World Wide Web
Chat
URL
merchant system
community system
Administrator’s Guide
security
server
TCP/IP
HTML
Inter
SSL
Internet
encryption
http://www
HTML
Netscape Enterprise Server
Version 4.0
806-2823-10
September 1999
Publishing
secure sockets layer
electronic commerce
Proxy
IStore
mail
JavaScript
certificate
comp.sys
directory server
Proxy
Copyright © 1999 Sun Microsystems, Inc. Some preexisting portions Copyright © 1999 Netscape Communications Corp. All
rights reserved.
Sun, Sun Microsystems, the Sun Logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States
and other countries. Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation
in the U.S. and other countries. Other Netscape logos, product names, and service names are also trademarks of Netscape
Communications Corporation, which may be registered in other countries.
Federal Acquisitions: Commercial Software — Government Users Subject to Standard License Terms and Conditions
The product described in this document is distributed under licenses restricting its use, copying, distribution, and
decompilation. No part of the product or this document may be reproduced in any form by any means without prior written
authorization of the Sun-Netscape Alliance and its licensors, if any.
THIS DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE
LEGALLY INVALID.
Netscape, Netscape Navigator, Netscape Certificate Server, Netscape DevEdge, Netscape FastTrack Server, Netscape ONE,
SuiteSpot, and the Netscape N and Ship’s Wheel logos are registered trademarks of Netscape Communications Corporation in
the United States and other countries. Other Netscape logos, product names, and service names are also trademarks of
Netscape Communications Corporation, which may be registered in other countries. Other product and brand names are
trademarks of their respective owners.
The downloading, exporting, or reexporting of Netscape software or any underlying information or technology must be in
full compliance with all United States and other applicable laws and regulations. Any provision of Netscape software or
documentation to the U.S. Government is with restricted rights as described in the license agreement accompanying Netscape
software.
The Software includes encryption software from RSA Data Security, Inc. Copyright © 1994, 1995 RSA Data Security, Inc. All
rights reserved.
Recycled and Recyclable Paper
Documentation Team: Jocelyn Becker, Rober t Fish, Ann Hillesland, Sanborn Hodges, Amanda Lee, Laila Millar, and
Alan Morgenegg
Version 4.0
Printed in the United States of America. 00 99 98 5 4 3 2 1
Contents
About This Guide ...........................................................................................21
What’s In This Guide? ..........................................................................................21
How This Guide Is Organized ............................................................................21
Part I: Server Basics ........................................................................................22
Part II: Using Enterprise Administration Server .............................................22
Part III: Configuring and Monitoring .............................................................23
Part IV: Using Programs and Objects .............................................................24
Part V: Managing Content and Access ...........................................................24
Appendixes ......................................................................................................24
Conventions Used In This Guide ........................................................................25
Using the Enterprise Server Documentation ......................................................26
Further Reading ...................................................................................................28
Contacting Technical Support .............................................................................29
Part 1 Server Basics
Chapter 1 Introduction to Enterprise Server .....................................33
Netscape Enterprise Server .................................................................................33
Enterprise Server Features ..............................................................................34
Administering and Managing Enterprise Servers ...........................................35
Netscape Enterprise Server Architecture ............................................................36
Content Engines ..............................................................................................37
Server Extensions ............................................................................................37
Runtime Environments ....................................................................................38
Application Services ........................................................................................38
How Enterprise Server is Configured .................................................................39
Enterprise Server Component Options ..........................................................39
Enterprise Server Configuration Files .............................................................40
Single-Server Configuration ............................................................................41
All Platforms ...............................................................................................41
Contents iii
Unix-Only Platforms .................................................................................. 44
Multiple-Server Configuration ........................................................................ 45
Enterprise Administration Server ........................................................................45
Server Manager ....................................................................................................46
Accessing the Server Manager ....................................................................... 47
Using the Resource Picker .............................................................................48
Wildcards Used in the Resource Picker ........................................................49
Netscape Console ................................................................................................ 50
Sending Error Information to Netscape .............................................................52
Details on Data Collected by the Quality Feedback Agent ......................... 52
Using the Quality Feedback Agent ................................................................53
Editing master.ini .......................................................................................54
Editing magnus.conf ..................................................................................54
Chapter 2 Administering Enterprise Servers .....................................57
Accessing Enterprise Administration Server ...................................................... 57
Unix Platforms ................................................................................................ 58
Windows NT Platforms .................................................................................. 58
Adding a Server: Running Multiple Servers .......................................................60
Hardware Virtual Servers ...............................................................................60
Software Virtual Servers .................................................................................60
Multiple Server Instances ...............................................................................61
Installing Multiple Instances of the Server ......................................................... 61
Removing a Server .............................................................................................. 62
Migrating a Server From a Previous Version ..................................................... 63
Part 2 Using Enterprise Administration Server
Chapter 3 Setting Administration Preferences .................................67
Shutting Down Enterprise Administration Server .............................................. 68
Changing Network Settings ................................................................................68
Changing the User Account and Password ................................................... 69
Changing the Port Number ............................................................................ 69
Changing the Superuser Settings ........................................................................ 70
Enabling Distributed Administration .................................................................. 71
iv Netscape Enterprise Server Administrator’s Guide
Configuring Secure Sockets Layer (SSL) ............................................................73
Activating SSL ..................................................................................................73
Setting Encryption Preferences ......................................................................73
Setting Stronger Ciphers ............................................................................74
Specifying Log File Options ................................................................................75
Viewing the Access Log File ..........................................................................76
Viewing the Error Log File .............................................................................77
Archiving Log Files .........................................................................................77
Using Cron Controls (Unix Only) .............................................................78
Configuring Directory Services ...........................................................................79
Restricting Server Access .....................................................................................79
Chapter 4 Managing Users and Groups ...............................................81
About Users and Groups ....................................................................................82
Creating Users .....................................................................................................83
Guidelines for Creating User Entries .............................................................83
How to Create a New User Entry ..................................................................84
Directory Server User Entries .........................................................................84
Managing Users ...................................................................................................86
Finding User Information ...............................................................................86
Building Custom Search Queries ..............................................................87
Search Attribute Options ...........................................................................88
Search Type Options .................................................................................89
Editing User Information ................................................................................90
Managing a User’s Password ..........................................................................91
Managing User Licenses .................................................................................92
Renaming Users ..............................................................................................92
Removing Users ..............................................................................................93
Creating Groups ..................................................................................................93
Static Groups ...................................................................................................94
Guidelines for Creating Static Groups ......................................................94
To Create a Static Group ...........................................................................95
Dynamic Groups .............................................................................................95
How Enterprise Server 4.0 Implements Dynamic Groups .......................96
Contents v
Groups Can Be Static and Dynamic .........................................................97
Dynamic Group Impact on Server Performance ...................................... 97
Guidelines for Creating Dynamic Groups ................................................97
To Create a Dynamic Group .....................................................................99
Managing Groups ................................................................................................99
Finding Group Entries .................................................................................. 100
The “Find all groups whose” Field ......................................................... 101
Editing Group Attributes .............................................................................. 101
Adding Group Members .............................................................................. 102
Adding Groups to the Group Members List ............................................... 103
Removing Entries from the Group Members List ....................................... 104
Managing Owners ........................................................................................ 104
Managing See Alsos ...................................................................................... 105
Removing Groups .........................................................................................105
Renaming Groups ......................................................................................... 106
Creating Organizational Units .......................................................................... 106
Managing Organizational Units ........................................................................ 107
Finding Organizational Units ....................................................................... 107
The “Find all units whose” Field ............................................................. 108
Editing Organizational Unit Attributes ........................................................ 109
Renaming Organizational Units ................................................................... 109
Deleting Organizational Units ...................................................................... 110
Managing a Preferred Language List ................................................................ 110
Chapter 5 Working with Server Security .......................................... 113
About Enterprise Server Security ...................................................................... 114
Encryption ..................................................................................................... 114
FIPS-140 Compliance ............................................................................... 115
Certificates ..................................................................................................... 115
Client and Server Authentication ............................................................ 116
How Enterprise Server Uses Certificates to Authenticate Users ............ 116
128-Bit Step-Up Certificates ..................................................................... 117
Configuring Enterprise Server for SSL ......................................................... 117
Creating a New Server Instance ....................................................................... 118
vi Netscape Enterprise Server Administrator’s Guide
Creating a Certificate Trust Database ...............................................................119
Requesting a Certificate .................................................................................... 120
Required CA Information ............................................................................. 122
Installing and Managing Certificates ................................................................123
Managing Certificates ................................................................................... 126
Using Secure Sockets Layer (SSL) .....................................................................127
Activating SSL ................................................................................................128
Specifying Ciphers ........................................................................................ 128
Setting Security (SSL) Preferences ................................................................129
Adding a PKCS #11Module .......................................................................... 129
Guidelines for Installing a PKCS#11 Module .......................................... 130
To Import a PKCS#11 Module .................................................................131
Using SSL Configuration File Directives ......................................................131
Security ..................................................................................................... 131
SSL2 ........................................................................................................... 132
SSL3 ........................................................................................................... 132
Ciphers ......................................................................................................132
SSL3Ciphers ..............................................................................................133
SSL3SessionTimeout .................................................................................133
SSLCacheEntries ....................................................................................... 133
SSLClientAuth ...........................................................................................133
SSLSessionTimeout ...................................................................................133
Using Client Certificates ....................................................................................134
Mapping Client Certificates to LDAP ...........................................................134
Using the certmap.conf File .........................................................................136
Creating Custom Properties .....................................................................139
Example Mappings ..................................................................................139
Changing the Trust Database/Key Pair File Password .................................... 141
Migrating Enterprise Server 3.X Certificates .....................................................142
Additional Server Security Considerations .......................................................143
Limit Physical Access ....................................................................................143
Limit Administration Access .........................................................................144
Choose Good Passwords ............................................................................. 144
Contents vii
Guidelines for Creating Hard-to-Crack Passwords ................................. 144
Secure Your Key-Pair File ............................................................................145
Limit Other Applications on the Server ....................................................... 145
Prevent Clients from Caching SSL Files ....................................................... 146
Limit Ports ..................................................................................................... 146
Know Your Server’s Limits ........................................................................... 146
Consider Additional Measures for Unprotected Servers ............................. 147
Chapter 6 Managing Server Clusters ................................................... 149
About Clusters ................................................................................................... 149
Preliminary Guidelines for Using Server Clusters ........................................... 150
Setting up a Cluster ........................................................................................... 152
Adding a Server to the Server List .................................................................... 153
Modifying Cluster Information ......................................................................... 154
Removing Servers from a Cluster ..................................................................... 155
Managing Server Clusters ................................................................................. 155
Part 3 Configuring and Monitoring
Chapter 7 Configuring Server Preferences ....................................... 159
Starting and Stopping the Server ......................................................................160
Setting the Termination Timeout ................................................................. 160
Restarting the Server (Unix) ......................................................................... 161
Restarting With Inittab (Unix) ................................................................. 162
Restarting With the System RC Scripts (Unix) ........................................ 162
Restarting the Server Manually (Unix) .................................................... 162
Stopping the Server Manually (Unix) ..................................................... 163
Restarting the Server (Windows NT) ...........................................................163
Using the Automatic Restart Utility (Windows NT) ...............................165
Viewing Server Settings .................................................................................... 166
Configuring Network Settings .......................................................................... 167
Changing the Server’s Location (Unix) ........................................................ 167
Changing the Server’s User Account (Unix) ............................................... 167
Changing the Server’s User Account (Windows NT) ................................. 168
Changing the Server Name .......................................................................... 169
viii Netscape Enterprise Server Administrator’s Guide
Changing the Server Port Number ...............................................................169
Changing the Server Binding Address .........................................................170
Changing the Server’s MTA Host .................................................................170
Customizing Error Responses ........................................................................... 170
Working with Dynamic Configuration Files .................................................... 171
Using .htaccess Files ..................................................................................... 171
Activating .htaccess checking ..................................................................171
Using .nsconfig Files ................................................................................175
Restricting Symbolic Links (Unix) ....................................................................179
Using the Watchdog (uxwdog) Process (Unix) ............................................... 179
Chapter 8 Understanding Log Files .....................................................183
About Log Files .................................................................................................184
Viewing an Access Log File ..............................................................................184
Viewing the Error Log File ................................................................................ 185
Monitoring the Server Using HTTP ..................................................................186
Archiving Log Files ............................................................................................ 187
Internal-daemon Log Rotation .....................................................................188
Cron-based Log Rotation .............................................................................. 188
Setting Log Preferences .....................................................................................189
Easy Cookie Logging ....................................................................................190
Relaxed Logging ........................................................................................... 190
Flushing the Log Buffer .................................................................................... 191
Running the Log Analyzer ................................................................................ 191
Using Performance Monitor (Windows NT) ....................................................193
Viewing Events (Windows NT) ........................................................................195
Chapter 9 Using SNMP to Monitor Servers ....................................... 197
SNMP Basics ......................................................................................................198
SNMP Subagent .............................................................................................198
SNMP Master Agent ......................................................................................198
How SNMP Works ........................................................................................ 199
Netscape MIBs ..............................................................................................200
Types of SNMP Messages .............................................................................201
The Enterprise Server MIB ......................................................................201
Contents ix
The Enterprise Server MIB ................................................................................ 202
Setting Up SNMP on a Netscape Server ........................................................... 205
Using a Proxy SNMP Agent (Unix) .................................................................. 207
Installing the Proxy SNMP Agent ................................................................. 208
Starting the Proxy SNMP Agent ................................................................... 208
Restarting the Native SNMP Daemon .......................................................... 209
Reconfiguring the SNMP Native Agent ............................................................ 209
Installing the SNMP Master Agent .................................................................... 209
Enabling and Starting the SNMP Master Agent ................................................ 211
Manually Configuring the SNMP Master Agent ........................................... 211
Editing the Master Agent CONFIG File ....................................................... 212
Defining sysContact and sysLocation Variables .......................................... 212
Configuring the SNMP Master Agent ........................................................... 213
Starting the SNMP Master Agent .................................................................. 214
Manually Starting the SNMP Master Agent ............................................. 214
Starting the SNMP Master Agent Using Enterprise Admin Server ......... 215
Configuring the SNMP Master Agent ............................................................... 215
Configuring the Community String .............................................................. 215
Configuring Trap Destinations ..................................................................... 216
Enabling the Subagent ...................................................................................... 216
Chapter 10 Configuring the Server for Performance ................... 219
About Server Performance ................................................................................ 220
Performance Issues ........................................................................................... 220
Unix Platform-Specific Issues ........................................................................... 221
Performance Buckets ........................................................................................ 222
Configuration ................................................................................................ 223
Performance Report ...................................................................................... 223
Miscellaneous magnus.conf Directives ............................................................ 225
Multi-process Mode ...................................................................................... 225
Accept Thread Information .......................................................................... 227
CGIStub Processes (Unix) ............................................................................ 227
Buffer Size .....................................................................................................228
Native Thread Pool Size ............................................................................... 229
x Netscape Enterprise Server Administrator’s Guide
About RqThrottle ...............................................................................................229
The perfdump Utility ........................................................................................231
Sample Output .............................................................................................. 232
Using perfdump Statistics to Tune Your Server ..............................................233
ListenSocket Information ..............................................................................234
Address ..................................................................................................... 235
ActiveThreads ........................................................................................... 235
WaitingThreads ........................................................................................235
BusyThreads .............................................................................................235
Thread limits <min/max> ........................................................................236
KeepAlive Information .................................................................................236
AcceptTimeout .........................................................................................237
KeepAliveCount <KeepAliveCount/KeepAliveMaxCount> ....................238
KeepAliveHits ...........................................................................................238
KeepAliveFlushes .....................................................................................238
Cache Information ........................................................................................238
enabled ..................................................................................................... 239
CacheEntries <CurrentCacheEntries / MaxCacheEntries> ......................239
CacheSize <CurrentCacheSize / MaxCacheSize> ...................................239
Hit Ratio <CacheHits / CacheLookups (Ratio)> .....................................239
pollInterval ............................................................................................... 240
maxFileSize ...............................................................................................240
DNS Cache Information ........................................................................... 240
enabled ..................................................................................................... 240
CacheEntries <CurrentCacheEntries / MaxCacheEntries> ......................241
HitRatio <CacheHits / CacheLookups (Ratio)> ......................................241
Native Threads Pool .....................................................................................241
Idle/Peak/Limit .........................................................................................242
Work queue length/Limit ........................................................................243
Peak work queue length .........................................................................243
Work queue rejections .............................................................................243
PostThreadsEarly ......................................................................................243
Thread Pool Environmental Variables .................................................... 244
Contents xi
Busy Functions ......................................................................................... 245
Asynchronous DNS Lookup (Unix) ............................................................. 245
enabled ..................................................................................................... 246
NameLookups .......................................................................................... 246
AddrLookups ............................................................................................ 247
LookupsInProgress .................................................................................. 247
File Cache in Enterprise Server 4.0 .................................................................. 247
File Cache Configuration .............................................................................. 247
FileCacheEnable ....................................................................................... 248
MaxAge .....................................................................................................248
MaxFiles .................................................................................................... 248
FlushInterval ............................................................................................. 248
SmallFileSizeLimit ..................................................................................... 248
SmallFileSpace .......................................................................................... 249
MediumFileSizeLimit (Unix) .................................................................... 249
MediumFileSpace ..................................................................................... 249
TransmitFile .............................................................................................. 249
File Cache Dynamic Control and Monitoring ............................................. 250
Cache-init ...................................................................................................... 251
File Cache Tuning ........................................................................................ 253
MaxFiles, SmallFileSpace, and MediumFileSpace .................................. 253
MaxAge .....................................................................................................254
FlushInterval ............................................................................................. 254
SmallFileSizeLimit ..................................................................................... 254
Improving Servlet Performance ........................................................................254
Thread Pools ................................................................................................. 255
Common Performance Problems ..................................................................... 256
Low-Memory Situations ................................................................................ 256
Under-Throttled Server ................................................................................. 256
Checking .................................................................................................. 256
Tuning ...................................................................................................... 257
Cache Not Utilized ....................................................................................... 257
Checking .................................................................................................. 257
xii Netscape Enterprise Server Administrator’s Guide
Tuning ...................................................................................................... 257
KeepAlive Connections Flushed ..................................................................258
Checking ................................................................................................... 258
Tuning ...................................................................................................... 258
Log File Modes .............................................................................................258
Using Local Variables ...................................................................................259
Benchmarking the Netscape Enterprise Server ...............................................259
SPECweb96 Tuning ......................................................................................260
WebStone Tuning .................................................................................... 261
Sizing Issues ......................................................................................................262
Processors .....................................................................................................262
Memory .........................................................................................................263
Drive Space ...................................................................................................263
Networking ...................................................................................................263
Part 4 Using Programs and Objects
Chapter 11 Extending Your Server With Programs ......................267
Overview of Server-Side Programs ..................................................................268
Types of Server-Side Applications That Run on the Server .......................268
How Server-Side Applications are Installed on the Server .........................269
Java Servlets and JavaServerPages (JSP) ..........................................................269
Overview of Servlets and JavaServerPages ................................................. 270
What Does the Server Need to Run Servlets and JSP? ................................271
Enabling Servlets and JSP .............................................................................271
Making Servlets Available to Clients ............................................................272
Specifying Servlet Directories ......................................................................272
Configuring Global Attributes ......................................................................273
Configuring Servlet Attributes ......................................................................274
Configuring Servlet Virtual Path Translations .............................................275
Configuring JRE/JDK Paths ..........................................................................276
Configuring JVM Attributes .......................................................................... 277
Deleting Version Files .................................................................................. 277
Installing CGI Programs ....................................................................................278
Overview of CGI ..........................................................................................279
Contents xiii
Specifying a CGI Directory ..........................................................................280
Specifying CGI as a File Type ..................................................................... 281
Downloading Executable Files .................................................................... 282
Installing Windows NT CGI Programs ............................................................. 282
Overview of Windows NT CGI Programs ................................................... 283
Specifying a Windows NT CGI Directory ................................................... 284
Specifying Windows NT CGI as a File Type ............................................... 285
Installing Shell CGI Programs for Windows NT .............................................. 286
Overview of Shell CGI Programs for Windows NT .................................... 286
Specifying a Shell CGI Directory (Windows NT) ....................................... 287
Specifying Shell CGI as a File Type (Windows NT) ................................... 288
Using the Query Handler ................................................................................. 289
Server-Side JavaScript Programs ....................................................................... 290
Activating Server-Side JavaScript ................................................................. 290
Running the Application Manager ............................................................... 291
Securing the Application Manager .............................................................. 293
Installing Server-Side JavaScript Applications ............................................. 294
Application URLs .......................................................................................... 297
Controlling Access to a Server-Side JavaScript Application .......................298
Modifying Installation Parameters ............................................................... 298
Removing a Server-Side JavaScript Application .......................................... 299
Starting, Stopping, and Restarting a Server-Side JavaScript Application ... 299
Running a Server-Side JavaScript Application ............................................. 300
Configuring Default Settings ........................................................................ 300
Enabling WAI Services ...................................................................................... 301
Chapter 12 Working With Configuration Styles ............................. 303
Creating a Configuration Style .......................................................................... 304
Removing a Configuration Style ....................................................................... 306
Editing a Configuration Style ............................................................................307
Assigning a Configuration Style ....................................................................... 307
Listing Configuration Style Assignments .......................................................... 308
xiv Netscape Enterprise Server Administrator’s Guide
Part 5 Managing Content and Access
Chapter 13 Managing Server Content ................................................. 311
Changing the Primary Document Directory .................................................... 312
Setting Additional Document Directories ........................................................312
Customizing User Public Information Directories (Unix) ...............................313
Enabling Remote File Manipulation .................................................................315
Configuring Document Preferences .................................................................315
Entering an Index Filename .........................................................................316
Selecting Directory Indexing ........................................................................316
Specifying a Server Home Page ...................................................................317
Specifying a Default MIME Type ................................................................. 317
Parsing the Accept Language Header ..........................................................318
Setting Up Hardware Virtual Servers ................................................................ 318
Setting Up Hardware Virtual Servers for ISPs .................................................. 319
Migrating Hardware Virtual Server Configuration Files .............................. 321
Setting up Software Virtual Servers ..................................................................322
Changing the Character Set ..............................................................................323
Chapter 14 Controlling Access to Your Server ................................325
What Is Access Control? ....................................................................................326
User-Group Authentication ..........................................................................327
Username and Password Authentication ................................................327
Client Certificate Authentication .............................................................. 328
Host-IP Authentication .................................................................................330
Access Control Files ...................................................................................... 331
How Does Access Control Work? ....................................................................331
Restricting Access to Your Web Site ................................................................334
Setting Access Control Actions .....................................................................339
Specifying Users and Groups ....................................................................... 340
Specifying Host Names and IP Addresses ................................................... 342
Setting Access Rights ....................................................................................343
Access to Programs ....................................................................................... 344
Writing Customized Expressions .................................................................346
Selecting “Access control on” ......................................................................346
Contents xv
Responding When Access is Denied ........................................................... 347
Access Control Examples .................................................................................. 348
Restricting Access to the Entire Server ........................................................ 348
Restricting Access to a Directory (Path) ...................................................... 350
Restricting Access to a URI (Path) ............................................................... 352
Restricting Access to a File Type ................................................................. 354
Restricting Access Based on Time of Day ................................................... 356
Access Control For Web Publishing ................................................................. 357
Ownership of Files and Folders .................................................................. 358
Chapter 15 Configuring Web Publishing .......................................... 359
Using Netshare ..................................................................................................360
Setting Up the Server and Creating Netshare Home Directories ............... 361
Before You Start ........................................................................................... 361
Server Features That Must Be Enabled ................................................... 361
Netshare Directory Naming Conventions ...............................................362
The Netshare Configuration File ............................................................. 362
Marking Users As Licensed ..................................................................... 363
Access Control For Netshare ................................................................... 364
Using the Server Manager ............................................................................ 364
The Set Up Netshare Page ....................................................................... 365
The Create Netshare Page ....................................................................... 365
Using the Netshare Command-line Utility ................................................... 367
Syntax of the Netshare Utility ................................................................. 368
Netshare Utility Examples ....................................................................... 369
Accessing the Web Publisher Home Page .................................................. 370
Setting Access Control For Web Publisher Owners ........................................ 371
Indexing and Updating Properties ................................................................... 372
Changing the Web Publishing State ................................................................. 375
Maintaining Web Publishing Data .................................................................... 376
Unlocking Files ................................................................................................. 378
Adding Custom Properties ................................................................................ 379
Managing Properties ......................................................................................... 381
Customizing Your Netshare Home Page ......................................................... 382
xvi Netscape Enterprise Server Administrator’s Guide
Customizing the Web Publisher User Interface ...............................................382
The Web Publisher Attributes .................................................................383
The Web Publisher Pattern Files .............................................................385
Pointing Pattern Variables .......................................................................386
Conditional Variables ...............................................................................387
Chapter 16 Using Search ......................................................................... 391
About Search .....................................................................................................391
Configuring Text Search ................................................................................... 392
Controlling Search Access ............................................................................ 393
Mapping URLs ...............................................................................................393
Deciding Which Words Not to Search ........................................................395
Turning Search On or Off ............................................................................396
Configuring the Search Parameters .............................................................396
Configuring Your Pattern Files ....................................................................398
Configuring Manually ................................................................................... 400
The Configuration Files ...........................................................................400
Adjusting the Maximum Number of Attributes ....................................... 401
Restricting Memory for Indexing ............................................................. 402
Restricting Your Index File Size ..............................................................402
Removing Access to the Web Publishing Collection ............................. 402
Indexing Your Documents ...............................................................................403
About Collections ......................................................................................... 403
About Collection Attributes ..........................................................................404
Installing Filters .............................................................................................406
Creating a New Collection ........................................................................... 407
Configuring a Collection ..............................................................................410
Updating a Collection ...................................................................................411
Maintaining a Collection .............................................................................. 413
Scheduling Regular Maintenance .................................................................414
Unscheduling Collection Maintenance ........................................................ 416
Performing a Search: The Basics ......................................................................417
Search Home Page .......................................................................................417
A Search Query .............................................................................................417
Contents xvii
Guided Search .............................................................................................. 418
Advanced Search .......................................................................................... 420
The Search Results ....................................................................................... 421
Listing Matched Documents .................................................................... 422
Sorting the Results ...................................................................................422
Displaying a Highlighted Document ...................................................... 423
Displaying Collection Contents ................................................................... 424
Using the Query Operators .............................................................................. 424
Default Assumptions .................................................................................... 425
Search Rules .................................................................................................. 426
Angle Brackets ......................................................................................... 426
Combining Operators .............................................................................. 426
Using Query Operators as Search Words ............................................... 426
Canceling Stemming ................................................................................ 426
Modifying Operators ................................................................................ 427
Determining Which Operators To Use ........................................................ 427
Using Wildcards ............................................................................................ 431
Non-alphanumeric Characters ................................................................. 433
Wildcards as Literals ................................................................................ 433
Customizing the Search Interface ..................................................................... 434
Dynamically Generated Headers and Footers ............................................ 434
HTML Pattern Files ....................................................................................... 435
Search Function Syntax ................................................................................ 437
URL Encodings ......................................................................................... 438
Required Search Arguments .................................................................... 439
Using Pattern Variables ................................................................................ 439
User-defined Pattern Variables ................................................................ 440
Configuration File Variables .................................................................... 441
Macros and Generated Pattern Variables ............................................... 444
Appendixes
Appendix A HyperText Transfer Protocol ........................................ 449
About HyperText Transfer Protocol (HTTP) ................................................... 449
Requests ............................................................................................................. 450
xviii Netscape Enterprise Server Administrator’s Guide
Request Method ............................................................................................450
Request Header ............................................................................................451
Request Data ................................................................................................. 451
Responses ..........................................................................................................451
Status Code ...................................................................................................452
Response Header .......................................................................................... 453
Response Data .............................................................................................. 453
Appendix B ACL File Syntax ...................................................................455
ACL File Syntax ................................................................................................. 456
Authentication Statements ............................................................................ 457
Authorization Statements ..............................................................................458
Hierarchy of Authorization Statements ...................................................458
Attribute Expressions ...............................................................................459
Operators For Expressions ......................................................................460
The Default ACL File ....................................................................................461
General Syntax Items ...............................................................................462
Referencing ACL Files in obj.conf ....................................................................462
Appendix C Internationalized Enterprise Server ...........................465
General Information ..........................................................................................465
Installing the Server ...................................................................................... 466
Entering 8-bit Text ........................................................................................ 466
File or Directory Names ...........................................................................466
LDAP Users and Groups ..........................................................................466
Using the Accept Language Header ............................................................467
Language Settings in Configuration Files ....................................................468
Server-side JavaScript Information ...................................................................469
Specifying the Character Set for the Compiler ............................................469
Specifying the Character Set With the <META> Tag ..................................471
Using Server-side Javascript With Oracle’s Japanese Database .................471
Installing Oracle and Setting Up Your Environment .............................471
Verifying the Connection ......................................................................... 472
Verifying the Language Setup ................................................................. 473
Putting the Oracle Client and Database Server On Separate Hosts ...... 473
Contents xix
Search Information ............................................................................................ 474
International Search and Auto Catalog ........................................................ 475
Searching in Chinese, Japanese, and Korean ............................................. 475
Query Operators ...................................................................................... 475
Document Formats .................................................................................. 476
Searching in Japanese .............................................................................. 476
Getting Support for Accented Characters in Filenames .................................. 477
Appendix D Server Extensions for Microsoft FrontPage ............ 479
Overview ........................................................................................................... 479
Types of FrontPage Webs ............................................................................ 480
Domain Names And Frontpage Webs ......................................................... 481
Security Issues .............................................................................................. 481
Downloading the Extensions ........................................................................... 482
Getting Ready for Installation ...................................................................... 483
Space Requirements ................................................................................. 483
Preliminary Tasks .....................................................................................483
Some Additional Considerations ............................................................. 484
Installing FrontPage Server Extensions ............................................................ 484
Installing FrontPage Server Extensions on Windows NT Systems .............484
Installing FrontPage97 Server Extensions on Unix Systems ....................... 488
Installing FrontPage98 Server Extensions on Unix Systems ....................... 492
Further Information ........................................................................................... 494
Glossary .......................................................................................................... 495
Index ................................................................................................................ 505
xx Netscape Enterprise Server Administrator’s Guide
About This Guide
This guide describes how to configure and administer Netscape Enterprise
Server. It is intended for information technology administrators in the corporate
enterprise who want to extend client-server applications to a broader audience
through the World Wide Web.
This preface includes the following sections:
• What’s In This Guide?
• How This Guide Is Organized
• Conventions Used In This Guide
• Using the Enterprise Server Documentation
• Further Reading
• Contacting Technical Support
What’s In This Guide?
This guide explains how to install and configure the Netscape Enterprise
Server. After configuring your server, use this guide to help maintain your
server.
After you install the server, this guide is available in HTML format in the server
root at manual/https/ag in your server root directory.
How This Guide Is Organized
This guide is divided into five parts, plus various appendices, a glossary, and a
comprehensive index. If you are new to Netscape Enterprise Server, begin with
Part I, “Server Basics” for an overview of the Netscape Enterprise Server. If you
About This Guide 21
How This Guide Is Organized
are already familiar with Netscape Enterprise Server, skim the material in Part I,
“Server Basics” before going on to Part II, “Using Enterprise Administration
Server.”
Once you are familiar with the fundamentals of using Enterprise Administration
Server, you can refer to Part III, “Configuring and Monitoring,” which includes
examples of how to configure and monitor your Enterprise Servers. Part IV,
“Using Programs and Objects” provides information for using programs and
configuration styles. Part V, “Managing Content and Access” provides
information for managing your Enterprise Server content, controlling access to
your Enterprise Servers, how to use Netscape Web Publisher to collaborate on
projects, and how to search the contents and attributes of documents on your
servers.
Finally, the appendices address specific reference topics that describe the
various topics, including: HyperText Transfer Protocol (HTTP), server
configuration files, ACL files, internationalization issues, server extensions, and
the Enterprise Server user interface reference, which you may want to review.
Note that the user interface appendix is available in the online version only.
Part I: Server Basics
This part provides an overview of the Netscape Enterprise Server. The
following chapters are included:
• Chapter 1, “Introduction to Enterprise Server,” provides an overview of
Netscape Enterprise Server.
• Chapter 2, “Administering Enterprise Servers,” describes how to manage
your Enterprise Servers with Enterprise Administration Server.
Part II: Using Enterprise Administration
Server
This part provides conceptual and procedural details using Enterprise
Administration Server to administer your Enterprise Servers. The following
chapters are included:
22 Netscape Enterprise Server Administrator’s Guide
How This Guide Is Organized
• Chapter 3, “Setting Administration Preferences,” describes how to use the
Enterprise Administration Server Preferences and Global Settings forms to
configure your Enterprise Servers.
• Chapter 4, “Managing Users and Groups,” describes how to how to use the
Enterprise Administration Server Users and Groups forms to configure your
Enterprise Servers.
• Chapter 5, “Working with Server Security,” describes how to configure your
Enterprise Server security. Note that before reading this chapter you should
be familiar with the basic concepts of public-key cryptography and the SSL
protocol. These concepts include encryption and decryption; keys; digital
certificates and signatures; and SSL encryption, ciphers, and the major steps
of the SSL handshake. For more information regarding these topics, see
Managing Servers with Netscape Console.
• Chapter 6, “Managing Server Clusters,” describes the concept of clustering
Netscape servers and explains how you can use them to share
configurations among servers.
Part III: Configuring and Monitoring
This part includes examples of how to use the Server Manager to configure and
monitor your Enterprise Servers. The following chapters are included:
• Chapter 7, “Configuring Server Preferences,” describes how to configure
server preferences for your Netscape Enterprise Server.
• Chapter 8, “Understanding Log Files,” describes how to monitor your
Enterprise Server using the Hypertext Transfer Protocol (HTTP), by
recording and viewing log files, or by using the performance monitoring
tools provided with your operating system.
• Chapter 9, “Using SNMP to Monitor Servers,” describes how to monitor your
Enterprise Server using SNMP (Simple Network Management Protocol).
• Chapter 10, “Configuring the Server for Performance,” describes how to
define your server workload and sizing your system to meet your
performance needs. This chapter addresses miscellaneous configuration and
Unix platform-specific issues, CGI-related performance tuning problems,
and other common performance issues.
About This Guide 23
How This Guide Is Organized
Part IV: Using Programs and Objects
This part provides information for using the Server Manager to programs and
configuration styles. The following chapters are included:
• Chapter 11, “Extending Your Server With Programs,” describes how to
install Java applets, CGI programs, JavaScript applications, and other plugins onto your server.
• Chapter 12, “Working With Configuration Styles,” describes how to use
configuration styles with Enterprise Server.
Part V: Managing Content and Access
This part provides information for using the Server Manager to manage your
Enterprise Server content, control access to your Enterprise Servers, how to use
Netscape Web Publisher to collaborate on projects, and how to search the
contents and attributes of documents on your servers. The following chapters
are included:
• Chapter 13, “Managing Server Content,” describes how you can configure
and manage your server’s content.
• Chapter 14, “Controlling Access to Your Server,” describes the methods you
can use to determine who has access to what files or directories on your
web site.
• Chapter 15, “Configuring Web Publishing,” describes how you can
configure Enterprise Server for web publishing.
• Chapter 16, “Using Search,” describes how to search the contents and
attributes of documents on the server. In addition, this chapter describes
how to create a customized text search interface that’s tailored to your user
community.
24 Netscape Enterprise Server Administrator’s Guide
Conventions Used In This Guide
Appendixes
This section includes various appendixes for reference material that you may
wish to review. This section includes the following appendixes:
• Appendix A, “HyperText Transfer Protocol,” provides a short introduction to
a few HTTP basic concepts.
• Appendix B, “ACL File Syntax,” describes the access-control list (ACL) files
and their syntax.
• Appendix C, “Internationalized Enterprise Server,” describes the
internationalized version of the Enterprise Server.
• Appendix D, “Server Extensions for Microsoft FrontPage,” describes using
server extensions on your Netscape Enterprise Server that provide support
for Microsoft FrontPage.
• Appendix E, “Enterprise Server User Interface,” describes the elements in
the user interface of Enterprise Administration Server and Server Manager of
Netscape Enterprise Server 4.0. This appendix is available in the online
version only.
In addition, a Glossary is included to define frequently used terms that may be
unfamiliar to Netscape Enterprise Server administrators.
Conventions Used In This Guide
The conventions used in this guide are as follows:
Italic This typeface is used for book titles, emphasis, and any text that is a
placeholder for text you need to replace for your system. For example, in a URL
that contains a reference to your server’s port number, the URL might contain
portnumber in italics. Replace the words in italics with the actual value for your
server.
Monospaced
font
This typeface is used for any text that you should type. It’s also used for
functions, examples, URLs, filenames, and directory paths.
bold Bold style is used for new terminology. All bold terms are also in the glossary.
About This Guide 25
Using the Enterprise Server Documentation
Using the Enterprise Server Documentation
The following table lists the tasks and concepts that are described in the
Netscape Enterprise Server printed manuals and online readme file. If you are
trying to accomplish a specific task or learn more about a specific concept,
refer to the appropriate manual.
Note that the printed manuals are also available as online files in PDF and
HTML format.
Table 1 Enterprise Server Documentation
For information about See the following
Late-breaking information about the software and the
documentation, See:
http://home.netscape.com/eng/server/webserver
Installing Netscape Enterprise Server and migrating your
data to the new Netscape Enterprise Server 4.0, See:
http://home.netscape.com/eng/server/webserver/4.0
Administering one or more Enterprise Servers using the
Netscape Enterprise Administrator Server to manage and
configure your servers and to perform the following tasks:
• Setting up server security.
• Monitoring your servers using HTTP, via log files,
SNMP, or via the tools provided with your OS.
• Defining your server workload and sizing your system
to meet your performance needs.
• Installing Java applets, CGI programs, JavaScript
applications, and other plug-ins onto your server.
• Configuring Enterprise Server for web publishing.
• Searching the contents and attributes of server
documents; creating a text search interface.
External web site
Installation &
Migration Guide
Administration Guide
26 Netscape Enterprise Server Administrator’s Guide
Using the Enterprise Server Documentation
Table 1 Enterprise Server Documentation
For information about See the following
The administration server and global information on topics
such as encryption, access control, and performance
monitoring. Note that if you install Netscape Console, an
online version of this manual is available as well as the hard
copy version that is shipped with Netscape Enterprise
Server 4.0.
Planning your directory service. How you can use the
directory server to support simple usage that involves only
a few hundred users and some key Netscape server
applications, as well as how you can scale the directory
server to support millions of users. You are also introduced
to the basic directory service concepts and specific
guidelines that you will need to deploy a production-grade
directory service.
Using the web publishing system. This manual is included
with your server in HTML format.
An overview of the programming technologies and APIs
you can use to extend and modify the Enterprise Server, to
dynamically generate content in response to client requests,
and to modify the content of the server. Links are provided
to the individual books that discuss each API. This book
also contains information about API changes from
Enterprise 3.x to 4.0. Use this book as the starting place for
developer-level information for Enterprise Server 4.0.
Managing Servers
with Netscape Console
Netscape Directory
Server Deployment
Manual
Netshare and Web
Publisher User’s Guide
Programmer’s Guide
to Enterprise Server
4.0
About This Guide 27
Further Reading
Table 1 Enterprise Server Documentation
For information about See the following
How to enable and implement servlets and JavaServerPages
(JSP) in Enterprise Server 4.0.
How to use Netscape Server Application Programmer’s
Interface (NSAPI) to build plugins to extend and modify the
Enterprise Server. The book also discusses the purpose and
use of the configuration files obj.conf, magnus.conf,
and mime.types, and provides a comprehensive list of
the directives and functions that can be used in these
configuration files. It also provides a reference of the NSAPI
functions you can use to define new plugins.
Further Reading
The Netscape DevEdge internet site contains documentation for developers,
including:
• JavaScript Reference
• Netscape Internet Service Broker programmer’s guides and reference guides
for Java and C++
Programmer’s Guide
to Servlets in
Enterprise Server 4.0
NSAPI Programmer’s
Guide for Enterprise
Server 4.0
• Web Publishing Client API Guide
• Writing Server-Side JavaScript Applications
To access these documents, use the following URL:
http://home.netscape.com/eng/server
Click the Server link to see the documents pertaining to the web server.
To access the Enterprise Server 4.0 Release Notes, use the following URL:
http://home.netscape.com/eng/server/webserver/4.0
28 Netscape Enterprise Server Administrator’s Guide
Contacting Technical Support
For product-specific Technical Support assistance, please see the Product
Support Page for the Netscape Enterprise Server at:
http://help.netscape.com/products/server/enterprise/index.html.
For general Technical Support assistance, please see the Netscape Technical
Support Page at: http://help.netscape.com.
Contacting Technical Support
About This Guide 29
Contacting Technical Support
30 Netscape Enterprise Server Administrator’s Guide
Server Basics
1
• Introduction to Enterprise
Server
• Administering Enterprise
Servers
Part 1, Server Basics 31
32 Netscape Enterprise Server Administrator’s Guide
Chapter
1
Chapter 1Introduction to Enterprise Server
This chapter introduces Netscape Enterprise Server and discusses some of the
fundamental server concepts. Read it to obtain an overview of how Enterprise
Server works.
This chapter includes the following sections:
• Netscape Enterprise Server
• Netscape Enterprise Server Architecture
• How Enterprise Server is Configured
• Enterprise Administration Server
• Server Manager
• Netscape Console
• Sending Error Information to Netscape
Netscape Enterprise Server
Netscape Enterprise Server is an extremely powerful multi-process, multithreaded, secure web server built on open standards that enables your business
enterprise to seamlessly integrate with other internal and external systems. By
Chapter 1, Introduction to Enterprise Server 33
Netscape Enterprise Server
providing high performance, reliability, scalability, and manageability,
Enterprise Server solves the business-critical needs of your web site, regardless
of the size of your enterprise.
This section includes the following topics:
• Enterprise Server Features
• Administering and Managing Enterprise Servers
Enterprise Server Features
Enterprise Server is primarily designed to provide access to your business
HTML files. In addition, it offers the following features:
• Web publishing—End users can organize and publish their documents
from their desktops with a web publishing interface. They can organize
documents by type to customize presentation for different purposes, and
use text search to manage document content via the Netscape Content
Management (CM) feature. CM is an NSAPI plug-in that allows you to
manage files on a remote server, with drag and drop like capabilities (via a
web publishing applet) and index document content in an intelligent way
for easier content searching.
• Enterprise-wide manageability—Including delegated administration,
cluster management, and LDAP (Lightweight Directory Access Protocol)
support. LDAP integration with Netscape Directory Server enables you to
store users and groups in a centralized directory. In addition, you can
monitor your server in real-time by using the Simple Network Management
Protocol (SNMP). SNMP is a protocol used to exchange data about network
activity.
Note that in order to add users and groups to Enterprise Server, you must
have a directory server installed, such as Netscape Directory Server. If you
need to create, locate, or manage records for users and groups on any other
servers within your network, you should use Netscape Console with your
Directory Server. For more information, see Managing Servers with Netscape
Console.
• Security—Users can establish encrypted and authenticated transactions
between clients and the server through the Secure Sockets Layer (SSL) 3.0
protocol. In addition, Enterprise Server employs the following security-
34 Netscape Enterprise Server Administrator’s Guide
Netscape Enterprise Server
based standards: Public Key Cryptography Standard (PKCS) #11, which
defines the interface used for communication between SSL and PKCS #11
modules; Federal Information Processing Standards (FIPS)-140; and special
certificates that work with 40, 56, or 128 bits, depending on the capability of
the client.
• Access control—You can protect confidential files or directories by
implementing access control (viewing, editing, and version control) by
username, password, domain name, or IP address. This feature also
represents another aspect of the NSAPI Content Management plug-in, which
enables an end user (the owner of a document) to set access control on a
document, rather than having to ask the administrator to accomplish the
task.
• High performance—Delivers high performance for dynamic and secure
content with features such as HTTP1.1, multi-threading, and support for SSL
hardware accelerators.
• Standards-based—Enterprise Server includes support for a wide range of
web software standards, including: JDK 1.1.6/7 (2.0 on Solaris & NT);
Servlets 2.1; JavaServer Pages .92; HTTP 1.1; and various security-based
standards, including PKCS #11, FIPS-140, and 128-bit step-up certificates.
• Server-side Java Servlet and JavaServer Pages support—enables
development of server plugins, dynamic content, presentation logic, and
JDBC database access.
• Server-side JavaScript support—enables development of scripting
applications that access the database using native drivers.
• Additional features—Support for multiple processes and process
monitors, failover, automatic recovery, and dynamic log rotation.
Administering and Managing Enterprise
Servers
You can manage your Enterprise Server(s) via the following user interfaces:
• Enterprise Administration Server
• Server Manager
Chapter 1, Introduction to Enterprise Server 35
Netscape Enterprise Server Architecture
• Netscape Console
In previous releases, the Enterprise Server and other Netscape servers were
administered by a single server, called the Administration Server. In the 4.0
release, the “administration server” is now just an additional instance of the
Enterprise Server, called Enterprise Administration Server, that you use to
administer all of your Enterprise Server instances. For more information, see
“Enterprise Administration Server.”
Note You can also perform administrative tasks manually by editing the
configuration files or by using command-line utilities.
If you are managing a single instance of Enterprise Server, you can use the
Server Manager. For more information, see “Server Manager.”
If you have other Netscape 4.0 Enterprise Servers, you can manage them
through the Netscape Console, a client-based Java application. For more
information, see “Netscape Console” or Managing Servers with Netscape
Console.
Netscape Enterprise Server Architecture
The Netscape Enterprise Server incorporates a modular architecture that
integrates seamlessly with all of the products in the Netscape family of servers.
All Netscape servers share a single interface for administrative functions: the
Enterprise Administration Server (formerly, the Administrative Server). Note that
this administrative interface is itself another instance of Enterprise Server.
Netscape Enterprise Server includes the following software modules:
• Content Engines
• Server Extensions
• Runtime Environments
• Application Services
These server modules are described in the following sections.
36 Netscape Enterprise Server Administrator’s Guide
Netscape Enterprise Server Architecture
Content Engines
Enterprise Server content engines are designed for manipulating customer data.
The following three content engines make up the Web Publishing layer of the
Enterprise Server architecture: HTTP (Web Server), Content Management, and
the Search (Verity).
The HTTP engine represents the core of the Enterprise Web Server. From a
functional perspective, the rest of the Enterprise Server architecture resides on
top of this engine for performance and intergration functionality.
The Content Management engine enables you to manage your server’s
content. You create and store HTML pages, JavaServer Pages, and other files
such as graphics, text, sound, or video on your server. When clients connect to
your server, they can view your files provided they have access to them.
The Search engine enables Enterprise Server users to search the contents and
attributes of documents on the server. As the server administrator, you can
create a customized text search interface that works with various types of
documents formats, such as HTML, Microsoft Word, Adobe PDF, and
WordPerfect. Enterprise Server converts many types of non-HTML documents
into HTML as it indexes them so that users can use your web browser to view
the documents that are found for their search.
Server Extensions
The Enterprise Server server extensions enable you to extend or replace the
function of the server to better suit your business operations. The following
server extensions are part of the core Enterprise Server 4.0 architecture:
• Common Gateway Interface (CGI)
• Netscape Server Application Programming Interface (NSAPI)
• Java Servlets and JavaServer Pages
• SHTML & JavaScript
• Web Application Interface (WAI)
Common Gateway Interface (CGI) is a stand-alone application development
interface that enables you to create programs that process your client requests
dynamically.
Chapter 1, Introduction to Enterprise Server 37
Netscape Enterprise Server Architecture
Netscape Server Application Programming Interface (NSAPI) is used to
implement the functions the server calls when processing a request (Server
Application Functions) which provide the core and extended functionality of
the Enterprise Server. It allows the server’s processing of requests to be divided
into small steps which may be arranged in a variety of ways for speed and
flexible configuration.
Java Servlets and JavaServer Pages extensions enable all Java servlet and
JavaServer page metafunctions, including instantiation, initialization,
destruction, access from other components, and configuration management.
Java servlets and JavaServer pages, are reusable Java applications that run on a
web server rather than in a web browser.
SHTML and Server-side JavaScript enable rapid development of dynamic
content applications.
Web Application Interface (WAI) is a CORBA-based programming interface
that defines object interfaces to the HTTP request/response data and server
information. Using WAI, you can write a web application in C, C++, or Java that
accepts an HTTP request from a client, processes it, and returns a response to
the client. You can also write your own server plug-ins for processing HTTP
requests.
Runtime Environments
In addition to the various server extensions, Enterprise Server includes a set of
runtime environments which support the server extensions. These runtime
environments include the following:
• CGI Processor
• NSAPI Engine
• Java Virtual Machine (JVM)
• JavaScript Virtual Machine
Application Services
Finally, the Enterprise Server architecture includes a set of application services
for various application-specific functions. These application services include the
following:
38 Netscape Enterprise Server Administrator’s Guide
How Enterprise Server is Configured
• LiveWire Database Service
• Security & Access Control
• Session Management Service
• File System Service
• Mail Service
How Enterprise Server is Configured
Netscape Enterprise Server is configured to enable you to turn on or off various
features, determine how to respond to individual client requests, and write
programs that run on and interact with the server’s operation. The instructions
(called directives) which identify these options are stored in configuration
files. Enterprise Server reads the configuration files on startup and during client
requests to map your choices with the desired server activity. For more
information about these files, see “Enterprise Server Configuration Files.”
The server includes a number configuration files which are stored in
server_root
This section includes the following topics:
• How Enterprise Server is Configured
• Enterprise Server Configuration Files
• Single-Server Configuration
• Multiple-Server Configuration
/config when installed on your computer.
Enterprise Server Component Options
The following component options are available when you install Netscape
Enterprise Server:
• Netscape Enterprise Server Core
• Java Runtime Environment
• Java and Servlets
• ServerSide JavaScript Database Connectors
Chapter 1, Introduction to Enterprise Server 39
How Enterprise Server is Configured
• Web Publishing
•WAI
•SNMP
Enterprise Server Configuration Files
Enterprise Server includes a variety of configuration files that enable you to set
various global variables, and to customize how the server responds to specific
events and client requests. You can modify the configuration files automatically
using the Enterprise Administrator Server or Server Manager user interface
settings, or manually by editing the files directly. For more information, see
Chapter 10, “Configuring the Server for Performance.”
The main Enterprise Server configuration files are: magnus.conf, obj.conf,
mime.types, and admpw. These configuration files are described in this
section.
Note There are a number of configuration files Enterprise Server uses when your
server is set up as part of a cluster of Enterprise Servers (these files include a
.clfilter file extension). For more information regarding how you can
configure a cluster of Enterprise Servers, including important guidelines, see
“About Clusters,” on page 149 in Chapter 6, “Managing Server Clusters.”
magnus.conf: the main Enterprise Server configuration file. This file contains
global server configuration information (such as, port, security, and so on). This
file sets the values for variables that configure the server during initialization.
Enterprise Sever reads this file and executes the variable settings on startup.
The server does not read this file again until it is restarted, so you must restart
the server every time you make changes to this file. For more information, see
“Viewing Server Settings,” on page 166 in Chapter 7, “Configuring Server
Preferences.”
obj.conf: the server’s object configuration file. This file contains additional
initialization information, settings for server customization, and instructions that
the server uses to process requests from clients (such as browsers). Enterprise
Server reads this file every time it processes a client request. For more
information, see “Viewing Server Settings,” on page 166 in Chapter 7,
“Configuring Server Preferences.”
40 Netscape Enterprise Server Administrator’s Guide
How Enterprise Server is Configured
For more information about the actual file syntax and the specific directives
used by the obj.conf and magnus.conf configuration files, see the NSAPI
Programmer’s Guide for Enterprise Server 4.0.
mime.types: the MIME (Multi-purpose Internet Mail Extension) type
configuration file. This file maps file extensions to MIME types, to enable the
server to determine the type of content being requested. For example, requests
for resources with .html extensions indicate that the client is requesting an
HTML file, while requests for resources with .gif extensions indicate that the
client is requesting an image file in GIF format. For more information, see
“Specifying a Default MIME Type,” on page 317 in Chapter 13, “Managing
Server Content.” Note that you must restart the server every time you make
changes to this file.
admpw: the username and password file for the Enterprise Administrator Server
superuser. For more information, see “Changing the Superuser Settings,” on
page 70 in Chapter 3, “Setting Administration Preferences.”
Single-Server Configuration
If you have installed Enterprise Server on a single server, the installation
process places all the files under the server root directory that you specified
during installation.
All Platforms
For all platforms, the following directories are created under the server root
directory:
• alias contains the key and certificate files for all Netscape servers.
• bin contains the binary files for the server, such as the actual server, the
Enterprise Administration Server forms, and so on. In addition, this directory
includes the following subdirectories:
• https/install contains files needed for migrating server settings
and default configuration files needed for backward compatibility.
Chapter 1, Introduction to Enterprise Server 41
How Enterprise Server is Configured
• docs is the server’s default primary document directory, where your
server’s content files are usually kept. If you are migrating settings from an
existing server, this directory doesn’t appear until you finish the migration
process.
• extras contains the log analyzer and log analysis tools.
• The flexanlg directory contains a command-line log analyzer. This
log analyzer analyzes files in flexlog format.
• The log_anly directory contains the log analysis tool that runs through
the Server Manager. This log analyzer analyzes files in common log
format only.
• httpacl contains the files that store access control configuration
information in the generated.
genwork.
generated.
using the Server Manager access control forms after saving your changes;
genwork.
save your changes.
server-identifier
server-identifier
server-identifier
server-identifier
.acl and
.acl files. The file
.acl contains changes you make
.acl contains your changes before you
• https-admserv contains the directories for Enterprise Administration
Server. This directory has the following subdirectories and files:
• For Unix, this directory contains shell scripts to start, stop, and restart
the server and a script to rotate log files.
• conf_bk contains backup copies of the server’s configuration files.
• config contains the server’s configuration files: admpw,
cron.conf, dsgw.conf, dsgwfilter.conf,
dsgwlanguage.conf, dsgw-orgperson.conf,
dsgwserarchprefs.conf, magnus.conf,
magnus.conf.clfilter, mime.types, ns-cron.conf,
obj.conf, obj.conf.clfilter, servers.lst. Working
copies are kept here. For more information on magnus.conf and
obj.conf, see the NSAPI Programmer’s Guide for Enterprise Server 4.0.
• logs contains any error or access log files.
42 Netscape Enterprise Server Administrator’s Guide
How Enterprise Server is Configured
• startsvr.bat is the script that starts the Server Manager. The Server
Manager lets you configure all servers installed in the server root
directory.
• stopsvr.bat is the script that stops the Server Manager.
• https-
server_id
are the directories for each server you have installed
on the machine. Each server directory has the following subdirectories and
files:
• ClassCache contains classes and Java files, generated as result of the
compilation of JavaServer pages.
• conf_bk contains backup copies of the server’s configuration files.
• config contains the Enterprise Administration Server configuration
files.
• logs contains the Enterprise Administration Server log files.
• search contains the following directories: admin and collections
• SessionData contains session database data from
MMapSessionManager.
• startsvr.bat is the script that starts the Server Manager. The Server
Manager lets you configure all servers installed in the server root
directory.
• stopsvr.bat is the script that stops the Server Manager.
• jvm1x.conf is the Java 1.x virtual machine configuration file.
• servlets.properties/rules.properties are the configuration
• manual contains the online manuals for the product.
• include contains header files.
• plugins contains directories for Java, search, and other plugins. This
directory has the following subdirectories:
• content_mgr contains directories for your server’s content.
files for servlets.
Chapter 1, Introduction to Enterprise Server 43
How Enterprise Server is Configured
• htaccess contains server plugin for .htaccess access control and
htconvert, an .nsconfig to .htaccess converter.
• include contains various include files.
• jar contains .jar files.
• lib contains shared libraries.
• nsacl contains information for your server’s access control lists.
• nsapi contains header files and example code for creating your own
functions using NSAPI. For more information, see Netscape’s DevEdge
online documentation web site at:
http://developer.netscape.com/library/documentation/index.html.
• samples/js contains the Application Manager and the samples for
server-side JavaScript. Note that this is available only if JavaScript was
installed.
• search contains information for your server’s search plugins.
• snmp contains information for your server’s SNMP plugins.
• setup contains the various Enterprise Server setup files.
• userdb contains user databases and related information.
• wai contains information and sample code for using the Web Application
Interface (WAI). Note that this file is available only if WAI was installed.
Unix-Only Platforms
In addition to the files and directories described in “All Platforms,” the
following files are created under the
server-root
directory for Unix platforms:
• call
• restart is the script that restarts the Server Manager.
• start is the script that starts the Server Manager. The Server Manager lets
you configure all servers installed in the server root directory.
/https-admserv
44 Netscape Enterprise Server Administrator’s Guide
Enterprise Administration Server
• startconsole launches a browser to the Enterprise Administration Server
page.
• stop is the script that stops the Server Manager.
Multiple-Server Configuration
You can also have multiple Web servers running on the same server—all of
which can be configured from a single-server administration interface called
Enterprise Administration Server, or from the client-side application, Netscape
Console. For more information about Netscape Console, see “Netscape
Console.”
For more information regarding how to use Enterprise Administration Server to
configure multiple servers on your machine, see “Setting Encryption
Preferences,” on page 73 in Chapter 3, “Setting Administration Preferences.”
Enterprise Administration Server
The Enterprise Administration Server is a web-based server that contains the
Java and JavaScript forms you use to configure all of your Netscape Enterprise
Servers.
After installing Enterprise Server, you use your browser to navigate to the
Enterprise Administration Server page and use its forms to configure your
Enterprise Servers. When you submit the forms, the Enterprise Administration
Server modifies the configuration for the server you were administering.
The URL you use to navigate to the Enterprise Administration Server page
depends on the computer host name and the port number you choose when
you install Enterprise Server. For example, if you installed Enterprise Server on
port 12345, the URL would look like this:
http://myserver.mozilla.com:12345
Before you can get to any forms, the Enterprise Administration Server prompts
you to authenticate yourself. This means you need to type a user name and
password. You set up the “superuser” user name and password when you
install Enterprise Server on your computer. After installation, you can use
Chapter 1, Introduction to Enterprise Server 45
Server Manager
distributed administration to give multiple people access to different forms in
the Enterprise Administration Server. For more information about distributed
administration, see “Enabling Distributed Administration,” on page 71 in
Chapter 3, “Setting Administration Preferences.”
The first page you see when you access the Enterprise Administration Server, is
called Servers. You use the buttons on this page to manage, add, remove, and
migrate your Enterprise Servers. In addition, the Enterprise Administration
Server provides the following tabs for other administration-level tasks:
• Preferences
• Global Settings
• Users and Groups
• Security
• Cluster Mgmt (Cluster Management)
Note You must enable cookies in your browser to run the CGI programs necessary
for configuring your server.
For more information on using the Enterprise Administration Server, including
information regarding these administration-level tasks, see Chapter 2,
“Administering Enterprise Servers.”
Server Manager
The Server Manager is a web-based interface that contains the Java and
JavaScript forms you use to configure individual instances of Netscape
Enterprise Server.
This section includes the following topics:
• Accessing the Server Manager
• Using the Resource Picker
• Wildcards Used in the Resource Picker
46 Netscape Enterprise Server Administrator’s Guide
Server Manager
Accessing the Server Manager
You can access the Server Manager for Enterprise Server by performing the
following steps:
1. Install and start your Enterprise Server.
Enterprise Server displays the Enterprise Administration Server Servers page.
2. In the Manage Servers area, select the desired server and click Manage.
Enterprise Server displays the Server Manager Preferences page, as shown
in the following illustration:
Figure 1.1 The Enterprise Server 4.0 Server Manager
Note
Note that you must enable cookies in your browser to run the CGI programs
necessary for configuring your server.
You use the links on this page to manage the following options:
Chapter 1, Introduction to Enterprise Server 47
Server Manager
• Turn Enterprise Server on/off
• Server settings
• Performance tuning actions
• Global MIME types
• Network and error settings
• Dynamic configuration files
• Access Control Lists (ACL)
• Encryption settings
• Stronger Ciphers
In addition, the Server Manager provides the following tabs for additional
Enterprise Server managerial tasks:
•Programs
• Servlets
• Security
• Status
•Styles
• Content Mgmt
• Web Publishing
•Search
For more information, see “Server Manager,” in the online help.
Using the Resource Picker
Most of the Server Manager pages configure the entire Enterprise Server. Some
pages can configure either the entire server or files or directories that the server
maintains. These pages include the Resource Picker, shown in Figure 1.2, at
the top. The Resource Picker lets you specify what resource to configure.
Figure 1.2 Resource Picker
48 Netscape Enterprise Server Administrator’s Guide
Server Manager
Pick a resource from the drop-down list for configuration. Click Browse to
browse your primary document directory; clicking Options allows you to
choose other directories. Click Wildcard to configure files with a specific
extension.
Wildcards Used in the Resource Picker
In many parts of the server configuration, you specify wildcard patterns to
represent one or more items to configure. Please note that the wildcards for
access control and text search may be different from those discussed in this
section.
Wildcard patterns use special characters. If you want to use one of these
characters without the special meaning, precede it with a backslash (\)
character.
Table 1.1 Resource Picker wildcard patterns
Wildcard Pattern Description
* Match zero or more characters.
? Match exactly one occurrence of any character.
| An or expression. The substrings used with this
operator can contain other special characters
such as * or $. The substrings must be
enclosed in parentheses, for example,
(a|b|c), but the parentheses cannot be
nested.
$ Match the end of the string. This is useful in or
expressions.
[abc] Match one occurrence of the characters a, b, or
c. Within these expressions, the only character
that needs to be treated as a special character is
]; all others are not special.
[a-z] Match one occurrence of a character between
a and z.
[^az] Match any character except a or z.
Chapter 1, Introduction to Enterprise Server 49
Netscape Console
Table 1.1 Resource Picker wildcard patterns
Wildcard Pattern Description
*~ This expression, followed by another
expression, removes any pattern matching the
second expression.
*.netscape.com Matches any string ending with the characters
.netscape.com.
(quark|energy).netscape.
com
198.93.9[23].??? Matches a numeric string starting with either
*.* Matches any string with a period in it.
~netscape-* Matches any string except those starting with
*.netscape.com~
quark.netscape.com
*.netscape.com~
(quark|energy|neutrino).
netscape.com
*.com~*.netscape.com Matches any host from domain com except for
Matches either quark.netscape.com or
energy.netscape.com.
198.93.92 or 198.93.93 and ending with
any 3 characters.
netscape-.
Matches any host from domain
netscape.com except for a single host
quark.netscape.com.
Matches any host from domain
netscape.com except for hosts
quark.netscape.com,
energy.netscape.com, and
neutrino.netscape.com.
hosts from subdomain netscape.com.
Netscape Console
Netscape Console is a Java application that provides server administrators
with a graphical interface for managing all Netscape servers from one central
location anywhere within your enterprise network. From any installed instance
of Netscape Console, you can see and access all the Netscape servers on your
enterprise’s network to which you have been granted access rights. You can log
in from any system connected to your network to manage a remote server or to
make changes in a centralized directory.
50 Netscape Enterprise Server Administrator’s Guide
Netscape Console
Figure 1.3
Netscape Console provides access to all resources under your control
Note For any given instance of Netscape Console, the limits of the network it can
administer are defined by the set of resources whose configuration information
is stored in the same configuration directory. That is the maximum set of hosts
and servers that can appear in the Console window. For a given administrator
using Netscape Console, the actual number of visible servers and hosts may be
fewer, depending on the access permissions that administrator has.
For complete documentation on Netscape Console, see Managing Servers with
Netscape Console.
Chapter 1, Introduction to Enterprise Server 51
Sending Error Information to Netscape
Sending Error Information to Netscape
Netscape Enterprise Server 4.0 includes an error-handling mechanism called the
Quality Feedback Agent. The Quality Feedback Agent enables you to
automatically send error information (stack and register dump) to Netscape if
your Enterprise Server crashes.
By enabling the Quality Feedback Agent, you can assist Netscape in
determining the cause of errors that occur in the server. The Quality Feedback
Agent only sends Netscape information to help determine the cause of the
error; it does not send documents or other sensitive information.
Details on Data Collected by the Quality
Feedback Agent
Netscape collects only the information it needs to analyze and fix errors in the
Netscape Enterprise Server. The following table summarizes all of the
information collected by the agent and the reason why Netscape collects this
information.
Table 1.2 Data Collected by Quality Feedback Agent
Data Collected OS-specific Data Reason for Data Collection
Stack Trace Windows & Unix:
Stack Trace
PC (Program
Counter)
Registers Windows:
Dynamic Libraries Windows: Loaded
Threads Windows:
Windows & Unix: PCCan be used to see if the Enterprise
Processor Registers
Unix: No
dlls
Unix: ELF32
Shared Objects
Threads in Active
Process Unix: No
Shows where Enterprise Server failed
and what functions were called just
before the failure.
Server was in a bad state when it failed.
Provides the state of the processor at
the time of the failure.
Shows any additional dlls that might
have been running with or missing
from the Enterprise Server when it
failed.
Identifies potential race conditions with
other applications or with different
processes in the Enterprise Server.
52 Netscape Enterprise Server Administrator’s Guide
Sending Error Information to Netscape
Table 1.2 Data Collected by Quality Feedback Agent
Data Collected OS-specific Data Reason for Data Collection
OS Version Windows:
Windows Version
Unix: Unix
Version
Processor Type Windows:
Processor
Information
Unix: Processor
Information
Stack Data Windows & Unix:
Top 2048 bytes on
the stack
Provides the OS version. This
information is necessary because the
way the Enterprise Server interacts with
different versions of an OS can cause
different kinds of failures.
Provides the processor version. This
information is necessary because the
Enterprise Server, like many software
applications, can behave differently
when it is running on different-speed
processors.
Shows the value of variables passed
into a function that was running at the
time of failure.
Using the Quality Feedback Agent
The Quality Feedback Agent enables you to automatically send error
information (stack and register dump) to Netscape if your Enterprise Server
crashes.
By enabling the Quality Feedback Agent, you can assist Netscape in
determining the cause of errors that occur in the server. The Quality Feedback
Agent only sends Netscape information to help determine the cause of the
error; it does not send documents or other sensitive information.
Note If JVM is enabled, you can not use Quality Feedback Agent.
To enable the Quality Feedback Agent for your Enterprise Server, perform the
following procedures:
1. If necessary, edit your master.ini file to allow the Quality Feedback
Agent to send data through your firewall to Netscape. For more
information, see “Editing master.ini.”
2. Edit magnus.conf to enable the Quality Feedback Agent (plus any
optional parameters) for your Enterprise server. For more information, see
“Editing magnus.conf.”
Chapter 1, Introduction to Enterprise Server 53
Sending Error Information to Netscape
Editing master.ini
If you are using automatic proxy configuration, and you want to use the
Quality Feedback Agent to send incident reports to Netscape, you need to edit
the master.ini file to contain the appropriate proxy configuration
information.
To enable the Quality Feedback Agent, perform the following steps:
1. If you are using an HTTP proxy, or both an HTTP and SOCKS proxy, open
the file master.ini in the
2. Add the following three lines of code to your master.ini file, using your
proxy host name, domain, and port:
UseUserHTTPProxyInfo=1
UserHTTPProxyHost="yourproxy.yourdomain.com"
server_root
/bin/https/bin directory.
UserHTTPProxyPort=xxxx
If you are using a SOCKS Proxy, add the following three lines of code to your
master.ini file:
UseUserSOCKSInfo=1
UserSOCKSHost="yourproxy.yourdomain.com"
UserSOCKSPort=xxxx
Editing magnus.conf
To turn on the Quality Feedback Agent for your Enterprise server, add
TalkBack on to your magnus.conf file. To disable it, either delete TalkBack,
or specify TalkBack off.
In addition, there are two optional magnus.conf file variables for the Quality
Feedback Agent:
• TalkbackMaxIncidents: If the server crashes more often than this
number within a time interval, the Quality Feedback Agent will be turned
off automatically. The default is 5.
54 Netscape Enterprise Server Administrator’s Guide
Sending Error Information to Netscape
• TalkbackInterval: The interval used by the parameter above, in
seconds. The default is 86400 seconds (24 hours).
Note that both variables have no effect unless the Quality Feedback Agent is
turned on. Once you restart the server, the counters are reset and the whole
process starts over.
Chapter 1, Introduction to Enterprise Server 55
Sending Error Information to Netscape
56 Netscape Enterprise Server Administrator’s Guide
Chapter
2
Chapter 2Administering Enterprise Servers
This chapter describes how to administer your Enterprise Servers with
Enterprise Administration Server. Using the Enterprise Administration Server,
you can manage servers, add and remove servers, and migrate servers from a
previous release.
This chapter includes the following sections:
• Accessing Enterprise Administration Server
• Adding a Server: Running Multiple Servers
• Installing Multiple Instances of the Server
• Removing a Server
• Migrating a Server From a Previous Version
Accessing Enterprise Administration Server
This section describes how to access Enterprise Administration Server for Unix
and Windows NT platforms.
Chapter 2, Administering Enterprise Servers 57
Accessing Enterprise Administration Server
Unix Platforms
To access the Enterprise Administration Server in Unix, go to the
server_root
/usr/netscape/server4/https-admserv/) and type ./start. This
command starts the Enterprise Administration Server using the port number you
specified during installation.
/https-admserv/ directory (for example,
Windows NT Platforms
The Enterprise Server installation program creates a program group with several
icons for Windows NT platforms. The program group includes the following
icons:
• Release Notes
• Start Enterprise Administration Server
• Uninstall Enterprise Server 4.0
Note that Enterprise Administration Server runs as a services applet; thus, you
can also use the Control Panel to start this service directly.
To access Enterprise Administration Server in Windows NT 4.0, perform the
following steps:
1. Double-click the “Start Enterprise Administration Server” icon, or type the
following URL in your browser:
http://
Enterprise Server then displays a window prompting you for a username
and password.
2. Type the administration username and password you specified during
installation.
Enterprise Server displays the Enterprise Administration Server page, as
shown in Figure 2.1:
hostname.domain-name:administration_port
58 Netscape Enterprise Server Administrator’s Guide
Accessing Enterprise Administration Server
Figure 2.1 The Enterprise Administration Server Page
For more information, see “Enterprise Administration Server,” in the online
help.
Note You must enable cookies in your browser to run the CGI programs necessary
for configuring your server.
You can also access the Enterprise Administration Server from a remote
location as long as you have access to client software such as Netscape
Navigator. Since the Enterprise Administrator Server is accessed through a
browser, you can access it from any machine that can reach the server over the
network. For more information, see “Netscape Console,” on page 50 in Chapter
1, “Introduction to Enterprise Server.”
Chapter 2, Administering Enterprise Servers 59
Adding a Server: Running Multiple Servers
Adding a Server: Running Multiple Servers
There are three ways you can have multiple web servers running on your
system:
• Use hardware virtual servers
• Use software virtual servers
• Install multiple instances of the server
Hardware Virtual Servers
Hardware virtual servers allow you to map multiple IP addresses to multiple
document roots. For example, if you have two IP addresses, you could map the
first IP address to one document root and the second IP address to a second
document root. While hardware virtual servers take fewer system resources
than multiple instances of the server, they must share the same configuration
information. For example, if one hardware virtual server has enabled security
features or web publishing, they all must have it enabled. For more information
on hardware virtual servers, see “Setting Up Hardware Virtual Servers,” on
page 318 in Chapter 13, “Managing Server Content.”
Software Virtual Servers
Software virtual servers give you the ability to map a single IP address to
multiple server names. Each software virtual server can have its own home
page. One use for this is to host multiple web sites from one IP address.
However, in order for software virtual servers to work correctly, the users
accessing the server must be using client software that supports the HTTP Host
header. Like hardware virtual servers, software virtual servers all must have the
same configuration. For more information on software virtual servers, see
“Setting up Software Virtual Servers,” on page 322 in Chapter 13, “Managing
Server Content.”
60 Netscape Enterprise Server Administrator’s Guide
Installing Multiple Instances of the Server
Multiple Server Instances
Multiple server instances enables you to define separate types of
configuration information for each server. For example, one instance of the
server could have security features or web publishing enabled while another
server could have them disabled. However, each instance of the server takes
substantial resources of RAM, disk space, and swap space. For more
information, see “Installing Multiple Instances of the Server.”
Installing Multiple Instances of the Server
You can use Enterprise Administration Server to configure multiple servers via
the following options:
• Install multiple copies of the server on NT as separate instances, each with
a different IP address.
• Configure a number of additional hardware virtual servers, with one
Enterprise Server which responds to the various virtual servers
independently.
• Configure a number of software virtual servers, which enables you to host
multiple web sites from one IP address.
• Configure a set of servers that all use the same IP address, but different port
numbers.
If you have installed Enterprise Server on multiple servers, the installation
process places all the files under the server root directory that you specified
during installation, as specified in “Single-Server Configuration,” in Chapter 1,
“Introduction to Enterprise Server.” However, note that Enterprise Server also
creates an additional https-identifier directory for each additional server
you specify.
You can install another instance of the web server on your current computer.
Your web server software license allows you to have as many web server
instances as you want on one system. Each web server you have installed can
run on any TCP/IP port on your system, but you cannot run two web servers
Chapter 2, Administering Enterprise Servers 61
Removing a Server
on the same port at the same time unless they are configured to respond to
different IP addresses. Contact your system’s vendor for information on how to
configure your system to respond to different IP addresses.
If your system is configured to listen to multiple IP addresses, for each server
you install enter one of the IP addresses that your system is hosting.
If you installed your server before configuring your system to host multiple IP
addresses, configure your system to respond to different IP addresses. Then
you can either install hardware virtual servers or change the server’s bind
address using the Server Manager and install separate instances of the server for
each IP address. For more information, see “Configuring Network Settings,” on
page 167 in Chapter 7, “Configuring Server Preferences.”
To add another server instance, perform the following steps:
1. Access the Enterprise Administration Server and choose the Servers tab.
2. Click the Add Server link.
3. Enter the desired information for the specified fields.
For more information, see “The Add Server Page,” in the online help.
Removing a Server
You can remove a server from your system using Enterprise Administration
Server. Be sure that you don’t need the server anymore before you remove it,
since this process cannot be undone.
Note Some NT servers have an uninstall program that you can use to remove a server
and its associated administration server. For details, check with your product
documentation.
To remove a server from your machine, perform the following steps:
1. Access the Enterprise Administration Server and choose the Servers tab.
2. Click Remove Server.
62 Netscape Enterprise Server Administrator’s Guide
Migrating a Server From a Previous Version
The Enterprise Administration Server subsequently deletes the server’s
configuration files, Server Manager forms, and the following directory (and any
subdirectories):
server_root
For more information, see “The Remove Server Page,” in the online help.
/<servertype>-<id>
Migrating a Server From a Previous Version
You can migrate an Enterprise Server from 3.6 to 4.0. Your 3.6 server is
preserved, and a new 4.0 server using the same settings is created.
You should stop running the 3.6 server before migrating settings. Make sure
you have Netscape Navigator 3.0 or later installed on your computer before
migrating settings.
For a complete description of how to migrate a server from a previous version
to Enterprise Server 4.0, see the Installation and Migration Guide.
For more information, see “The Migrate Server Page,” in the online help.
Chapter 2, Administering Enterprise Servers 63
Migrating a Server From a Previous Version
64 Netscape Enterprise Server Administrator’s Guide
Using Enterprise Administration
Server
2
• Setting Administration
Preferences
• Managing Users and Groups
• Working with Server Security
• Managing Server Clusters
Part 2, Using Enterprise Administration Server 65
66 Netscape Enterprise Server Administrator’s Guide
Chapter
3
Chapter 3Setting Administration Preferences
This document describes the administration forms available via the Preferences
and Global Settings tabs in Enterprise Administration Server that you use to
configure your Enterprise Servers. Note that you must enable cookies in your
browser to run the CGI programs necessary for configuring your server.
This chapter includes the following sections:
• Shutting Down Enterprise Administration Server
• Changing Network Settings
• Changing the Superuser Settings
• Enabling Distributed Administration
• Configuring Secure Sockets Layer (SSL)
• Specifying Log File Options
• Configuring Directory Services
• Restricting Server Access
Chapter 3, Setting Administration Preferences 67
Shutting Down Enterprise Administration Server
Shutting Down Enterprise Administration
Server
Once the server is installed, it runs constantly, listening for and accepting HTTP
requests. You can stop the server using one of the following methods:
• Access the Enterprise Administration Server, choose the Servers tab, and
perform the following steps:
1. Select the Manage Servers option.
2. Select the server you want to shut down from the Select a Server drop-
down list.
3. Click Manage. The Enterprise Server displays the Server Manager forms.
For more information about using the Server On/Off page, see “Starting and
Stopping the Server,” on page 160 in Chapter 7, “Configuring Server
Preferences.”
• Choose the Preferences tab, select the Shut Down option, and click Shut
down the administration server! button. For more information, see “The
Shut Down Page,” in the online help.
• Use the Services window in the Control Panel (Windows NT).
•Use stop, which shuts down the server completely, interrupting service
until it is restarted. If you set the etc/inittab file to automatically restart
(using “respawn”), you must remove the line pertaining to the web server
in etc/inittab before shutting down the server; otherwise, the server
automatically restarts. (Unix).
After you shut down the server, it may take a few seconds for the server to
complete its shut-down process and for the status to change to “Off.”
Changing Network Settings
Network settings affect the way Enterprise Administration Server works with
your Enterprise Servers. You can change the system user account and password
and port number for Enterprise Administration Server.
68 Netscape Enterprise Server Administrator’s Guide
Changing Network Settings
Changing the User Account and
Password
To change the system user account, you must use the Server Manager forms.
For more information, see “Configuring Network Settings,” on page 167 in
Chapter 7, “Configuring Server Preferences.”
NT You can also change the password that the server uses when the service starts.
Make sure that the user account has a password and has both administrative
and “log on as a service” permissions. You should change the permissions
using the Windows NT User Manager program located in the Administrative
Tools group for your desktop.
Changing the Port Number
You can also change the port number that Enterprise Administration Server
listens to. The port number can be any number between 1 and 65535, but it is
typically a random number greater than 1024. For security reasons, consider
changing the port number regularly.
To change the Enterprise Administration Server port number, perform the
following steps:
1. Access the Enterprise Administration Server and choose the Preferences tab.
2. Click the Network Settings link.
3. Make the desired changes and click OK.
Note that you must restart the server for the settings to take effect.
For more information, see “The Daemon Configuration Page,” in the online
help.
Chapter 3, Setting Administration Preferences 69
Changing the Superuser Settings
Changing the Superuser Settings
You can configure superuser access for your Enterprise Administration Server.
These settings affect only the superuser account. That is, if your Enterprise
Administration Server uses distributed administration, you need to set up
additional access controls for the administrators you allow.
Warning If you use Netscape Directory Server to manage users and groups, you need to
update the superuser entry in the directory before you change the superuser
username or password. If you don’t update the directory first, you won’t be
able to access the Users & Groups forms in Enterprise Administration Server. To
fix this, you’ll need to either access Enterprise Administration Server with an
administrator account that does have access to the directory, or you’ll need to
update the directory using the Netscape Directory Server’s Netscape Console or
configuration files.
To change the superuser settings for Enterprise Administration Server, perform
the following steps:
1. Access the Enterprise Administration Server and choose the Preferences tab.
2. Click the Superuser Access Control link.
3. Make the desired changes and click OK.
For more information, see “The Superuser Access Control Page,” in the online
help.
Note You can change the Enterprise Administration Server user from root to another
user on the operating system to enable multiple users (belonging to the group)
to edit/manage the configuration files. However, note that while on UNIX
platforms, the installer can give “rw” (read/write) permissions to a group for the
configuration files, on Windows NT platforms, the user must belong to the
“Administrators” group.
The superuser’s username and password are kept in a file called
server_root
/admin-serv/config/admpw. If you forget the username,
you can view this file to obtain the actual name; however, note that the
password is encrypted and unreadable. The file has the format
username:password.
70 Netscape Enterprise Server Administrator’s Guide
Enabling Distributed Administration
Warning
If you forget the password, you can edit the admpw file and simply delete the
encrypted password. You can then go to the Server Manager forms and specify
a new password. Because you can do this, it is very important that you keep
the server computer in a secure place and restrict access to its file system. On
Unix systems, consider changing the file ownership so that it’s writable only by
root or whatever system user runs the Enterprise Administration Server
daemon. On NT systems, restrict the file ownership to the user account
Enterprise Administration Server uses.
Enabling Distributed Administration
Distributed administration allows multiple administrators to change specific
parts of the server. With distributed administration you have three levels of
users:
• superuser is the user listed in the file
config/admpw. This is the user name (and password) you specified
during installation. This user has full access to all forms in Enterprise
Administration Server, except the Users & Groups forms, which depend on
the superuser having a valid account in an LDAP server such as Netscape
Directory Server.
server_root
/admin-serv/
• administrators go directly to the Server Manager forms for a specific
server, including Enterprise Administration Server. The forms they see
depend on the access control rules set up for them (usually done by the
superuser). Administrators can perform limited administrative tasks and can
make changes that affect other users, such as adding users or changing
access control.
• end users can view read-only data stored in the database. Additionally, end
users may be granted access permissions to change only specific data.
For an in-depth discussion of access control for Enterprise Server, see “What Is
Access Control?,” on page 326 in Chapter 14, “Controlling Access to Your
Server.”
Note Before you can enable distributed administration, you must install a Directory
Server. For more information, see Netscape Directory Server Administrator’s
Guide.
Chapter 3, Setting Administration Preferences 71
Enabling Distributed Administration
To enable distributed administration, perform the following steps:
1. Verify that you have installed a Directory Server.
2. Access the Enterprise Administration Server.
3. One you’ve installed a Directory Server, you may also need to create an
administration group, if you have not previously done so.
To create a group, perform the following steps:
1. Choose the Users & Groups tab.
2. Click the New Group link.
3. Create an “administrators” group in the LDAP directory and add the
names of the users you want to have permission to configure Enterprise
Administration Server, or any of the servers installed in its server root.
All users in the “administrators” group have full access to Enterprise
Administration Server, but you can use access control to limit the servers
and forms they will be allowed to configure.
Warning Once you create an access-control list, the distributed administration group
is added to that list. If you change the name of the “administrators” group,
you must manually edit the access-control list to change the group it
references.
4. Choose the Preferences tab.
5. Click the Distributed Admin link.
6. Make the desired changes and click OK.
For more information, see “The Distributed Administration Page,” in the online
help.
72 Netscape Enterprise Server Administrator’s Guide
Configuring Secure Sockets Layer (SSL)
Configuring Secure Sockets Layer (SSL)
Using Enterprise Administration Server, you can activate the Enterprise Server
encryption feature and set various encryption preferences. For more
information regarding Enterprise Server encryption features, see “About
Enterprise Server Security,” on page 114 in Chapter 5, “Working with Server
Security.”
Note that prior to activating SSL for your Enterprise Server you need to set up
some preliminary requirements, such as creating a trust database, and
requesting and installing an encryption certificate. For more information, see
“Configuring Enterprise Server for SSL,” on page 117 in Chapter 5, “Working
with Server Security.”
Activating SSL
To activate SSL for your Enterprise Administration Server, perform the following
steps:
1. Access the Enterprise Administration Server and choose the Preferences tab.
2. Click the Encryption On/Off link.
3. Make the desired changes and click OK.
For more information, see “The Encryption On/Off Page,” in the online help.
Setting Encryption Preferences
Enterprise Administration Server enables you to set the following SSL
encryption preferences:
• Choose between various versions of SSL.
• Specify whether to require client certificates.
• Set the SSL 2.0 ciphers.
• Set the SSL 3.0 ciphers.
Chapter 3, Setting Administration Preferences 73
Configuring Secure Sockets Layer (SSL)
Your server can perform encryption with a number of different encryption
functions, called ciphers. Some ciphers are more resistant to cracking than
others. During an SSL connection, the client and the server agree to use the
strongest cipher they can both use for communication. For more information
regarding ciphers, see Managing Servers with Netscape Console.
To set these encryption preferences, perform the following steps:
1. Access the Enterprise Administration Server and choose the Preferences tab.
2. Click the Encryption Prefs link.
3. Check the SSL versions you want your server to communicate with. The
latest and most secure version is SSL version 3, but a few older clients use
only SSL version 2. You will probably want to enable your server to use
both versions.
4. Check the ciphers you want your server to use. The ciphers are listed for
each version of SSL. Some ciphers are more secure, or stronger, than others.
Generally speaking, the more bits a cipher uses during encryption, the
harder it is to decrypt the data. Ciphers are described after this list.
5. Click OK. Make sure you restart your server.
When a client initiates an SSL connection with a server, the client lets the server
know what ciphers it prefers to use to encrypt information. In any two-way
encryption process, both parties must use the same ciphers. Since there are a
number of ciphers available, you should consider enabling all ciphers.
You can choose ciphers from both the SSL 2 and SSL 3 protocols. Unless you
have a compelling reason why you don’t want to use a specific cipher, you
should check them all.
For more information, see “The Encryption Preferences Page,” in the online
help.
Setting Stronger Ciphers
You can set stronger ciphers via the Stronger Ciphers option on the Server
Manager Preferences tab in both domestic and export versions of the server.
74 Netscape Enterprise Server Administrator’s Guide
Specifying Log File Options
In the domestic version of Enterprise Server, the Stronger Ciphers option
presents a choice of 168, 128, or 56-bit secret keysize restriction, or no
restriction. In the export version, this option presents a choice of 56-bit secret
keysize or no restriction. For both versions, a filename to be served when the
restriction is not met can be specified. If no filename is specified, Enterprise
Server returns a “Forbidden” status.
If you select a restriction that is not consistent with the current cipher settings
under Security Preferences, Enterprise Server displays a popup dialog that
warns that you need to enable ciphers with larger secret keysizes.
The implementation of the keysize restriction is now based on an NSAPI
PathCheck directive, rather than Service fn=key-toosmall. This directive
is:
PathCheck fn="ssl-check" [secret-keysize=<nbits>] [bong-file=<filename>]
where <nbits> is the minimum number of bits required in the secret key, and
<filename> is the name of a file (not a URI) to be served if the restriction is
not met.
This function returns REQ_NOACTION if SSL is not enabled, or if the secret-
keysize parameter is not specified. If the secret keysize for the current
session is less than the specified secret-keysize, the function returns
REQ_ABORTED with a status of PROTOCOL_FORBIDDEN if bong-file is not
specified, or else REQ_PROCEED, and the “path” variable is set to the bong-
file <filename>. Also, when a keysize restriction is not met, the SSL session
cache entry for the current session is invalidated, so that a full SSL handshake
will occur the next time the same client connects to the server.
Note The Stronger Ciphers form removes any Service fn=key-toos mall directives
that it finds in an object when it adds a PathCheck fn=ssl-check.
For more information, see “The Enforce Strong Security Requirements Page,” in
the online help.
Specifying Log File Options
Log files can help you monitor your server’s activity. You can use these logs to
monitor your server and troubleshoot problems.
Chapter 3, Setting Administration Preferences 75
To configure logging options for Enterprise Administration Server, perform the
following steps:
1. Access the Enterprise Administration Server and choose the Preferences tab.
2. Click the Logging Options link.
3. Make the desired changes and click OK.
For more information, see “The Log Preferences Page,” in the online help.
This section also includes topics that describe how to configure the Enterprise
Server Log File options to perform the following tasks:
• Viewing the Access Log File
• Viewing the Error Log File
• Archiving Log Files
Viewing the Access Log File
The access log, located in admin/logs in the server root directory, records
information about requests to the server and the responses from the server.You
can specify the server log format—what is included in the access log file—to
be the Common Logfile Format, a commonly supported format that provides a
fixed amount of information about the server, or you can create a custom log
file format that better suits your server requirements.
To view the access log file, perform the following steps:
1. Access the Enterprise Administration Server and choose the Preferences tab.
2. Click the View Access Log link and click OK.
For more information, see “The View Error Log Page,” in the online help.
76 Netscape Enterprise Server Administrator’s Guide
Specifying Log File Options
Viewing the Error Log File
The error log file, located in admin/logs in the server root directory, lists all
the errors the server has encountered since the log file was created. It also
contains informational messages about the server, such as when the server was
started and who tried unsuccessfully to log in to the server.
To view the error log file, perform the following steps:
1. Access the Enterprise Administration Server and choose the Preferences tab.
2. Click the View Error Log link and click OK.
You can also view the server’s active and archived log files from the Server
Manager. For more information regarding these log files, see “The View Access
Log Page,” in the online help.
Archiving Log Files
You can set up your log files to be automatically archived. At a certain time, or
after a specified interval, Enterprise Server rotates your access logs. Enterprise
Server saves the old log files and stamps the saved file with a name that
includes the date and time they were saved.
For example, you can set up your files to rotate every hour, and Enterprise
Server saves and names the file “access.199907152400,” where
“name|year|month|day|24-hour time” is concatenated together into a single
character string. The exact format of the access log archive file varies
depending upon which type of log rotation you set up.
Enterprise Server offers the two types of log rotation for archiving files:
• Internal-daemon log rotation—this type of log rotation happens within
the HTTP daemon, so the server doesn’t need to restart.
• Cron-based log rotation—this type of log rotation is based on the time
stored in the cron.conf file. For more information about cron controls,
see “Using Cron Controls (Unix Only),” on page 78.
Chapter 3, Setting Administration Preferences 77
Specifying Log File Options
Access log rotation is initialized at server startup. If rotation is turned on,
Enterprise Server creates a time-stamped access log file and rotation starts at
server startup.
Once the rotation starts, Enterprise Server creates a new time stamped access
log file when there is a request that needs to be logged to the access log file
and it occurs after the previously-scheduled “next rotate time.”
For more information about achiving log files, see “Archiving Log Files,” on
page 187 in Chapter 8, “Understanding Log Files.”
Using Cron Controls (Unix Only)
You can configure several features of your Enterprise Server to operate
automatically and set to begin at specific times. The Netscape cron daemon
checks the computer clock and then spawns processes at certain times. (These
settings are stored in the ns-cron.conf file.)
The Netscape cron daemon that controls scheduled tasks for your Enterprise
Server can be activated and deactivated from Enterprise Administration Server.
The tasks performed by the Netscape cron process depends on the various
Netscape servers. (Note that on NT platforms, the scheduling occurs within the
individual servers.)
Some of the tasks that can be controlled by cron daemons include scheduling
collection maintenance and archiving log files. You need to restart Netscape
cron control whenever you change the settings for scheduled tasks.
To restart, start, or stop the Netscape cron control, perform the following steps:
1. Access the Enterprise Administration Server and choose the Global Settings
tab.
2. Click the Cron Control link.
3. Click Restart, Start, or Stop to change the cron controls.
Note that any time you add a task to Netscape cron, you need to restart the
daemon.
78 Netscape Enterprise Server Administrator’s Guide
Configuring Directory Services
You can manage all your user information from a single source via an opensystems server protocol called the Lightweight Directory Access Protocol
(LDAP). You can also configure the server to allow your users to retrieve
directory information from multiple, easily accessible network locations.
To configure the directory services preferences, perform the following steps:
1. Access the Enterprise Administration Server and choose the Global Settings
tab.
2. Click the Configure Directory Service link.
3. Make the desired changes and click OK.
For more information, see “The Configure Directory Service Page,” in the online
help.
Configuring Directory Services
Restricting Server Access
You can control access to the entire server or to parts of the server (that is,
directories, files, file types). When the server evaluates an incoming request, it
determines access based on a hierarchy of rules called access-control entries
(ACEs), and then it uses the matching entries to determine if the request is
allowed or denied. Each ACE specifies whether or not the server should
continue to the next ACE in the hierarchy. The collection of ACEs is called an
access-control list (ACL).When a request comes in to the server, the server
looks in obj.conf for a reference to an ACL, which is then used to determine
access. By default, the server has one ACL file that contains multiple ACLs.
You can set access control globally for all servers through the Enterprise
Administration Server or for a resource within a specific server instance through
the Server Manager. For more information about setting access control for a
resource, see “Restricting Access to Your Web Site,” on page 334 in Chapter 14,
“Controlling Access to Your Server.”
Note You must turn on distributed administration before you can restrict server
access.
Chapter 3, Setting Administration Preferences 79
Restricting Server Access
To restrict access to your Enterprise Servers, perform the following steps:
1. Access the Enterprise Administration Server and choose the Global Settings
tab.
2. Click the Restrict Access link.
3. Select the desired server and click Edit ACL.
Enterprise Administration Server displays the access control rules for the
server you specified.
4. Make the desired access control changes and click OK.
For more information, see “The Restrict Access Page,” in the online help.
80 Netscape Enterprise Server Administrator’s Guide
Chapter
4
Chapter 4Managing Users and Groups
This chapter describes how to use the forms in Enterprise Administration Server
Users and Groups tab.
This chapter includes the following sections:
• About Users and Groups
•Creating Users
• Managing Users
• Creating Groups
• Managing Groups
• Creating Organizational Units
• Managing Organizational Units
• Managing a Preferred Language List
Chapter 4, Managing Users and Groups 81
About Users and Groups
About Users and Groups
Enterprise Administration Server provides you access to your application data
about user accounts, group lists, access privileges, organization units, and other
user/group-specific information. You can use Enterprise Administration Server
to create, locate, and manage records for users and groups within your
Enterprise Servers.
Netscape Enterprise Server 4.0 does not support local LDAP. In order to add
users and groups, you must have a directory server installed, such as Netscape
Directory Server. If you need to create, locate, or manage records for users and
groups on any other servers within your network, you should use Netscape
Console with your Directory Server. For more information, see Managing
Servers with Netscape Console.
Warning (NT) You cannot install Netscape Directory Server 4.x and Netscape Enterprise
Server 4.0 on the same Windows NT machine because of system library
conflicts. Install Directory Server on a separate machine and use the Enterprise
Administration Server’s Global Settings tab to configure Enterprise Server to use
that Directory Server.
The Users and Groups tab of Enterprise Administration Server enables you to
create or modify users, groups, and organizational units. Each user and group
in your enterprise is represented by a Distinguished Name (DN) attribute. A
DN attribute is a text string that contains identifying information for an
associated user, group, or object. You use DNs whenever you make changes to
a user or group directory entry. For more information regarding distinguished
name syntax and frequently used attributes, see Managing Servers with
Netscape Console.
Note that if you do not currently have a directory, or if you want to add a new
subtree to an existing directory, you can use the Directory Server’s
Administration Server LDIF import function. This function accepts a file
containing LDIF and attempts to build a directory or a new subtree from the
LDIF entries. You can also export your current directory to LDIF using the
Directory Server’s LDIF export function. This function creates an LDIFformatted file that represents your directory. For more information, see your
Directory Server documentation.
82 Netscape Enterprise Server Administrator’s Guide
Creating Users
Use the Users and Groups tab of Enterprise Administration Server to create or
modify user entries. A user entry contains information about an individual
person or object in the database.
This section includes the following topics:
• Guidelines for Creating User Entries
• How to Create a New User Entry
• Directory Server User Entries
Guidelines for Creating User Entries
Creating Users
Consider the following guidelines when using the administrator forms to create
new user entries:
• If you enter a given name (or first name) and a surname, then the form
automatically fills in the user’s full name and user ID for you. The user ID is
generated as the first initial of the user’s first name followed by the user’s
last name. For example, if the user’s name is Billie Holiday, then the user ID
is automatically set to bholiday. You can replace this user ID with an ID of
your own choosing if you wish.
• The user ID must be unique. The Enterprise Administration Server ensures
that the user ID is unique by searching the entire directory from the search
base (base DN) down to see if the user ID is in use. Be aware, however,
that if you use the Directory Server ldapmodify command line utility (if
available) to create a user, that it does not ensure unique user IDs. If
duplicate user IDs exist in your directory, the affected users will not be able
to authenticate to the directory.
• Note that the base DN specifies the distinguished name where directory
lookups will occur by default, and where all Enterprise Administration
Server’s entries are placed in your directory tree. A “DN” is the string
representation for the name of an entry in a directory server.
• Note that at a minimum, you must specify the following user information
when creating a new user entry:
Chapter 4, Managing Users and Groups 83
Creating Users
• surname or last name
•full name
•user ID
• If any organizational units have been defined for your directory, you can
specify where you want the new user to be placed using the Add New User
To list. The default location is your directory’s base DN (or root point).
Note The user edit text fields for international information differs between Enterprise
Administration Server and Netscape Console. In Netscape Console, in addition
to the untagged cn fields, there is a preferred language cn field which doesn’t
exist in theEnterprise Administration Server.
How to Create a New User Entry
To create a user entry, read the guidelines outlined in “Guidelines for Creating
User Entries,” on page 83,.and then perform the following steps:
1. Access the Enterprise Administration Server and choose the Users & Groups
tab.
2. Click the New User link and add the associated information to the displayed
page.
For more information, see “The New User Page,” in the online help. For
information on editing users, see “Managing Users,” on page 86.
Directory Server User Entries
The following user entry notes may be of interest to the directory administrator:
• User entries use the inetOrgPerson, organizationalPerson, and
person object classes.
• By default, the distinguished name for users is of the form:
cn=full name, ou=organization, ...,o=base organization, c=country
84 Netscape Enterprise Server Administrator’s Guide
Creating Users
For example, if a user entry for Billie Holiday is created within the
organizational unit Marketing, and the directory’s base DN is o=Ace
Industry, c=US, then the person’s DN is:
cn=Billie Holiday, ou=Marketing, o=Ace Industry, c=US
However, note that you can change this format to a uid-based distinguished
name.
• The values on the user form fields are stored as the following LDAP
attributes (note that any stored information other than ‘user’ and ‘group’
requires a full Directory Server license):
Table 4.1 LDAP Attributes
User Field Corresponding LDAP Attribute
Given Name givenName
Surname sn
Full Name cn
User ID uid
Password userPassword
Email Address mail
The following fields are also available when editing the user entry:
Table 4.2 User Entry LDAP Attributes
User Field Corresponding LDAP Attribute
Title title
Telephone telephoneNumber
• Sometimes a user’s name can be more accurately represented in characters
of a language other than the default language. You can select a preferred
language for users so that their names will display in the characters of the
that language, even when the default language is English. For more
information regarding setting a user’s preferred language, see “The Manage
Users Page,” in the online help.
Chapter 4, Managing Users and Groups 85
Managing Users
Managing Users
You edit user attributes from the Enterprise Administration Server Manage Users
form. From this form you can find, change, rename, and delete user entries;
manage user licenses; and potentially change product-specific information.
Some, but not all, Netscape servers add additional forms to this area that allow
you to manage product-specific information. For example, if a messaging server
is installed under your Enterprise Administration Server, then an additional form
is added that allows you to edit messaging server-specific information. See the
server documentation for details on these additional management capabilities.
This section includes the following topics:
• Finding User Information
• Editing User Information
• Managing a User’s Password
• Managing User Licenses
•Renaming Users
• Removing Users
Finding User Information
Before you can edit a user entry, you must display the associated information.
To find the specific user information, perform the following steps:
1. Access the Enterprise Administration Server and choose the Users & Groups
tab.
2. Click the Manage Users link.
3. In the Find User field, enter some descriptive value for the entry that you
want to edit. You can enter any of the following in the search field:
• A name. Enter a full name or a partial name. All entries that equally
match the search string will be returned. If no such entries are found, all
entries that contain the search string will be found. If no such entries are
found, any entries that sounds like the search string are found.
• A user ID.
86 Netscape Enterprise Server Administrator’s Guide
Managing Users
• A telephone number. If you enter only a partial number, any entries that
have telephone numbers ending in the search number will be returned.
• An email address. Any search string containing an at (@) symbol is
assumed to be an email address. If an exact match cannot be found,
then a search is performed to find all email addresses that begin with
the search string.
• An asterisk (*) to see all of the entries currently in your directory. You
can achieve the same effect by simply leaving the field blank.
• Any LDAP search filter. Any string that contains an equal sign (=) is
considered a search filter.
As an alternative, use the pull down menus in the Find all users whose field
to narrow the results of your search.
4. In the Look within field, select the organizational unit under which you
want to search for entries. The default is the directory’s root point (or top
most entry).
5. In the Format field, choose either On-Screen or Printer.
6. Click Find. All the users in the selected organizational unit are displayed.
7. In the resulting table, click the name of the entry that you want to edit.
8. The user edit form is displayed. Change the displayed fields as desired and
click Save Changes. The changes are made immediately.
Building Custom Search Queries
The Find all users whose field allows you to build a custom search filter. Use
this field to narrow down the search results returned by a “Find user” search.
The Find all users whose field provides the following search criteria:
• The left-most pull-down list allows you to specify the attribute on which the
search will be based, as shown in the following illustration:
Chapter 4, Managing Users and Groups 87
Managing Users
Figure 4.1 Search Attribute
For a complete list of the available search attribute options, see “Search
Attribute Options.”
• In the center pull-down list, select the type of search you want to perform,
as shown in the following illustration:
Figure 4.2 Search Type
For a complete list of the available search type options, see “Search Type
Options.”
• In the right-most text field, enter your search string:
Figure 4.3 Search String
To display all of the users entries contained in the Look Within directory, enter
either an asterisk (*) or simply leave this text field blank.
Search Attribute Options
The available search attribute options are described in the following table:
88 Netscape Enterprise Server Administrator’s Guide
Table 4.3 Search Attribute Options
Option Name Description
Managing Users
full name
Search each entry’s full name for a
match.
last name Search each entry’s last name, or
surname for a match.
user id Search each entry’s user id for a
match.
phone number Search each entry’s phone number
for a match.
email address Search each entry’s email address
for a match.
unit name Search each entry’s name for a
match.
description Search each organizational unit
entry’s description for a match.
Search Type Options
The available search type options are described in the following table:
Table 4.4 Search Type Options
Option Name Description
contains Causes a substring search to be performed. Entries with
attribute values containing the specified search string are
returned. For example, if you know an user’s name
probably contains the word “Dylan,” use this option with
the search string “Dylan” to find the user’s entry.
is Causes an exact match to be found. That is, this option
specifies an equality search. Use this option when you
know the exact value of an user’s attribute. For example, if
you know the exact spelling of the user’s name, use this
option.
Chapter 4, Managing Users and Groups 89
Managing Users
Table 4.4 Search Type Options
Option Name Description
isn’t Returns all the entries whose attribute value does not
exactly match the search string. That is, if you want to find
all the users in the directory whose name is not “Sally Ride”,
use this option. Be aware, however, that use of this option
can cause an extremely large number of entries to be
returned to you.
sounds like Causes an approximate, or phonetic, search to be
performed. Use this option if you know an attribute’s value,
but you are unsure of the spelling. For example, if you are
not sure if a user’s name is spelled “Sarret,” “Sarette,” or
“Sarett,” use this option.
starts with Causes a substring search to be performed. Returns all the
entries whose attribute value starts with the specified search
string. For example, if you know a user’s name starts with
“Miles,” but you do not know the rest of the name, use this
option.
ends with Causes a substring search to be performed. Returns all the
entries whose attribute value ends with the specified search
string. For example, if you know a user’s name ends with
“Dimaggio,” but you do not know the rest of the name, use
this option.
Editing User Information
To change a user’s entry, perform the following steps:
1. Access the Enterprise Administration Server and choose the Users & Groups
tab.
2. Display the user entry as described in “Finding User Information,” on
page 86.
3. Edit the field corresponding to the attribute that you wish to change.
For more information, see “The Edit Users Page,” in the online help.
90 Netscape Enterprise Server Administrator’s Guide
Managing Users
Note
It is possible that you will want to change an attribute value that is not
displayed by the edit user form. In this situation, use the Directory Server
ldapmodify command line utility, if available.
In addition, note that you can change the user’s first, last, and full name field
from this form, but to fully rename the entry (including the entry’s distinguished
name), you need to use the Rename User form. For more information on how
to rename an entry, see “Renaming Users,” on page 92.
Managing a User’s Password
The password you set for user entries is used by the various Netscape servers
for user authentication.
To change or create a user’s password, perform the following steps:
1. Access the Enterprise Administration Server and choose Users & Groups
tab.
2. Display the user entry as described in “Finding User Information,” on
page 86.
3. Make the desired changes and click OK.
For more information, see “The Manage Users Page,” in the online help.
Note You can change the Enterprise Administration Server user from root to another
user on the operating system to enable multiple users (belonging to the group)
to edit/manage the configuration files. However, note that while on UNIX
platforms, the installer can give “rw” permissions to a group for the
configuration files, on Windows NT platforms, the user must belong to the
“Administrators” group.
Note You can also disable the user’s password by clicking the Disable Password
button. Doing this prevents the user from logging into a Netscape server
without deleting the user’s directory entry. You can allow access for the user
again by using the Password Management Form to enter a new password.
Chapter 4, Managing Users and Groups 91
Managing Users
Managing User Licenses
Enterprise Administration Server enables you to track which Netscape server
products your users are licensed to use.
To manage the licenses available to the user, perform the following steps:
1. Access the Enterprise Administration Server and choose the Users & Groups
tab.
2. Display the user entry as described in “Finding User Information,” on
page 86.
3. Click the Licenses link at the top of the User Edit form.
4. Make the desired changes and click OK.
For more information, see “The Manage Users Page,” in the online help.
Renaming Users
The rename feature changes only the user’s name; all other fields are left intact.
In addition, the user’s old name is still preserved so searches against the old
name will still find the new entry.
When you rename a user entry, you can only change the user’s name; you
cannot use the rename feature to move the entry from one organizational unit
to another. For example, suppose you have organizational units for Marketing
and Accounting and an entry named “Billie Holiday” under the Marketing
organizational unit. You can rename the entry from Billie Holiday to Doc
Holiday, but you cannot rename the entry such that Billie Holiday under the
Marketing organizational unit becomes Billie Holiday under the Accounting
organizational unit.
To rename a user entry, perform the following steps:
1. Access the Enterprise Administration Server and choose the Users & Groups
tab.
2. Display the user entry as described in “Finding User Information,” on
page 86.
92 Netscape Enterprise Server Administrator’s Guide
Creating Groups
Note that if you are using common name-based DNs, specify the user’s full
name. If you are using uid-based distinguished names, enter the new uid
value that you want to use for the entry.
3. Click the Rename User button.
4. Change the Given Name, Surname, Full Name, or UID fields as is
appropriate to match the new distinguished name for the entry.
5. You can specify that Enterprise Administration Server no longer retains the
old full name or uid values when you rename the entry by setting the
keepOldValueWhenRenaming parameter to false. You can find this
parameter in the following file:
server_root
For more information, see “The Manage Users Page,” in the online help.
Removing Users
To delete a user entry, perform the following steps:
1. Access the Enterprise Administration Server and choose the Users & Groups
tab.
2. Display the user entry as described in “Finding User Information,” on
page 86.
3. Click Delete User.
For more information, see “The Manage Users Page,” in the online help.
Creating Groups
/admin-serv/config/dsgw-orgperson.conf
A group is an object that describes a set of objects in an LDAP database. An
Enterprise Server group consists of users who share a common attribute. There
are two ways to define membership of a group: statically and dynamically.
Static groups enumerate their member objects explicitly. A static group is a CN
Chapter 4, Managing Users and Groups 93
Creating Groups
and contains uniqueMembers and/or memberURLs and/or
memberCertDescriptions. For static groups, the members do not share a
common attribute except for the CN=<Groupname> attribute.
Dynamic groups allow you to use a LDAP URL to define a set of rules that
match only for group members. For Dynamic Groups, the members do share a
common attribute or set of attributes that are defined in the memberURL filter.
For example, if you need a group that contains all employees in Sales, and they
are already in the LDAP database under “ou=Sales,o=Airius.com,” you’d
define a dynamic group with the following memberurl:
ldap:///ou=Sales,o=Netscape??sub?(uid=*)
This group would subsequently contain all objects that have an uid attribute in
the tree below the “ou=Sales,o=Netscape” point; thus, all the Sales
members.
For static and dynamic groups, members can share a common attribute from a
certificate if you use the memberCertDescription. Note that these will only
work if the ACL uses the SSL method.
Once you create a new group, you can add users, or members, to it.
This section includes the following topics for creating groups:
• Static Groups
• Dynamic Groups
Static Groups
Enterprise Administration Server enables you to create a static group by
specifying the same group attribute in the DNs of any number of users. A static
group doesn’t change unless you add a user to it or delete a user from it.
Guidelines for Creating Static Groups
Consider the following guidelines when using the Enterprise Administration
Server forms to create new static groups:
• Static groups can contain other static or dynamic groups.
94 Netscape Enterprise Server Administrator’s Guide
Creating Groups
• You can optionally also add a description for the new group.
• If any organizational units have been defined for your directory, you can
specify where you want the new group to be placed using the Add New
Group To list. The default location is your directory’s root point, or topmost entry.
• When you are finished entering the desired information, click Create Group
to add the group and immediately return to the New Group form.
Alternatively, click Create and Edit Group to add the group and then
proceed to the Edit Group form for the group you have just added. For
information on editing groups, see “Editing Group Attributes,” on page 101.
To Create a Static Group
To create a static group entry, perform the following steps:
1. Access the Enterprise Administration Server and choose the Users & Groups
tab.
2. Click the New Group link.
3. Enter the required information and click OK.
For more information, see “The New Group Page,” in the online help.
Dynamic Groups
A dynamic group has an objectclass of groupOfURLs, and has zero or
more memberURL attributes, each of which is a LDAP URL that describes a set
of objects.
Enterprise Server enables you to create a dynamic group when you want to
group users automatically based on any attribute, or when you want to apply
ACLs to specific groups which contain matching DNs. For example, you can
create a group that automatically includes any DN that contains the attribute
department=marketing. If you apply a search filter for
department=marketing, the search returns a group including all DNs
containing the attribute department=marketing. You can then define a
dynamic group from the search results based on this filter. Subsequently, you
can define an ACL for the resulting dynamic group.
Chapter 4, Managing Users and Groups 95
Creating Groups
This section includes the following topics:
• How Enterprise Server 4.0 Implements Dynamic Groups
• Groups Can Be Static and Dynamic
• Dynamic Group Impact on Server Performance
• Guidelines for Creating Dynamic Groups
• To Create a Dynamic Group
How Enterprise Server 4.0 Implements Dynamic
Groups
Enterprise Server 4.0 implements dynamic groups in the LDAP server schema as
objectclass = groupOfURLs. A groupOfURLS class can have multiple
memberURL attributes, each one consisting of an LDAP URL that enumerates a
set of objects in the directory. The members of the group would be the union
of these sets. For example, the following group contains just one member URL:
ldap:///o=mcom.com??sub?(department=marketing)
This example describes a set that consists of all objects below “o=mcom.com”
whose department is “marketing.”
The LDAP URL can contain a search base DN, a scope and filter, however, not
a hostname and port. This means that you can only refer to objects on the same
LDAP server. All scopes are supported.
The DNs are included automatically, without your having to add each
individual to the group. The group changes dynamically, because Enterprise
Server performs an LDAP server search each time a group lookup is needed for
ACL verification. The user and group names used in the ACL file correspond to
the cn attribute of the objects in the LDAP database.
Note Enterprise Server 4.0 uses the cn (commonName) attribute as group name for
ACLs.
The mapping from an ACL to an LDAP database is defined both in the
dbswitch.conf configuration file (which associates the ACL database names
with actual LDAP database URLs) and the ACL file (which defines which
databases are to be used for which ACL). For example, if you want base access
rights on membership in a group named “staff,” the ACL code looks up an
object that has an object class of groupOf
<anything>
and a CN set to “staff.”
96 Netscape Enterprise Server Administrator’s Guide
Creating Groups
The object defines the members of the group, either by explicitly enumerating
the member DNs (as is done for groupOfUniqueNames for static groups), or
by specifying LDAP URLs (for example, groupOfURLs).
Groups Can Be Static and Dynamic
A group object can have both objectclass = groupOfUniqueMembers
and objectclass = groupOfURLs; therefore, both “uniqueMember” and
“memberURL” attributes are valid. The group’s membership is the union of its
static and dynamic members.
Dynamic Group Impact on Server Performance
There is a server performance impact when using dynamic groups. If you are
testing group membership, and the DN is not a member of a static group,
Enterprise Server checks all dynamic groups in the database’s baseDN.
Enterprise Server accomplishes this task by checking if each memberURL
matches by checking its baseDN and scope against the DN of the user, and
then performing a base search using the user DN as baseDN and the filter of
the memberURL. This procedure can amount to a large number of individual
searches.
Guidelines for Creating Dynamic Groups
Consider the following guidelines when using the Enterprise Administration
Server forms to create new dynamic groups:
• Dynamic groups can not contain other groups.
• Enter the group’s LDAP URL using the following format (without host and
port info, since these parameters are ignored):
ldap:///<basedn>?<attributes>?<scope>?<(filter)>
The required parameters are described in the following table:
Chapter 4, Managing Users and Groups 97
Creating Groups
Table 4.5 Dynamic Groups: Required Parameters
Parameter Name Description
<base_dn>
The Distinguished Name (DN) of the search base, or point
from which all searches are performed in the LDAP directory.
This parameter is often set to the suffix or root of the
directory, such as “o=mcom.com”.
<attributes> A list of the attributes to be returned by the search. To
specify more than one, use commas to delimit the
attributes (for example, “cn,mail,telephoneNumber”); if
no attributes are specified, all attributes are returned.
Note that this parameter is ignored for dynamic group
membership checks.
<scope>
The scope of the search, which can be one of these values:
• base retrieves information only about the distinguished
name (<base_dn>) specified in the URL.
• one retrieves information about entries one level below
the distinguished name (<base_dn>) specified in the URL.
The base entry is not included in this scope.
• sub retrieves information about entries at all levels below
the distinguished name (<base_dn>) specified in the URL.
The base entry is included in this scope.
This parameter is required.
<(filter)>
Note that the <attributes>, <scope>, and <(filter)> parameters
are identified by their positions in the URL. If you do not want to specify
any attributes, you still need to include the question marks delimiting that
field.
• You can optionally also add a description for the new group.
98 Netscape Enterprise Server Administrator’s Guide
Search filter to apply to entries within the specified scope of
the search. If you are using the Enterprise Server
Administration Server forms, you must specify this attribute.
Note that the parentheses are required.
This parameter is required.
Managing Groups
• If any organizational units have been defined for your directory, you can
specify where you want the new group to be placed using the Add New
Group To list. The default location is your directory’s root point, or topmost entry.
• When you are finished entering the desired information, click Create Group
to add the group and immediately return to the New Group form.
Alternatively, click Create and Edit Group to add the group and then
proceed to the Edit Group form for the group you have just added. For
information on editing groups, see “Editing Group Attributes,” on page 101.
To Create a Dynamic Group
To create a dynamic group entry within the directory, perform the following
steps:
1. Access the Enterprise Administration Server and choose the Users & Groups
tab.
2. Click the New Group link.
3. Select Dynamic Group from the Type of Group dropdown list.
4. Enter the required information and click OK.
For more information, see “The New Group Page,” in the online help.
Managing Groups
Enterprise Administration Server enables you to edit groups and manage group
memberships from the Manage Group form. This section describes the
following topics:
• Finding Group Entries
• Editing Group Attributes
• Adding Group Members
• Adding Groups to the Group Members List
• Removing Entries from the Group Members List
• Managing Owners
• Managing See Alsos
Chapter 4, Managing Users and Groups 99
Managing Groups
• Removing Groups
• Renaming Groups
Finding Group Entries
Before you can edit a group entry, you must display the entry.
To find a group entry, perform the following steps:
1. Access the Enterprise Administration Server and choose the Users & Groups
tab.
2. Click the Manage Groups link.
3. Enter the name of the group that you want to find in the Find Group field.
You can enter any of the following values in the search field:
• A name. Enter a full name or a partial name. All entries that equally
match the search string are returned. If no such entries are found, all
entries that contain the search string will be found. If no such entries are
found, any entries that sounds like the search string are found.
• An asterisk (*) to see all of the groups currently residing in your
directory. You can achieve the same effect by simply leaving the field
blank.
• Any LDAP search filter. Any string that contains an equal sign (=) is
considered to be a search filter.
As an alternative, use the pull down menus in Find all groups whose to
narrow the results of your search.
4. In the Look within field, select the organizational unit under which you
want to search for entries. The default is the directory’s root point, or topmost entry.
5. In the Format field, choose either On-Screen or Printer.
6. Click Find. All the groups matching your search criteria are displayed.
7. In the resulting table, click the name of the entry that you want to edit.
100 Netscape Enterprise Server Administrator’s Guide
Loading...