eTrust Directory Administrator Guide - CA Technologies

More documents

Recommendations

Info

DXconsole Testing the Secure Remote DXconsole Using TLSclient The TLSclient utility establishes an encrypted tunnel between the remote console client and the DSA. The steps to configure the DSA and TLSclient are as follows: 1. Create the TLSclient configuration file on the client machine 2. Configure the DSA for SSL connections to DXconsole on the server machine 3. Start TLSclient on the client 4. Start the DSA on the server 5. Test the connection Create the TLSclient Configuration File To configure TLSclient, you will need to create the following file on the client machine: ■ ■ Windows: %DXHOME%\config\tlsclient\tlsclient.cfg UNIX: $DXHOME/config/tlsclient/tlsclient.cfg This implies that eTrust Directory is also installed on the client machine, although this may not be required. The only requirement should be that the environment variable DXHOME is set and the trusted root certificate is available. The format for tlsclient.cfg is: inPort outPort remoteAddress Where inPort is the port on the client machine that will be used for tunneling, outPort is the DXconsole remote-console-port on the server and remoteAddress is the hostname of the server running the DXconsole you wish to connect to. Here is an example for the sample DemoCorp DSA running on the server machine: 19390 19395 hostname.ca.com Start TLSclient TLSclient can be installed to the system services using the command: tlsclient install -ca Here is an example for the DemoCorp DSA: tlsclient install democorp -ca config/ssld/trusted.pem You can then start the TLSclient instance with: tlsclient start For the DemoCorp DSA example, this would be: tlsclient start Democorp 2–20 eTrust Directory Administrator Guide
DXconsole Starting DXserver Testing the connection To start DXserver, do the following: 1. Ensure that the DSA is stopped using: dxserver stop dsaname 2. Start the DSA using: dxserver start dsaname To test this connection, do the following: 1. Open the DXconsole client, or your favourite Telnet program, on the client machine 2. Connect to the inPort (defined in tlsclient.cfg) on the local machine (19390 in the DemoCorp sample) 3. Enter the DXconsole password when prompted You now have a fully-functioning SSL-encrypted connection to DXconsole on the server machine. To verify this, start TLSclient with the debug option, or set "trace all;" on the DSA, or use a packet-snooping application. Help Command The help command lists the outer-level commands for the DSA administration modules, X.500 services, and management scripts. When you enter the help command at the console, the response is similar to: Enter one of the following keywords: (modules) trace, log, stack, assoc, oper, schema, dsp, disp, dib, access (services) bind-req, unbind-req, abort-req, abandon-req, read-req, compare-req, list-req, search-req, add-entry-req, rem-entry-req, mod-entry-req, mod-dn-req (scripts) open-log, close-log, flush-log, source, !, echo, echo-on, echo-off, wait, if-reply, goto When you are not sure of the syntax, try a nonsense word for the missing part, or leave the command incomplete and let the resulting error message tell you what is expected: >>>> oper get fred; -----------------^ Syntax Error: Expecting “config” or “stats”. DXserver Overview 2–21
Page 1 and 2: eTrust Directory Administrator Gui
Page 3 and 4: Contents Chapter 1: Introduction eT
Page 5 and 6: Access Controls ...................
Page 7 and 8: Configuring a Router DSA ..........
Page 9 and 10: Recovering a Multiwrite System Usin
Page 11 and 12: Reporting on Certificate and CRL In
Page 13 and 14: Chapter 14: Using The UDDI Server A
Page 15 and 16: Appendix B: DXserver Command Langua
Page 17: Uninstall eTrust Directory after an
Page 20 and 21: eTrust Directory Modules eTrust Dir
Page 22 and 23: eTrust Directory Modules Samples A
Page 24 and 25: eTrust Directory Glossary eTrust Di
Page 27 and 28: Chapter 2 DXserver Overview This ch
Page 29 and 30: DXserver Configuration Files databa
Page 31 and 32: DXserver Configuration Files The In
Page 33 and 34: DXserver Configuration Files Knowle
Page 35 and 36: DXserver Commands DXserver Commands
Page 37 and 38: DXserver Script Language DXserver S
Page 39 and 40: DXserver Script Language Script Fil
Page 41 and 42: DXconsole Closing DXconsole Close D
Page 43 and 44: DXconsole The DXconsole Command Opt
Page 45: DXconsole Configuring DXconsole to
Page 49 and 50: Databases Databases eTrust Director
Page 51 and 52: Port Numbers Used by eTrust Directo
Page 53 and 54: Chapter 3 General Administration Th
Page 55 and 56: Defining DSAs with the set dsa Comm
Page 57 and 58: Alarms, Traces, and Logs Alarms, Tr
Page 59 and 60: Alarms, Traces, and Logs Trace Opti
Page 61 and 62: Alarms, Traces, and Logs Log Type R
Page 63 and 64: Alarms, Traces, and Logs Log File C
Page 65 and 66: Associations Associations An associ
Page 67 and 68: Associations Keyword Parameter Desc
Page 69 and 70: Associations Association Times User
Page 71 and 72: Associations Association Queues The
Page 73 and 74: Local Operations Keyword Parameter
Page 75 and 76: Local Operations Concurrent Operati
Page 77 and 78: The Directory Information Base The
Page 79 and 80: The Directory Information Base Mana
Page 81 and 82: The Directory Information Base Reje
Page 83 and 84: The Directory Information Base Crea
Page 85 and 86: DXcache Design the DXcache System I
Page 87 and 88: DXcache Index the Attributes To Be
Page 89 and 90: DXcache View the DXcache Configurat
Page 91 and 92: DXcache Example of a Cache-Only Dir
Page 93 and 94: Virtual Attributes How Hybrid Group
Page 95 and 96: Virtual Attributes Class of Service
Page 97 and 98:
Virtual Attributes Entries With Cla
Page 99 and 100:
Virtual Attributes Create Class of
Page 101 and 102:
Knowledge Flags Example: How the li
Page 103 and 104:
Knowledge Flags Example: How the ds
Page 105 and 106:
Knowledge Flags List of all Trust F
Page 107 and 108:
Chapter 4 Schema Definition The dir
Page 109 and 110:
Configuring Schema Managing Schema
Page 111 and 112:
Attributes Attributes An attribute
Page 113 and 114:
Attributes Attribute Checking When
Page 115 and 116:
Attributes Unique Attributes Some a
Page 117 and 118:
Attributes # Process output to get
Page 119 and 120:
Attributes 3. Dump the database to
Page 121 and 122:
Object Classes Structural Classes M
Page 123 and 124:
Object Classes Pruning and Replacin
Page 125 and 126:
Name Bindings Name Bindings and Str
Page 127 and 128:
Chapter 5 Distribution and DSP In a
Page 129 and 130:
Managing DSP The following are the
Page 131 and 132:
Managing DSP Remote Connections The
Page 133 and 134:
Managing DSP Viewing DSP Configurat
Page 135 and 136:
Configuring a DSA Proxy DSAs There
Page 137 and 138:
Configuring Another DXserver Config
Page 139 and 140:
Configuring a Domain of DXservers C
Page 141 and 142:
Configuring a Domain of DXservers C
Page 143 and 144:
Alternative DSAs Alternative DSAs I
Page 145 and 146:
Alternative DSAs Set the DSA Preced
Page 147 and 148:
Alternative DSAs Load-Sharing Group
Page 149 and 150:
Alternative DSAs Set the DSA Preced
Page 151:
Alternative DSAs Set Up Query Strea
Page 154 and 155:
Secure Socket Layer (SSL) Encryptio
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Authentication Authentication Authe
Page 166 and 167:
Authentication SSL Authentication S
Page 168 and 169:
Authentication Bypassing the Entry
Page 170 and 171:
Authentication How Mutual Authentic
Page 172 and 173:
Authentication Bypassing Mutual Aut
Page 174 and 175:
Authentication DSP Link Authenticat
Page 176 and 177:
Managing Passwords Managing Passwor
Page 178 and 179:
Managing Passwords Keyword Paramete
Page 180 and 181:
Managing Passwords Enabling or Disa
Page 182 and 183:
Managing Passwords Setting the Numb
Page 184 and 185:
Managing Passwords Preventing Users
Page 186 and 187:
Access Control Overview Access Cont
Page 188 and 189:
Access Control Overview Use Domains
Page 190 and 191:
Static Access Controls Static Acces
Page 192 and 193:
Static Access Controls Setting Up S
Page 194 and 195:
Static Access Controls Defining Sup
Page 196 and 197:
Static Access Controls Example: Add
Page 198 and 199:
Static Access Controls Example: All
Page 200 and 201:
Static Access Controls Protecting I
Page 202 and 203:
Static Access Controls Example: Giv
Page 204 and 205:
Dynamic Access Controls Dynamic Acc
Page 206 and 207:
Groups, Roles, and Proxies Role-Bas
Page 208 and 209:
Groups, Roles, and Proxies Secure P
Page 210 and 211:
Access-Controlled Routing Access-Co
Page 212 and 213:
Replication Concepts Replication Co
Page 214 and 215:
Replication Concepts The following
Page 216 and 217:
Multiwrite Replication Recovering a
Page 218 and 219:
Multiwrite Replication How Multiwri
Page 220 and 221:
Multiwrite Replication Set Up a Mul
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Multiwrite Replication Granularity
Page 228 and 229:
Multiwrite Replication Re-synchroni
Page 230 and 231:
Multiwrite Replication You can conf
Page 232 and 233:
DISP Replication Setting DISP Agree
Page 234 and 235:
DISP Replication Manual Initiation
Page 236 and 237:
DISP Replication Specifying a Selec
Page 239 and 240:
Chapter 8 LDAP and DXlink DXserver
Page 241 and 242:
LDAP Clients Handling LDAP Strings
Page 243 and 244:
Schema Publishing r$uNSPSCdateissue
Page 245 and 246:
Integrating Other LDAP Servers User
Page 247 and 248:
Integrating Other LDAP Servers Pref
Page 249 and 250:
Chapter 9 Monitoring the Directory
Page 251 and 252:
General Monitoring Databases The DX
Page 253 and 254:
SNMP and the Directory Monitoring M
Page 255 and 256:
SNMP and the Directory Monitoring M
Page 257 and 258:
CMIP and X.700 Management CMIP and
Page 259:
CMIP and X.700 Management maxDOPAss
Page 262 and 263:
Database Tools Database Tools The d
Page 264 and 265:
Database Tools Creating a DSA: DXne
Page 266 and 267:
Database Tools Destroying a Databas
Page 268 and 269:
Database Tools Restoring a Database
Page 270 and 271:
Database Tools Managing Indexes: DX
Page 272 and 273:
Database Tools Add Reverse and Comp
Page 274 and 275:
Database Tools List Deleted Entries
Page 276 and 277:
Database Tools Loading a Database:
Page 278 and 279:
Database Tools Dumping a Database:
Page 280 and 281:
Database Tools Upgrading Previous V
Page 282 and 283:
Database Tools Reporting Certificat
Page 284 and 285:
Database Tools Generating Certifica
Page 286 and 287:
Database Tools ....................
Page 288 and 289:
LDIF Tools While the default separa
Page 290 and 291:
LDIF Tools Converting CSV Data to L
Page 292 and 293:
LDIF Tools The options of the ldifs
Page 294 and 295:
LDIF Tools DXtools Example 5 Using
Page 296 and 297:
DAP Tools Common Command Options Th
Page 298 and 299:
DAP Tools DXtools Example 6 DXsearc
Page 300 and 301:
DAP Tools - replace: postalAddress
Page 302 and 303:
DAP Tools Deleting a Directory Entr
Page 304 and 305:
Schema Tools Extracting Schema in L
Page 306 and 307:
Schema Tools DXtools Example 12 ldi
Page 308 and 309:
Schema Tools DXtools Example 16 ldi
Page 310 and 311:
Directory Administration Tools Dire
Page 312 and 313:
The JXplorer Browser The JXplorer B
Page 314 and 315:
The JXplorer Browser Menu Item Sear
Page 316 and 317:
The JXplorer Browser Quick Search B
Page 318 and 319:
Browsing a Directory ■ ■ ■ Th
Page 320 and 321:
Browsing a Directory The number of
Page 322 and 323:
Browsing a Directory The Search dia
Page 324 and 325:
Browsing a Directory Exploring Sche
Page 326 and 327:
Editing the Directory Editing the D
Page 328 and 329:
Editing the Directory Modifying Att
Page 330 and 331:
Editing the Directory Changing Clas
Page 332 and 333:
Editing the Directory Adding an Aud
Page 334 and 335:
Editing the Directory Submitting an
Page 336 and 337:
Using LDIF Files Viewing and Saving
Page 338 and 339:
Online Help To connect to the direc
Page 340 and 341:
Configuring JXplorer You can set th
Page 342 and 343:
Configuring JXplorer Logging Method
Page 344 and 345:
Configuring JXplorer Creating HTML
Page 346 and 347:
Configuring JXplorer Troubleshootin
Page 348 and 349:
How DXmanager Works How DXmanager W
Page 350 and 351:
How DXmanager Presents Information
Page 352 and 353:
Troubleshooting If there is a port
Page 354 and 355:
Connecting to JXweb Connecting to J
Page 356 and 357:
The JXweb Environment The JXweb Env
Page 359 and 360:
Chapter 14 Using The UDDI Server Un
Page 361 and 362:
eTrust Directory UDDI Server eTrust
Page 363 and 364:
Connecting to a UDDI Registry Conne
Page 365 and 366:
Chapter 15 Using the Sample DSAs, A
Page 367 and 368:
The Sample DSAs The Sample DSAs Thi
Page 369 and 370:
The Sample DSAs The UNSPSC DSAs The
Page 371 and 372:
Sample Web Applications Sample Web
Page 373 and 374:
Sample Web Applications Changing th
Page 375 and 376:
Sample Web Applications Sample Use
Page 377 and 378:
Sample Configuration Files Sample C
Page 379 and 380:
Sample Tools The ldua Tool This dir
Page 381 and 382:
Sample Tools The snmp Tool An execu
Page 383 and 384:
Sample Tools ■ -S msecs sleep in
Page 385 and 386:
Sample Tools The ssl Tool The sampl
Page 387 and 388:
Sample Tools The test Tool A select
Page 389 and 390:
Sample Tools The DXtrap Tool Inform
Page 391 and 392:
Chapter 16 Deploying a Directory Th
Page 393 and 394:
Directory Design Directory Enabled
Page 395 and 396:
Directory Design Synchronization Of
Page 397 and 398:
Operations and Practices Backup and
Page 399 and 400:
Operations and Practices Upgrades O
Page 401:
Troubleshooting Managing Large Numb
Page 404 and 405:
Changing the Default Page Size Chan
Page 406 and 407:
Increasing the Number of Database C
Page 409 and 410:
Appendix B DXserver Command Languag
Page 411 and 412:
Set Commands Set Commands Command s
Page 413 and 414:
Set Commands Command set max-op-tim
Page 415 and 416:
Set Commands Command set stats-log
Page 417 and 418:
Set Commands The set attribute Comm
Page 419 and 420:
Set Commands The set name-binding C
Page 421 and 422:
Set Commands The set reg-user Comma
Page 423:
Trace Commands Trace Commands You c
Page 426 and 427:
DXserver Logs DXserver Logs DXserve
Page 428 and 429:
Advantage Ingres Logs I get "failed
Page 430 and 431:
Advantage Ingres Logs Ingres Error
Page 432 and 433:
DXserver Alarm Messages Error in in
Page 434 and 435:
DXserver Alarm Messages DIB003 This
Page 436 and 437:
DXserver Alarm Messages Unable to c
Page 438 and 439:
DXserver Warning Messages Licence e
Page 440 and 441:
Alias Errors WARNING: ssld_ssl_requ
Page 442 and 443:
Advantage Ingres Errors E_US000C Yo
Page 444 and 445:
Installation Overview Installation
Page 446 and 447:
Installation Overview Upgrade eTrus
Page 448 and 449:
Install eTrust Directory Using the
Page 450 and 451:
Page 452 and 453:
Page 454 and 455:
Install eTrust Directory Using Comm
Page 456 and 457:
Install eTrust Directory Silently I
Page 458 and 459:
Page 460 and 461:
Embed eTrust Directory in Another C
Page 462 and 463:
Troubleshooting Can’t Connect to
Page 465 and 466:
Appendix E Installing eTrust Direct
Page 467 and 468:
Installation Overview Default Insta
Page 469 and 470:
Installation Overview User Accounts
Page 471 and 472:
Page 473 and 474:
Page 475 and 476:
Page 477 and 478:
Page 479 and 480:
Page 481 and 482:
Page 483 and 484:
Install eTrust Directory Using Comm
Page 485 and 486:
Page 487 and 488:
Install eTrust Directory Silently C
Page 489 and 490:
Embed eTrust Directory in Another C
Page 491:
Troubleshooting If DXadmind times o
Page 494 and 495:
Apache Apache Xerces C++ 2.3 Copyri
Page 496 and 497:
OpenLDAP THIS SOFTWARE IS PROVIDED
Page 498 and 499:
OpenSSL This work is derived from t
Page 500 and 501:
Sun Microsystems, Inc. Java Web Ser
Page 502 and 503:
Page 504 and 505:
Page 506 and 507:
Tom Sawyer Layout Assistant Tom Saw
Page 508 and 509:
Tom Sawyer Layout Assistant All tit
Page 510 and 511:
Tom Sawyer Layout Assistant Tom Saw
Page 512 and 513:
associations aborting, 3-18 configu
Page 514 and 515:
commands, local operations get oper
Page 516 and 517:
authentication, 5-6, 6-16, 6-18 bin
Page 518 and 519:
H help command, 2-20 history files,
Page 520 and 521:
telnet configuration, 2-16 mapping,
Page 522 and 523:
eferences, 5-3 referrals, 5-9 regis
Page 524 and 525:
esetting, 6-8 ssl-encryption link-f
show all

eTrust Directory Administrator Guide - CA Technologies

Create successful ePaper yourself

Delete template?

Save as template?