Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 3. Configuration object classes
The configuration object classes in Red Hat Directory Server define the schema rules that dictate the required and allowed attributes for the server’s internal configuration entries. Reviewing these classes helps you to accurately modify configuration files.
Many configuration entries use the extensibleObject object class, however some require additional configuration object classes.
3.1. changeLogEntry
The changeLogEntry object class is used for entries which store changes made to the Red Hat Directory Server (RHDS) entries.
To configure RHDS to maintain a changelog that is compatible with the changelog implemented in RHDS 4.1x, enable the Retro Changelog plugin. Each entry in the changelog has the changeLogEntry object class.
This object class is defined in Changelog Internet Draft. Superior Class
top
OID
2.16.840.1.113730.3.2.1
| Defines the object classes for the entry. | |
| Contains a number assigned arbitrarily to the changelog. | |
| The time at which a change took place. | |
| The type of change performed on an entry. | |
| The distinguished name of an entry added, modified or deleted on a supplier server. |
| Changes made to Directory Server. | |
| A flag that defines whether the old Relative Distinguished Name (RDN) of the entry should be kept as a distinguished attribute of the entry or should be deleted. | |
| New RDN of an entry that is the target of a modRDN or modDN operation. | |
| Name of the entry that becomes the immediate superior of the existing entry when processing a modDN operation. |
3.2. directoryServerFeature
The directoryServerFeature object class is used for entries which identify a feature of the directory service.
This object class is defined by Red Hat Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.40
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Specifies the common name of the entry. | |
| Gives a text description of the entry. | |
| Specifies the OID of the feature. |
3.3. nsBackendInstance
The nsBackendInstance object class is used for the Red Hat Directory Server backend instance entry.
This object class is defined in Red Hat Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.109
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the entry. |
3.4. nsDS5Replica (object class)
The nsDS5Replica object class is for entries which define a replica in database replication. Many of these attributes are set within the backend and cannot be modified.
This object class is defined in Red Hat Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.108
| Defines the object classes for the entry. | |
| Specifies the unique ID for suppliers in a replication environment. | |
| Specifies the suffix DN at the root of a replicated area. |
| Gives the name for the replica. | |
| Specifies information that has been previously set in flags. | |
| Sets whether the server will follow configured referrals for the Directory Server database. | |
| Specifies the DN to use when a supplier server binds to a consumer. | |
| Gives the total number of entries in the changelog and whether they have been replicated. | |
| Specifies whether the replica is a legacy consumer. | |
| Specifies the unique ID for the replica for internal operations. | |
| Specifies the time in seconds before the changelog is purged. | |
| Specifies the URLs for user-defined referrals. | |
| Specifies a timeout after which a supplier will release a replica, whether or not it has finished sending its updates. | |
| Specifies the time interval in seconds between purge operation cycles. | |
| Defines the type of replica, such as a read-only consumer. | |
| Launches a replication task, such as dumping the database contents to LDIF; this is used internally by the Directory Server supplier. | |
| Stores information on the clock so that proper change sequence numbers are generated. |
3.5. nsDS5ReplicationAgreement
The nsDS5ReplicationAgreement object class used to entries that store the information configured in a replication agreement.
Superior Class
top
OID
2.16.840.1.113730.3.2.103
| Defines the object classes for the entry. | |
| Used for naming the replication agreement. |
| Contains a free text description of the replication agreement. | |
| Initializes a replica manually. | |
| Gives an alternate timeout period to use when the replication is run with debug logging. | |
| Specifies the DN to use when a supplier server binds to a consumer. | |
| Specifies the method (SSL or simple authentication) to use for binding. | |
| Specifies the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access. | |
| The number of changes sent to this replica since the server started. | |
| Specifies the password for the bind DN. | |
| Specifies the host name for the consumer replica. | |
| States when the initialization of the consumer replica ended. | |
| States when the initialization of the consumer replica started. | |
| The status for the initialization of the consumer. | |
| States when the most recent replication schedule update ended. | |
| States when the most recent replication schedule update started. | |
| Provides the status for the most recent replication schedule updates. | |
| Specifies the port number for the remote replica. | |
| Specifies the suffix DN at the root of a replicated area. | |
| Specifies the amount of time in seconds a supplier should wait between update sessions. | |
| Specifies any attributes that will not be replicated to a consumer server. | |
| Specifies the number of seconds outbound LDAP operations will wait for a response from the remote replica before timing out and failing. | |
| Specifies the type of transport used for transporting data to and from the replica. | |
| States whether a replication schedule update is in progress. | |
| Specifies the replication schedule. | |
| Manages the internal state of the replica using the replication update vector. | |
| Contains the most recent time that an entry in the replica was modified and the changelog was updated. | |
|
With fractional replication, an update to an excluded attribute still triggers a replication event, but that event is empty. This attribute sets attributes to strip from the replication update. This prevents changes to attributes like |
3.6. nsDSWindowsReplicationAgreement
The nsDSWindowsReplicationAgreement object class stores the synchronization attributes for the synchronization agreement. This object class is defined in Red Hat Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.503
| Defines the object classes for the entry. | |
| Gives the name of the synchronization agreement. |
| Contains a text description of the synchronization agreement. | |
| Initiates a manual synchronization. | |
| Gives an alternate timeout period to use when the synchronization is run with debug logging. | |
| Specifies the DN to use when Directory Server binds to the Windows server. | |
| Specifies the method (SSL or simple authentication) to use for binding. | |
| Specifies the amount of time in seconds Directory Server should wait after the Windows server sends back a busy response before making another attempt to acquire access. | |
| Shows the number of changes sent since Directory Server started. | |
| Specifies the credentials for the bind DN. | |
| Specifies the host name for the Windows domain controller of the Windows server being synchronized. | |
| States when the last total update (resynchronization) of the Windows server ended. | |
| States when the last total update (resynchronization) of the Windows server started. | |
| The status for the total update (resynchronization) of the Windows server. | |
| States when the most recent update ended. | |
| States when the most recent update started. | |
| Provides the status for the most recent updates. | |
| Specifies the port number for the Windows server. | |
| Specifies the root suffix DN of Directory Server. | |
| Specifies the amount of time in seconds Directory Server should wait between update sessions. | |
| Specifies the number of seconds outbound LDAP operations will wait for a response from the Windows server before timing out and failing. | |
| Specifies the type of transport used for transporting data to and from the Windows server. | |
| States whether an update is in progress. | |
| Specifies the synchronization schedule. | |
| Manages the internal state of Directory Server sync peer using the replication update vector (RUV). | |
| Contains the most recent time that an entry in Directory Server sync peer was modified and the changelog was updated. |
3.7. nsEncryptionConfig
The nsEncryptionConfig object class stores the configuration information for allowed encryption options, such as protocols and cipher suites.
This is defined in the Administrative Services.
Superior Class
top
OID
nsEncryptionConfig-oid
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the device. |
| Attribute | Definition |
|---|---|
| nsSSL3SessionTimeout | Sets the timeout period for an SSLv3 cipher session. |
| Sets how the server handles client authentication. There are three possible values: allow, disallow, or require. | |
| Sets the timeout period for a cipher session. | |
| Contains a list of all ciphers available to be used with secure connections to the server. | |
| Sets whether TLS version 1 is enabled for the server. |
3.8. nsEncryptionModule
The nsEncryptionModule object class stores the encryption module information.
This is defined in the Administrative Services.
Superior Class
top
OID
nsEncryptionModule-oid
| Attribute | Definition |
|---|---|
| Defines the object classes for the entry. | |
| Gives the common name of the device. |
| Attribute | Definition |
|---|---|
| Sets whether to enable a cipher family. | |
| Contains the name of the certificate used by the server for SSL. | |
| Identifies the security token used by the server. |
3.9. nsMappingTree
The nsMappingTree object class used for mapping tree entries that map a suffix to the backend.
This object class is defined in Red Hat Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.110
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. | |
| Gives the common name of the entry. |
3.10. nsSaslMapping
The nsSaslMapping object class is used for entries which contain an identity mapping configuration for mapping SASL attributes to Red Hat Directory Server (RHDS) attributes. This object class is defined in RHDS.
Superior Class
top
OID
2.16.840.1.113730.3.2.317
| Defines the object classes for the entry. | |
| Gives the name of the SASL mapping entry. | |
| Contains the search base DN template. | |
| Contains the search filter template. | |
| Contains a regular expression to match SASL identity strings. |
3.11. nsslapdConfig
The nsslapdConfig object class defines the cn=config configuration object for the Red Hat Directory Server (RHDS) instance.
This object class is defined in RHDS.
Superior Class
top
OID
2.16.840.1.113730.3.2.39
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Gives the common name of the entry. |
3.12. passwordPolicy
The passwordPolicy object class is used for local and global password policy entries.
This object class is defined in Red Hat Directory Server.
Superior Class
top
OID
2.16.840.1.113730.3.2.13
| Attribute | Definition |
|---|---|
| Gives the object classes assigned to the entry. |
| Attribute | Definition |
|---|---|
| Sets the number of seconds after which user passwords expire. | |
|
Identifies whether the user’s password expires after an interval given by the | |
| Sets the minimum number of characters that must be used in passwords. | |
| Sets the number of passwords the directory stores in the history. | |
| Identifies whether or not users is allowed to change their own password. | |
| Sets the number of seconds before a warning message is sent to users whose password is about to expire. | |
| Identifies whether or not users are locked out of the directory after a given number of failed bind attempts. | |
| Sets the number of failed bind attempts after which a user will be locked out of the directory. | |
| Identifies whether a user is locked out until the password is reset by an administrator or whether the user can log in again after a given lockout duration. The default is to allow a user to log back in after the lockout period. | |
| Sets the time, in seconds, that users will be locked out of the directory. | |
| Identifies whether the password syntax is checked by the server before the password is saved. | |
| Identifies whether or not to change their passwords when they first login to the directory or after the password is reset by the Directory Manager. | |
| Sets the type of encryption used to store Directory Server passwords. | |
| Sets the number of seconds that must pass before a user can change their password. | |
| Sets the time, in seconds, after which the password failure counter will be reset. Each time an invalid password is sent from the user’s account, the password failure counter is incremented. | |
| Sets the number of grace logins permitted when a user’s password is expired. | |
| Sets the minimum number of numeric characters (0 through 9) which must be used in the password. | |
| Sets the minimum number of alphabetic chracters that must be used in the password. | |
| Sets the minimum number of upper case alphabetic characters, A to Z, which must be used in the password. | |
| Sets the minimum number of lower case alphabetic characters, a to z, which must be used in the password. | |
|
Sets the minimum number of special ASCII characters, such as | |
| Sets the minimum number of 8-bit chracters used in the password. | |
| Sets the maximum number of times that the same character can be used in row. | |
| Sets the minimum number of categories which must be used in the password. | |
| Sets the length to check for trivial words. | |
| Sets a delay when temporary passwords become valid. | |
| Sets the number of seconds a temporary password is valid. | |
| Sets the maximum number off attempts a temporary password can be used. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}