Redhat NETSCAPE CONSOLE User Manual

Managing Servers with
Netscape Console
Netscape Console
Version 6.0
December 2001
Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law.
Your right to copy this documentation is limited by copyright law. Making unauthorized copies, adaptations or compilation works is prohibited and constitutes a punishable violation of the law. Netscape may revise this documentation from time to time without notice.
THIS DOCUMENTATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN NO EVENT SHALL NETSCAPE BE LIABLE FOR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING FROM ANY ERROR IN THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION ANY LOSS OR INTERRUPTION OF BUSINESS, PROFITS, USE, OR DATA.
The Software and documentation are copyright © 2001 Sun Microsystems, Inc. Portions copyright 1999, 2001 Netscape Communications Corporation. All rights reserved.
Contains the Taligent ® International Classes ™ from Taligent, Inc. and IBM Corp.
Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation in the United States and other countries. Other Netscape logos, product names and service names are also trademarks of Netscape and may be registered in some countries. Other product and brand names are trademarks of their respective owners.
The downloading, exporting, or reexporting of Netscape software or any underlying information or technology must be in full compliance with all United States and other applicable laws and regulations. Any provision of Netscape software or documentation to the U.S. government is with restricted rights as described in the license agreement for that Software.
Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Whats in This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Conventions Used in This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Viewing This Guide Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
To View This Manual From Netscape Console or Administration Server . . . . . . . . . . . . . . . . . . . . 15
To View This Manual From Another Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Getting Additional Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
To Get Context-Sensitive Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
To Search this Guide’s Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
To Open the Product Homepage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Part 1 Overview of Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 1 Introducing Netscape Console and Administration Server . . . . . . . . . . . . . . . . . 21
Chapter 2 Installing Netscape Servers and Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
The Setup Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Installing a New Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Directory Server Must Be Installed First . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Administration Server Is Required in Each Server Root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Installation Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Typical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Custom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Installing Netscape Console as a Stand-Alone Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
To Install Netscape Console as a Stand-Alone Application on UNIX . . . . . . . . . . . . . . . . . . . . . 27
To Install Netscape Console as a Stand-Alone Application on Windows NT . . . . . . . . . . . . . . . 28
Upgrading to Version Version 6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3
Upgrading Administration Server and Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
To Upgrade on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
To Upgrade on Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Upgrading a Stand-Alone Version of Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
To Upgrade a Stand-Alone Version of Netscape Console on UNIX . . . . . . . . . . . . . . . . . . . . . . 33
To Upgrade a Stand-Alone Version of Netscape Console on Windows NT . . . . . . . . . . . . . . . . 34
Silent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Performing a Silent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
To Save Your Installation Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
To Perform a Silent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Uninstalling a Netscape Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
To Uninstall a Netscape Server on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
To Uninstall a Netscape Server on Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Silent Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
To Perform a Silent Uninstallation on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
To Perform a Silent Uninstallation on Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Part 2 Netscape Console Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Chapter 3 Using Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Starting Netscape Console and Logging In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Starting Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
To Start Netscape Console on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
To Start Netscape Console on Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Logging in to Netscape Console With a User Name and Password . . . . . . . . . . . . . . . . . . . . . . . . . 45
To Log in to Netscape Console With a User Name and Password . . . . . . . . . . . . . . . . . . . . . . . . 45
Logging in to Netscape Console Using Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
To Request and Install a New Client Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
To Make Your Client Certificate Available to Netscape Console on UNIX . . . . . . . . . . . . . . . . 47
To Make Your Client Certificate Available to Netscape Console on Windows NT . . . . . . . . . . 48
To Establish a Secure Connection With an Instance of Administration Server . . . . . . . . . . . . . 48
A Tour of Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Netscape Console Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Netscape Console Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
The Servers and Applications Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
The Administration Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
To Create an Administration Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
To Modify an Administration Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
To Remove an Administration Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Customizing Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
4 Managing Servers with Netscape Console • December 2001
Storing Display Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
To Change Where Display Settings are Stored . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
To Reset Display Settings to Their Default Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Setting Display Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
To Create a Font Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
To Edit an Existing Font Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
To Rename a Font Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
To Use a Font Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
To Remove a Font Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Customizing the Main Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
To Customize the Main Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Customizing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
To Change Column Position in a Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
To Change the Width of Columns in a Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Creating Custom Views of the Navigation Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
To Create a Custom View of the Navigation Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Working with Custom Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
To Switch to a Custom View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
To Edit a Custom View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
To Rename a Custom View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
To Set Access Permissions for a Public View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
To Delete a Custom View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Administration Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Accessing Administration Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
To Open Administration Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Using Administration Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
To Start or Stop a Server Instance from Administration Express . . . . . . . . . . . . . . . . . . . . . . . . . 67
To View Basic Server Information from Administration Express . . . . . . . . . . . . . . . . . . . . . . . . . 67
To View Access and Error Logs from Administration Express . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Setting the Refresh Rate for Administration Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
To Set the Refresh Rate for Administration Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Chapter 4 Servers in Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Working With Earlier Netscape Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Adding a Pre-4.0 Server to the Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
To Add a Pre-4.0 Server to the Navigation Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Migrating from a Pre-4.0 Server to a Newer Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
To Migrate from a Pre-4.0 Server to a Newer Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Working with Netscape Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Opening a Server Management Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
To Open a Netscape Server Management Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Creating a New Server Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
To Create a New Server Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
5
Modifying Host, Server Group, and Instance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
To Modify Host, Server Group, and Instance Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Cloning a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
To Clone Server Settings to Another Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Removing a Server Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
To Remove a Server Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Uninstalling a Netscape Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Merging Configuration Data from Two Directory Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
To Merge Configuration Data from Two Directory Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Chapter 5 User and Group Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Interacting with Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Using Distinguished Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Distinguished Names, Attributes, and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Distinguished Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
DN and Attribute Guidelines and Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Locating a User or Group in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
To Locate Users or Groups in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Choosing a Different Directory to Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
To Change the Directory to Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Creating New Directory Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
To Create a New User Entry in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
The User’s Preferred Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
To Create an Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Specifying Windows NT and UNIX Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
To Enable Windows NT and UNIX Panels for an Individual User . . . . . . . . . . . . . . . . . . . . . . . 95
To Enable Windows NT and UNIX Panels for All New Users . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
To Set Windows NT and UNIX Options and Attributes for a New User . . . . . . . . . . . . . . . . . . 96
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
To Create a Static Group in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
To Add Users to the Configuration Administrators Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
To Create a Dynamic Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
To Create a Certificate Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Organizational Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
To Create a New Organizational Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Modifying Existing Directory Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Updating User and Group Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
To Edit a User or Group Entry in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
To Change a User Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
To Change the Configuration Administrator’s User Name or Password . . . . . . . . . . . . . . . . . 107
6 Managing Servers with Netscape Console December 2001
To Change the Administration Server Administrators User Name or Password . . . . . . . . . . 108
To Remove a User, Group, or Organizational Unit from the Directory . . . . . . . . . . . . . . . . . . . 108
Part 3 Using Netscape Administration Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Chapter 6 Administration Server Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Restarting Administration Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
To Restart the Server from Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
To Restart the Server from the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
To Restart the Server from the NT Control Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Stopping Administration Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
To Stop the Server from Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
To Stop the Server from the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
To Stop the Server from the NT Control Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Logging Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
To View the Access Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
To View the Error Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
To Change Where Logs are Stored . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
The Netscape Administration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
To Access the Administration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Chapter 7 Administration Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
To Configure Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Access Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
To Set Administration Server Access Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Encryption Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
To Request and Install a Certificate for Administration Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
To Activate SSL on Administration Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Directory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
The Configuration Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Changing the Host or Port Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
To Change the Host or Port Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
The User Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
User Directory Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
User Authentication and Directory Failover Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Changing User Directory Settings for a Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
7
To Change the User Directory Settings for a Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
To Change User Directory Settings for a Server Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Chapter 8 Administration Server Command-Line Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
admconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Tasks and Their Arguments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
admin_ip.pl. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
ldapsearch, ldapmodify, and ldapdelete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
sec-activate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
sec-migrate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
modutil . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Tasks and Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
JAR Information File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
JAR Information File Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Examples of Using modutil . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Part 4 Advanced Server Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Chapter 9 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Overview of Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Examples of Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Setting Access Permissions For Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
To Set Access Permissions for a Server in the Navigation Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Working With Access Control Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Whats in an ACI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Bind Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Using the ACI Manager and ACI Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
To Specify What You Want an ACI to Apply To . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
To Create a New ACI with the Visual ACI Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
To Create a New ACI with the Manual ACI Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
8 Managing Servers with Netscape Console December 2001
To Edit an Existing ACI with the ACI Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
To Remove an ACI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Chapter 10 Using SSL and TLS with Netscape Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
The SSL and TLS Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
SSL and TLS Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Choosing SSL and TLS Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Preparing to Use SSL and TLS Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Using External Security Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Slots and Security Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
To Install an External Security Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
To Remove an External PKCS #11 Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Obtaining and Installing a Server Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Preparing to Set Up SSL and TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Setting up SSL or TLS with an Internal Security Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Setting up SSL or TLS with an External Security Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Setting Up SSL with Internal and External Security Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Generating a Server Certificate Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
To Generate a Certificate Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Sending a Server Certificate Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
To Send a Server Certificate Request as email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Installing the Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
To Back Up a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
To Install a Server Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
To Install a CA Certificate or Server Certificate Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Backing Up and Restoring Your Certificate Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
To Back Up Your Certificate Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
To Restore Your Certificate Database From a Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Activating SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
To Activate SSL on a Netscape Server or a Netscape 4.x Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Managing Server Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Renewing a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
To Check a Certificate Expiration Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
To Generate a Certificate Renewal Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Changing the CA Trust Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
To Change the CA Trust Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Changing Security Device Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
To Change a Security Device Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Managing Certificate Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
To Obtain a CRL or CKL From a CA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
To View, Add, or Delete a CRL or CKL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Using Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
9
How Client Authentication Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Preparing to Use Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
The certmap.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
DNComps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
FilterComps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
VerifyCert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
CmapLdapAttr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
InitFn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Custom Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Editing the certmap.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
To Edit the certmap.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Example certmap.conf Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Example of a Default Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Example of an Additional Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Example of a Mapping with an Attribute Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Using Client Authentication Between Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
To Set Up Client Authentication Between Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Client Authentication for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
To Set Up Client Authentication for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Chapter 11 Using SNMP to Monitor Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
SNMP Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
How SNMP Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Netscape MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
The Administration Server MIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Types of SNMP Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Network Management Station-Initiated Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Server-Initiated Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Setting Up SNMP on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Using a Proxy SNMP Agent on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Installing and Starting the Proxy SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
To Install the SNMP Proxy Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
To Start the SNMP Proxy Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
To Restart the Native Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Reconfiguring a Native Agent on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Configuring the Master Agent on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Community Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Trap Destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Configuring the Master Agent using Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
To Add, Edit, or Remove a Community String using Netscape Console . . . . . . . . . . . . . . . . . 219
To Add, Edit, or Remove a Trap Destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Manually Configuring the Master Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
10 Managing Servers with Netscape Console December 2001
To Configure the Master SNMP Agent Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Editing the Master Agent Config File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Defining sysContact and sysLocation Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Starting the Master Agent on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Starting the Agent Using Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
To Start the Master Agent Using Netscape Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Starting the Agent from the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
To Start the Agent on the Standard Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
To Start the Agent on a Non-Standard Port Using the Config File . . . . . . . . . . . . . . . . . . . . . . . 224
To Start the Agent on a Non-Standard Port using System Services . . . . . . . . . . . . . . . . . . . . . . 225
Enabling the Subagent on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Using the Windows NT SNMP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
To Set Up SNMP on Windows NT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Part 5 Appendixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Appendix A Fortezza . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
How Fortezza Crypto Cards are Certified . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Fortezza Keys, Certificates, and Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
CRLs and CKLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Encryption Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
SKIPJACK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
SSL Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
RC4 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
NULL Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Enabling Fortezza . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
To Enable Fortezza on Administration Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Appendix B Introduction to Public-Key Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Internet Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Encryption and Decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Symmetric-Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Public-Key Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Key Length and Encryption Strength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Certificates and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
A Certificate Identifies Someone or Something . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Authentication Confirms an Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Password-Based Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Certificate-Based Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
11
How Certificates Are Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Types of Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
SSL Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Signed and Encrypted Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Form Signing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Single Sign-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Object Signing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Contents of a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Distinguished Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
A Typical Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
How CA Certificates Are Used to Establish Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
CA Hierarchies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Certificate Chains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Verifying a Certificate Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Issuing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Certificates and the LDAP Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Key Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Renewing and Revoking Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Registration Authorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Appendix C Introduction to SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
The SSL Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Ciphers Used with SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Cipher Suites With RSA Key Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Fortezza Cipher Suites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
The SSL Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Server Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Man-in-the-Middle Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
12 Managing Servers with Netscape Console December 2001
Managing Servers with Netscape Console provides background information that system architects and administrators need to successfully install and manage Netscape servers in their enterprise. Read about Netscape server basics here before you begin installing and configuring servers in your enterprise.

Whats in This Guide

This book provides information you need to use Netscape servers. It is divided into the following parts:
Part 1, Overview of Netscape Console
Part 2, Netscape Console Basics

About This Guide

Part 3, Using Netscape Administration Server
Part 4, Advanced Server Management
Part 5, Appendixes

Conventions Used in This Guide

The following typographical conventions are used in this guide:
Monospaced font
This typeface is used for any text that appears on the computer screen or text that you should type. Its also used for file, path, and function names.
Boldface
In UI reference material, boldface type identifies window elements such as input areas and checkboxes.
13
Conventions Used in This Guide
Italic
Italic type is used for emphasis, book titles, glossary terms, and variables.
TIP Tips are useful information that can help you save time.
NOTE Notes mark important information. Make sure you read the
CAUTION Cautions alert you to potentially problematic situations, and tell you
[ ]
Square brackets enclose commands that are optional. You can choose to omit any text that appears in square brackets.
/
information before continuing with a task.
how to avoid them.
Forward slashes are used to separate directories in a path. If you use the Windows NT operating system, you may be more familiar with paths containing back slashes (\). NT supports both types of slashes; you can use whichever you prefer.
>
Forward angle brackets are used to indicate menu hierarchies. For example, the text from the Console menu, choose Security > Manage Certificates means that you should open the Console menu, select the Security item to open its submenu, and then choose the Manage Certificates item from that submenu.
Start
In Windows NT -related sections of this guide, “Start” typically refers to the Windows NT Start menu button. For example, click Start, and then choose Programs > Netscape Server Products > Netscape Console Version 6.0 means that you should click the Windows NT Start menu button, and then select Programs > Netscape Server Products > Netscape Console Version 6.0.
14 Managing Servers with Netscape Console December 2001
UNIX
Marks text that applies only to UNIX users.
NT
Marks text that applies only to Windows NT users.

Viewing This Guide Online

For your convenience, this book is also available online. When using any Netscape server software, you can view the online version of Managing Servers with Netscape
Console.

To View This Manual Fro m Netscape Console or Administration Server

1. From the Help menu, choose Contents or press the F1 key.
Viewing This Guide Online
A browser window opens and displays an HTML version of the table of contents for this manual. Click a link to go to a chapter or section.

To View This Manual From Another Product

1. From the server management windows Help menu, choose Documentation
Resources.
A browser window opens and displays a Documentation Resources page.
2. Click Managing Servers with Netscape Console to view an HTML version of this
manuals table of contents. Click a link to go to a chapter or section.
About This Guide 15

Getting Additional Help

Getting Additional Help
The following types of help are available from within Netscape Console:
Context-sensitive help
A searchable version of this guides index
A Documentation Resources page with product-related links.
This section shows you how to access these resources.

To Get Context-Sensitive Help

1. Click a Help button.
You will see a browser window with information about the screen you are viewing.
2. If you need further assistance, click one of the following links at the top or
bottom of the screen:
Help Topics and Procedures. This displays a list of all available help topics and procedures for the product youre working in.
Manual Contents. This displays the table of contents of the manual for the product youre working in.
Manual Index. This displays the index of the manual for the product you’re working in.
Documentation Resources. This displays the Documentation Resources page, which contains links to documentation for the product youre using.

To Search this Guides Index

1. From the Help menu, choose Search Index.
This opens the Search Index dialog box, an interface used for searching this guides index. The text field at the top of the dialog box accepts a search term, the middle frame shows an alphabetical list of all indexed terms, and the bottom frame is used to show topics.
16 Managing Servers with Netscape Console December 2001
Getting Additional Help
2. Enter a search term in the top field of the search interface.
If the index contains your search term, you will see it highlighted in the alphabetical list. If your search term is not found, the closest match is highlighted.
3. Click the desired topic from the bottom frame.
These topics are links to sections of this guide. Clicking one opens a browser displaying the appropriate section.
4. To dismiss the Search Index dialog box, click Close.

To Open the Product Homepage

From the Help menu, choose Documentation Resources.
A browser window opens containing a list of Netscape Console-related links. You can also access this page by clicking Documentation Resources from within context-sensitive help.
About This Guide 17
Getting Additional Help
18 Managing Servers with Netscape Console December 2001
Part 1

Overview of Netscape Console

Chapter 1, Introducing Netscape Console and Administration
Server
Chapter 2, Installing Netscape Servers and Console
19
20 Managing Servers with Netscape Console December 2001
Chapter 1
Introducing Netscape Console and
Administration Server
Netscape Console and Administration Server Version 6.0 are two parts of a system that lets you manage Netscape software and users in your enterprise. This chapter presents a high-level overview of what this system is and how you can use it to work with resources across your network.
In order to run most Netscape software, you must first install Netscape Directory Server. By default, when you do this, Netscape Console and Administration Server are automatically installed for you. Although Netscape Directory Server, Netscape Console, and Netscape Administration Server work tightly with one another, each plays a specific role in the management of servers, applications, and users.
Netscape Directory Server stores server and application configuration settings as well as user information. This data is used by other servers in the enterprise. Typically, application and server configuration information is stored in one subtree of Netscape Directory Server while user and group entries are stored in another subtree. If you have a large enterprise, however, you can store your configuration and user information in separate instances of Directory Server (which can be on the same host machine or on two different host machines). When the terms configuration directory and user directory are used in this guide, they refer to where the configuration information and the user information is storedeither in the subtrees of a single instance of Directory Server or in two separate instances of Directory Server.
Netscape Console is the front-end management application for Netscape software in your enterprise. It finds all servers and applications registered in your configuration directory, displays them in a graphical interface, and lets you manage and configure them. In addition, Netscape Console provides graphical tools for locating and managing entries in the user directory. Figure 1-1 shows Netscape Consoles interface.
21
Figure 1-1 The Netscape Console Interface
When you log in to Netscape Console, it connects to an instance of Administration Server using the Hypertext Transfer Protocol (HTTP). Administration Server manages requests for all Netscape products installed in a single root folder.
When you install a Netscape product in a new folder, Administration Server is installed for you. If you install additional products in the same folder, they can use the instance of Administration Server that is already there. If a product includes a newer version of Administration Server and Console than the versions in the root folder, the installer updates the folder with the latest versions. Administration Server and Console are backward compatible; all existing Netscape servers will continue to work normally.
The system for managing Netscape products works as follows:
Netscape Console lets you manage resources (servers or applications) as well as add or edit user information. When you use Netscape Console to manage resources, Console sends HTTP requests to the instance of Administration Server that controls the resource. Upon receiving these requests, the instance of
22 Managing Servers with Netscape Console December 2001
Administration Server executes programs that perform the requested tasks. For example, Administration Server can execute programs to modify the server and application settings that are stored in the configuration directory or to change the port number that a server listens to.
When you use Netscape Console to add or edit user entries, it sends Lightweight Directory Access Protocol (LDAP) messages directly to Directory Server. The information in these messages is then stored in the user directory. Figure 1-2 illustrates the system.
Figure 1-2 A Simple System With Netscape Console
Figure 1-2 shows an example of a relatively simple system. As your enterprise grows and your needs change, you have the flexibility to add additional hosts and servers. Even when you install new hardware and software, you can continue to use a single instance of Netscape Console to manage your network. Figure 1-3 shows how a complex system might be organized.
Chapter 1 Introducing Netscape Console and Administration Server 23
Figure 1-3 A More Complex System With Netscape Console
The rest of this guide shows you how to install and use Netscape Console and Administration Server to manage servers, applications, and users.
If you would like to learn more about how Netscape Console works before installing the product, see A Tour of Netscape Console on page 49.
24 Managing Servers with Netscape Console December 2001
Chapter 2
Installing Netscape Servers and
Console
This chapter provides an overview of the Netscape Server Products Setup program and how it is used in various situations.
This chapter contains the following sections:
The Setup Program
Upgrading to Version Version 6.0
Silent Installation
Uninstallation
Each Netscape server has its own detailed installation instructions.
25

The Setup Program

The Setup Program
The Netscape Server Products Setup program is for installing Netscape servers all at once or one at a time. Use the Setup program each time you need to do any of the following:
Install a new server or server component
Install Netscape Console as a stand-alone application
Update a server
Installing a New Server
This section provides an overview of installation dependencies and options common to all Netscape servers.
Directory Server Must Be Installed First
In order to install Netscape software, you must first set up Directory Server. When you do this, you create a user ID and password for the Configuration Administrator. During a typical installation, the Setup program checks this user ID and password against the installed directory. If the values do not match, authentication fails, and you cant complete the installation.
For detailed information on installing the Directory Server, see the server’s documentation.
When you install a Directory Server for the first time, Netscape Administration Server and Console are automatically installed for you.
Administration Server Is Required in Each Server Root
Every Netscape server root must contain an instance of Administration Server. If you are installing a server into a new folder, the Setup program will automatically install Administration Server for you.
NOTE Installing or upgrading Console on Windows NT requires
rebooting the machine at the end of the install process. The option to reboot is offered at the end of the setup program. If you choose not to reboot at the end of the install process you must remember to reboot later, before you use Console.
26 Managing Servers with Netscape Console December 2001
The Setup Program
Installation Modes
The Setup program offers three installation modes: Express, Typical, and Custom.
Express
Use this mode to get the system running quickly, using default settings as much as possible. This mode was designed for administrators who want to test a server’s basic operation on a particular system before deploying. It automatically generates as much information as possible to complete the most basic installation. Generally, you only need to enter administrator names and passwords during an express installation.
Typical
Use this mode if you want to specify some, but not all, installation options. Administrators often use this mode because it handles the details of server configuration, while still letting them modify settings such as directory location, port numbers, user names, and passwords.
Custom
Use this mode only if youve run the installer before, and are familiar with server configuration settings and how to modify them. This mode is most useful to the administrator who routinely installs and upgrades servers, and whose company has already identified special enterprise needs. When using custom mode, you can specify all typical options as well as advanced ones such as the IP address of a host system.
Installing Netscape Console as a Stand-Alone Application
You can install Netscape Console as a stand-alone application on a machine local to you. This is useful when you want to manage servers on remote machines.
To Install Netscape Console as a Stand-Alone Application on UNIX
1. Download the compressed product binaries for Netscape Console.
2. Extract the binaries into a new directory.
3. Run the Setup program by typing setup.
The first installation screen appears.
Chapter 2 Installing Netscape Servers and Console 27
The Setup Program
4. Proceed through the installation process. Here are the prompts you encounter
with instructions about what to do:
Would you like to continue with installation? Enter
Yes
Do you agree to the license terms? Enter Yes
Select the component you want to install. Enter 2 for Netscape Console
Installation location. Enter the path where you want to install Netscape
Console. If the specified folder does not exist, the Setup program will create it for you.
5. Press Enter.
The Setup program installs Netscape Console in the folder you specified.
Once installation completes, you can run Netscape Console by navigating to the folder you specified as the installation location, and then typing
startconsole.
To Install Netscape Console as a Stand-Alone Application on Windows NT
1. Download the compressed product binaries for Netscape Console.
2. Extract the binaries into a new folder and run the setup.exe program.
The installation startup screen appears.
28 Managing Servers with Netscape Console December 2001

Upgrading to Version Version 6.0

3. Click Next.
4. Proceed through the installation process. Here are the prompts you encounter
with instructions about what to do:
Do you accept all of the terms of the preceding license agreement? Click
Choose the type of Setup you prefer. Select Netscape Console
Installation directory. Enter the location where you want to install Netscape
Console. If this folder does not exist, the Setup program asks if you want to create it.
5. Review your selections. If you need to make any changes, click Back and
modify your choices.
6. Click Install.
The Setup program installs Netscape Console in the specified folder.
7. When the installer completes, click Finish.
Once installation completes, you can run Netscape Console by clicking Start, and then choosing Programs > Netscape Server Products > Netscape Console Version
6.0.
Upgrading to Version Ve rsio n 6. 0
If you already have versions of Netscape Console and Administration Server installed on your system, you can upgrade to Netscape Console Version 6.0. This section contains instructions for performing the following upgrades:
Yes
Upgrading Administration Server and Console
Upgrading a Stand-Alone Console.
NOTE The instructions presented in this section apply only when
upgrading Netscape Administration Server and Console. If you want to upgrade a different Netscape product, please refer to the installation instructions for the upgraded version of that product.
Chapter 2 Installing Netscape Servers and Console 29
Upgrading to Version Version 6.0
Upgrading Administration Server and Console
To upgrade Netscape Administration Server and Console to Netscape Administration Server and Console Version 6.0, follow the directions for your operating system.
To Upgrade on UNIX
1. Download the compressed product binaries for Netscape Administration
Server and Console.
2. Extract the binaries into a new folder.
3. Run the Setup program by typing setup.
The first installation screen appears.
4. Proceed through the installation process. Here are the prompts you encounter
with instructions about what to do:
Would you like to continue with installation? Press Enter for Yes
Do you agree to the license terms? Enter
Yes
Select the component you want to install Enter 1 for Netscape Servers
Choose an installation type Enter
2 for Typical
Installation location Enter the location where Administration Server is currently installed.
If Administration Server was installed with another Netscape server, enter the path to that products server root. For example, if you installed Netscape Directory Server 4.1 in the
/usr/netscape/server4 as your installation location.
enter
/usr/netscape/server4 folder, then you would
Specify the components you wish to install Press Enter (for All)
(Core Components) Specify the components you wish to install Choose all
three core components by entering
1, 2, 3.
(Administration Services) Specify the components you wish to install Choose both components by entering
1,2
Computer name Enter the fully qualified hostname of your computer. For example,
eastcoast.example.com.
System User Enter the user ID that Netscape Administration Server is currently running as. The server will continue to run as this user.
30 Managing Servers with Netscape Console December 2001
Upgrading to Version Version 6.0
System Group Enter the UNIX group to which the System User belongs.
Configuration Admin ID or DN Enter the user ID or distinguished name of
the administrator who is currently authorized to access the configuration directory.
Password Enter the password for the user specified by the Configuration Admin ID or DN.
5. Press Enter.
The installer replaces your existing Administration Server and Console with the new versions of the software.
Once installation completes, you can run Netscape Console by navigating to the folder you specified as the Install location, and then typing
startconsole.
To Upgrade on Windows NT
1. Download the compressed product binaries for Netscape Administration
Server and Console.
2. Extract the binaries into a new folder and run the setup.exe program.
The installation startup screen appears.
Chapter 2 Installing Netscape Servers and Console 31
Upgrading to Version Version 6.0
3. Click Next.
4. Proceed through the installation process. Here are the prompts you encounter
with instructions about what to do:
Do you accept all of the terms of the preceding license agreement? Click Yes
Choose the type of Setup you prefer Select Netscape Servers
(Type of Installation) Choose the type of Setup you prefer Select Typical
Installation directory Enter the location where Netscape Administration
Server is currently installed.
If Administration Server was installed with another Netscape server, enter the path to that products server root. For example, if you installed Netscape Directory Server 4.1 in the
C:\Netscape\Server4 as your installation location.
Select the products you want to install Both boxes are checked, by default.
User ID or Distinguished Name Enter the user ID or distinguished name of
the administrator who is currently authorized to access the configuration directory.
C:\Netscape\Server4 folder, you would enter
Password Enter the password for the user ID or distinguished name entered above.
5. Review your selections. If you need to make any changes, click Back and
modify your choices.
6. Click Next.
The Setup program replaces your existing Administration Server and Console with version Version 6.0.
7. When the installer completes, click Finish.
Once installation completes, you can run Netscape Console by clicking Start, and then choosing Programs > Netscape Server Products > Netscape Console Version
6.0.
32 Managing Servers with Netscape Console December 2001
Upgrading to Version Version 6.0
Upgrading a Stand-Alone Version of Netscape Console
If you have installed a stand-alone version of Netscape Console, you can upgrade it to version Version 6.0.
To Upgrade a Stand-Alone Version of Netscape Console on UNIX
1. Download the compressed product binaries for Netscape Console.
2. Extract the binaries into a new folder.
3. Run the Setup program by typing setup.
The first installation screen appears.
4. Proceed through the installation process. Here are the prompts you encounter,
with instructions about what to do:
Would you like to continue with installation? Press Enter for Yes
Do you agree to the license terms? Enter
Select the component you want to install Enter 2 for Netscape Console
Installation location Enter the location where Netscape Console is currently
installed.
5. Press Enter.
The installer replaces your existing version of Netscape Console with the new version of the software.
Once installation completes, you can run Netscape Console by navigating to the folder you specified as the installation location, and then typing
Yes
startconsole.
Chapter 2 Installing Netscape Servers and Console 33
Upgrading to Version Version 6.0
To Upgrade a Stand-Alone Version of Netscape Console on Windows NT
1. Download the compressed product binaries for Netscape Console.
2. Extract the binaries into a new folder and run the setup.exe program.
The installation startup screen appears.
3. Click Next.
4. Proceed through the installation process. Here are the prompts you encounter
with instructions about what to do:
Do you accept all of the terms of the preceding license agreement? Click Yes
Choose the type of Setup you prefer. Select Netscape Console
Installation directory. The installer will automatically supply the location
where Console is currently installed.
5. Review your selections. If you need to make any changes, click Back and
modify your choices.
34 Managing Servers with Netscape Console December 2001
6. Click Install.
The Setup program replaces your existing version of Netscape Console with the new version of the software.
7. When the installer completes, click Finish.
Once installation completes, you can run Netscape Console by clicking Start, and then choosing Programs > Netscape Server Products > Netscape Console Version
6.0.

Silent Installation

The Silent Installation feature of the Netscape Server Products Setup program allows you to use a file to predefine all the answers that you would normally supply interactively during installation. This is useful when you want to install a large number of Netscape server instances using identical installation options.
Performing a Silent Installation
Silent Installation
In order to perform a silent installation, you must create a set of installation answers and then run the Netscape Server Products Setup program in silent mode. The easiest way to create a set of installation answers is to perform an installation and save your installation cache to a file. Once youve done this, you can modify the cache file and then use it when performing additional installations.
You can use Silent Installation to upgrade multiple instances of Administration Server. Rather than manually entering the same set of answers for each server, you can save your installation answers while upgrading one instance of Administration Server, and then upgrade the remaining instances using the same answers.
To Save Your Installation Answers
1. From the system prompt, run the Setup program by typing setup -k.
-k flag instructs the Setup program to store your answers to installation
The questions.
2. Perform your installation or upgrade.
The answers that you specify for installation and upgrade questions are stored
setup/install.inf file which is contained in the destination directory
in the that you indicate during installation.
Chapter 2 Installing Netscape Servers and Console 35

Uninstallation

3. If you plan to perform multiple silent installations using different sets of
installation answers, rename then repeat this procedure.
For more details on installation, see The Setup Program, which begins on page
26.
install.inf to a more descriptive name and
To Perform a Silent Installation
1. Make any necessary changes to the file(s) containing your installation answers.
2. Copy the installation answer file(s) to the directory containing the Setup
program.
3. From the system prompt, run the Setup program by typing setup -s -f
filename.
The -s flag instructs the Setup program to perform a silent installation. The -f flag tells the Setup program to use the answer file specified by filename.
On UNIX, Silent Installation outputs some status messages and alerts. Complete status information is written to the destination directory that you indicate during installation.
setup/setup.log file which is contained in the
On Windows NT, Silent Installation does not produce any status messages or alerts. All status information is written to the contained in the destination directory that you indicate during installation.
For detailed information on how a particular server uses Silent Installation, see that servers documentation.
Uninstallation
If you are no longer using a Netscape server, you can uninstall it. Uninstallation completely removes a server from your computer. The server will not be accessible and you will lose all settings.
Uninstalling a Netscape Server
The following procedures show you how to uninstall a Netscape server on UNIX and Windows NT.
36 Managing Servers with Netscape Console December 2001
setup/setup.log file which is
To Uninstall a Netscape Server on UNIX
1. In the server root, type uninstall.
The first uninstallation screen appears.
2. Proceed through the uninstallation process. Here are the prompts you
encounter with instructions about what to do. Depending on the selections you make, you may see additional prompts:
Select the components you wish to uninstall Select the components to uninstall or press Enter (for All) to remove all listed software.
Configuration Admin ID or DN Enter the user ID or distinguished name of the administrator who is currently authorized to access the configuration directory.
Password Enter the password for the user specified by the Configuration Admin ID or DN.
3. Press Enter.
The uninstaller removes the selected software. If the uninstaller cannot remove all files in the server root, it prints a message to the screen. To remove any remaining files, go to the server root and delete the files manually.
Uninstallation
To Uninstall a Netscape Server on Windows NT
1. Click Start, and then choose Settings > Control Panel.
2. Double-click Add/Remove Programs.
You can also run
3. In the Add/Remove Program Properties window, click the Install/Uninstall
tab.
4. Select Netscape Server Products Version 6.0, then click Remove.
5. In the Netscape Uninstall window, select the Netscape servers and
components you want to uninstall.
uninst.exe from the server root.
Chapter 2 Installing Netscape Servers and Console 37
Uninstallation
6. If you want to specify which subcomponents of your Netscape software to
remove, highlight the installed product or component name and then click the Subcomponents button.
The Select Sub-components dialog appears. Select the subcomponents that you want to remove, then click Continue.
Select the components you wish to uninstall Select the components to uninstall or press Enter (for All) to remove all listed software.
Configuration Admin ID or DN Enter the user ID or distinguished name of the administrator who is currently authorized to access the configuration directory.
7. Password Enter the password for the user specified by the Configuration
Admin ID or DN.
8. Click Uninstall.
The uninstaller removes the selected software. If the uninstaller cannot remove all files in the server root, it prints a message to the screen. To remove any remaining files, go to the server root and delete the files manually.
Silent Uninstalla tion
The Silent Uninstallation feature allows you to automatically uninstall a product without providing answers to uninstallation questions.
To Perform a Silent Uninstal lation on UNIX
From the system prompt, run the uninstallation program in silent mode by typing
If the uninstallation program cannot contact the instance of Directory Server containing the configuration information for the product you are trying to uninstall, uninstallation will fail. In this case, no product files or configuration information will be removed. If you want the uninstallation program to remove the local product files regardless of whether it can contact the instance of Directory Server containing configuration information, run the uninstallation program by typing
While it removes files, the uninstallation program outputs some status messages and alerts. When uninstallation is finished, you are returned to the system prompt.
38 Managing Servers with Netscape Console December 2001
uninstall -s.
uninstall -s -force.
Uninstallation
To Perform a Silent Uninstallation on Windows NT
From the system prompt, run the uninstallation program in silent mode by typing
If the uninstallation program cannot contact the instance of Directory Server containing the configuration information for the product you are trying to uninstall, uninstallation will fail. In this case, no product files or configuration information will be removed. If you want the uninstallation program to remove the local product files regardless of whether it can contact the instance of Directory Server containing configuration information, run the uninstallation program by typing
The uninstallation program does not produce any status messages or alerts. All status information is written to the uninstallation log file which is contained in your systems temporary directory (for example,
uninst -s.
uninstall -s -force.
C:\TEMP).
Chapter 2 Installing Netscape Servers and Console 39
Uninstallation
40 Managing Servers with Netscape Console December 2001

Netscape Console Basics

Chapter 3, Using Netscape Console
Chapter 4, Servers in Netscape Console
Chapter 5, User and Group Administration
Part 2
41
42 Managing Servers with Netscape Console December 2001
Chapter 3

Using Netscape Console

This chapter shows you how to log in to, customize, and use Netscape Console. It contains the following sections:
Starting Netscape Console and Logging In
A Tour of Netscape Console
Customizing Netscape Console
Administration Express

Starting Netscape Console and Logging In

Netscape Console is a stand-alone Java application that works in conjunction with an instance of Directory Server and an instance of Administration Server on your network. Typically, you log in to Netscape Console using your own user name and password. If the instance of Administration Server that youre logging in to requires client authentication, you will be prompted to present a client certificate. This certificate is used to create a secure channel of communication between Netscape Console and the instance of Administration Server.
Starting Netscape Console
The following procedures tell you how to start Netscape Console.
To Start Netscape Console on UNIX
In the server root, enter startconsole [arguments] where arguments are any of the optional command-line arguments listed in Table 3-1.
43
Starting Netscape Console and Logging In
To Start Netscape Console on Windows NT
Click Start, and then choose Programs > Netscape Server Program Group > Netscape Console Version 6.0.
You can also start Netscape Console in two additional ways:
Double-click the startconsole icon in your server root. Enter startconsole [arguments] on the command line. For
arguments, you can specify any of the arguments listed in Table 3-1.
Table 3-1 Arguments for startconsole
Argument What it Does
-a adminURL Specifies a base URL for the instance of Administration Server that
-f fileName Captures errors and system messages to fileName.
you want to log in to.
For example, to log in to http://eastcoast.example.com:987, you would enter the following:
startconsole -a http://eastcoast.example.com:987
For example, to capture all errors and messages to a file called
system.out, you would enter the following: startconsole -f system.out
-h Prints out the help message for startconsole.
-l languageCode Specifies which language this version of Netscape Console should
use. Possible values for languageCode are en, fr, and ja.
For example, to start Netscape Console in French, you would enter the following:
startconsole -l fr
-u userID Specifies the user ID to log in to Netscape Console with.
For example, to start Netscape Console and log in with the user ID
bjensen, you would enter the following: startconsole -u bjensen
44 Managing Servers with Netscape Console December 2001
Starting Netscape Console and Logging In
Table 3-1 Arguments for startconsole
Argument What it Does
-w password Specifies the password for the user entered with the -u argument.
For example, to start Netscape Console and log in with the user ID bjensen and password super15243, you would enter the following:
startconsole -u bjensen -w super15243
-x extraOptions Specifies that you want to use extra options. Possible values for extraOptions are nowinpos and nologo. If
you specify the nologo option, the Netscape Console splash screen will not be displayed. If you specify the nowinpos option, the Netscape Console window will be placed in the upper left-hand corner of the screen. To specify both options, separate them with a comma.
For example, to start Netscape Console in the upper left-hand corner of the screen and without a splash screen, you would enter the following:
startconsole -x nologo, nowinpos
Logging in to Netscape Console With a User Name and Password
The following procedure tells you how to log in to Netscape Console with just a user name and password. If you are logging in to an instance of Administration Server that requires you to present a client certificate, see Logging in to Netscape Console Using Client Authentication,” which begins on page 46.
To Log in to Netscape Console With a User Name and Password
1. Start Netscape Console.
For more information, see To Start Netscape Console on UNIX on page 43 and To Start Netscape Console on Windows NT on page 44.
Chapter 3 Using Netscape Console 45
Starting Netscape Console and Logging In
2. In the Netscape Console Login dialog box, enter your user name, password,
and the URL for the instance of Administration Server you want to access.
When specifying an Administration Server URL, you can use a hostname (such
eastcoast.example.com:8943) or IP address (such as 199.99.9.1:4434)
as You do not need to include you must include the Administration Server port number.
3. Click OK.
The user name and password you use to log in determine which servers and server operations you can access through Netscape Console. See Overview of Access Control on page 167 for more information.
http:// or use a fully qualified domain name, but
TIP Netscape Console remembers the last five Administration URLs that
you entered. To use one of these URLs, select it from the drop-down list in the Administration URL field.
Logging in to Netscape Console Using Client Authentication
When logging in to an instance of Administration Server that has been configured to require client authentication, you enter your user name and password, and then present a client certificate. This certificate is used by the instance of Administration Server to establish a secure connection with Netscape Console. For more information on this process, known as the Secure Sockets Layer (SSL) handshake, see Appendix C, Introduction to SSL.
46 Managing Servers with Netscape Console December 2001
Starting Netscape Console and Logging In
The client certificates that Netscape Console presents to an instance of Administration Server are stored in a copy of your Netscape Communicator certificate database. Depending on which types of certificates the instance of Administration Server is configured to accept, you may be able to use an existing certificate from Communicator or you may need to request a new one. You must use Communicator to request and install client certificates.
This section tells you how to do the following:
Request and install a new client certificate
Make your client certificate available to Netscape Console
Establish a secure connection with an instance of Administration Server
For more information on configuring an instance of Administration Server to require client authentication, see Chapter 10, Using SSL and TLS with Netscape Servers, which begins on page 179.
To Request and Install a New Client Certificate
1. Go to the web site for a certificate authority (CA) that is trusted by the instance
of Administration Server that you want to establish a secure connection with.
2. Follow the CAs instructions to request and install a client certificate.
NOTE If you already have a client certificate that is acceptable to the
instance of Administration Server that you want to log in to, you do not need to request and install a new certificate.
To Make Your Client Certificate Available to Netscape Console on UNIX
1. From the system prompt, go to the .netscape subdirectory of your home
directory. For example,
2. Copy the key3.db, cert7.db, and secmodule.db files to the .mcc subdirectory
of your home directory.
These are the certificate database files that Netscape Console uses during client authentication. These files are only used by Netscape Console. Administration Server creates and uses its own certificate database files.
/u/bjensen/.netscape.
Chapter 3 Using Netscape Console 47
Starting Netscape Console and Logging In
To Make Your Client Certificate Available to Netscape Console on Windows NT
1. Open the folder containing Netscape Communicator. For example,
C:\Program Files\Netscape.
2. Open the Users folder and then open your specific user folder. For example,
BJensen (C:\Program Files\Netscape\Users\BJensen).
3. Copy the key3.db, cert7.db, and secmod.db files from your user folder to the
C:\WINNT\Profiles\your_user_ID\.mcc folder, where your_user_ID is
the ID that you use to log in to Windows NT.
These are the certificate database files that Netscape Console uses during client authentication. These files are only used by Netscape Console. Administration Server creates and uses its own certificate database files.
To Establish a Secure Connec tion With an Instan ce of Administra tion Server
1. Start Netscape Console.
For more information, see To Start Netscape Console on UNIX on page 43 and To Start Netscape Console on Windows NT on page 44.
2. In the Netscape Console Login dialog box, enter your user name, password,
and the URL for the secure instance of Administration Server you want to access.
When specifying an Administration Server URL, you can use a hostname (such
eastcoast.example.com:8943) or IP address (such as 199.99.9.1:4434).
as Make sure to include
https:// and the Administration Server port number in
the URL.
48 Managing Servers with Netscape Console December 2001
3. Click OK.
The user name and password you use to log in determine which servers and server operations you can access through Netscape Console. See Overview of Access Control on page 167 for more information.
4. In the Password Entry dialog box, enter the password for Netscape Console’s
certificate database (this is the same as the password for your Netscape Communicator certificate database), and then click OK.
5. In the Select a Certificate” dialog box, select your client certificate from the
drop-down list, and then click OK.
Netscape Console presents this certificate to the instance of Administration Server. If the instance of Administration Server is configured to accept certificates from your CA, your user name and password will be authenticated, and you will see the main Netscape Console interface. Otherwise, you will be prompted to select a different certificate.

A Tour of Netscape Console

A Tour of Netscape Console
After you log in to an Administration Server, you see the main Netscape Console interface. This section introduces the graphical elements of this interface and explains the basic concepts you need to understand before managing Netscape servers with Netscape Console.
Netscape Console Menus
The main Netscape Console window (shown in Figure 3-1 on page 50) has five menus: Console, Edit, View, Object, and Help. Table 3-2 summarizes what these menus are used for.
Table 3-2 Netscape Consoles Menus and What You Can Do With Them
Menu What It Lets You Do
Console Add and remove items from the navigation tree.
Edit Set general Netscape Console preferences.
View Change the appearance of the main Netscape Console
window.
Chapter 3 Using Netscape Console 49
A Tour of Netscape Console
Table 3-2 Netscape Consoles Menus and What You Can Do With Them (Continued)
Menu What It Lets You Do
Object Perform tasks related to resources such as administration
domains, server groups, and servers.
Help Obtain online assistance while using Netscape Console.
Other Netscape products may have additional menus or use these menus differently. For more information, see the documentation for each product.
Figure 3-1 The Servers and Applications Tab of the Main Netscape Console Window
50 Managing Servers with Netscape Console December 2001
A Tour of Netscape Console
Netscape Console Tabs
The main Netscape Console window (shown in Figure 3-1) has two tabs: “Servers and Applications and Users and Groups. The Servers and Applications tab contains a navigation tree and an information panel. The Users and Groups tab has an interface that you can use to manage entries in the user directory. The Users and Groups tab is discussed in Chapter 5, User and Group Administration.
The Servers and Applications Tab
The Servers and Applications tab consists of a navigation tree and an information panel. The navigation tree represents a Netscape topology. A topology is a hierarchical representation of all the resources, or objects (such as servers, applications, and hosts), that are registered in a configuration directory. You use the navigation tree to navigate to the resource you want to work with.
One type of resource in a topology is an administration domain. An administration domain is a collection of host systems and servers that share the same user directory.
A number of server groups can exist within an administration domain. A server group consists of all servers that are managed by a common instance of Administration Server and that share a server root folder. The individual servers in a server group are instances of server software that provide specific services such as directory database services, messaging, and publishing.
Figure 3-1 shows a sample navigation tree. In this example, the administration domain includes three hosts. The have Messaging Server groups while the group. If the administration domain grows, an administrator can install additional server groups on these hosts. To expand a section of the navigation tree, click the plus (+) signs. To collapse a section of the tree, click the minus (-) sign.
On the right-hand side of the Servers and Applications tab is the information panel. When you select an administration domain, host, server group, or server instance in the navigation tree, this panel displays detailed information about it. Depending on the selected resource, you can edit all or some of these details.
For information on modifying administration domain settings, see To Modify an Administration Domain on page 53. For information on modifying host, server group, and instance information, see Modifying Host, Server Group, and Instance Information on page 75.
westcoast host contains a web server
eastcoast and midwest hosts
Chapter 3 Using Netscape Console 51
example.com
A Tour of Netscape Console
The Administrati on Domain
An administration domain is a group of Netscape servers that share a user directory for data management and authentication. A company might want to create separate administration domains for each of its business sites. Each of these domains could include the host computers used only by that business site.
Before you can create a new administration domain, you must be a member of the Configuration Administrators group. If you are not a member of this group, you must ask your Configuration Administrator to add you to it. For instructions on adding a user to the Configuration Administrators group, see To Add Users to the Configuration Administrators Group on page 100.
To Create an Administration Domain
1. Open Netscape Console.
2. From the Console menu, choose Create Administration Domain.
3. In the Create Administration Domain dialog box, enter domain information:
Domain Name. Enter a name that helps you identify this domain. This can be a fully qualified domain name such as
example.com or a descriptive title such as
East Coast Sales.
User Directory Host. Specify the host machine on which the user directory for this domain is located. Use the fully qualified domain name. For example,
east.example.com.
User Directory Port. Enter the port number for the user directory you specified above.
Secure Connection. Check this box if you want to connect to the user directory using SSL. If you select this option, make sure that the user directory port youve entered is already enabled for SSL communication.
Directory Subtree. Enter the base DN of the user subtree in the directory. Example:
o=example.com
Bind DN. Enter the distinguished name for a user who has full access permission to the user directory. Example:
o=example.com
.
Bind Password. Enter the password for the user specified by the Bind DN.
Owner DN. Enter the distinguished name for the user who has administrative
control over this domain. By default, your DN is entered.
52 Managing Servers with Netscape Console December 2001
uid=jdoe, ou=people,
A Tour of Netscape Console
4. Click OK.
If youve made a change to the User Directory option or the Secure Connection option, you must restart the server for the change to take effect.
To Modify an Administration Domain
1. In the Netscape Console navigation tree, select the domain you want to
modify, then click the Edit button in the server information section of Netscape Console.
2. Modify domain information as necessary:
Domain Name. Enter the name of the domain as you want it to appear in the navigation tree.
Description (Optional). Enter a text string that helps you identify this domain.
User Directory Host and Port. Specify the location of the user directory using
the host computers fully qualified domain name and port number. You can enter more than one user directory location separated by spaces. This is useful when you use multiple directories to allow users to log in if a primary Directory Server is inaccessible. Example:
east.example.com:389 west.example.com:393
See User Authentication and Directory Failover Support on page 128 for more information.
All host computers specified in the User Directory Host and Port field must have the same settings for the following fields:
Secure Connection. Check this box if the new user directory port is already enabled for SSL communication.
User Directory Subtree. Enter the base DN of the user information in the new user directory. Example:
o=example.com
Bind DN. Enter the distinguished name for a user who has full access permission to the new user directory. Example:
o=example.com
.
uid=jdoe, ou=people,
Bind Password. Enter the password for the user specified by the Bind DN.
CAUTION These settings affect all servers in the domain. If you make changes
here, you must restart all servers in the domain.
Chapter 3 Using Netscape Console 53

Customizing Netscape Console

3. Click OK.
To Remove an Administration Domain
1. Open Netscape Console.
2. Remove all server instances from the administration domain that you want to
remove.
For more information on removing server instances, see Removing a Server Instance on page 76.
3. Select the administration domain that you want to remove.
4. From the Console menu, choose Remove Administration Domain.
5. Click OK.
Customizing Netscape Console
This section tells you how to specify where to store display settings as well as how to change Netscape Consoles appearance to meet your specific needs. It explains the following:
How to specify where Netscape Console should store your display preferences
How to specify which fonts Netscape Console should use for onscreen
elements
How to create custom views of the navigation tree
How to change the width and position of columns in tables.
In addition, you can change Netscape Consoles appearance by applying access control instructions to user interface elements. This procedure is discussed in Chapter 9, Access Control.
54 Managing Servers with Netscape Console December 2001
Customizing Netscape Console
Storing Display Settings
When you exit Netscape Console, any display changes youve made during the session are saved. This includes changes to window size or position; banner bar, status bar, or navigation tree visibility; and fonts.
You can store these display settings on the network or on your local disk to suit your needs. If, at any time, you want the settings reset to what they were when you installed Netscape Console, you can do so.
To Change Where Display Settings are Stored
1. In Netscape Console, from the Edit menu, choose Preferences.
2. Click the Settings tab.
3. Specify where you want to save your display settings:
In your configuration directory. Select this option if you want to be able to use your settings no matter where you are when you log in to Netscape Console. This option is useful if you frequently “roam” between a number of similar workstations at your business site. No matter what workstation youre using, when you log in to Netscape Console you can use your preset display preferences.
On your computer’s hard disk. Select this option if you want to be able to use different display settings depending upon the individual workstation you’re using. This option is useful when you use one workstation at work and a dissimilar system, such as a laptop computer, at home. The settings for the workstation are stored and used on the workstation. The settings for the laptop are stored and used on the laptop.
4. Click OK.
To Reset Display Settings to Their Default Values
1. In Netscape Console, from the Edit menu, choose Preferences.
2. Click the Settings tab.
3. Click the Restore Defaults button to revert to the default display settings.
4. Click OK.
Chapter 3 Using Netscape Console 55
Customizing Netscape Console
Setting Display Fonts
You can specify which fonts Netscape Console should use for different screen elements. If you use more than one computer system to administer servers, you can save different sets of font preferences, or profiles, for use on each system.
To Create a Font Profile
1. In the main Netscape Console window, from the Edit menu, choose
2. Click the Fonts tab.
3. Click Save As, enter a name for this profile, and then click OK.
4. In the Screen Element column, click a screen element that you want to change
5. Click Change Font.
Preferences.
the font for.
The Font column contains samples of the fonts that are currently associated with the listed screen elements.
The Select Font dialog box appears.
6. In the Select Font dialog box, make your font selections:
Font. Choose the font face you want to use for this element.
Size. Choose a size for the selected font face.
Bold. Select this option to display the font in bold.
Italic. Select this option to display the font in italics.
Sample. This frame displays sample type using the current settings.
7. Click OK to close the Select Font dialog box.
8. If you want to set fonts for additional screen elements, repeat steps 4 through 7.
9. Click OK to save the profile.
56 Managing Servers with Netscape Console December 2001
Customizing Netscape Console
To Edit an Existing Font Profile
1. In the main Netscape Console window, from the Edit menu, choose
Preferences.
2. Click the Fonts tab.
3. Select the font profile to edit.
From the Font Profile drop-down list, choose a profile. If the list is grayed out, no profiles are available.
4. Make the desired changes to the font profile.
5. Click OK to save the profile.
To Rename a Font Profile
1. In the main Netscape Console window, from the Edit menu, choose
Preferences.
2. Click the Fonts tab.
3. Select the font profile to rename.
From the Font Profile drop-down list, choose a profile. If the list is grayed out, no profiles are available.
4. Click Save As, enter the new name for this profile, and then click OK.
A new profile with the name you specified appears in the Font Profile drop-down list. The original profile is still listed.
5. From the Font Profile drop-down list, select the original font profile.
6. Click Remove, and then confirm the deletion.
7. Click OK to save the renamed profile.
Chapter 3 Using Netscape Console 57
Customizing Netscape Console
To Use a Font Profile
1. In the main Netscape Console window, from the Edit menu, choose
2. Click the Fonts tab.
3. Select the font profile to use.
4. Click OK.
To Remove a Font Profile
1. In the main Netscape Console window, from the Edit menu, choose
2. Click the Fonts tab.
3. Select the font profile to remove.
Preferences.
From the Font Profile drop-down list, choose a profile. If the list is grayed out, no profiles are available.
Preferences.
From the Font Profile drop-down list, choose a profile. If the list is grayed out, no profiles are available.
4. Click Remove, and then confirm the deletion.
5. Click OK.
58 Managing Servers with Netscape Console December 2001
Customizing the Main Window
You can specify which elements of the main Netscape Console window you want to see.
To Customize the Ma in Window
Select or deselect items in the View menu.
Selecting a menu item displays it and deselecting an item hides it. You can show or hide the following screen elements:
Banner Bar
Status Bar
Tree
Figure 3-2 The Banner Bar, Navigation Tree, and Status Bar
Customizing Netscape Console
Chapter 3 Using Netscape Console 59
Customizing Netscape Console
Customizing Tables
Some Netscape Console tasks, such as setting display fonts, use tables. You can change the position and adjust the width of columns in these tables.
To Change Column Position in a Table
Drag each column head into the desired position.
Figure 3-3 Changing the Position of a Column
See Figure 3-3 for an example.
When you release the mouse button, the column will snap into its new position.
60 Managing Servers with Netscape Console December 2001
To Change the Width of Columns in a Table
1. Position the pointer over a boundary of a column head.
It turns into a double arrow, as shown in Figure 3-4.
2. Drag the boundary to change the width of the column.
Figure 3-4 Resizing a Column
Customizing Netscape Console
Creating Custom Views of the Navigation Tree
You can create custom views of the navigation tree. Custom views are useful when you want to see the resources that you access routinely, and hide resources that you access infrequently.
When creating a custom view, you can specify whether the view is public or private. A public view is visible to any user who logs in to Netscape Console. A private view is visible only to the person who created it.
To Create a Custom Vi ew of the Navigati on Tree
1. From the View menu, choose Custom View Configuration, then click New.
Chapter 3 Using Netscape Console 61
Customizing Netscape Console
2. Choose whether the new view will be public or private, then click OK.
3. In the Edit View window, position your cursor in the text field and enter a
4. Select a resource from the Default View navigation tree on the left. Click Copy
5. Click OK when you have finished adding resources.
In the example that follows, an administrator has created a view named Messaging Servers that includes instances of Netscape Messaging Server and their hosts.
By default, a public view is visible to all users of Netscape Console, but you can restrict access to it using access control instructions (ACIs). For more information, see To Set Access Permissions for a Public View.
A private view is only visible to you. You cannot apply ACIs to it.
descriptive name for this Custom View.
to include it in your Custom View navigation tree on the right.
If you need to remove a resource from the new tree, select it and click Remove.
You can select a range of resources by clicking the first item and then pressing Shift while clicking the last item. You can select multiple resources by pressing Control while clicking each item.
62 Managing Servers with Netscape Console December 2001
Customizing Netscape Console
Working with Custom Views
You can use multiple views to suit your needs. The administrator who created the view shown in the preceding example might also have views called Directory Servers and Enterprise Servers. The administrator can switch to the Custom View needed for a specific task or choose Default View to see all the servers in the navigation tree.
When you install Netscape Console, a Custom View called Server View is configured for you. This view displays server instances grouped by type; it does not include administration domains, hosts, or server groups.
To Switch to a Custom View
Choose the desired custom view from the drop-down list on the Servers and
Applications tab. To return to the default view, choose Default View from the drop-down list.
Figure 3-5 Switching to a Custom View
To Edit a Custom View
1. From the View menu, choose Custom View Configuration.
2. Select a Custom View from the list and click Edit.
3. Make any necessary changes to the Custom View.
4. Click OK.
Chapter 3 Using Netscape Console 63
Customizing Netscape Console
To Rename a Custom View
1. From the View menu, choose Custom View Configuration.
2. Choose a Custom View from the list and click Edit.
3. In the Edit View window, position the cursor in the text field, then type the
4. Click OK.
To Set Access Permissions for a Public View
1. From the View menu, choose Custom View Configuration.
2. Choose a public Custom View from the list and click Access.
3. Specify the ACI you want to use, or create a new ACI:
new name for your Custom View.
If you want to use an existing Access Control Instruction (ACI), select it
and click OK.
If you want to create a new ACI, click New, and then follow the directions
for creating a new ACI under Using the ACI Manager and ACI Editor beginning on page 172.
4. Click OK when you have finished setting access permissions.
For more information on setting Access Permissions and creating Access Control Instructions, see Chapter 9, “Access Control.”
To Delete a Custom View
1. From the View menu, choose Custom View Configuration.
2. Choose a Custom View from the list and click Delete.
3. Click Yes to confirm the deletion.
64 Managing Servers with Netscape Console December 2001

Administration Express

The Administration Express page is an HTML-based version of Netscape Console that provides quick access to servers running Administration Server 4.2 or later. In the Administration Express page, you can perform four administration tasks:
Starting servers (except stopped instances of Administration Server, which
must be started from the command line)
Stopping servers
Viewing basic server information, such as name, description, and installation
folder.
Viewing logs
Keep the following in mind when you use the Administration Express page:
Before you can use Administration Express to manage a server, you must
upgrade its Administration Server to version 4.2 or later. If you try to use Administration Express with a server using a pre-4.2 version of Administration Server, youll get the message Status Unknown.
If you turn off the instance of Administration Server that you used to log in to
Administration Express, you will no longer be able to use that Administration Express page. If this happens, log in again using a different Administration Server URL.
Administration Express
Accessing Administration Express
The Administration Express page is accessed through a browser.
To Open Administration Express
1. Open version 3.0 or later of either Netscape Navigator or Microsoft Internet
Explorer, and enter the qualified host name and port number for the instance of Administration Server that you want to access.
Example:
In the Administration page, under Services for Administrators, click Netscape
2.
Administration Express.
eastcoast.example.com:26751
Chapter 3 Using Netscape Console 65
Administration Express
3. If prompted, enter your user name and password in the dialog box, then click
OK.
If the instance of Administration Server that you are logging in to uses SSL, you may be prompted to confirm the acceptability of the instances certificate. Additionally, if the server instance is configured to require client authentication, you may be prompted to present a client certificate. Typically, accepting server certificates involves clicking through several dialog boxes while presenting a client certificate involves making a selection from a drop-down list. If you need more information on accepting server certificates and presenting client certificates, see your browser documentation.
Once authentication is complete, you will see the main Administration Express screen:
Figure 3-6 The Administration Express Page and How to Use It
66 Managing Servers with Netscape Console December 2001
Administration Express
Using Administrati on Express
From the main Administration Express screen, you can start and stop server instances, view basic server information, and view access and error logs.
To Start or Stop a Server Instance from Administration Express
1. In the row containing the server instance that you want to start or stop, click
On to start the server instance or Off to stop it.
Keep the following in mind when starting and stopping server instances:
Before you can turn a server instance on or off, or view its log files, the instance
of Administration Server for the server group must be running.
You cannot use the Administration Express page to start a stopped instance of
Administration Server or an instance thats using SSL encryption.
UNIX
To start a stopped instance of Administration Server or an instance thats running SSL, you must always run information on starting the Administration Server, see Restarting Administration Server. on page 111.
start-admin from the command line. For more
Windows NT
To start a stopped instance of Administration Server or an instance thats running SSL, you can run information on starting the Administration Server, see Restarting Administration Server. on page 111.
start-admin or use the Services control panel. For more
To View Basic Server Information from Administration Express
In the row containing the server instance that you want to view information
about, click Server Info.
To View Access and Error Logs from Administration Express
In the row containing the server instance that you want to view the logs for,
click Logs.
Chapter 3 Using Netscape Console 67
Administration Express
Setting the Refresh Rate fo r Administration Express
You can configure Administration Express to automatically refresh its display of hosts and server instances. This is useful if you want to monitor the status of your Netscape servers and applications at regular intervals.
To Set the Refresh Rate for Administration Express
1. In a text editor, open the serverRoot/admin-serv/config/adm.conf file.
2. Add the following line to adm.conf:
ExpressRefreshRate: refreshRate
where refreshRate is an integer value representing the number of seconds Administration Express should wait before refreshing its display. For example, entering refresh the display every two minutes (120 seconds).
3. Save adm.conf.
ExpressRefreshRate: 120 instructs Administration Express to
68 Managing Servers with Netscape Console December 2001

Servers in Netscape Console

This chapter explains how to perform basic server management using Netscape Console. It contains the following sections:
Working With Earlier Netscape Servers
Working with Netscape Servers

Working With Earlier Netscape Servers

Chapter 4
You can use Netscape Console to access pre-4.0 versions of Netscape servers. This section tells you how to add a pre-4.0 server to your navigation tree and how to migrate your pre-4.0 data to a newer Netscape server.
Adding a Pre-4.0 Server to the Tree
If you already have pre-4.0 versions of Netscape servers installed in your enterprise, you can access them through the Netscape Console navigation tree. This capability is useful when you want to continue using a pre-4.0 server while preparing to deploy a newer version, and you want all servers accessible in one tree.
Pre-4.0 servers that are added to the navigation tree are not integrated completely into the Netscape Console environment; you administer them through a browser as before. For example, you can add an existing instance of Netscape Messaging Server 3.0 to the navigation tree, but when you open that instance, the 3.0 Server Manager (which you use to administer the server) appears in a browser window.
69
Working With Earlier Netscape Servers
If you want to fully integrate the information from a pre-4.0 server into Netscape Console, you must upgrade the server to version 4.0 or later and then migrate your original configuration data to the new version. See Migrating from a Pre-4.0 Server to a Newer Server on page 71 for more information.
Figure 4-1 shows an example of a pre-4.0 server listed in the Netscape Console navigation tree and managed from a browser.
Figure 4-1 A Pre-4.0 Server Listed in the Navigation Tree and Managed From a Browser
70 Managing Servers with Netscape Console December 2001
Working With Earlier Netscape Servers
To Add a Pre-4.0 Server to the Navigation Tree
1. Open Netscape Console and choose Add Pre-4.0 Server from the Console
menu.
2. In the Add Pre-4.0 Server window, enter information for the server you want
to add to the navigation tree.
Administration Server URL. Enter the host name and port number of the instance of Administration Server that you use to manage the pre-4.0 server. For example:
Server Administrator ID. Enter the user name of the administrator who manages the pre-4.0 instance of Administration Server.
Password. Enter the password for the administrator who manages the pre-4.0 instance of Administration Server.
Target Administration Domain. From the drop-down list, select the administration domain that you want to add the pre-4.0 server to.
3. Click OK.
The Server List window appears. This window lists all server instances that use the instance of Administration Server entered in step 2.
http://superserver.example.com:495.
4. In the Server List window, deselect servers that you do not want to add to the
navigation tree.
By default, all servers in the server root are selected for addition to the tree.
5. Click OK.
Migrating from a Pre-4.0 Server to a Newer Server
When you migrate pre-4.0 configuration settings, you copy them to a 4.0 or later server installed in a different server root. The old and new servers can co-exist on the same host system because they are installed in different server roots.
Typically, migrating the configuration settings takes less time than manually configuring a new server. It also ensures that you maintain settings that are identical to those that worked for you with the older version.
Chapter 4 Servers in Netscape Console 71
Working With Earlier Netscape Servers
For example, if youre already using Netscape Messaging Server version 3.0, you can install Messaging Server 4.0 in a different server root. You can then migrate the
3.0 server settings to the 4.0 server. Once youre certain that the configuration settings work in the new server environment, you can safely uninstall your pre-4.0 server.
NOTE If you use the same port number for both a pre-4.0 and newer
To Migrate from a Pre-4.0 Server to a Newer Version
1. Stop the pre-4.0 server.
2. Install the new version of the server software. When prompted, specify a server
root that is different from the pre-4.0 server root.
3. Start Netscape Console and select the server group that contains the new
server.
This group becomes the target group.
server, you cannot run the two servers at the same time. Before starting the newer server, turn off the pre-4.0 server. Before starting the pre-4.0 server, turn off the newer server.
4. Make sure the target groups instance of Administration Server is turned on
and that you have the access privileges you need to configure a new server.
5. From the Object menu, choose Migrate Server Config.
6. In the Migrate Server Configuration window, enter the absolute path to the
pre-4.0 server root folder, and then click OK.
7. In the Select Server for Migration window, check the pre-4.0 server that you
want to migrate to a newer version, and then click Migrate.
8. In the Migrate Key and Certificate window, do one of the following:
If the pre-4.0 server uses SSL, provide the key password you used when
you installed its SSL certificate, then click Migrate.
If the pre-4.0 server does not use SSL, click Cancel.
9. Restart the target groups instance of Administration Server.
72 Managing Servers with Netscape Console December 2001

Working with Netscape Servers

You can perform a number of basic server tasks with Netscape Console. This section contains the following procedures:
Opening a server management window
Creating a new server instance
Cloning a Netscape server
Removing a Netscape server instance
Uninstalling a Netscape server
Opening a Server Management Window
Each Netscape server has its own set of tasks and configuration settings. You can access these by opening a server management window.
To Open a Netscape Server Management Window
1. In Netscape Console, click the Servers and Applications tab to see the
navigation tree on the left and server information on the right.
Working with Netscape Servers
2. In the navigation tree, click a server to select it.
3. In the information panel on the right-hand side of the window, click Open.
You can also open a server management window by double-clicking its icon in the navigation tree.
Each Netscape server has specialized tabs for setting configurations or viewing server-specific information. For detailed information about a specific tab, see your servers documentation.
Chapter 4 Servers in Netscape Console 73
Working with Netscape Servers
Figure 4-2 is an example of a server management window.
Figure 4-2 A Netscape Server Management Window
Creating a New Server Instance
Once you have one instance of a server installed in a server root, you can create additional instances in the same server root. Having multiple instances in a single server root is useful for testing and for when one host is used for multiple purposes.
For example, a company’s Human Resources and Finance departments each need a web server. Because each department has limited publishing requirements, one host can serve both departments needs. The administrator installs the web server software once, creating one instance of the server, and then creates a second instance. One instance is for the Human Resources department and the other is for the Finance department. Only one instance can run on the default web server port (80); the administrator must assign a different port number to the other instance.
74 Managing Servers with Netscape Console December 2001
Working with Netscape Servers
NOTE You cannot create two instances of Administration Server in one
server root.
To Create a New Server Instance
1. In Netscape Console, select the server group that will contain the new server
instance.
2. From the Object menu, select Create Instance Of.
3. In the Select Server window, select the server that you want to create a new
instance of.
4. Click OK.
Modifying Host, Server Group, and Instance Information
You can edit some of the host, server group, and instance information that Netscape Console displays in the information panel. This is useful when you want to add detailed descriptions of the different installations in your organization.
To Modify Host, Server Group, and Instance Information
1. In the Netscape Console navigation tree, select the host, server group, or
instance for which you want to modify information.
2. In the information panel, click Edit.
3. Edit information for the following fields:
Host/Group/Server Name. Enter a descriptive name for this host, server group, or instance. Examples:
Midwest ES10000 East Coast Sales Servers West Coast Messaging Server No. 3 (P-Z).
Description. Enter a detailed description of this server group or instance. Examples:
Midwestern team’s Sun ES10000.
Chapter 4 Servers in Netscape Console 75
Working with Netscape Servers
4. Click OK.
Cloning a Server
Cloning allows you to copy one servers configuration settings to other servers of the same type.
To Clone Server Set tings to Another Server
1. In the Netscape Console navigation tree, select a reference server, the server
2. From the Object menu, choose Clone Server.
The server group containing the East Coast Sales teams
instances of Messaging Server and Certificate Management System
The West Coast Messaging Server for users with last names
beginning with P through Z.
Location. (Host only) Enter a description of this hosts location. Example:
Building 17, 3rd floor, Lab 1749.
that has the settings you want to replicate on other servers of the same type.
3. In the Select Target Servers for Cloning window, select the servers that you
want to copy the reference servers settings to.
4. Click OK.
Removing a Server Instance
You can remove an instance of any server, other than Administration Server, from the navigation tree. Removing a server instance is useful when you no longer need to manage a particular server instance, but want to continue creating or using servers of the same type. When you remove an instance, all configuration settings for that instance are deleted.
To Remove a Server Instance
1. In the navigation tree, select the server instance you want to remove.
2. From the Object menu, choose Remove Server.
76 Managing Servers with Netscape Console December 2001
Working with Netscape Servers
Uninstalling a Netscape Server
If you no longer want to create or use any instances of a particular server, you can uninstall the server. This is different from removing a server instance since all program files will be deleted. For more information on uninstallation, see Uninstallation on page 36.
Merging Configuration Data from Two Directory Servers
You can use Netscape Consoles Merge Configuration Directory utility to merge the contents of two configuration directories. During a merge operation, the contents of a server group in one configuration directory are copied into a new server group in another configuration directory. No files are transferred during a Merge Configuration Directory operation; the destination configuration directory is simply updated to include information from the source.
The Merge Configuration Directory utility is useful if you’ve installed and deployed a number of Netscape servers, and now find it necessary to merge new data into an existing configuration directory.
For example, you may wish to test out a new product before deployment. Rather than make major changes to an existing configuration directory, you can try the product with a pilot instance of Directory Server, using just the new data required to configure the pilot.
This way, you can make adjustments to the new instances configuration without impacting other server instances or the existing directory. Once youre satisfied with the settings in the pilot configuration directory, you can merge its configuration data into the configuration directory thats already deployed.
When merging configuration information, you copy from a source to a destination. In the example just described, the source is the pilot Directory Server with the new configuration data, and the destination is the existing Directory Server with current configuration data.
Figure 4-3 shows what two configuration directories might contain before you merge them.
Chapter 4 Servers in Netscape Console 77
Working with Netscape Servers
Figure 4-3 Two Configuration Directories and the Servers They Have Settings For,
Before Using the Merge Configuration Directory Utility
Figure 4-4 shows what the same two configuration directories would contain after you merged them.
Figure 4-4 Two Configuration Directories and the Servers They Have Settings For, After
Using the Merge Configuration Directory Utility
78 Managing Servers with Netscape Console December 2001
Working with Netscape Servers
When you have finished using the Merge Configuration Directory utility, you can safely remove your source configuration directory.
CAUTION Do not remove your source configuration directory until you have
merged all data to the destination. Once you remove the source directory, all its data will be lost.
To Merge Configuration Data from Two Directory Servers
1. In the navigation tree, select the server group containing the source
configuration directory.
2. From the Object menu, choose Merge Configuration.
3. In the Merge Configuration Directory Server Information window, enter
information about the configuration directory into which you want to merge the source data:
Destination Domain. Enter the domain name for the configuration directory that you want to merge into. Example:
Destination LDAP Host. Enter the hostname for the configuration directory you specified above. Example:
eastcoast.example.com
example.com
Destination LDAP Port. Enter the port number for the existing configuration directory. Example: 389
Secure Connection. Check this box if the configuration directory uses the Secure Sockets Layer (SSL) protocol on the port specified above. Make sure that SSL is enabled on the destination configuration directory before selecting this option.
Destination LDAP Bind DN. Enter the distinguished name for a user who has access to the destination configuration directory. Example:
Jones, ou=Administration, o=Example Corporation, c=US
cn=Barbara
.
Destination LDAP Bind Password. Enter the password for the user specified by the Destination LDAP Bind DN.
After you merge the configuration directories, the affected server instances will use the destination directory you specified. If you want the instances to switch back to the original configuration directory, you must manually modify the local configuration files. See Changing the Host or Port Number on page 126 for more information.
Chapter 4 Servers in Netscape Console 79
Working with Netscape Servers
80 Managing Servers with Netscape Console December 2001
Chapter 5

User and Group Administration

Netscape Console allows you to create, locate, and manage user and group information from any system in your enterprise.
This chapter contains the following sections:
Interacting with Directory Server
Creating New Directory Entries
Modifying Existing Directory Entries
Chapter 9, Access Control shows you how to work with user and group information when setting access privileges and other security information.

Interacting with Directory Server

When you use Netscape Console to create or modify users and groups, you make changes in the user directory, a subtree of Directory Server. These changes affect all applications that use Directory Server. For information on how Netscape Console uses the data stored in the directory, see Chapter 1, Introducing Netscape Console and Administration Server.
81
Interacting with Directory Server
Using Distinguished Names
A distinguished name (DN) is a text string that identifies a specific directory branch or entry. Each user and group in your enterprise is represented in the Directory Server by a DN. Whenever you make changes to user and group information in the Directory, you use distinguished names (DNs). For example, you need to specify a DN each time you perform one of the following operations:
Create or modify directory entries
Set up access controls
Set up user accounts for applications such as mail or publishing
From the Netscape Console Users and Groups tab, you can create, select, and use directory entries.
Distinguished Names, Attributes, and Syntax
This section presents a brief summary of distinguished names, directory attributes, and syntax information. For a more detailed discussion of these concepts, see the Netscape Directory Server Administrator’s Guide.
Distinguished Na m es
A distinguished name (DN) is the string representation of an entrys name and location in an LDAP directory. A DN describes a path to a directory entry. Each DN is made up of a number of components called relative distinguished names (RDNs). Each RDN identifies a specific entry in the directory. In order to ensure that every directory entry is unique, LDAP dictates that a single parent entry cannot have two identical RDNs below it.
Customarily, a DN for a user or group contains at least three types of RDN:
A user name, user ID, or group name (identified by the
An organization name (identified by the
One or domain name components (identified by the
example.com contains two domain name components: example and com.
Other common RDNs are organizational unit (
82 Managing Servers with Netscape Console December 2001
cn keyword)
o keyword)
dc keyword). Example:
ou), state (st), and country (c).
Interacting with Directory Server
The exact composition of a DN depends on the structure of the directory. Most directories are organized by more categories than just country designations and organization names. As a result, the DNs used to identify entries are longer and contain more specific RDNs. For example, the DNs for three employees or users in the same company might look like this:
cn=Ben Hurst, ou=Operations, o=Klondike Corp, st=CA, c=US cn=Jeff Lee, ou=Marketing, o=Klondike Corp, st=CA, c=US cn=Mary Smith, ou=Sales, o=Klondike Corp, st=MN, c=US
In these examples, all three users work in different departments or organizational
ou) and for the same company or organization (o), Klondike Corp. The third
units ( user works in a different state (
st) from the first two users.
LDAP allows organizations and organizational units to contain other organizations and organizational units, allowing for the representation of complex enterprises. For example, the DN for a group within a large corporation might look like this:
cn=Technical Publications, ou=Super Server Group, ou=Server Division, o=Example Corporation, o=MegaCorp, dc=megacorp, dc=com
Table 5-1 contains a list of common RDN keywords.
Table 5-1 Common RDN Keywords Used in DNs
RDN Keyword Meaning in a DN Description
c country Country in which the user or group resides.
Examples:
c=US c=GB
cn common name or full name Full name of person or object defined by
the entry. Examples:
cn=Wally Henderson cn=Database Administrators cn=printer 3b
Chapter 5 User and Group Administration 83
Interacting with Directory Server
Table 5-1 Common RDN Keywords Used in DNs (Continued)
RDN Keyword Meaning in a DN Description
dc domain component Part of a DNS domain. This keyword is
l locality Locality in which the user or group resides.
o organization Organization to which the user or group
typically used at the top levels of a directory tree.
For example, a user in the ldap.example.com domain might have the following DN:
cn=Barbara Jones,ou=Engineering, dc=sexample, dc=com
This can be the name of a city, country, township, or other geographic regions. Examples:
l=Tucson l=Pacific Northwest l=Anoka County
belongs. Examples:
ou organizational unit Unit within an organization. Examples:
sn surname Users last name. Example:
st state or province State or province in which the user or
Keep in mind that the DNs you specify when using Netscape Console must reflect the types of data in your user directory. For information on setting up the user data in your Netscape Directory Server see the Directory Server documentation.
84 Managing Servers with Netscape Console December 2001
o=Netscape E-Commerce Solutions o=Public Power & Gas
ou=Sales ou=Manufacturing
sn=Henderson
group resides. Examples:
st=Iowa st=British Columbia
Interacting with Directory Server
Attributes
Directory attributes hold descriptive information about an entry. For example, a user entry might have attributes for a user ID, email address, given name, and password.
Table 5-2 contains a list of common user and group directory attributes.
Table 5-2 Common User and Group Directory Attributes
Attribute Keyword Attribute Name Description
givenName given name Users first name. mail email address Users or groups email
address.
streetAddress street Street number and address
of user or group defined by the entry. Example:
street=494 Rice Creek Terrace
telephoneNumber telephone Users or groups telephone
number. Example: (545) 555-1221
title title Users job title. Examples:
title=writer title=manager
uid user ID Name that uniquely
identifies the person or object defined by the entry.
userPassword password A users password.
A user entry can include many more attributes than those listed above. In addition, you can create new attributes to meet your companys needs. For more detailed information, see the Netscape Directory Server Administrators Guide.
Chapter 5 User and Group Administration 85
Interacting with Directory Server
DN and Attribute Guideli nes an d Synta x
As you create, select, and use directory entries, follow these guidelines:
Separate RDNs with a comma. If an RDN value contains a comma, enclose the part of the name that uses the comma in double-quotation marks. For example, to include the string Ace Industry, Corp in a DN, use the form
o=Ace Industry, Corp, c=US
When schema checking is turned on, attributes must match directory schema. If you are using Netscape Directory Server and schema checking is turned on, use RDN keywords and attributes that can be recognized by the Directory Server and are allowed by the entrys object classes. If schema checking is turned off, you can use all attributes, regardless of an entrys object classes. For more information on required attributes and schema checking, see the Netscape Directory Server Administrators Guide and the Netscape Directory Server Schema Reference Guide.
Specify RDNs in the same sequence or path. It is important to remember that a DN represents a path through a directory tree. If RDN keywords are not specified in the appropriate order, the Directory Server may not be able to locate an entry.
For example,
cn=Ralph Swenson, ou=Accounting, o=Ace Industry, c=US
is not the same as
cn=Ralph Swenson, o=Ace Industry, ou=Accounting, c=US
because the organizational unit (ou) and organization (o) keywords are not listed in the same order.
User IDs must be unique. If duplicate user IDs exist in your directory, users with those IDs will not be able to authenticate to the directory. Exercise caution when using the
ldapmodify command line utility to create users, since the utility does
not check for duplicate user IDs.
86 Managing Servers with Netscape Console December 2001
Interacting with Directory Server
Locating a User or Group in the Directory
You can use the Users and Groups Search function to locate directory entries. Initially, the function is set to search within the default user directory. If you do not want to use the default user directory, you can manually change to another one. See Choosing a Different Directory to Search on page 89 for more information.
Figure 5-1 The Users and Groups Tab of Netscape Console
Chapter 5 User and Group Administration 87
Interacting with Directory Server
To Locate Users or Groups in the Directory
1. In Netscape Console, click the Users and Groups tab.
2. Specify your search criteria in one of these ways:
To find specific entries, enter all or part of a user, group, or organizational unit name in the text entry box. For example, entering entries with DNs containing John Swanson while entering entries with DNs contains the word “John.”
To see all the entries currently stored in your directory, leave the Search field blank or enter an asterisk (*). Keep in mind that retrieving all entries in a large database can take a long time.
To specify more focused search criteria, click the Advanced button. In the Search users and groups dialog box, enter the following information:
Search. Specify where to perform the search by choosing Users, Groups, Users and Groups, or Administrators.
Where. First choose an RDN keyword, and then choose a search operator and term.
John Swanson returns any
John returns all
3. Click Search. Results are displayed in the list box.
88 Managing Servers with Netscape Console December 2001

Creating New Directory Entries

Choosing a Different Directory to Search
When you use the Users and Groups Search function, the URL for the default user directory appears above the text entry box (see Figure 5-1). Initially, all searches are performed in this user directory. If you need to search a different user directory, you can choose one other than the default.
To Change the Directory to Search
1. In Netscape Console, click the Users and Groups tab.
2. From the User menu, choose Change Directory.
3. In the Change Directory dialog box, provide user directory information:
User Directory Host. Enter the fully qualified host name where the user directory is installed.
User Directory Port. Enter the port number used to connect to the user directory.
Secure Connection. Check this box if the port number entered above is for use with the Secure Sockets Layer (SSL) protocol. Make sure that the port is configured to support SSL before selecting this option.
User Directory Subtree. Enter the DN of the user directory subtree to search in. For example, to search all user entries in your organization, you might enter
o=example.com. To search within the sales force, you might enter ou=sales, o=example.com
Bind DN. Enter the distinguished name of a user authorized to search entries in the user directory.
Bind Password. Enter the password for the user specified by the Bind DN.
4. Click OK.
.
Creating New Directory Entries
From the Netscape Console Users and Groups tab, you can add or modify a user, group, or organizational unit.
You can also perform these directory operations from the command line. For detailed information, see the Netscape Directory Server Administrators Guide.
Chapter 5 User and Group Administration 89
Creating New Directory Entries
Users
A user entry contains information about an individual person or resource in the directory. For example, you can create user entries for
Conference Room 25.
To Create a New User Entry in the Directory
1. In Netscape Console, click the Users and Groups tab.
2. Click the Create button and then choose User. You can also open the User
John Smith, Printer 3B, or
menu and choose Create > User.
90 Managing Servers with Netscape Console December 2001
Creating New Directory Entries
3. In the Select Organizational Unit dialog box, select the organizational unit (ou)
to which the user will belong, and then click OK.
4. In the Create User window, enter user information:
First Name. Enter the users first name.
Last Name. Enter the users last name (surname).
Common Name. This is the users full name. It is automatically generated
based on the First Name and Last Name entered above. You can edit this name as necessary.
Chapter 5 User and Group Administration 91
Creating New Directory Entries
5.
User ID. When you enter a first and last name, the user ID is automatically generated. You can replace this user ID with one of your choosing. The user ID must be unique from all other user IDs in the directory.
Password. (Optional) Enter the user’s password. Alphanumeric characters, spaces, and punctuation marks are all acceptable.
Confirm Password. If you entered the users password, enter it again to confirm.
E-Mail. (Optional) Enter the user’s email address. If the user has multiple email addresses, separate them with commas. For example:
jdoe@example.com, john.doe@example.net
Phone. (Optional) Enter the user’s telephone number. If the user has multiple telephone numbers, separate them with commas. For example:
(550)555-1212, (950)555-2121, (725)222-5151
Fax. (Optional) Enter the users fax number. If the user has multiple fax numbers, separate them with commas. For example:
555-2211, 555-1221
If you want to specify language-related information, click the Languages tab. From the drop-down list in the Languages panel, select the users preferred language, and then enter language-related information:
First Name. Enter the users first name in the selected language.
Last Name. Enter the users last name (surname) in the selected language.
Common Name. This is the users full name in the selected language. It is
automatically generated based on the First Name and Last Name entered above. You can edit this name as necessary.
Phone. Enter the user’s telephone number. If the user has multiple telephone numbers, separate them with commas. For example:
(950)555-2121, (725)222-5151
Pronunciation. If the selected language is commonly represented phonetically, additional fields are displayed. Enter the phonetic representation for the user’s first, last, and common name.
6. If you want to specify NT- or UNIX-specific attributes, click the NT User or
Posix User tab. For more information, see Specifying Windows NT and UNIX Options on page 94.
7. Click OK.
92 Managing Servers with Netscape Console December 2001
(550)555-1212,
Creating New Directory Entries
The Users Preferred Language
Sometimes a users name can be more accurately represented using a character set other than that of the default language. For example, Norikos name is Japanese, and she has indicated on her hiring forms that she prefers when Japanese characters represent her name. You can select Japanese as her preferred language so that her name will display in Japanese characters, even when a users default language is English.
To indicate a users preferred language, follow the instructions in step 5 of the section To Create a New User Entry in the Directory
beginning on page 90.
Administrators
During installation, you are asked to enter a user name and password for the Configuration Administrator, the user authorized to access and modify the entire configuration directory. The Configuration Administrator entry is stored in the directory under the following DN:
uid=userID, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot.
During installation, the Configuration Administrators user name and password are used to automatically create the Administration Server Administrator. This user can perform a limited number of tasks, such as starting, stopping, and restarting servers in a local server group. The Administration Server Administrator is created for the purpose of logging into Netscape Console when the Directory Server is not running.
The Administration Server Administrator does not have an LDAP entry; it exists only as an entity in a local configuration file stored at:
<server_root>/admin-serv/config/admpw.
Even though they are created at the same time during installation, and are identical at that time, the Configuration Administrator and Administration Server Administrator are two separate entities. If you change the user name or password for one, Netscape Console does not automatically make the same changes for the other.
For more information on modifying the Configuration and Administration Server Administrators, see Modifying Existing Directory Entries on page 106.
Chapter 5 User and Group Administration 93
Creating New Directory Entries
To Create an Administrator
1. In Netscape Console, click the Users and Groups tab.
2. Click the Create button and then choose Administrator.
3. In the Create Administrator window, enter the appropriate user information.
Specifying Windows NT and UNIX Options
You can also open the User menu and choose Create > Administrator.
The requested information is exactly the same as in the Create User dialog box, except that Password is a required field. For more information, see steps 4 through 7 of “To Create a New User Entry in the Directory” beginning on page
90.
You can enable additional user configuration panels to store Windows NT and UNIX user information in the directory. If you are using Directory Server Synchronization Services, you can use these panels to specify the options and attributes to synchronize with your operating system. There are two panels you can enable: NT User and Posix User.
By default, you must enable these panels for each individual user. If you want to enable these panels automatically for every new user, you can do so by modifying the configuration directory. Once you have enabled these panels, you can use them to set Windows NT and UNIX options and attributes.
The following procedures show you how to enable these panels and modify Windows NT and UNIX options and attributes.
94 Managing Servers with Netscape Console December 2001
Creating New Directory Entries
To Enable Windows NT and UNIX Panels for an Individual User
1. In the Create User window, click the NT User or Posix User tab.
The appropriate panel appears.
2. Enable the fields in the panel.
To enable the NT User fields, select Enable Windows NT user attributes.
To enable the Posix User fields, select Enable Posix user attributes.
To Enable Windows NT and UNIX Panels for All New Users
1. Open your Directory Server management window.
2. Click the Directory tab and click NetscapeRoot in the navigation tree.
3. Click to open your administration domain, and then click the pluses (+) to
expand GlobalPreferences > Admin > 4.0.
4. Click the defaultObjectClassesContainer folder, and then click “user in the
right-hand panel.
5. From the Object menu, choose Open.
6. Select nsdefaultobjectclass, then, from the Edit menu, choose Add Value.
A blank field appears. If you are enabling both the Windows NT and Posix/UNIX panels, choose Add Value a second time to create another blank field.
7. Enter the appropriate object class name in the field.
To enable the NT User panel, enter
posixUser.
enter
8. Click OK.
ntUser. To enable the Posix User panel,
Chapter 5 User and Group Administration 95
Creating New Directory Entries
To Set Windows NT a nd UN I X Op ti on s and Attributes for a N ew U s er
1. Follow steps 1-5 of To Create a New User Entry in the Directory beginning
2. If you want to store Windows NT-specific user information in the directory,
on page 90.
click the NT User tab, enable the fields by selecting “Enable Windows NT user attributes, and then enter the following information:
NT User ID. Enter the users NT login name.
Create New NT Account. (Optional) Check this box if you are using Directory
Servers NT Synch Service and want to add this entry to the NT user database.
Delete NT Account If Person Deleted. (Optional) Check this box if you are using Directory Servers NT Synch Service and want the delete operation to also remove this user from the NT user database. Checking this box will not delete the user. It only indicates that, if the user is deleted from the Netscape User Directory, he will also be removed from the NT user database.
Comment. (Optional) Enter a descriptive comment about this user.
User Profile Path. (Optional) Enter the path to this users profile. Use the NT
network path format. For example:
\\aphrodite\profiles\john.
Logon Script. (Optional) Enter the path to the users logon script. This path is relative to the systems logon script path. For example, if the system path is
\\aphrodite\logon, you might enter writers.bat or writers\john.cmd
depending on where you store your user scripts.
Home Drive. (Optional) Use the drop-down list to choose the drive on which this users home directory is located.
Home Directory. (Optional) Enter the path to this users home directory. Use the NT network path format or an absolute path. For example, you can enter
\\aphrodite\users\john or C:\user profiles\john.
either
Logon Server. (Optional) Enter the path to the server on which this user’s logon script is stored. Use the NT network path format.
Logon Hours. (Optional) Click to set the hours during which this user can log on.
User Workstations List. (Optional) Enter the computers from which this user can log on.
Change. (Optional) Click to change the date and time at which the user’s account expires.
96 Managing Servers with Netscape Console December 2001
Creating New Directory Entries
3. If you want to store UNIX-specific user information in the directory, click the
Posix User tab, enable the fields by selecting Enable Posix user attributes, and then enter the following information:
UID Number. Enter the users UNIX ID number.
GID Number. Enter the users UNIX group ID number.
Home Directory. Enter the path to the users home directory. For example,
/u/jdoe.
Login Shell. (Optional) Enter the path to the users login shell. For example,
/usr/local/bin/tcsh.
Gecos. (Optional) The value of this users pw_gecos entry in /etc/passwd.
4. Click OK.
Groups
A group consists of users who share a common attribute or are part of a list. For example, you might set up a group called Sales consisting of all users whose entries contain the attribute groups: static, dynamic, and certificate. Each group differs by the way in which users, or members, are added to it. The following descriptions explain this.
ou=Sales. Netscape Directory Server supports three types of
A static group consists only of users that have been added to it. It is called static because it doesnt change unless you add a user to it or delete a user from it. For example, if you create a static group called Marketing, none of the users who have the attribute
department=marketing in their entry are members of the Marketing
group until you explicitly add each one to the group.
One special static group is called the Configuration Administrators group. It is automatically created and populated when the configuration directory is installed. Members of the Configuration Administrators group have unrestricted access to the configuration directory. The group is stored in the configuration directory under the following DN:
ou=Groups, ou=TopologyManagement, o=NetscapeRoot
Initially, the Configuration Administrator is the only member of the Configuration Administrators group. If he wants to give additional users his level of administrative privilege, he can do so by adding them as members of the group. These users can access the configuration directory in the same way as the Configuration Administrator. Any member of the Configuration Administrators group can add additional members.
Chapter 5 User and Group Administration 97
Creating New Directory Entries
A dynamic group automatically includes users based on one or more attributes in their entry. For example, you can create a dynamic group called California Sales that automatically includes any entry containing the attributes
department=sales. These attributes are specified as part of an LDAP URL.
Whenever you search for members of the California Sales group, the results contain all entries located by the URL.
A certificate group includes all users who have a certificate containing a common attribute. For example, you can create a certificate group called California Western Sales whose members share these attributes: an individual user logs on to a server, if all of these attributes are found in his certificate, the user is automatically recognized as belonging to the group. If the users certificate does not contain these attributes, he is not recognized as a member of the California Western Sales group and does not receive the same access, privileges, or permissions as group members.
To Create a Static Group in the Directory
1. In Netscape Console, click the Users and Groups tab.
2. Click the Create button and then choose Group. You can also open the User
st=California and
ou=Sales, ou=West, st=CA. When
menu and choose Create > Group.
3. In the Select Organizational Unit dialog box, select the organizational unit(ou)
to which the group will belong, and then click OK.
98 Managing Servers with Netscape Console December 2001
Creating New Directory Entries
4. In the Create Group dialog box, enter group information:
Group Name. Enter a name for the group.
Description. (Optional) Enter a description to help you identify this group.
5. Create the group, or specify members for the group before creating it.
If you want to create only the group now, and add group members later, click OK and skip the rest of this procedure.
If you want to immediately add members to the group, click Members and then continue to the next step.
6. In the Members panel, click Add or Edit as appropriate, and then use the
Search dialog box to locate a user you want to add to the Members User ID list. Repeat this step until all the users you want to add to the group are displayed in the Member User ID list.
Chapter 5 User and Group Administration 99
Creating New Directory Entries
To Add Users to the Configuration Administrators Group
1. In Netscape Console, click the Users and Groups tab, and then choose
2. In the Change Directory window, indicate the location of the user directory
Change Directory from the User menu.
that contains the Configuration Administrators group:
User Directory Host. Enter the fully qualified host name where the user directory is installed.
User Directory Port. Enter the port number you want to use to connect to the user directory.
User Directory Subtree. Enter
o=NetscapeRoot to indicate where to find the
Configuration Administrators group.
Bind DN. Enter the DN of a user authorized to change entries in the user directory.
Bind Password. Enter the password of the user directory administrator.
3. Click OK.
4. Use the Search function to locate and highlight the Configuration
Administrators group, and then click Edit.
100 Managing Servers with Netscape Console December 2001
Loading...