Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002... Manuel de service

Administrator’s Guide

Netscape Enterprise Server

Version 6.1

August 2002

Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by

Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed

by the license agreement for the Software and applicable copyright law.

Your right to copy this documentation is limited by copyright law. Making unauthorized copies, adaptations or compilation works is

prohibited and constitutes a punishable violation of the law. Netscape may revise this documentation from time to time without

notice.

THIS DOCUMENTATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN NO EVENT SHALL NETSCAPE BE

LIABLE FOR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING FROM ANY

ERROR IN THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION ANY LOSS OR INTERRUPTION OF BUSINESS,

PROFITS, USE, OR DATA.

Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation in the United States and

other countries. Other Netscape logos, product names and service names are also trademarks of Netscape and may be registered in

some countries. Sun, Sun Microsystems, and the Sun logo, iPlanet, and the iPlanet logo are trademarks or registered trademarks of

Sun Microsystems, Inc. in the United States and other countries. Other product and brand names are trademarks of their respective

owners.

The downloading, exporting, or reexporting of Netscape software or any underlying information or technology must be in full

compliance with all United States and other applicable laws and regulations. Any provision of Netscape software or documentation

to the U.S. government is with restricted rights as described in the license agreement for that Software.

Contents

AboutThisGuide ..............................................................17

What’sInThisGuide? .................................................................. 17

HowThisGuideIsOrganized ........................................................... 18

PartI:ServerBasics .................................................................. 18

PartII:UsingtheAdministrationServer ................................................ 18

PartIII:Configuring,Monitoring,andPerformanceTuning ............................... 19

PartIV:ManagingVirtualServersandServices.......................................... 19

PartV:Appendices .................................................................. 20

ConventionsUsedInThisGuide ......................................................... 20

UsingtheEnterpriseServerDocumentation ............................................... 21

Part 1 ServerBasics ........................................................ 23

Chapter 1 IntroductiontoEnterpriseServer.......................................25

EnterpriseServer....................................................................... 25

EnterpriseServerFeatures ............................................................ 26

AdministeringandManagingEnterpriseServers ........................................ 27

EnterpriseServerArchitecture ........................................................... 27

ContentEngines..................................................................... 28

ServerExtensions.................................................................... 28

RuntimeEnvironments............................................................... 29

ApplicationServices ................................................................. 29

EnterpriseServerConfiguration.......................................................... 29

EnterpriseServerComponentOptions ................................................. 30

EnterpriseServerConfigurationFiles .................................................. 30

DynamicReconfiguration ............................................................ 31

Single-ServerConfiguration .......................................................... 32

AllPlatforms..................................................................... 32

4 Netscape Enterprise Server Administrator’s Guide • August 2002

UNIXandLinuxPlatforms......................................................... 35

VirtualServerConfiguration .......................................................... 35

Multiple-ServerConfiguration ........................................................ 36

AdministrationServer .................................................................. 36

ServerManager ........................................................................ 37

UsingtheResourcePicker ............................................................ 38

WildcardsUsedintheResourcePicker ................................................. 38

ClassManager ......................................................................... 39

VirtualServerManager ................................................................. 39

Chapter 2 AdministeringEnterpriseServers ..................................... 41

AccessingtheAdministrationServer...................................................... 41

UNIX/LinuxPlatforms............................................................... 41

WindowsNT/Windows2000Platforms ................................................ 42

RunningMultipleServers ............................................................... 43

VirtualServers ...................................................................... 43

Installing Multiple Instances of the Server . . ............................................ 43

RemovingaServer ..................................................................... 44

MigratingaServer ..................................................................... 45

Part 2 UsingtheAdministrationServer.........................................47

Chapter 3 SettingAdministrationPreferences .................................... 49

ShuttingDowntheEnterpriseServerAdministrationServer ................................. 49

EditingListenSocketSettings............................................................ 50

ChangingtheUserAccount(UNIX/Linux) ................................................ 50

ChangingtheSuperuserSettings ......................................................... 51

AllowingMultipleAdministrators ....................................................... 52

SpecifyingLogFileOptions ............................................................. 54

ViewingLogFiles ................................................................... 54

TheAccessLogFile ............................................................... 54

TheErrorLogFile ................................................................ 55

ArchivingLogFiles.................................................................. 55

UsingCron-basedLogRotation(UNIX/Linux) ....................................... 55

ConfiguringDirectoryServices .......................................................... 56

RestrictingServerAccess................................................................ 56

ConfiguringJRE/JDKPaths ............................................................. 57

Chapter 4 ManagingUsersandGroups.......................................... 59

UsingDirectoryServicestoManageUsersandGroups...................................... 59

UnderstandingDistinguishedNames(DNs) ............................................ 60

UsingLDIF ......................................................................... 61

CreatingUsers......................................................................... 61

GuidelinesforCreatingUserEntries ................................................... 61

HowtoCreateaNewUserEntry ...................................................... 62

DirectoryServerUserEntries ......................................................... 63

ManagingUsers ....................................................................... 64

FindingUserInformation............................................................. 64

BuildingCustomSearchQueries.................................................... 65

EditingUserInformation ............................................................. 67

ManagingaUser’sPassword.......................................................... 68

ManagingUserLicenses.............................................................. 68

RenamingUsers..................................................................... 69

RemovingUsers..................................................................... 70

CreatingGroups ....................................................................... 70

StaticGroups ....................................................................... 71

GuidelinesforCreatingStaticGroups ............................................... 71

ToCreateaStaticGroup ........................................................... 71

DynamicGroups .................................................................... 72

HowEnterpriseServerImplementsDynamicGroups.................................. 72

GroupsCanBeStaticandDynamic ................................................. 73

DynamicGroupImpactonServerPerformance ....................................... 73

GuidelinesforCreatingDynamicGroups ............................................ 73

ToCreateaDynamicGroup........................................................ 75

ManagingGroups...................................................................... 75

FindingGroupEntries ............................................................... 76

The“Findallgroupswhose”Field .................................................. 76

EditingGroupAttributes ............................................................. 77

AddingGroupMembers ............................................................. 77

AddingGroupstotheGroupMembersList ............................................. 78

RemovingEntriesfromtheGroupMembersList ........................................ 79

ManagingOwners................................................................... 79

ManagingSeeAlsos ................................................................. 79

RemovingGroups ................................................................... 80

RenamingGroups ................................................................... 81

CreatingOrganizationalUnits ........................................................... 81

ManagingOrganizationalUnits .......................................................... 82

FindingOrganizationalUnits ......................................................... 82

The“Findallunitswhose”Field .................................................... 83

EditingOrganizationalUnitAttributes ................................................. 83

RenamingOrganizationalUnits ....................................................... 84

DeletingOrganizationalUnits......................................................... 84

ManagingaPreferredLanguageList...................................................... 85

6 Netscape Enterprise Server Administrator’s Guide • August 2002

Chapter 5 SecuringYourEnterpriseServer ...................................... 87

RequiringAuthentication ............................................................... 88

UsingCertificatesforAuthentication................................................... 88

ServerAuthentication ............................................................. 88

ClientAuthentication.............................................................. 88

VirtualServerCertificates.......................................................... 89

CreatingaTrustDatabase ............................................................... 89

CreatingaTrustDatabase.......................................................... 89

Usingpassword.conf................................................................. 90

StartanSSL-enabledServerAutomatically ........................................... 91

Requesting and Installing a VeriSign Certificate ............................................ 91

RequestingaVeriSignCertificate ...................................................... 91

Installing a VeriSign Certificate . . . . . ................................................... 92

Requesting and Installing Other Server Certificates . ........................................ 92

RequiredCAInformation............................................................. 93

RequestingOtherServerCertificates ................................................... 94

Installing Other Server Certificates . . ................................................... 96

Installing a Certificate . . . .......................................................... 97

MigratingCertificatesWhenYouUpgrade ................................................ 98

MigratingaCertificate............................................................. 98

UsingtheBuilt-inRootCertificateModule .............................................. 99

ManagingCertificates ................................................................. 100

Installing and Managing CRLs and CKLs . . . . . . ........................................... 101

Installing a Local CRL or CKL . . . . . . .................................................. 101

ManagingLocalCRLsandCKLs ..................................................... 102

ConfiguringRemoteCRLs.............................................................. 103

ConfiguringAutomatic/RemoteCRLDownloads ...................................... 103

ReducingtheSSL3/TLSSessionCacheTimeout ..................................... 106

SettingSecurityPreferences ............................................................ 107

SSLandTLSProtocols .............................................................. 108

UsingSSLtoCommunicatewithLDAP ............................................... 108

EnablingSecurityforConnectionGroups .............................................. 109

TurningSecurityOn ............................................................. 109

SelectingaServerCertificateforaConnectionGroup ................................. 110

SelectingCiphers ................................................................ 111

ConfiguringSecurityGlobally........................................................ 113

SSLSessionTimeout .............................................................. 114

SSLCacheEntries................................................................. 114

SSL3SessionTimeout ............................................................. 114

UsingExternalEncryptionModules ..................................................... 114

Installing the PKCS#11 Module . . . . . .................................................. 115

UsingmodutiltoInstallaPKCS#11Module ......................................... 115

Usingpk12util................................................................... 116

SelectingtheCertificateNameforaConnectionGroup ............................... 118

FIPS-140Standard .................................................................. 119

SettingClientSecurityRequirements .................................................... 120

RequiringClientAuthentication ...................................................... 121

ToRequireClientAuthentication .................................................. 122

MappingClientCertificatestoLDAP.................................................. 122

Usingthecertmap.confFile .......................................................... 124

CreatingCustomProperties ....................................................... 127

SampleMappings................................................................ 127

SettingStrongerCiphers ............................................................... 129

ConsideringAdditionalSecurityIssues .................................................. 130

LimitPhysicalAccess ............................................................... 131

LimitAdministrationAccess ......................................................... 131

ChoosingPasswords................................................................ 131

CreatingHard-to-CrackPasswords................................................. 132

ChangingPasswordsorPINs ........................................................ 132

ChangingPasswords ............................................................. 132

LimitingOtherApplicationsontheServer ............................................. 133

UNIX/Linux .................................................................... 133

Windows NT/Windows 2000 . . ................................................... 134

PreventingClientsfromCachingSSLFiles............................................. 134

LimitingPorts...................................................................... 134

KnowingYourServer’sLimits ....................................................... 134

MakingAdditionalChangestoProtectServers ......................................... 135

SpecifyingchrootforaVirtualServerClassCGIs(UNIX/LinuxOnly) .................. 136

SpecifyingchrootforaVirtualServerCGIs(UNIX/Linuxonly) ........................ 136

Chapter 6 ManagingServerClusters............................................139

AboutClusters........................................................................ 139

GuidelinesforUsingServerClusters..................................................... 140

SettingUpaCluster ................................................................... 141

AddingaServertoaCluster............................................................ 142

ModifyingServerInformation .......................................................... 143

RemovingServersfromaCluster........................................................ 144

Controlling Server Clusters . . . .......................................................... 144

AddingVariables ..................................................................... 145

Part 3 Configuring,Monitoring,andPerformanceTuning ........................ 147

Chapter 7 ConfiguringServerPreferences.......................................149

StartingandStoppingtheServer ........................................................ 149

8 Netscape Enterprise Server Administrator’s Guide • August 2002

Accessingstdout()andstderr()Messages(UNIX/Linux)................................. 150

SettingtheTerminationTimeout ..................................................... 151

RestartingtheServer(UNIX/Linux) .................................................. 151

RestartingWithInittab(UNIX/Linux) .............................................. 152

RestartingWiththeSystemRCScripts(UNIX/Linux) ................................ 152

RestartingtheServerManually(UNIX/Linux)....................................... 152

StoppingtheServerManually(UNIX/Linux)........................................ 152

RestartingtheServer(WindowsNT/Windows2000).................................... 153

UsingtheAutomaticRestartUtility(WindowsNT/Windows2000) .................... 153

TuningYourServerforPerformance..................................................... 155

Editingthemagnus.confFile............................................................ 155

AddingandEditingListenSockets ...................................................... 156

ChoosingMIMETypes ................................................................ 156

RestrictingAccess ..................................................................... 157

RestoringConfigurationSettings ........................................................ 157

ConfiguringtheFileCache ............................................................. 158

AddingandUsingThreadPools ........................................................ 158

The Native Thread Pool and Generic Thread Pools (Windows NT/Windows 2000) .......... 158

ThreadPools(UNIX/Linux) ......................................................... 159

EditingThreadPools................................................................ 159

UsingThreadPools ................................................................. 159

Chapter 8 Controlling Access to Your Server . . . ................................. 161

WhatIsAccessControl? ............................................................... 161

SettingAccessControlforUser-Group ................................................ 162

DefaultAuthentication ........................................................... 163

BasicAuthentication ............................................................. 163

SSLAuthentication............................................................... 164

DigestAuthentication ............................................................ 165

UsingOtherLDAPAttributesforAuthentication .................................... 168

OtherAuthentication............................................................. 169

SettingAccessControlforHost-IP .................................................... 169

UsingAccessControlFiles........................................................... 170

ConfiguringtheACLUserCache..................................................... 170

HowAccessControlWorks ............................................................ 171

SettingAccessControl ................................................................. 173

SettingAccessControlGlobally ...................................................... 174

SettingAccessControlforaServerInstance............................................ 177

SelectingAccessControlOptions........................................................ 182

SettingtheAction .................................................................. 182

SpecifyingUsersandGroups ........................................................ 182

SpecifyingtheFromHost............................................................ 184

RestrictingAccesstoPrograms ....................................................... 185

SettingAccessRights ............................................................... 186

WritingCustomizedExpressions ..................................................... 187

TurningOffAccessControl .......................................................... 187

RespondingWhenAccessisDenied .................................................. 188

LimitingAccesstoAreasofYourServer.................................................. 188

RestrictingAccesstotheEntireServer................................................. 189

RestrictingAccesstoaDirectory(Path)................................................ 190

RestrictingAccesstoaURI(Path)..................................................... 191

RestrictingAccesstoaFileType...................................................... 191

RestrictingAccessBasedonTimeofDay .............................................. 192

RestrictingAccessBasedonSecurity .................................................. 193

WorkingwithDynamicAccessControlFiles.............................................. 194

Using.htaccessFiles ................................................................ 194

Enabling.htaccessfromtheUserInterface........................................... 195

Enabling.htaccessfrommagnus.conf ............................................... 196

ConvertingExisting.nsconfigFilesto.htaccessFiles.................................. 197

Usinghtaccess-register ........................................................... 198

Exampleofan.htaccessFile ....................................................... 199

Supported.htaccessDirectives ....................................................... 199

allow ............................................................................. 199

deny .............................................................................. 200

AuthGroupFile..................................................................... 200

AuthUserFile ...................................................................... 200

AuthName ........................................................................ 201

AuthType ......................................................................... 201

<Limit> ........................................................................... 201

<LimitExcept> ..................................................................... 202

order ............................................................................. 202

require ............................................................................ 203

.htaccessSecurityConsiderations ..................................................... 203

Controlling Access for Virtual Servers ................................................... 203

AccessingDatabasesfromVirtualServers ............................................. 204

SpecifyingLDAPDatabasesintheUserInterface .................................... 205

EditingAccessControlListsforVirtualServers ........................................ 205

Chapter 9 UsingLogFiles ....................................................207

AboutLogFiles ....................................................................... 207

ViewinganAccessLogFile............................................................. 208

ViewingtheErrorLogFile ............................................................. 209

ArchivingLogFiles ................................................................... 210

Internal-daemonLogRotation ....................................................... 211

Cron-basedLogRotation ............................................................ 211

SettingLogPreferences ................................................................ 212

10 Netscape Enterprise Server Administrator’s Guide • August 2002

CookieLogging .................................................................... 213

RunningtheLogAnalyzer ............................................................. 214

ViewingEvents(WindowsNT/Windows2000) ........................................... 216

Chapter 10 MonitoringServers................................................ 217

MonitoringtheServerUsingStatistics ................................................... 218

EnablingStatistics .................................................................. 218

UsingStatistics..................................................................... 219

UsingQualityofService ............................................................... 220

QualityofServiceExample .......................................................... 220

SettingUpQualityofService......................................................... 221

RequiredChangestoobj.conf ........................................................ 223

KnownLimitationstoQualityofService............................................... 223

SNMPBasics ......................................................................... 225

TheEnterpriseServerMIB ............................................................. 226

SettingUpSNMP ..................................................................... 231

UsingaProxySNMPAgent(UNIX/Linux)............................................... 232

Installing the Proxy SNMP Agent . . . .................................................. 233

StartingtheProxySNMPAgent ...................................................... 234

RestartingtheNativeSNMPDaemon ................................................. 234

Installing the SNMP Master Agent . . . . .................................................. 234

EnablingandStartingtheSNMPMasterAgent ........................................... 235

StartingtheMasterAgentonAnotherPort............................................. 236

ManuallyConfiguringtheSNMPMasterAgent ........................................ 236

EditingtheMasterAgentCONFIGFile................................................ 237

DefiningsysContactandsysLocationVariables......................................... 237

ConfiguringtheSNMPSubagent ..................................................... 238

StartingtheSNMPMasterAgent ..................................................... 238

ManuallyStartingtheSNMPMasterAgent ......................................... 238

StartingtheSNMPMasterAgentUsingtheAdministrationServer ..................... 239

ConfiguringtheSNMPMasterAgent .................................................... 239

ConfiguringtheCommunityString ................................................... 240

ConfiguringTrapDestinations ....................................................... 240

EnablingtheSubagent ................................................................. 240

UnderstandingSNMPMessages ........................................................ 241

Part 4 ManagingVirtualServersandServices ..................................243

Chapter 11 UsingVirtualServers.............................................. 245

VirtualServersOverview .............................................................. 245

MultipleServerInstances............................................................ 246

Ce manuel convient aux modèles suivants

Table des matières

Autres manuels Netscape Serveur

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.01 - PLUG-IN Manuel utilisateur

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.01 Manuel utilisateur

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.2 - GATEWAY... Manuel utilisateur

Netscape

Netscape NETSCAPE DIRECTORY SERVER 7.0 - PLUG-IN Manuel utilisateur

Netscape

Netscape NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER... Manuel utilisateur

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT Manuel utilisateur

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.02 Manuel utilisateur

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.01 Manuel utilisateur

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.0 Manuel de service

Netscape

Netscape NETSCAPE ENTREPRISE SERVER 6.0 -... Manuel de service

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.0 Manuel utilisateur

Netscape

Netscape NETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER... Manuel utilisateur

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT Manuel de service

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.02 - PLUG-IN Manuel utilisateur

Netscape

Netscape NETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO... Manuel

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.2 - GATEWAY... Manuel utilisateur

Netscape

Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 04-2002... Manuel de service

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.2 - GATEWAY... Manuel de service

Netscape

Netscape NETSCAPE DIRECTORY SERVER 7.0 Manuel utilisateur

Netscape

Netscape NETSCAPE ENTREPRISE SERVER 6.0 - INSTALLATION AND MIGRATION... Manuel utilisateur

Netscape

Netscape NETSCAPE ENTERPRISE SERVER 6.1 - PROGRAMMER GUIDE TO... Manuel

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.01 Manuel de service

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.1 - PLUG-IN Manuel utilisateur

Netscape

Netscape NETSCAPE DIRECTORY SERVER 6.02 -... Manuel de service

Manuels Serveur populaires d'autres marques

HP AlphaServer ES47 Manuel utilisateur

Dell

Dell PowerEdge R410 Manuel utilisateur

PowerNAS

PowerNAS CMA Manuel utilisateur

Supero

Supero FatTwin F617R3-FT Manuel utilisateur

MSI

MSI P1-109N-L70 Manuel utilisateur

Dell

Dell PowerEdge XE9640 Manuel

Dell

Dell PS4100 Instructions de montage

EtroVISION

EtroVISION EV3151 Manuel utilisateur

NEC

NEC Express5800/T110j Manuel utilisateur

HP ProLiant Gen9 Manuel utilisateur

Compaq

Compaq ProLiant 3000 Manuel

Dell

Dell PowerEdge 3YPMN Manuel utilisateur

iRobo

iRobo IPC2U Manuel utilisateur

Nortel

Nortel 1000 Con?guration guide Manuel utilisateur

Asus

Asus AP7500 Manuel d'utilisation et d'entretien

Avid Technology

Avid Technology AirSpeed 5000 Manuel utilisateur

HP Integrity rx2600 Guide d'installation

Milestone

Milestone Husky IVO 350T Manuel utilisateur