Attribute Name |
Description |
---|---|
ocs_store |
Always set this to 'yes' so that the proxy credentials are stored in OCS. Example: <ocs_store>yes</ocs_store> |
cert_mutual |
Set this to 'yes' when you want to implement the Certificate Mutual login method. It implements the Simple Authentication and Security Layer (SASL) EXTERNAL mechanism, which uses SSL certificates to provide client authentication to eDirectory through LDAP. Example: <cert_mutual>no</cert_mutual> |
challenge_response |
Set this to 'yes' when you want to enable the Challenge-Response login method. It works with the Identity Manager password self-service process. This method allows either an administrator or a user to define a password challenge question and a response, which are saved in the password policy. Then, when users forget their passwords, they can reset their own passwords by providing the correct response to the challenge question. Example: <challenge_response>yes</challenge_response> |
create_server_object |
Set this to 'Yes' when you want to create a DNS server object. Example: <create_server_object>yes</create_server_object> |
dib_location |
Specify the path of the nds databse. Example: <dib_location>/var/opt/novell/eDirectory/data/dib</dib_location> |
digest_md5 |
Set this to 'yes' when you want to implement the Digest MD5 login method. It implements the Simple Authentication and Security Layer (SASL) DIGEST-MD5 mechanism as a means of authenticating the user to eDirectory through LDAP. Example: <digest_md5>no</digest_md5> |
domain_name |
Specify the DSfW DNS domain name. The value of this tag and xad_domain_name tag should be same. Example: <domain_name>acme.com</domain_name> |
existing_dns_ip |
Specify the existing DNS server IP address. Example: <existing_dns_ip>192.168.1.1</existing_dns_ip> |
group_context |
Specify the DNS DHCP group object context. Example: <group_context>ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</group_context> |
host_name |
Specify the host name of the current server where the installation is being done. Example: <host_name>acme-208</host_name> |
http_port |
Specify the HTTP port of the eDirectory server where the installation is being done. Example: <http_port config:type="integer">8028</http_port> |
https_port |
Specify the HTTPS port of the current eDirectory server. Example: <https_port config:type="integer">8030</https_port> |
install_secretstore |
Set to 'yes' when you want to install the secret store. Example: <install_secretstore>yes</install_secretstore> |
install_universalstore |
Set to 'yes' when you want to install the universal store. Example: <install_universalstore>no</install_universalstore> |
ldap_basedn |
Specify the DNSs server's CN name. This is required only in case of DSfW server. Example: <ldap_basedn>ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</ldap_basedn> |
ldap_server |
Specify the IP address of the DNS LDAP server. Example: <ldap_server>192.168.1.1</ldap_server> |
locator_context |
Specify the DNS locator object context where the DNS servers or zones are present. Example: <locator_context>ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</locator_context> |
migrate_option |
Always set this to 'no' as the migrate NKDC realm to DSfW domain is discontinued. Example: <migrate_option>no</migrate_option> |
nds |
Set to this to 'yes' when you want to use the NDS login method that provides secure password challenge-response user authentication to eDirectory. Example: <nds>yes</nds> |
ntp_server_list |
Specify reliable NTP servers IP addresses. Example: <ntp_server_list config:type="list"> <listentry>192.168.1.5</listentry></ntp_server_list> |
overwrite_cert_files |
Set this to 'yes' when you want eDirectory to automatically back up the currently installed certificate and key files and replace them with files created by the eDirectory Organizational CA (or Tree CA). Example: <overwrite_cert_files>yes</overwrite_cert_files> |
replica_server |
Specify the IP address of the master eDirectory server. Example: <replica_server>192.168.1.5</replica_server> |
runtime_admin |
Specify the common proxy user context of the DNS. Example: <runtime_admin>cn=OESCommonProxy_host1,ou=OESSystemObjects,dc=acme,dc=com</runtime_admin> |
runtime_admin_password |
Specify the common proxy DNS password. Example: <runtime_admin_password>SAM23#$</runtime_admin_password> |
sasl_gssapi |
Set this to 'yes' when you want to implement the SASL GSSAPI login method. It implements the Generic Security Services Application Program Interface (GSSAPI) authentication using the Simple Authentication and Security Layer (SASL) that enables users to authenticate to eDirectory through LDAP using a Kerberos ticket. Example: <sasl_gssapi>no</sasl_gssapi> |
server_context |
Specify the eDirectory server context where there eDirectory server object needs to be created. Example: <server_context>ou=wdc,o=acme</server_context> |
server_object |
Specify the eDirectory server object name that has the object name and context. Example: <server_object>cn=DNS_edir-acme-208,ou=OESSystemObjects,dc=labs,dc=wdc,dc=acme,dc=com</server_object> |
simple_password |
Set this to 'yes' when you want to implement the Simple Password NMAS login method. It provides password authentication to eDirectory. The Simple Password is a more flexible but less secure alternative to the NDS password. Simple Passwords are stored in a secret store on the user object. Example: <simple_password>no</simple_password> |
slp_backup |
Set this to 'yes' when you want the SLP server to periodically back up all registrations. This works only when the server is configured as a DA (Directory Agent). Example: <slp_backup>yes</slp_backup> |
slp_backup_interval |
Specify the SLP backup time in seconds. The default is (900 seconds or 15 minutes). If the server is configured as Director Agent, this value will be used. Example: <slp_backup_interval>900</slp_backup_interval> |
slp_da |
Specify the list of IP addresses of the SLP Directory Agents. Example: <slp_da config:type="list"> <listentry>198.162.1.1</listentry></slp_da> |
slp_dasync |
Set this to 'yes' when you want to enable SLPD to sync service registration between SLP Das on startup. If the server is configured as Director Agent, this value be used. Example: <slp_dasync>no</slp_dasync> |
Slp_mode |
Specify the SLP mode to multicast, da, or da_server. By default, it is set to multicast. Example: <slp_mode>da</slp_mode> |
slp_scopes |
This is a comma delimited list of strings indicating the only scopes a UA or SA is allowed when making requests or registering or the scopes a DA must support. The default value is DEFAULT. Example: <slp_scopes>DEFAULT</slp_scopes> |
tls_for_simple_binds |
Set this to 'yes' when you require TLS for SIMPle binds with passwords. Example: <tls_for_simple_binds>yes</tls_for_simple_binds> |
tree_type |
Specify the type of eDirectory tree: new or existing. Example: <tree_type>new</tree_type> |
use_secure_port |
Set this to 'yes' when you want the DNS to use the secure port for communication in an DSfW environment. Example: <use_secure_port>yes</use_secure_port> |
xad_admin_password |
Specify the DSfW domain administrator password. Example: <xad_admin_password>SAM23#$</xad_admin_password> |
xad_config_dns |
Set this to 'yes' when you want to configure this domain controller also as a DNS server. Example: <xad_config_dns>yes</xad_config_dns> |
xad_convert_existing_container |
Set this to 'yes' for name mapped installations. In named mapped installations, the DSfW domain is mapped to an already existing eDirectory partition in the eDirectory tree. Example: <xad_convert_existing_container>no</xad_convert_existing_container> |
xad_domain_name |
Specify the DSfW DNS domain name. The value of this tag and domain_name tag should be same. Example: <xad_domain_name>acme.com</xad_domain_name> |
xad_domain_type |
Specify the DSfW domain type: forest, domain or controller.
Exmple: <xad_domain_type>forest</xad_domain_type> |
xad_existing_container |
Specify the eDirectory partition that the DSfW domain is being mapped to. This is effective only when the xad_convert_existing_container tag is set to 'yes'. Example: <xad_existing_container>ou=OESSystemObjects, o=acme</xad_existing_container> |
xad_forest_root |
Specify the forest root domain name in the DSfW forest. Example: <xad_forest_root>acme.com</xad_forest_root> |
xad_ldap_admin_context |
Specify the eDirectory tree admin context.In a name-mapped installation, for all the modes of DSfW installation, this tag will point to the (existing) eDirectory tree's tree administrator. Example: cn=admin,ou=admins,o=acme.<xad_ldap_admin_context>cn=admin,ou=admins,o=acme</xad_ldap_admin_context>In a non-name mapped installation, the forest root domain administrator is also the eDirectory tree administrator. For all the modes of installation, this tag will point to the forest root domain administrator. For example, for the forest root domain acme.com, the default forest domain administrator will be <xad_ldap_admin_context>cn=administrator,cn=users,dc=acme,dc=com</xad_ldap_admin_context>For example, for the child domain sales.example.com, the default forest domain administrator will be <xad_ldap_admin_context>cn=administrator,cn=users,dc=example,dc=com</xad_ldap_admin_context> |
xad_ldap_admin_password |
Specify the eDirectory tree administrator password. Example: <xad_ldap_admin_password>SAM23#$</xad_ldap_admin_password> |
xad_netbios |
Specify the NetBIOS name of the DSfW domain. Example: <xad_netbios>EXAMPLE</xad_netbios> |
xad_parent_domain |
Specify the DSfW domain name of immediate DSfW parent domain. For example, for a domain sales.acme.com, the value will be, <xad_parent_domain>acme.com</xad_parent_domain> |
xad_parent_domain_address |
Specify the IP address of any one of the parent DSfW domain controller. For example, for the domain sales.acme.com, specify the IP address of the DSfW DC hosting the domain acme.com. <xad_parent_domain_address>192.168.1.1</xad_parent_domain_address> |
xad_parent_domain_admin_context |
Specify the immediate DSfW parent domain's administrator context. For example, for the domain sales.acme.com, <xad_parent_domain_address>cn=administrator,cn=users,dc=acme,dc=com</xad_parent_domain_address> |
xad_parent_domain_admin_password |
Specify the immediate DSfW parent domain's administrator password. Example: <xad_parent_domain_admin_password>SAM23#$</xad_parent_domain_admin_password> |
xad_replicate_partitions |
Always set this to 'yes'. This indicates that the replicas of the configuration and schema partitions will be added to the local domain controller. Example: <xad_replicate_partitions>yes</xad_replicate_partitions> |
xad_retain_policies |
Set this to 'yes' when you want to retain the existing NMAS universal password policies. Example: <xad_retain_policies>yes</xad_retain_policies> NOTE:If set to 'no', the DSfW configuration will override the existing password policies if any. |
xad_service_configured |
Always specify this value to 'yes' when you want to configure DSfW. Example: <xad_service_configured>yes</xad_service_configured> |
xad_site_name |
Specify the site name to which this domain controller should be associated with. Otherwise the default value should be 'Default-First-Site-Name'. Example: <xad_site_name>Default-First-Site-Name</xad_site_name> |
xad_wins_server |
Specify 'yes' when you want to configure the DSfW domain controller as WINS server. Example: <xad_wins_server></xad_wins_server> NOTE:Only one domain controller in a DSfW domain should be designated as WINS server. |