Chapter 3. Configuration object classes
Many configuration entries simply use the extensibleObject
object class, but some require other object classes. These configuration object classes are listed here.
3.1. changeLogEntry
This object class is used for entries which store changes made to the Directory Server entries.
To configure Directory Server to maintain a changelog that is compatible with the changelog implemented in Directory Server 4.1x, enable the Retro Changelog plug-in. Each entry in the changelog has the changeLogEntry
object class.
This object class is defined in Changelog Internet Draft.
Superior Class
top
OID
2.16.840.1.113730.3.2.1
objectClass | Defines the object classes for the entry. |
Contains a number assigned arbitrarily to the changelog. | |
The time at which a change took place. | |
The type of change performed on an entry. | |
The distinguished name of an entry added, modified or deleted on a supplier server. |
Changes made to the Directory Server. | |
A flag that defines whether the old Relative Distinguished Name (RDN) of the entry should be kept as a distinguished attribute of the entry or should be deleted. | |
New RDN of an entry that is the target of a modRDN or modDN operation. | |
Name of the entry that becomes the immediate superior of the existing entry when processing a modDN operation. |
3.2. directoryServerFeature
This object class is used specifically for entries which identify a feature of the directory service. This object class is defined by Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.40
Attribute | Definition |
---|---|
objectClass | Gives the object classes assigned to the entry. |
Attribute | Definition |
---|---|
cn | Specifies the common name of the entry. |
multiLineDescription | Gives a text description of the entry. |
oid | Specifies the OID of the feature. |
3.3. nsBackendInstance
This object class is used for the Directory Server back end, or database, instance entry. This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.109
Attribute | Definition |
---|---|
objectClass | Defines the object classes for the entry. |
cn | Gives the common name of the entry. |
3.4. nsDS5Replica
This object class is for entries which define a replica in database replication. Many of these attributes are set within the back end and cannot be modified.
Information on the attributes for this object class are listed with the core configuration attributes in chapter 2 of the Directory Server Configuration, Command, and File Reference.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.108
objectClass | Defines the object classes for the entry. |
nsDS5ReplicaId | Specifies the unique ID for suppliers in a replication environment. |
nsDS5ReplicaRoot | Specifies the suffix DN at the root of a replicated area. |
cn | Gives the name for the replica. |
nsDS5Flags | Specifies information that has been previously set in flags. |
nsDS5ReplicaAutoReferral | Sets whether the server will follow configured referrals for the Directory Server database. |
nsDS5ReplicaBindDN | Specifies the DN to use when a supplier server binds to a consumer. |
nsDS5ReplicaChangeCount | Gives the total number of entries in the changelog and whether they have been replicated. |
nsDS5ReplicaLegacyConsumer | Specifies whether the replica is a legacy consumer. |
nsDS5ReplicaName | Specifies the unique ID for the replica for internal operations. |
nsDS5ReplicaPurgeDelay | Specifies the time in seconds before the changelog is purged. |
nsDS5ReplicaReferral | Specifies the URLs for user-defined referrals. |
nsDS5ReplicaReleaseTimeout | Specifies a timeout after which a supplier will release a replica, whether or not it has finished sending its updates. |
nsDS5ReplicaTombstonePurgeInterval | Specifies the time interval in seconds between purge operation cycles. |
nsDS5ReplicaType | Defines the type of replica, such as a read-only consumer. |
nsDS5Task | Launches a replication task, such as dumping the database contents to LDIF; this is used internally by the Directory Server supplier. |
nsState | Stores information on the clock so that proper change sequence numbers are generated. |
3.5. nsDS5ReplicationAgreement
Entries with the nsDS5ReplicationAgreement
object class store the information set in a replication agreement. Information on the attributes for this object class are in chapter 2 of the Directory Server Configuration, Command, and File Reference.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.103
objectClass | Defines the object classes for the entry. |
cn | Used for naming the replication agreement. |
description | Contains a free text description of the replication agreement. |
nsDS5BeginReplicaRefresh | Initializes a replica manually. |
nsds5debugreplicatimeout | Gives an alternate timeout period to use when the replication is run with debug logging. |
nsDS5ReplicaBindDN | Specifies the DN to use when a supplier server binds to a consumer. |
nsDS5ReplicaBindMethod | Specifies the method (SSL or simple authentication) to use for binding. |
nsDS5ReplicaBusyWaitTime | Specifies the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access. |
nsDS5ReplicaChangesSentSinceStartup | The number of changes sent to this replica since the server started. |
nsDS5ReplicaCredentials | Specifies the password for the bind DN. |
nsDS5ReplicaHost | Specifies the host name for the consumer replica. |
nsDS5ReplicaLastInitEnd | States when the initialization of the consumer replica ended. |
nsDS5ReplicaLastInitStart | States when the initialization of the consumer replica started. |
nsDS5ReplicaLastInitStatus | The status for the initialization of the consumer. |
nsDS5ReplicaLastUpdateEnd | States when the most recent replication schedule update ended. |
nsDS5ReplicaLastUpdateStart | States when the most recent replication schedule update started. |
nsDS5ReplicaLastUpdateStatus | Provides the status for the most recent replication schedule updates. |
nsDS5ReplicaPort | Specifies the port number for the remote replica. |
nsDS5ReplicaRoot | Specifies the suffix DN at the root of a replicated area. |
nsDS5ReplicaSessionPauseTime | Specifies the amount of time in seconds a supplier should wait between update sessions. |
nsDS5ReplicatedAttributeList | Specifies any attributes that will not be replicated to a consumer server. |
nsDS5ReplicaTimeout | Specifies the number of seconds outbound LDAP operations will wait for a response from the remote replica before timing out and failing. |
nsDS5ReplicaTransportInfo | Specifies the type of transport used for transporting data to and from the replica. |
nsDS5ReplicaUpdateInProgress | States whether a replication schedule update is in progress. |
nsDS5ReplicaUpdateSchedule | Specifies the replication schedule. |
nsDS50ruv | Manages the internal state of the replica using the replication update vector. |
nsruvReplicaLastModified | Contains the most recent time that an entry in the replica was modified and the changelog was updated. |
nsds5ReplicaStripAttrs |
With fractional replication, an update to an excluded attribute still triggers a replication event, but that event is empty. This attribute sets attributes to strip from the replication update. This prevents changes to attributes like |
3.6. nsDSWindowsReplicationAgreement
Stores the synchronization attributes that concern the synchronization agreement. Information on the attributes for this object class are in chapter 2 of the {PRODUCT} Configuration, Command, and File Reference.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.503
objectClass | Defines the object classes for the entry. |
cn | Gives the name of the synchronization agreement. |
description | Contains a text description of the synchronization agreement. |
nsDS5BeginReplicaRefresh | Initiates a manual synchronization. |
nsds5debugreplicatimeout | Gives an alternate timeout period to use when the synchronization is run with debug logging. |
nsDS5ReplicaBindDN | Specifies the DN to use when Directory Server binds to the Windows server. |
nsDS5ReplicaBindMethod | Specifies the method (SSL or simple authentication) to use for binding. |
nsDS5ReplicaBusyWaitTime | Specifies the amount of time in seconds Directory Server should wait after the Windows server sends back a busy response before making another attempt to acquire access. |
nsDS5ReplicaChangesSentSinceStartup | Shows the number of changes sent since Directory Server started. |
nsDS5ReplicaCredentials | Specifies the credentials for the bind DN. |
nsDS5ReplicaHost | Specifies the host name for the Windows domain controller of the Windows server being synchronized. |
nsDS5ReplicaLastInitEnd | States when the last total update (resynchronization) of the Windows server ended. |
nsDS5ReplicaLastInitStart | States when the last total update (resynchronization) of the Windows server started. |
nsDS5ReplicaLastInitStatus | The status for the total update (resynchronization) of the Windows server. |
nsDS5ReplicaLastUpdateEnd | States when the most recent update ended. |
nsDS5ReplicaLastUpdateStart | States when the most recent update started. |
nsDS5ReplicaLastUpdateStatus | Provides the status for the most recent updates. |
nsDS5ReplicaPort | Specifies the port number for the Windows server. |
nsDS5ReplicaRoot | Specifies the root suffix DN of Directory Server. |
nsDS5ReplicaSessionPauseTime | Specifies the amount of time in seconds Directory Server should wait between update sessions. |
nsDS5ReplicaTimeout | Specifies the number of seconds outbound LDAP operations will wait for a response from the Windows server before timing out and failing. |
nsDS5ReplicaTransportInfo | Specifies the type of transport used for transporting data to and from the Windows server. |
nsDS5ReplicaUpdateInProgress | States whether an update is in progress. |
nsDS5ReplicaUpdateSchedule | Specifies the synchronization schedule. |
nsDS50ruv | Manages the internal state of Directory Server sync peer using the replication update vector (RUV). |
nsds7DirectoryReplicaSubtree | Specifies Directory Server suffix (root or sub) that is synced. |
nsds7DirsyncCookie | Contains a cookie set by the sync service that functions as an RUV. |
nsds7NewWinGroupSyncEnabled | Specifies whether new Windows group accounts are automatically created on Directory Server. |
nsds7NewWinUserSyncEnabled | Specifies whether new Windows user accounts are automatically created on Directory Server. |
nsds7WindowsDomain |
Identifies the Windows domain being synchronized; analogous to |
nsds7WindowsReplicaSubtree | Specifies the Windows server suffix (root or sub) that is synced. |
nsruvReplicaLastModified | Contains the most recent time that an entry in Directory Server sync peer was modified and the changelog was updated. |
winSyncInterval |
Sets how frequently, in seconds, Directory Server polls the Windows server for updates to write over. If this is not set, the default is |
winSyncMoveAction | Sets how the sync plug-in handles corresponding entries that are discovered in Active Directory outside of the synced subtree. The sync process can ignore these entries (none, the default) or it can assume that the entries were moved intentionally to remove them from synchronization, and it can then either delete the corresponding Directory Server entry (delete) or remove the synchronization attributes and no longer sync the entry (unsync). |
3.7. nsEncryptionConfig
The nsEncryptionConfig
object class stores the configuration information for allowed encryption options, such as protocols and cipher suites. This is defined in the Administrative Services.
Superior Class
top
OID
nsEncryptionConfig-oid
Attribute | Definition |
---|---|
objectClass | Defines the object classes for the entry. |
cn (commonName) | Gives the common name of the device. |
Attribute | Definition |
---|---|
nsSSL3SessionTimeout | Sets the timeout period for an SSLv3 cipher session. |
nsSSLClientAuth | Sets how the server handles client authentication. There are three possible values: allow, disallow, or require. |
nsSSLSessionTimeout | Sets the timeout period for a cipher session. |
nsSSLSupportedCiphers | Contains a list of all ciphers available to be used with secure connections to the server. |
nsTLS1 | Sets whether TLS version 1 is enabled for the server. |
3.8. nsEncryptionModule
The nsEncryptionModule
object class stores the encryption module information. This is defined in the Administrative Services.
Superior Class
top
OID
nsEncryptionModule-oid
Attribute | Definition |
---|---|
objectClass | Defines the object classes for the entry. |
cn (commonName) | Gives the common name of the device. |
Attribute | Definition |
---|---|
nsSSLActivation | Sets whether to enable a cipher family. |
nsSSLPersonalitySSL | Contains the name of the certificate used by the server for SSL. |
nsSSLToken | Identifies the security token used by the server. |
3.9. nsMappingTree
A mapping tree maps a suffix to the back end. Each mapping tree entry uses the nsMappingTree
object class. This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.110
Attribute | Definition |
---|---|
objectClass | Gives the object classes assigned to the entry. |
cn | Gives the common name of the entry. |
3.10. nsSaslMapping
This object class is used for entries which contain an identity mapping configuration for mapping SASL attributes to Directory Server attributes.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.317
objectClass | Defines the object classes for the entry. |
cn | Gives the name of the SASL mapping entry. |
Contains the search base DN template. | |
Contains the search filter template. | |
Contains a regular expression to match SASL identity strings. |
3.11. nsslapdConfig
The nsslapdConfig
object class defines the configuration object, cn=config
, for the Directory Server instance.
This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.39
Attribute | Definition |
---|---|
objectClass | Gives the object classes assigned to the entry. |
Attribute | Definition |
---|---|
cn | Gives the common name of the entry. |
3.12. passwordPolicy
Both local and global password policies take the passwordPolicy
object class. This object class is defined in Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.13
Attribute | Definition |
---|---|
objectClass | Gives the object classes assigned to the entry. |
Attribute | Definition |
---|---|
Sets the number of seconds after which user passwords expire. | |
Identifies whether the user’s password expires after an interval given by the`passwordMaxAge` attribute. | |
Sets the minimum number of characters that must be used in passwords. | |
Sets the number of passwords the directory stores in the history. | |
Identifies whether or not users is allowed to change their own password. | |
Sets the number of seconds before a warning message is sent to users whose password is about to expire. | |
Identifies whether or not users are locked out of the directory after a given number of failed bind attempts. | |
Sets the number of failed bind attempts after which a user will be locked out of the directory. | |
Identifies whether a user is locked out until the password is reset by an administrator or whether the user can log in again after a given lockout duration. The default is to allow a user to log back in after the lockout period. | |
Sets the time, in seconds, that users will be locked out of the directory. | |
Identifies whether the password syntax is checked by the server before the password is saved. | |
Identifies whether or not to change their passwords when they first login to the directory or after the password is reset by the Directory Manager. | |
Sets the type of encryption used to store Directory Server passwords. | |
Sets the number of seconds that must pass before a user can change their password. | |
Sets the time, in seconds, after which the password failure counter will be reset. Each time an invalid password is sent from the user’s account, the password failure counter is incremented. | |
Sets the number of grace logins permitted when a user’s password is expired. | |
Sets the minimum number of numeric characters (0 through 9) which must be used in the password. | |
Sets the minimum number of alphabetic chracters that must be used in the password. | |
Sets the minimum number of upper case alphabetic characters, A to Z, which must be used in the password. | |
Sets the minimum number of lower case alphabetic characters, a to z, which must be used in the password. | |
Sets the minimum number of special ASCII characters, such as | |
Sets the minimum number of 8-bit chracters used in the password. | |
Sets the maximum number of times that the same character can be used in row. | |
Sets the minimum number of categories which must be used in the password. | |
Sets the length to check for trivial words. | |
Sets a delay when temporary passwords become valid. | |
Sets the number of seconds a temporary password is valid. | |
Sets the maximum number off attempts a temporary password can be used. |