How it Works
HP
Loading...
H
Loading...
Loading...
HP-UX Directory Server
Reference Guide
272 pgs2.63 Mb0
Administrator's Guide
68 pgs1.67 Mb0
Setup and Install
160 pgs6.4 Mb0
Installation Guide
72 pgs867.27 Kb0
User's Guide
96 pgs2.45 Mb0
White Paper
2 pgs266.02 Kb0
Table of contents
Loading...

HP HP-UX Directory Server User's Guide

HP-UX Directory Server console guide

HP-UX Directory Server Version 8.1
HP Part Number: 5900-0314 Published: September 2009 Edition: 1
© Copyright 2009 Hewlett-Packard Development Company, L.P.
Confidential computersoftware. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
The informationcontained hereinis subject to change without notice. Theonly warranties for HPproducts andservices are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP
shall not be liable for technical or editorial errors or omissions contained herein.

Table of Contents

1 Overview of the console................................................................................................5
1.1 How the Console, Directory Server, and Administration Server work together..............................5
1.2 Console menus..................................................................................................................................7
1.3 Console tabs......................................................................................................................................8
1.3.1 The Servers and Applications tab.............................................................................................8
1.3.2 The Users and Groups tab.........................................................................................................9
1.4 Server-specific consoles...................................................................................................................10
1.4.1 The Directory Server Console.................................................................................................10
1.4.2 The Administration Server console.........................................................................................11
2 Basic Console tasks.....................................................................................................13
2.1 Launching the Console....................................................................................................................13
2.2 Opening a directory or Administration Server window.................................................................14
2.3 Changing the Console appearance..................................................................................................14
2.3.1 Changing profile locations......................................................................................................15
2.3.2 Restoring default font settings................................................................................................16
2.3.3 Changing console fonts...........................................................................................................17
2.3.4 Reordering table columns.......................................................................................................19
2.3.5 Customizing the main window...............................................................................................22
2.3.6 Working with custom views...................................................................................................23
2.3.6.1 Creating custom views....................................................................................................23
2.3.6.2 Switching to a custom view............................................................................................25
2.3.6.3 Setting access permissions for a public view..................................................................25
3 Managing server instances.........................................................................................29
3.1 Editing domain, host, server group, and instance information......................................................29
3.2 Creating and removing admin domains.........................................................................................30
3.2.1 Creating and editing an admin domain..................................................................................30
3.2.2 Removing an admin domain...................................................................................................31
3.3 Creating a new Directory Server instance.......................................................................................32
3.4 Deleting a Directory Server instance...............................................................................................33
4 Managing Directory Server users and groups..........................................................35
4.1 Searching for users and groups.......................................................................................................35
4.2 Creating directory entries................................................................................................................37
4.2.1 Directory and administrative users.........................................................................................37
4.2.2 Groups.....................................................................................................................................40
4.2.3 Organizational units................................................................................................................43
4.3 Modifying directory entries............................................................................................................45
4.3.1 Editing entries.........................................................................................................................45
4.3.2 Allowing sync attributes for entries........................................................................................46
4.3.3 Changing administrator entries..............................................................................................47
4.3.3.1 Changing the configuration administrator and password.............................................48
4.3.3.2 Changing the admin password.......................................................................................49
4.3.3.3 Adding users to the configuration administrators group...............................................50
4.3.4 Removing an entry from the directory...................................................................................52
Table of Contents 3
5 Setting access controls.................................................................................................53
5.1 Granting admin privileges to users for Directory Server and Administration Server...................53
5.2 Setting access permissions on console elements.............................................................................55
6 Using SSL/TLS with the Console.................................................................................61
6.1 Overview of SSL/TLS......................................................................................................................61
6.2 Installing certificates........................................................................................................................62
6.2.1 Generating a certificate request...............................................................................................63
6.2.2 Installing the certificate...........................................................................................................65
6.2.3 Trusting a certificate authority or adding a certificate chain..................................................67
6.3 Enabling TLS/SSL............................................................................................................................71
6.4 Creating password files...................................................................................................................76
6.4.1 Creating a password file for the Directory Server..................................................................76
6.4.2 Creating a password file for the Administration Server.........................................................77
7 Support and other resources.......................................................................................79
7.1 Contacting HP.................................................................................................................................79
7.1.1 Information to collect before contacting HP...........................................................................79
7.1.2 How to contact HP technical support.....................................................................................79
7.1.3 HP authorized resellers...........................................................................................................79
7.1.4 Documentation feedback.........................................................................................................79
7.2 Related information.........................................................................................................................79
7.2.1 HP-UX Directory Server documentation set...........................................................................79
7.2.2 HP-UX documentation set......................................................................................................80
7.2.3 Troubleshooting resources......................................................................................................81
7.3 Typographic conventions................................................................................................................81
Glossary............................................................................................................................83
Index.................................................................................................................................93
4 Table of Contents

1 Overview of the console

The DirectoryConsole is the user interface to manage HP-UX Directory Server and Administration Server configuration and directory information. There is a single main Console window which administers the servers (collected and identified in administration domains). The main Console allows you to open server-specific Consoles to manage the settings and information in individual instances.
This chapter provides an overview of how the Console interacts with the Directory Server and Administration Server and walks through the Console windows and options.

1.1 How the Console, Directory Server, and Administration Server work together

The Directory Console is an independent Java application which works in conjunction with instances of Directory Server and Administration Server. Most server management functions are carried out in server-specific console windows for the Directory Server and Administration Server. Console is part of a systemthat manages Directory Server instances andthe Administration Server and, therefore, information in the directory. Although HP-UX Directory Server, the Console, and Administration Server work tightly with one another, each plays a specific role in managing servers, applications, and users.
The console is the front-end management application for HP-UX Directory Server. It finds all servers and applications registered in the configuration directory, displays them in a graphical interface, and can manage and configure them. The Main Console can also search for, create, and edit user and group entries in the user directory.
Figure 1-1 The Console interface
When a user logs into Directory Console, the Console connects to the Administration Server over Hypertext Transfer Protocol (HTTP). The Administration Server receives requests to administer the different Directory Server instances and performs the changes to the configuration, such as
1.1 How the Console, Directory Server, and Administration Server work together 5
changing a port number. When a request is sent to the Directory Console to add or edit user entries, the Console sends a Lightweight Directory Access Protocol (LDAP) message directly to Directory Server to update the user directory.
Figure 1-2 Simple system using the Console
HP-UX Directory Server stores server and application configuration settings as well as user information. Typically, application and server configuration information is stored in one subtree of Directory Server while user and group entries are stored in another subtree. With a large enterprise, however, configuration and user information can be stored in separate instances of Directory Server (which can be on the same host machine or on two different host machines).
Figure 1-2 “Simple system using the Console” illustrates a relatively simple HP-UX Directory
Server system. As an enterprise grows and needs change, additional hosts and Directory and Administration Servers can be added to the administration domain in the Console, so that a single Console can manage multiple Directory and Admin Servers.
6 Overview of the console
Figure 1-3 A more complex system
NOTE:
When the terms configuration directory and user directory are used in this guide, they refer to where the configuration information and the user information is stored, regardless of whether that is in the subtrees of a single instance of Directory Server or in two separate instances of Directory Server.

1.2 Console menus

There are five menu items in the top menu the Console. The options for each of these menus varies depending on the Console window open (the main Console, Directory Server Console, or Administration Server Console) and the types of objects available in that server area.
1.2 Console menus 7
Figure 1-4 Main Console menus
Table 1-1 Console menus
DescriptionMenu
Console
Edit
View
Object
Manages the Console session, such as closing the window or exiting the session entirely.
For the main window, this menu also can be used to add and remove admin domain.
For the Directory Server Console, this allows people to log in as a different user.
For the AdministrationServer Console, it manages security issues, such as certificates andtokens.
Sets display preferences, for all three Consoles. For the Directory Server Console, this also provides ways to copy, paste, and delete directory entries or text.
Sets whether to display certain parts of the Console window, such as the top banner, menus, and side navigation panes. This also refreshes the current display. For the Directory Server Console, this menu also sets what parts of the directory or which databases to view.
Provides available operations for the active object; this is the same as the right-click menu for the active area or entry.
For the main window, this menu simply opens or deletes a server instance.
For the Directory Server Console, this provides all the configuration options for the directory
For the Administration Server Console, this opens a configuration editor, starts, and stops the
Opens context-specific help for the current Console area.Help

1.3 Console tabs

There are two tabs in the main Console window:
Servers and Applications, for managing the Directory Server and Administration Server
instances
Users and Groups, for searching for and creating user and groupentries within the Directory
Server
entries, such as advanced property editors or creating new entries.
server.

1.3.1 The Servers and Applications tab

The Servers and Applications tab, by default, has a navigation tree on the left for viewing hosts and Directory and Administration Servers and a center information panel. To access the Directory Server instance, directory information, or Administration Server, open the server resource listed in the navigation tree. The information for the server instance, such as the build number and port number,
The navigation tree displays the HP-UX Directory Server topology, that is, a hierarchical representation of all the resources (such as servers and hosts), that are registered in a configuration directory.
8 Overview of the console
Figure 1-5 The Servers and Applications tab
The top of the topology is the administration domain, a collection of host systems and servers that share the same user directory. The server which hosts Directory Server or Administration Server instances belongs to the administration domain; that is the host.
A server group consists of all Directory Servers that are managed by a common Administration Server. A number of server groups can exist within an administration domain.

1.3.2 The Users and Groups tab

The Users and Groups tab can search for user and group entries in any Directory Server administered by the Console. Any of the returned entries can be edited or deleted through this tab, assuming that the users has the proper access permissions. New entries can also be created through the Users and Groups tab.
1.3 Console tabs 9
Figure 1-6 The Users and Groups tab
Switch the directory being searched or where the entries are added through the options in the Users menu, as described in “Searching for users and groups”.

1.4 Server-specific consoles

The main Console can open into two server-specific windows to manage the Administration Server and Directory Server. These windows are opened by clicking the server name in the navigation area, then clicking the Open button in the resources area.

1.4.1 The Directory Server Console

The Directory Server Console manages the specific Directory Server instance configuration, including the port number, SSL settings, and logging. The Directory Server Console also manages the directory information (entries) and directory operations like importing and exporting databases, creating suffixes, and extending the schema.
10 Overview of the console
Figure 1-7 The Directory Server Console
There are four tabs in the Directory Server Console:
Tasks
Configuration
Directory
Status
Similar to the main Console, the Directory Server Console tabs have a navigation area on the left and a center panel that displays information about the active setting, entry, or database.
The procedures for using the Directory Server Console to manage the Directory Server configuration and directory entries is covered in the HP-UX Directory Server administrator guide.
This tab provides shortcuts to common server operations, including starting and stopping the Directory Server instance, importing and exporting databases, and managing SSL certificates
This tab defines all the server configuration settings, including SASL and SSL authentication,port numbers, schema, replication and synchronization, databases and suffixes, logging, and plug-ins
This tab accesses and manages the directory information, including user entries and all group entries, including roles, classes of service, views, and groups
This tab monitors the server performance and displays the different monitoring and performance counters for the Directory Server and databases

1.4.2 The Administration Server console

The Administration Server itself administers the configuration of other servers, especially the configuration and user directories for the server group. The Administration Server Console manages the Administration Server settings and the settings for these two Directory Server directories; whenever the settings are changed in the Directory Server configuration, the modifications must be carried into the Administration Server configuration for the server to properly manage those servers.
1.4 Server-specific consoles 11
Figure 1-8 The Administration Server console
The Administration Server Console is simpler than the Directory Server Console, with only two tabs:
Tasks
This tab has shortcuts to common server operations,including starting and stopping the Administration Server instance, setting up logging, and managing SSL certificates
Configuration
This tab defines all the Administration Server configuration settings, including SSL authentication, port numbers, and logging, as well as the Configuration Directory Server and User Directory Server settings which the Administration Server uses to connect to the directory services
The procedures for using the Administration Server Console to manage the Administration Server configuration and associated directory services is covered in the Using the Admin Server guide.
12 Overview of the console

2 Basic Console tasks

While most server management functions are carried out in server-specific console windows for the HP-UX Directory Server and Administration Server, the main Console itself has some basic management functions, such as creating server instances, searching the directory, setting some access controls, and allowing some entry modifications.
This chapter covers basic tasks in the Console, including installing the Console, creating and editing server instances, and configuring the Console appearance.

2.1 Launching the Console

1. Run the hpds-idm-console command. For example:
hpds-idm-console -a http://server.example.com:9830
The different options for the hpds-idm-console command are listed in
Table 2-1 “Arguments for hpds-idm-console”.
2. Enter the user name and password.
Also, enter or select the URL for the instance of Administration Server, if one was not passed with the command. The URL can be either the host name or the IP address of the Administration Server host. The Administration Server port number must be given, as well. The five most recent Administration Server URLs accessed are available as a drop-down menu option.
Table 2-1 Arguments for hpds-idm-console
ExampleDescriptionArgument
-a adminURL
-h
-x options
Specifies a base URL for the instance of Administration Server to log into.
Writes errors and system messages to fileName.-f fileName
Prints out the help message for hpds-idm-console.
extraOptions:
nowinpos, which puts the Console window in the
upper left corner of the screen
nologo, which prevents the splash screen from being
displayed and only opens the login dialog
javalaf, which uses the Java look and feel for the
Console interface.
To use multiple options, separate them with a comma.
hpds-idm-console -a http://eastcoast.example.com:987
hpds-idm-console -f system.out
hpds-idm-console -xnologo,nowinposSpecifies extra options. There are three values for
2.1 Launching the Console 13

2.2 Opening a directory or Administration Server window

The Conosle is the avenue to access instance-specific management windows for the Directory Server and Administration Server. To open a console window for a specific server instance:
1. Open the Console.
/opt/dirsrv/bin/hpds-idm-console
2. Click the Servers and Applications tab, which lists all the Directory Server and
Administration Server instances within the configured Directory Server domain.
3. In the navigation tree, click a server to select it.
4. In the right-hand panel, click Open.
Alternatively, double-click the server icon in the navigation tree.

2.3 Changing the Console appearance

The fonts used for different elements in the Console can be edited. The font settings and the location where the font profiles are stored can be customized. The default font settings can be restored easily.
This section also describes how to control other aspects of the appearance of the Console. For example, table columns can be easily rearranged. It is also possible to control which server instances are displayed (called a navigation view) which makes it easy to sort and find server instances.
Access control instructions can be applied to user interface elements, which is discussed in
Chapter 5 “Setting access controls”.
“Changing profile locations”
“Restoring default font settings”
“Changing console fonts”
14 Basic Console tasks
“Reordering table columns”
“Customizing the main window”

2.3.1 Changing profile locations

The Console formatting is stored in profiles. An entry's profiles can be stored locally, which means that they are only available at a specific workstation, or can be stored in the configuration directory, so they are accessible anywhere.
To set the profile location:
1. Click Edit in the top menu, and choose Preferences.
2. Click the Settings tab.
3. Select the radio button for the location to save the settings.
2.3 Changing the Console appearance 15
In your configuration directory means that the settings are stored in the Directory Server configuration, making them available no matter where you log into the Console.
On your computer's hard disk stores the setting profiles locally. This is mainly useful if you want specific, different settings used by default on different Consoles, such as a workstation and a laptop.
4. Click OK.

2.3.2 Restoring default font settings

1. Click Edit in the top menu, and choose Preferences.
2. Click the Settings tab.
3. Click the Restore Defaults button to revert to the default display settings.
4. Click OK.
16 Basic Console tasks

2.3.3 Changing console fonts

Different parts of the Console, such as table headings and regular text, have different font settings. The font settings are stored in profiles, which define the font family, size, and formatting for every text element. There can be multiple font profiles available, and the font profiles can be private, such as settings for a specific user or group, or public, so that any user can access them.
The default profile can be edited without having to create new profiles.
To edit or create a font profile:
1. In the main Directory Console window, from the Edit menu, choose Preferences.
2. Click the Fonts tab.
3. To save the new settings as a new profile, click the Save As button, and fill in the profile
name.
To edit the default (or current) profile, simply begin editing the fonts.
4. In the Screen Element column, click a screen element to edit, then click the Change Font
button.
5. Edit the font for that specific element. There are three settings which can be changed: the
font family, the size, and the formatting (bold or italic).
2.3 Changing the Console appearance 17
6. Click OK to save the profile.
7. Restart the Console to apply the changes.
# /opt/dirsrv/bin/hpds-idm-console
To load and use a saved font profile, open the Font tab in the Preference dialog, and simply select the font profile to use and click OK.
18 Basic Console tasks
To delete a font profile, simply make sure that it is selected from the drop-down menu in the Fonts tab, and click the Remove button.

2.3.4 Reordering table columns

The columns in a table can be rearranged by dragging them into a new position.
1. Click in the table heading.
2.3 Changing the Console appearance 19
2. Still holding down the left mouse button, drag the column to its new location. The other
table columns will automatically shift down to their new positions.
20 Basic Console tasks
3. When you release the mouse button, the column snaps into its new position.
2.3 Changing the Console appearance 21

2.3.5 Customizing the main window

Different elements of the main Directory Console window can be displayed or hidden; this is set by check boxes in the View menu.
There are three parts of the Console which can be hidden: the navigation tree (the smaller panel on the left of the Console window); the decorative background and banner at the top of the Console window; and the status bar at the bottom of the Console.
22 Basic Console tasks

2.3.6 Working with custom views

The Console allows different views to be created to show different server and domain entries in the Directory Console window. Views show only a defined set of server entries; this makes it easier to maintain large numbers of instances or to have a quick way to perform specific tasks.
2.3.6.1 Creating custom views
Custom views show different, defined server instances. Views are either public or private. A public view is visible to any user, while a private view is visible only to the person who created it.
1. In the View menu, choose Custom View Configuration.
2. Click New.
2.3 Changing the Console appearance 23
3. Choose whether the new view will be public or private, then click OK.
A public view is visible to all Console users by default, but access control instructions (ACIs) can be set to restrict access. For more information, see “Setting access permissions
for a public view”.
A private view is only visible to the user who sets it, and ACIs cannot be set to change the access to it.
4. In the Edit View window, enter a descriptive name for this view.
5. Select a resource from the Default View navigation tree on the left. Click Copy to list it in
the panel on the right and include it in the view.
24 Basic Console tasks
To select a range of resources, click the SHIFT key and select the first and last entries; select multiple, separate resouces by holding down the CRTL key and selecting the entries.
To edit a custom view, select it from the list, click the Edit button, and make the changes to the name or resources.
To delete a custom view, select it from the list, and click the Remove button.
2.3.6.2 Switching to a custom view
Choose the desired custom view from the drop-down list on the Servers and Applications tab.
To return to the default view, choose Default View from the drop-down list.
2.3.6.3 Setting access permissions for a public view
1. From the View menu, choose Custom View Configuration.
2. Choose a public Custom View from the list and click Access.
2.3 Changing the Console appearance 25
3. Set the access control instructions.
26 Basic Console tasks
4. Click OK to save the ACI.
For more information on setting access permissions and creating access control instructions, see
Chapter 5 “Setting access controls”.
2.3 Changing the Console appearance 27
28

3 Managing server instances

The server instances managed by the Directory Console are arranged in a hierarchy. At the top is the admin domain. Within the domain are hosts, representing different server machines. Each host has server groups, which identifies an inter-related group of Directory Servers using the same Administration Server instance. The individual Directory Server instances and a single Administration Server instance belong withing a server group. There can only be one Administration Server instance per server group.
These high level entries can be created and managed in the Directory Console.

3.1 Editing domain, host, server group, and instance information

The Console displays some information about every admin domain, host, group, and server instances. Most of this information, such as the installation date and build number, cannot be edited, but some information can.
1. In the Servers and Applications tab, select the entry to modify.
2. Click Edit.
3. Edit the instance's information. Every entryhas the option to change its name and description.
The host, which is the physical machine on which the instances are installed, also has the option of changing the location.
3.1 Editing domain, host, server group, and instance information 29
Loading...
+ 67 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use