding Directory Entries" appendix in the Directory Server Administration Guide.

3.1.17. JPEG Syntax Plug-in

Plug-in Parameter Description
Plug-in Name JPEG Syntax Plug-in
DN of Configuration Entry cn=JPEG Syntax,cn=plugins,cn=config
Description Syntax for JPEG data.
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.18. ldbm database Plug-in

Plug-in Parameter Description
Plug-in Name ldbm database Plug-in
DN of Configuration Entry cn=ldbm database, cn=plugins, cn=config
Description Implements local databases
Configurable Options
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information See Section 3.4, “Database Plug-in Attributes” for further information on database configuration.
Further Information See the "Configuring Directory Databases" chapter in the Directory Server Administration Guide.

3.1.19. Legacy Replication Plug-in

Plug-in Parameter Description
Plug-in Name Legacy Replication Plug-in
DN of Configuration Entry cn=Legacy Replication plug-in, cn=plugins, cn=config
Description Enables a current version Directory Server to be a consumer of a 4.x supplier
Configurable Options on | off
Default Setting off
Configurable Arguments None. This plug-in can be disabled if the server is not (and never will be) a consumer of a 4.x server.
Dependencies Database
Performance Related Information None
Further Information See the "Managing Replication" chapter in the Directory Server Administration Guide.

3.1.20. Multi-master Replication Plug-in

Plug-in Parameter Description
Plug-in Name Multi-master Replication Plug-in
DN of Configuration Entry cn=Multimaster Replication plugin, cn=plugins, cn=config
Description Enables replication between two current Directory Servers
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies Database
Performance Related Information
Further Information Turn this plug-in off if one server will never replicate. See the "Managing Replication" chapter in the Directory Server Administration Guide.

3.1.21. Octet String Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Octet String Syntax
DN of Configuration Entry cn=Octet String Syntax, cn=plugins, cn=config
Description Syntax for handling octet strings
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.22. OID Syntax Plug-in

Plug-in Parameter Description
Plug-in Name OID Syntax Plug-in
DN of Configuration Entry cn=OID Syntax,cn=plugins,cn=config
Description Syntax for object identifiers (OID).
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.23. CLEAR Password Storage Plug-in

Plug-in Parameter Description
Plug-in Name CLEAR
DN of Configuration Entry cn=CLEAR, cn=Password Storage Schemes, cn=plugins, cn=config
Description CLEAR password storage scheme used for password encryption
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information See the "User Account Management" chapter in the Directory Server Administration Guide.

3.1.24. CRYPT Password Storage Plug-in

Plug-in Parameter Description
Plug-in Name CRYPT
DN of Configuration Entry cn=CRYPT, cn=Password Storage Schemes, cn=plugins, cn=config
Description CRYPT password storage scheme used for password encryption
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information See the "User Account Management" chapter in the Directory Server Administration Guide.

3.1.25. NS-MTA-MD5 Password Storage Scheme Plug-in

Plug-in Parameter Description
Plug-in Name NS-MTA-MD5
DN of Configuration Entry cn=NS-MTA-MD5, cn=Password Storage Schemes, cn=plugins, cn=config
Description NS-MTA-MD5 password storage scheme for password encryption
Configurable Options on | off
Default Setting off
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

The NS-MTA-MD5 password storage scheme cannot be used to encrypt passwords. The storage scheme is still present but only for backward compatibility; that is, if the data in the directory still contains passwords encrypted with the NS-MTA-MD5 password storage scheme.

See the "User Account Management" chapter in the Directory Server Administration Guide.

3.1.26. SHA Password Storage Scheme Plug-in

Plug-in Parameter Description
Plug-in Name SHA
DN of Configuration Entry
cn=SHA, cn=Password Storage Schemes, cn=plugins, cn=config
cn=SHA256,cn=Password Storage Schemes,cn=plugins,cn=config
cn=SHA384,cn=Password Storage Schemes,cn=plugins,cn=config
cn=SHA512,cn=Password Storage Schemes,cn=plugins,cn=config
Description SHA password storage scheme for password encryption
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information If there are no passwords encrypted using the SHA password storage scheme, this plug-in can be turned off. To encrypt the password with the SHA password storage scheme, Red Hat recommends choosing SSHA instead, as SSHA is a far more secure option.
Further Information See the "User Account Management" chapter in the Directory Server Administration Guide.

3.1.27. SSHA Password Storage Scheme Plug-in

Plug-in Parameter Description
Plug-in Name SSHA
DN of Configuration Entry
cn=SSHA, cn=Password Storage Schemes, cn=plugins, cn=config
cn=SSHA256,cn=Password Storage Schemes,cn=plugins,cn=config
cn=SSHA384,cn=Password Storage Schemes,cn=plugins,cn=config
cn=SSHA512,cn=Password Storage Schemes,cn=plugins,cn=config
Description SSHA password storage scheme for password encryption
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information See the "User Account Management" chapter in the Directory Server Administration Guide.

3.1.28. Postal Address String Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Postal Address Syntax
DN of Configuration Entry cn=Postal Address Syntax, cn=plugins, cn=config
Description Syntax used for handling postal addresses
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.29. PTA Plug-in

Plug-in Parameter Description
Plug-in Name Pass-Through Authentication Plug-in
DN of Configuration Entry cn=Pass Through Authentication, cn=plugins, cn=config
Description Enables pass-through authentication, the mechanism which allows one directory to consult another to authenticate bind requests.
Configurable Options on | off
Default Setting off
Configurable Arguments ldap://example.com:389/o=example
Dependencies None
Performance Related Information Pass-through authentication slows down bind requests a little because they have to make an extra hop to the remote server. See the "Using Pass-through Authentication" chapter in the Directory Server Administration Guide.
Further Information See the "Using the Pass-through Authentication Plug-in" chapter in the Directory Server Administration Guide.

3.1.30. Referential Integrity Postoperation Plug-in

Plug-in Parameter Description
Plug-in Name Referential Integrity Postoperation
DN of Configuration Entry cn=Referential Integrity Postoperation, cn=plugins, cn=config
Description Enables the server to ensure referential integrity
Configurable Options All configuration and on | off
Default Setting off
Configurable Arguments When enabled, the post-operation Referential Integrity Plug-in performs integrity updates on the member, uniquemember, owner and seeAlso attributes immediately after a delete or rename operation. The plug-in can be reconfigured to perform integrity checks on all other attributes:

  • Check for referential integrity.

    -1= no check for referential integrity
    0= check for referential integrity is performed immediately
    Positive integer= request for referential integrity is queued and processed at a later stage. This positive integer serves as a wake-up call for the thread to process the request at intervals corresponding to the integer (number of seconds) specified.

  • Log file for storing the change; for example /var/log/dirsrv/slapd-instance_name/referint.

  • All the additional attribute names to be checked for referential integrity.

Dependencies Database
Performance Related Information The Referential Integrity Plug-in should be enabled only on one master in a multimaster replication environment to avoid conflict resolution loops. When enabling the plug-in on chained servers, be sure to analyze the performance resource and time needs as well as integrity needs; integrity checks can be time consuming and demanding on memory and CPU. All attributes specified must be indexed for both presence and equality.
Further Information See the "Managing Indexes" chapter for information about how to index attributes used for referential integrity checking and the "Configuring Directory Databases" chapter in the Directory Server Administration Guide.

3.1.31. Retro Changelog Plug-in

Plug-in Parameter Description
Plug-in Name Retro Changelog Plug-in
DN of Configuration Entry cn=Retro Changelog Plugin, cn=plugins, cn=config
Description Used by LDAP clients for maintaining application compatibility with Directory Server 4.x versions. Maintains a log of all changes occurring in the Directory Server. The retro changelog offers the same functionality as the changelog in the 4.x versions of Directory Server. This plug-in exposes the cn=changelog suffix to clients, so that clients can use this suffix with or without persistent search for simple sync applications.
Configurable Options on | off
Default Setting off
Configurable Arguments See Section 3.6, “Retro Changelog Plug-in Attributes” for further information on the two configuration attributes for this plug-in.
Dependencies None
Performance Related Information May slow down Directory Server update performance.
Further Information See the "Managing Replication" chapter in the Directory Server Administration Guide.

3.1.32. Roles Plug-in

Plug-in Parameter Description
Plug-in Name Roles Plug-in
DN of Configuration Entry cn=Roles Plugin, cn=plugins, cn=config
Description Enables the use of roles in the Directory Server
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies Database
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information See the "Advanced Entry Management" chapter in the Directory Server Administration Guide.

3.1.33. Space Insensitive String Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Space Insensitive String Syntax
DN of Configuration Entry cn=Space Insensitive String Syntax, cn=plugins, cn=config
Description Syntax for handling space-insensitive values
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information This plug-in enables the Directory Server to support space and case insensitive values. Applications can now search the directory using entries with ASCII space characters. For example, a search or compare operation that uses jOHN Doe will match entries that contain johndoe, john doe, and John Doe if the attribute's schema has been configured to use the space insensitive syntax. For more information about finding directory entries, refer to the "Finding Directory Entries" Appendix in the Directory Server Administration Guide.

3.1.34. State Change Plug-in

Plug-in Parameter Description
Plug-in Name State Change Plug-in
DN of Configuration Entry cn=State Change Plugin, cn=plugins, cn=config
Description Enables state-change-notification service
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information
Further Information

3.1.35. Telephone Syntax Plug-in

Plug-in Parameter Description
Plug-in Name Telephone Syntax
DN of Configuration Entry cn=Telephone Syntax, cn=plugins, cn=config
Description Syntax for handling telephone numbers
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.36. URI Syntax Plug-in

Plug-in Parameter Description
Plug-in Name URI Syntax
DN of Configuration Entry cn=URI Syntax, cn=plugins, cn=config
Description Syntax for handling URIs (Unique Resource Identifiers), including URLs (Unique Resource Locators)
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies None
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

3.1.37. Views Plug-in

Plug-in Parameter Description
Plug-in Name Views Plug-in
DN of Configuration Entry cn=Views,cn=plugins,cn=config
Description Enables the use of views in the Directory Server databases.
Configurable Options on | off
Default Setting on
Configurable Arguments None
Dependencies Database
Performance Related Information Do not modify the configuration of this plug-in. Red Hat recommends leaving this plug-in running at all times.
Further Information

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.