B.2 edirectory

Attribute Name

Description

casa_store

Always set this to 'yes' so that the proxy credentials are stored in CASA.

Example: <casa_store>yes</casa_store>

cert_mutual

Set this to 'yes' when you want to implement the Certificate Mutual login method. It implements the Simple Authentication and Security Layer (SASL) EXTERNAL mechanism, which uses SSL certificates to provide client authentication to eDirectory through LDAP.

Example: <cert_mutual>no</cert_mutual>

challenge_response

Set this to 'yes' when you want to enable the Challenge-Response login method. It works with the Identity Manager password self-service process. This method allows either an administrator or a user to define a password challenge question and a response, which are saved in the password policy. Then, when users forget their passwords, they can reset their own passwords by providing the correct response to the challenge question.

Example: <challenge_response>yes</challenge_response>

create_server_object

Set this to 'Yes' when you want to create a DNS server object.

Example: <create_server_object>yes</create_server_object>

dib_location

Specify the path of the nds databse.

Example: <dib_location>/var/opt/novell/eDirectory/data/dib</dib_location>

digest_md5

Set this to 'yes' when you want to implement the the Digest MD5 login method. It implements the Simple Authentication and Security Layer (SASL) DIGEST-MD5 mechanism as a means of authenticating the user to eDirectory through LDAP.

Example: <digest_md5>no</digest_md5>

domain_name

Specify the DSfW DNS domain name. The value of this tag and xad_domain_name tag should be same.

Example: <domain_name>acme.com</domain_name>

existing_dns_ip

Specify the existing DNS server IP address.

Example: <existing_dns_ip>192.168.1.1</existing_dns_ip>

group_context

Specify the DNS DHCP group object context.

Example: <group_context>ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</group_context>

host_name

Specify the host name of the current server where the installation is being done.

Example: <host_name>acme-208</host_name>

http_port

Specify the HTTP port of the eDirectory server where the installation is being done.

Example: <http_port config:type="integer">8028</http_port>

https_port

Specify the HTTPS port of the current eDirectory server.

Example: <https_port config:type="integer">8030</https_port>

install_secretstore

Set to 'yes' when you want to install the secret store.

Example: <install_secretstore>yes</install_secretstore>

install_universalstore

Set to 'yes' when you want to install the universal store.

Example: <install_universalstore>no</install_universalstore>

ldap_basedn

Specify the DNSs server's CN name. This is required only in case of DSfW server.

Example: <ldap_basedn>ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</ldap_basedn>

ldap_server

Specify the IP address of the DNS LDAP server.

Example: <ldap_server>192.168.1.1</ldap_server>

locator_context

Specify the DNS locator object context where the DNS servers or zones are present.

Example: <locator_context>ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</locator_context>

migrate_option

Always set this to 'no' as the migrate NKDC realm to DSfW domain is discontinued.

Example: <migrate_option>no</migrate_option>

nds

Set to this to 'yes' when you want to use the NDS login method that provides secure password challenge-response user authentication to eDirectory. Example: <nds>yes</nds>

ntp_server_list

Specify reliable NTP servers IP addresses.

Example:

<ntp_server_list config:type="list"> <listentry>192.168.1.5</listentry></ntp_server_list>

overwrite_cert_files

Set this to 'yes' when you want eDirectory to automatically back up the currently installed certificate and key files and replace them with files created by the eDirectory Organizational CA (or Tree CA).

Example: <overwrite_cert_files>yes</overwrite_cert_files>

replica_server

Specify the IP address of the master eDirectory server.

Example: <replica_server>192.168.1.5</replica_server>

runtime_admin

Specify the common proxy user context of the DNS.

Example: <runtime_admin>cn=OESCommonProxy_host1,ou=OESSystemObjects,dc=acme,dc=com</runtime_admin>

runtime_admin_password

Specify the common proxy DNS password.

Example: <runtime_admin_password>SAM23#$</runtime_admin_password>

sasl_gssapi

Set this to 'yes' when you want to implement the SASL GSSAPI login method. It implements the Generic Security Services Application Program Interface (GSSAPI) authentication using the Simple Authentication and Security Layer (SASL) that enables users to authenticate to eDirectory through LDAP using a Kerberos ticket.

Example: <sasl_gssapi>no</sasl_gssapi>

server_context

Specify the eDirectory server context where there eDirectory server object needs to be created.

Example: <server_context>ou=wdc,o=acme</server_context>

server_object

Specify the eDirectory server object name that has the object name and context.

Example: <server_object>cn=DNS_edir-acme-208,ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</server_object>

simple_password

Set this to 'yes' when you want to implement the Simple Password NMAS login method. It provides password authentication to eDirectory. The Simple Password is a more flexible but less secure alternative to the NDS password. Simple Passwords are stored in a secret store on the user object.

Example: <simple_password>no</simple_password>

slp_backup

Set this to 'yes' when you want the SLP server to periodically back up all registrations. This works only when the server is configured as a DA (Directory Agent).

Example: <slp_backup>yes</slp_backup>

slp_backup_interval

Specify the SLP backup time in seconds. The default is (900 seconds or 15 minutes). If the server is configured as Director Agent, this value will be used.

Example: <slp_backup_interval>900</slp_backup_interval>

slp_da

Specify the list of IP addresses of the SLP Directory Agents.

Example: <slp_da config:type="list"> <listentry>198.162.1.1</listentry></slp_da>

slp_dasync

Set this to 'yes' when you want to enable SLPD to sync service registration between SLP Das on startup. If the server is configured as Director Agent, this value be used.

Example: <slp_dasync>no</slp_dasync>

Slp_mode

Specify the SLP mode to multicast, da, or da_server. By default, it is set to multicast.

Example: <slp_mode>da</slp_mode>

slp_scopes

This is a comma delimited list of strings indicating the only scopes a UA or SA is allowed when making requests or registering or the scopes a DA must support. The default value is DEFAULT.

Example: <slp_scopes>DEFAULT</slp_scopes>

tls_for_simple_binds

Set this to 'yes' when you require TLS for SIMPle binds with passwords.

Example: <tls_for_simple_binds>yes</tls_for_simple_binds>

tree_type

Specify the type of eDirectory tree: new or existing.

Example: <tree_type>new</tree_type>

use_secure_port

Set this to 'yes' when you want the DNS to use the secure port for communication in an DSfW environment.

Example: <use_secure_port>yes</use_secure_port>

xad_admin_password

Specify the DSfW domain administrator password.

Example: <xad_admin_password>SAM23#$</xad_admin_password>

xad_config_dns

Set this to 'yes' when you want to configure this domain controller also as a DNS server.

Example: <xad_config_dns>yes</xad_config_dns>

xad_convert_existing_container

Set this to 'yes' for name mapped installations. In named mapped installations, the DSfW domain is mapped to an already existing eDirectory partition in the eDirectory tree.

Example: <xad_convert_existing_container>no</xad_convert_existing_container>

xad_domain_name

Specify the DSfW DNS domain name. The value of this tag and domain_name tag should be same.

Example: <xad_domain_name>acme.com</xad_domain_name>

xad_domain_type

Specify the DSfW domain type: forest, domain or controller.

  • Forest: Use it for the first domain in the DSfW forest.

  • Domain: Use it for the subsequent child domain(s) in the DSfW forest.

  • Controller: Use it for subsequent domain controller(s) for any DSfW domain in the DSfW forest.

Exmple: <xad_domain_type>forest</xad_domain_type>

xad_existing_container

Specify the eDirectory partition that the DSfW domain is being mapped to. This is effective only when the xad_convert_existing_container tag is set to 'yes'.

Example: <xad_existing_container>ou=OESSystemObjects, o=acme</xad_existing_container>

xad_forest_root

Specify the forest root domain name in the DSfW forest.

Example: <xad_forest_root>acme.com</xad_forest_root>

xad_ldap_admin_context

Specify the eDirectory tree admin context.In a name-mapped installation, for all the modes of DSfW installation, this tag will point to the (existing) eDirectory tree's tree administrator. Example: cn=admin,ou=admins,o=acme.<xad_ldap_admin_context>cn=admin,ou=admins,o=acme</xad_ldap_admin_context>In a non-name mapped installation, the forest root domain administrator is also the eDirectory tree administrator. For all the modes of installation, this tag will point to the forest root domain administrator. For example, for the forest root domain acme.com, the default forest domain administrator will be <xad_ldap_admin_context>cn=administrator,cn=users,dc=acme,dc=com</xad_ldap_admin_context>For example, for the child domain sales.example.com, the default forest domain administrator will be <xad_ldap_admin_context>cn=administrator,cn=users,dc=example,dc=com</xad_ldap_admin_context>

xad_ldap_admin_password

Specify the eDirectory tree administrator password.

Example: <xad_ldap_admin_password>SAM23#$</xad_ldap_admin_password>

xad_netbios

Specify the NetBIOS name of the DSfW domain.

Example: <xad_netbios>EXAMPLE</xad_netbios>

xad_parent_domain

Specify the DSfW domain name of immediate DSfW parent domain. For example, for a domain sales.acme.com, the value will be, <xad_parent_domain>acme.com</xad_parent_domain>

xad_parent_domain_address

Specify the IP address of any one of the parent DSfW domain controller. For example, for the domain sales.acme.com, specify the IP address of the DSfW DC hosting the domain acme.com. <xad_parent_domain_address>192.168.1.1</xad_parent_domain_address>

xad_parent_domain_admin_context

Specify the immediate DSfW parent domain's administrator context. For example, for the domain sales.acme.com, <xad_parent_domain_address>cn=administrator,cn=users,dc=acme,dc=com</xad_parent_domain_address>

xad_parent_domain_admin_password

Specify the immediate DSfW parent domain's administrator password.

Example: <xad_parent_domain_admin_password>SAM23#$</xad_parent_domain_admin_password>

xad_replicate_partitions

Always set this to 'yes'. This indicates that the replicas of the configuration and schema partitions will be added to the local domain controller.

Example: <xad_replicate_partitions>yes</xad_replicate_partitions>

xad_retain_policies

Set this to 'yes' when you want to retain the existing NMAS universal password policies.

Example: <xad_retain_policies>yes</xad_retain_policies>

NOTE:If set to 'no', the DSfW configuration will override the existing password policies if any.

xad_service_configured

Always specify this value to 'yes' when you want to configure DSfW.

Example: <xad_service_configured>yes</xad_service_configured>

xad_site_name

Specify the site name to which this domain controller should be associated with. Otherwise the default value should be 'Default-First-Site-Name'.

Example: <xad_site_name>Default-First-Site-Name</xad_site_name>

xad_wins_server

Specify 'yes' when you want to configure the DSfW domain controller as WINS server.

Example: <xad_wins_server></xad_wins_server>

NOTE:Only one domain controller in a DSfW domain should be designated as WINS server.