From fedora-directory-commits at redhat.com Wed Jan 16 17:56:13 2008 Content-Type: multipart/mixed; boundary="===============0453071197870990670==" MIME-Version: 1.0 From: Doctor Conrad To: 389-commits at lists.fedoraproject.org Subject: [Fedora-directory-commits] dsgw/html/manual a.gif, NONE, 1.1 add.htm, NONE, 1.1 attribua.gif, NONE, 1.1 attribut.htm, NONE, 1.1 auth.htm, NONE, 1.1 contents.html, NONE, 1.1 dn.htm, NONE, 1.1 dna.gif, NONE, 1.1 filters.htm, NONE, 1.1 index.html, NONE, 1.1 index.map, NONE, 1.1 intro.htm, NONE, 1.1 mod.htm, NONE, 1.1 n.gif, NONE, 1.1 objclass.htm, NONE, 1.1 search.htm, NONE, 1.1 t.gif, NONE, 1.1 y.gif, NONE, 1.1 Date: Wed, 16 Jan 2008 17:56:05 -0500 Message-ID: <200801162256.m0GMu5VO023583@cvs-int.fedora.redhat.com> --===============0453071197870990670== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Author: rmeggins Update of /cvs/dirsec/dsgw/html/manual In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23442/dsgw/html/manual Added Files: a.gif add.htm attribua.gif attribut.htm auth.htm contents.html = dn.htm dna.gif filters.htm index.html index.map intro.htm = mod.htm n.gif objclass.htm search.htm t.gif y.gif = Log Message: added manuals; fixed code that displays manuals; added initial tests --- NEW FILE add.htm --- Adding Directory Entries

Adding Entries

You can add new entries to the directory using the Directory Server interface. To add entries, your Directory Server administrator must have granted you the right to do so. Before you can add an entry, you must authenticate to the Directory Server.

Using the Directory Server interface you can add:

Before you add an entry for the first time, read the New Entry Guidelines section for important information about the directory tree structure and naming conventions.

New Entry Guidelines

Before you begin adding entries to the directory, make sure that you understand the following directory concepts:

Directory Tree Structure

Data in the directory is arranged in a tree hierarchy. The top of the tree is known as the root or suffix. The root entry usually represents the organization entry for the directory.

Note:
Although your directory may contain more than one suffix, the directory server interface only allows you to search for, add, and edit entries in a single suffix. Make sure that you know which suffix your Directory Server interface is supporting before adding new entries.

Below the root are branches of the tree, which usually represent organizational units such as marketing or accounting. Entries for people and resources within your organization are usually contained below these organizational unit branches within the directory tree structure.

When you add an entry, make sure that an entry representing a branch point is created before new entries are created under that branch. For example, if you want to place entries in a Marketing subtree and in an Accounting subtree, then create the branch point for those subtrees before creating entries within the subtrees:

Â Â Â Â Â &Acir=
c; Â Â Â  o=3DExample.com
Â&=
nbsp;Â Â Â Â Â &Acir=
c; Â Â  ou=3DMarketing, o=3DExample.com
&Acir=
c; Â Â Â Â Â &A=
circ; Â Â  ...
Â Â &Aci=
rc; Â Â Â Â Â &=
Acirc;  Marketing subtree entries
Â Â Â Â Â Â&nb=
sp;Â Â Â  ...
Â Â Â Â Â Â&nb=
sp;Â Â Â  ou=3DAccounting, o=3DExample.com
Â Â Â Â Â Â&nb=
sp;Â Â Â  ...
Â Â Â Â Â Â&nb=
sp;Â Â Â  Accounting subtree entries

Distinguished Name Syntax

An entry is uniquely identified within the Directory Server through the use of a distinguished name (DN). A DN identifies the entry by using a series of comma-separated attributes and attribute values. The left-most value in the DN represents the entry's name, with each subsequent attribute representing a branch point above the entry. For example:

uid=3Dbjensen, ou=3Dpeople, o=3Dexample.com

This DN represents the entry named bjensen in the subdirectory named people in the directory named example.com.

When you add a new entry to the Directory Server, you are prompted to enter the complete distinguished name.

Unique Distinguished Names

The Directory Server interface does not allow you to create a duplicate entry. To avoid naming duplications, use distinguished names that begin with the person's user ID (uid) rather than the person's common name (CN). Choose user IDs that are readable; that is, do not use a random collection of letters and numbers for user IDs. If your enterprise already has an email system, one possibility would be to use the left-most value of each person's email address as that person's user ID. For example, if a person has the email address:

bjensen(a)example.com

then give that person's directory entry the following DN:

uid=3Dbjensen, o=3Dexample.com

Adding a Person

To add a new person entry, do the following:

Click the New Entry tab.
Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click the Back button in your browser window.
If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you to authenticate before continuing.
When you add a person to the directory, a form that allows you to edit that person's data is displayed. This form is displayed in a new web browser window. You must supply values for the required fields. The required fields for a person are:

You can provide values for the optional fields now, or add them later. The optional fields for a person are:

First NameÂ	Phone	Email AddressÂ
FaxÂ	User ID	Pager
Mobile PhoneÂ	Business CategoryÂ	Title
Organizational UnitÂ	ManagerÂ	Room NumberÂ
AdminÂ	Dept#Â	Emp#Â
Car License#Â	Mailing AddressÂ	DescriptionÂ
See AlsoÂ	URLÂ	PasswordÂ

Note:
You cannot enter values into the Manager, Admin, or See Also fields until you have saved the entry. Furthermore, changing uid in the New Entry screen will result in a multi-valued uid with the value selected in the first screen as the naming component.

To cancel the entry creation, close the web browser window containing the form. When you are done filling in the form, click the Save New Person button at the top of the form.
After saving the entry, you can add values to the Manager and Admin fields or add a See Also value.

Adding an NT Person

When creating an NT-person entry, make sure that the subtree in which you place the entry is the same subtree that the synchronization service uses to synchronize entries. If you place an NT-person entry into another location, it is not synchronized with the Windows network.

To add a new NT-person entry, do the following:

Click the New Entry tab.
Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click the Back button in your browser window.
If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you to authenticate before continuing.
When you add an NT-person to the directory, a form that allows you to edit that person's data is displayed. This form is displayed in a new web browser window. You must supply values for the required fields. The required fields for an NT-person are:

You can provide values for the optional fields now, or add them later. The optional fields for a person are:

First NameÂ	PhoneÂ	Email AddressÂ
FaxÂ	Directory Server PasswordÂ	PagerÂ
Mobile PhoneÂ	Business CategoryÂ	TitleÂ
Organizational UnitÂ	ManagerÂ	Room NumberÂ
AdminÂ	Dept#Â	Emp#Â
Car License#Â	Mailing AddressÂ	DescriptionÂ
See AlsoÂ	URLÂ	User Id

Note:
You cannot enter values into the Manager, Admin, or See Also fields until you have saved the entry.

You can also change the value for the following two options:

When you are done filling in the form, click the Save New NT Person button at the top of the form. To cancel the entry creation, close the web browser window containing the form.
After saving the entry, you can add values to the Manager and Admin fields or add a "See Also" value.

Adding a Group

To add a new group entry, do the following:

Click the New Entry tab.
Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click the Back button in your browser window.
If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you to authenticate before continuing.
When you add a group to the directory, a form that allows you to edit that group's data is displayed. This form is displayed in a new web browser window. You must supply a value for the required field Name.
You can provide a value for the optional Description field now, or add it later.

Note:
You cannot enter values into the Owner, Group Members, or See Also fields until you have saved the entry.

When you are done filling in the form, click the Save New Group button at the top of the form.

After you have saved the entry, you can add values for the Owner, Group Member, and See Also fields.

Adding an NT Group

To add a new NT group entry, do the following:

Click the New Entry tab.
Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click the Back button in your browser window.
If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you to authenticate before continuing.
When you add an NT-group to the directory, a form that allows you to edit that group's data is displayed. This form is contained in a new web browser window. You must supply a value for the required fields. The required fields for an NT-group are:

You can provide values for the optional fields now, or add them later. The optional fields for an NT group are:

DescriptionÂ	OwnerÂ
NT Group MembersÂ	See Also

Note:
You cannot enter values into the Owner, NT Group Members, or See Also fields until you have saved the entry.

You may also change the value for the Delete NT Group if Group Deleted option.
When you are done filling in the form, click the Save New Group button at the top of the form.

After you save the entry, you can add values for the NT Group Members, Owner, and See Also fields.

Adding an Organizational Unit

To add a new organizational unit entry, do the following:

Click the New Entry tab.
Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click the "Back" button in your browser window.
If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you to authenticate before continuing.
When you add an organizational unit to the directory, a form that allows you to edit that organization's data is displayed. This form is displayed in a new web browser window. You must supply a value for the required field, Unit Name.
You can provide values for the optional fields now, or add them later. The optional fields for an organizational unit are:

DescriptionÂ	PhoneÂ	Business CategoryÂ
FaxÂ	LocationÂ	Mailing AddressÂ
See AlsoÂ	Â	Â

When you are done filling in the form, click the Save New Org. Unit button at the top of the form. To cancel the entry creation, close the web browser window containing the form.

Adding a Domain Component

To add a new domain entry, do the following:

Click the New Entry tab.
Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click the Back button in your browser window.
If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you to authenticate before continuing.
You must supply a value for the required field, dc.
You can provide values for the optional fields now, or add them later. The optional fields for a domain are:

Description	Phone	Business Category
Fax	Location	Mailing Address
See Also

When you are done filling in the form, click the Save New dc button at the top of the form. To cancel the entry creation, close the web browser window containing the form.

Adding an Organization

To add a new organization entry, do the following:

Click the New Entry tab.
Follow the steps outlined in the New Entry form. When you are done filling in this form, click Continue. To cancel the operation click the Back button in your browser window.
If you have not authenticated before you attempt to add a new entry, or if your authentication has expired, the Directory Server prompts you to authenticate before continuing.
Adding an organization is supported only when you initially populate your directory tree. The organization you add must match the organization you specified in the Database Subtree field when you installed your Directory Server. For example, if you specified a value of:

o=3DExample.com

o=3DExample.com

o=3DExample.com

o=3DExample.com

You must supply a value for the required field, Organization Name.
You can provide values for the optional fields now, or add them later. The optional fields for an organization are:

DescriptionÂ	PhoneÂ	Business CategoryÂ
FaxÂ	LocationÂ	Mailing AddressÂ
See AlsoÂ	Â	Â

When you are done filling in the form, click the Save New Org. button at the top of the form. To cancel the entry creation, close the web browser window containing the form.

--- NEW FILE attribut.htm ---

Attributes

This appendix includes information on attribute definitions. Most of the schema attributes used in the Directory Server are part of the standard LDAP protocol, which is in turn based on the X.500 standard. However, some of the Directory Server's attributes are extensions created by Netscape for use with its implementation of LDAP. If an attribute was created by Netscape and is not part of the standard LDAP schema, a note is made in the description of that object or attribute.

For information on what the Directory Server schema is and what it is used for, refer to the Directory Server Deployment Guide.

For information on the object classes in the schema, see Appendix A, "Object Classes."

Attribute Definitions

The following define the attributes used to describe an entry in the directory tree. To determine which attributes are required and allowed for each object class, see Appendix A, "Object Classes."

Each attribute has a corresponding syntax definition that describes the nature of the attribute information. This syntax is important only when the Directory Server is performing sorting and pattern matching; there is nothing to otherwise prevent you from, for example, placing a telephone number on an attribute that expects a distinguished name.

The possible attribute syntaxes are:

bin -- binary.

ces -- case exact string (case must be matched during comparison).

cis -- case ignore string (case is ignored during comparison).

tel -- telephone number (identical to cis, but blanks and dashes (-) are ignored during comparisons).

dn -- distinguished name.

int -- integer.

operational -- for internal use only. Operational attributes are not displayed in search results.

The base OID for the Fedora Directory Server is:


2.16.840.1.113730.3

All Netscape|Red Hat defined attributes have the base:


2.16.840.1.113730.3.1

abstract

Provides an abstract of a document entry.

Syntax: cis

accountUnlockTime

Defines, in seconds, the time until a user's account is unlocked after a specified number of failed attempts to bind to the directory.


	accountUnlockTime: 600

OID: 2.16.840.1.113730.3.1.95

Syntax: cis operational

aci

Stores the Directory Server access control information for this entry. For example:


	aci: (target=3D"ldap:///o=3DExample.com")(version 3.0;
	 acl "an=
onymous access"; allow (read, search, compare)
	 userdn=3Dldap:///self;)=

OID: 2.16.840.1.113730.3.1.55

Syntax: bin

This attribute is a Netscape|Red Hat extension to the standard LDAP schema.

administratorContactInfo

Provides a URL to information about the person responsible for administering the server. This attribute is a Netscape|Red Hat extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a server is initially installed. For example:


	administratorContactInfo: ldap://uid=3Dssarette, o=3DExample.com

OID: 2.16.840.1.113730.3.1.74

Syntax: cis

adminUrl

Provides the URL to the administration server through which you can manage the server. This attribute is a Netscape|Red Hat extension used by the netscapeServer object class. Normally this attribute and this attribute value is written to the directory when a server is initially installed. For example:


	adminUrl: http://twain.example.com:2468
[...5555 lines suppressed...]
ttl


Contains the time, in seconds, that cached information about an entry
should be considered valid. Once the specified time has elapsed, the
information is considered out of date. A value of zero (0) indicates
that the entry should not be cached.


	timeToLive: 120



or:


	ttl: 120



Abbreviation: ttl
OID: 1.3.6.1.4.1.250.1.60

Syntax: cis

uid


Identifies the entry's userid (usually the logon ID). For example:


	userid: banderson



or:


	uid: banderson



Abbreviation: uid
OID: 0.9.2342.19200300.100.1.1

Syntax: cis

uniqueIdentifier


Identifies a specific item used to distinguish between two entries when
a distinguished name has been reused. This attribute is intended to
detect instance of a reference to a distinguished name that has been
deleted. This attribute is assigned by the server. For example:


	uniqueIdentifier: AAAAAA=3D=3D



OID: 0.9.2342.19200300.100.1.44
Syntax: cis

uniqueMember


Identifies a group of names associated with an entry where each name
was given a uniqueIdentifier to ensure its uniqueness. A value for the
uniqueMember attribute is a DN followed by the uniqueIdentifier.

OID: 2.5.4.50

Syntax: dn

updatedByDocument


Contains the distinguished name of a document that is an updated
version of the document entry.

Syntax: dn

updatesDocument


Contains the distinguished name of a document for which this document
is an updated version. 

Syntax: dn

userCertificate


Contains a text-encoded version of a user's certificate. Not
recommended; use userCertificate;binary instead.

Syntax: bin

userCertificate;binary


Contains a user's certificate in binary form. For example:


	userCertificate;binary: AAAAAA=3D=3D



OID: 2.5.4.36
Syntax: bin

userClass


Specifies a category of computer user. The semantics of this attribute
are arbitrary. The organizationalStatus attribute makes no distinction
between computer users and others users and may be more applicable. For
example:


	userClass: intern



OID: 0.9.2342.19200300.100.1.8
Syntax: cis

userPassword


Identifies the entry's password and encryption method in the following
format:


{encryption method}encrypted password



For example:


	userPassword: {sha}FTSLQhxXpA05



OID: 2.5.4.35
Syntax: bin

userSMIMECertificate;binary<=
/b>


Used by Browser for S/MIME. For example:


	userSMIMECertificate;binary: AAAAAA=3D=3D



OID: 2.16.840.1.113730.3.1.40
Syntax: bin

x121Address


Defines the X.121 address of a person. 

OID: 2.5.4.24

Syntax: ces

x500UniqueIdentifier


Reserved for future use. For example:


	x500UniqueIdentifier: AAAAAA=3D=3D



OID: 2.5.4.45
Syntax: bin







--- NEW FILE auth.htm ---




Directory Authentication




Authentication

Authentication is the
process of identifying yourself to the Directory Server. The
authentication process enables the Directory Server
to determine what operations you are allowed to perform on the
directory. Note, however, that authentication is not always
necessary; your directory administrator can configure the system
so that permission is not required for some procedures.

By default, access to the directory is denied to all users
with the exception of the directory administrator. The
directory administrator defines the permissions that
grant or remove access to the directory. Because permissions are
determined on a site by site basis, you need to check with your
directory administrator to find out what kind of access you have
to the directory and which operations require authentication, if any.

This chapter contains the following sections:


    &file=3D.MANUAL/=
auth.htm#ustand">Understanding directory access
    &file=3D.MANUAL/=
auth.htm#userauth">Authenticating to the directory
    &file=3D.MANUAL/=
auth.htm#logout">Logging out of the directory
    &file=3D.MANUAL/=
auth.htm#incorrectauth">Problems caused by improper
        authentication


Understanding Directory Access

One of the key tasks of the directory administrator
is determining which users need access to the directory and the
types of access required. The directory administrator grants and
denies permission to the directory through the use of the access
control mechanism. Using the access control mechanism, the
directory administrator can allow or deny access:


    to any unauthenticated user (this is known as anonymous
        access) 
    to all authenticated users
    to specific authenticated users or groups
    from a specific machine or DNS domain
    at a specific time of day or day of the week
    based on authentication method


The specific rights the administrator assigns can vary from
user to user. For example, the administrator usually would grant read
and search access to anonymous users and would grant write access
only to a select group of authenticated users and groups, perhaps only
from specific machines.

The following are just some of the things the directory
administrator can do by applying permissions to the directory.
The directory administrator can:


    Require you to authenticate before accessing the
        directory in any way. 
    Require you to authenticate before accessing certain
        subsections of the directory. 
    Require you to authenticate before performing certain
        kinds of actions in the directory, such as adding or
        modifying entries. 
    Deny you access to all or parts of the directory,
        or deny you the ability to perform certain kinds of
        functions. 
    Allow anonymous access to all or parts of the directory.
    Allow anonymous access for some kinds of operations (such
        as searches), but not others (such as
        modifications). 
    Allow or deny access based on the physical machine you
        are currently using. 


The Directory Server interface has no way of determining if
you are required to authenticate before attempting any directory
access. However, the interface assumes you must authenticate
before modifying the directory tree in any way, and if you are
not currently authenticated, it prompts you for authentication
before you can make any modifications. If you do not
authenticate, you are allowed only to perform the operations
and access the portions of the directory that your directory
administrator has set for anonymous access.



Authenticating to the Directory

In some situations, the Directory Server interface =

automatically prompts you to authenticate before continuing with
an operation. You can also explicitly choose to authenticate by
clicking the Authentication tab. Either way, the
authentication procedure is as follows:


    Click the Authentication tab.
    Enter the name you want to use to identify yourself to
        the Directory Server: =

	  
            To authenticate as a regular user=
, enter your
                full name and click Continue. 

                Enter your name as it would appear in the
                Directory Server (your common name or full name).
                Do not enter your user ID or login for the local
                operating system. 
            To authenticate as the privile=
ged directory user,
                click the "Authenticate as directory manager"
                button.
        
    
    If the Directory Server interface displays a table of
        matching entries, select the link that corresponds to
        your directory entry. If your name is unique in the
        directory, the system skips this step.
    Enter your password and click Continue.

        Contact your directory manager if you do not know your
        password. 

        After the authentication
        operations complete successfully, the interface displays
        a message indicating the amount of time for which your
        authentication credentials are valid. When this time has
        elapsed, you need to reauthenticate to the directory
        to continue your session. If your password has already
	expired you should either change
	it immediately or contact your system administrator.
    Click "Return to Main" to continue your
        Directory Server interface session. 


Logging Out of the Directory

If you have authenticated to the Directory Server and
want to return to anonymous access, do the following:


    Click the Authentication tab.
    Click the "Discard Authentication Credentials (log out)"
        button. 


You are returned to anonymous access. To change from one type of =

access to another, you must authenticate to the Directory Server again. See=
 &file=3D.MANUAL/auth.htm#us=
erauth2">Authenticating as a User or &file=3D.MANUAL/auth.htm#ma=
nagerauth2">Authenticating as Directory Manager for
more information. 

Reauthenticating to the Directory

When you authenticate to the directory, you are given
authentication credentials that are good only for a specific
amount of time. By default, authentication credentials are valid
for 120 minutes. However, this period is configurable by the directory admi=
nistrator.
If your authentication credentials expire before you have
finished using the Directory Server interface, you must
reauthenticate to the directory before your changes can be saved.
The procedure for reauthenticating to the directory is the same
as the procedure you originally used to &file=3D.MANUAL/auth.htm#userauth">authenticate
to the directory.

Problems Caused by Incorrect
Authentication

When you are not authenticated to the Directory Server, you are
accessing the directory as an anonymous user. The types of
operations you can perform as an anonymous user depend on the
access controls set by your directory administrator. You
may notice strange behavior when you try to perform a directory
operation, such as a search. Although not explicitly stated
by the Directory Server interface, the anomalies you encounter are
often caused by improper authentication. The interface does not provide
this information because doing so could compromise security.

The following table lists symptoms of some common
problems along with the possible causes and the
action you can take to fix the problem.


    
        Symptom
        Cause
        Action
    
    
        Search results are empty
        Either no entries match
        the search string you entered, or you are required to
        authenticate to the directory before performing this type of search
        operation.
        Try a different search
        operation. Or, if you are sure that there are entries
        that match the criteria you entered, &file=3D.MANUAL/auth.htm#userauth">authenticate
        to the directory.
    
    
        Search results missing
        entries or missing attribute information from returned
        entries.
        Either you are not authenticated
        properly or you do not have access to the information.
        The directory administrator can specify that all or parts
        of the directory tree require authentication to access
        entries, or even certain entry attributes. In this situation,
	  the Directory Server does not indicate that the
        information exists and that you do not have =

        privileges to access it. Instead, it simply acts as if
        the information does not exist at all. This behavior is
        driven by the concern that knowing certain information
        exists in the tree, even if you are not allowed to see
        it, can pose a security risk. 
        Make sure you are properly &file=3D.MANUAL/aut=
h.htm#userauth">authenticated. Then, verify with
        your directory administrator that you have access to the
        directory information you need.
    
    
        Operation fails after
        completion
        The directory is failing the operation
        because of improper authentication. Although, it may seem as if
        the interface's form action is failing the
        operation, the form is only passing the operation to the
        Directory Server, which is then failing the operation.
        The Directory Server interface simply reports the results
        of the operation. This occurs because the LDAP protocol
        does not currently allow the interface to know whether
        authentication is required before trying an operation.
        Using the interface, this situation can only arise
        if your authentication times out while you are creating
        or modifying the directory entry. 
        Make sure you are properly &file=3D.MANUAL/aut=
h.htm#userauth">authenticated and that your authentication
	  has not timed out. 
    
    
        A table of entries is
        displayed during the authentication process
        Either your full name is not unique in
        the directory, or the name you entered does not exist in
        the directory.
        If your entry is displayed
        on the table, select the corresponding link and continue
        with the &file=
=3D.MANUAL/auth.htm#userauth">authentication process.If
        your entry is not displayed on the table, click Cancel
        and then try &fi=
le=3D.MANUAL/auth.htm#userauth">authenticating
        again. Be sure to use your full name and not your user
        ID.
        
    
    
        Username is correct, but
        authentication fails anyway
        Your password is incorrect. If you
        enter a valid username but an incorrect password, and the
        username you supplied represents an NT person entry, the
        Directory Server attempts to authenticate you to the
        Windows network. 
        If that is not successful or the user name you
        supplied does not represent an NT person entry, you are
        given the choice to retry, close the window, or seek
        help.
        
        Click Retry
        and then reenter your password.
    


=EF=BF=BD=EF=BF=BD




--- NEW FILE contents.html ---



   
   
   Contents




Contents


&file=3D.MANUAL/intro.htm">Chapter 1 Intro=
duction to the Directory Server Interface


&file=3D.MANUAL/search.htm">Chapter 2 Sear=
ching the Directory Tree



&file=3D.MANUAL/search.htm#standard">Stand=
ard Search



&file=3D.MANUAL/lang?&fil=
e=3D.MANUAL/search.htm#Performing a Standard Search">Performing a Standard
Search



&file=3D.MANUAL/search.htm#Name">Searching=
 for Names


&file=3D.MANUAL/search.htm#initials">Searc=
hing for Names with Initials


&file=3D.MANUAL/search.htm#phone">Sear=
ching for Phone Numbers

&file=3D.MANUAL/search.htm#e-mail">Sea=
rching for E-mail Addresses

&file=3D.MANUAL/search.htm#filter">Usi=
ng Search Filters



&file=3D.MANUAL/search.htm#advanced">Advan=
ced Search



&file=3D.MANUAL/search.htm#Performing an A=
dvanced Search">Performing an Advanced
Search


&file=3D.MANUAL/search.htm#Advanced Search=
 Examples">Advanced Search Examples



&file=3D.MANUAL/search.htm#results">Viewin=
g Search Results



&file=3D.MANUAL/search.htm#nomatch">No Mat=
ches


&file=3D.MANUAL/search.htm#single">A Singl=
e Match


&file=3D.MANUAL/search.htm#multiple">Multi=
ple Matches


&file=3D.MANUAL/search.htm#problems">Other=
 Problems

&file=3D.MANUAL/search.htm#vCard">Viewing =
a vCard

&file=3D.MANUAL/add.htm">Chapter 3 Adding =
Entries



&file=3D.MANUAL/add.htm#guidelines">New En=
try Guidelines



&file=3D.MANUAL/add.htm#tree">Directory Tr=
ee Structure


&file=3D.MANUAL/add.htm#DN">Distinguished =
Name Syntax


&file=3D.MANUAL/add.htm#uniqueDN">Unique D=
istinguished Names



&file=3D.MANUAL/add.htm#person">Adding a P=
erson


&file=3D.MANUAL/add.htm#NTperson">Adding a=
n NT-Person


&file=3D.MANUAL/add.htm#group">Adding a Gr=
oup


&file=3D.MANUAL/add.htm#NTgroup">Adding an=
 NT-Group


&file=3D.MANUAL/add.htm#ou">Adding an Orga=
nizational Unit


&file=3D.MANUAL/add.htm#dc">Adding a Domai=
n


&file=3D.MANUAL/add.htm#o">Adding an Organ=
ization



&file=3D.MANUAL/mod.htm">Chapter 4 Editing=
 Entries



&file=3D.MANUAL/mod.htm#people">Editing Pe=
ople


&file=3D.MANUAL/mod.htm#addmanager">Ad=
ding Values to the Manager and Admin
Fields



&file=3D.MANUAL/mod.htm#ntpeople">Editing =
NT-people


&file=3D.MANUAL/mod.htm#groups">Editing Gr=
oups



&file=3D.MANUAL/mod.htm#addowner">Adding V=
alues to the Owner, See Also, and Group
Member Fields



&file=3D.MANUAL/mod.htm#NTgroups">Editing =
NT-Groups


&file=3D.MANUAL/mod.htm#ou">Editing Organi=
zational Units


&file=3D.MANUAL/mod.htm#dc">Editing Domain=
s


&file=3D.MANUAL/mod.htm#o">Editing Organiz=
ations


&file=3D.MANUAL/mod.htm#rename">Renaming E=
ntries


&file=3D.MANUAL/mod.htm#delete">Deleting E=
ntries


&file=3D.MANUAL/mod.htm#changepw">Changing=
 Passwords



&file=3D.MANUAL/auth.htm">Chapter 5 Authen=
tication



&file=3D.MANUAL/auth.htm#ustand">Understan=
ding Directory Access


&file=3D.MANUAL/auth.htm#userauth">Authent=
icating to the Directory


&file=3D.MANUAL/auth.htm#logout">Logging O=
ut of the Directory


&file=3D.MANUAL/auth.htm#incorrectauth">Pr=
oblems Caused by Incorrect Authentication







--- NEW FILE dn.htm ---




   
   









Distinguished Names

Distinguished
Names (DNs) are the string representation for entry names in the Directory
Server database. You use DNs to name entries when you add entries to the
directory, add members to groups, etc..

A DN can consist of virtually any attributes you
wish to use. The only caveat is that if schema checking is turned on, then
the attributes must be recognized by the Directory Server (if you do not
know whether schema checking is turned on in the server, contact your direc=
tory
manager, or consult the Netscape Directory Server Administrator's Guide<=
/I>
for more information).


Traditionally, a DN consists of:




A common name followed by

a list of regional or organizational attributes followed by

a country designation.


This string of identifying attributes uniquely
locates the entry within your Directory Server database. If you choose,
you can also use this naming structure to uniquely identify your entries
within the global directory tree as defined in the X.500 standard.

Because a DN represents a path through the direc=
tory
tree, the DN components are order-dependent. For example, the following
DNs do not represent the same entry:



          cn=3DRalph=
 Swenson, ou=3DAccounting, o=3DExample Corp, c=3DUS
          cn=3DRalph Swen=
son, o=3DExample Corp, ou=3DAccounting, c=3DUS




Distinguished Name syntax

The traditional syntax for a DN string represent=
ation
is as follows:




cn=3Dcommon name, [street=3Daddress, l=3Dlocality=
, st =3D state or province,
ou=3Dorganizational unit, o=3Dorganization], c=3Dcountry n=
ame



Generally a DN begins with a specific common nam=
e,
and proceeds with increasingly broader areas of identification until the
country name is specified. Note, however, that the actual DN attributes
you use, and the order in which you choose to specify them, is up to you
and how you want to organize your database. The only real requirement is
that DN attributes must be separated by a comma (,) and can optionally
use a space ( ) following the separator.



Distinguished Name attributes

The various standard attributes that comprise
a DN are as follows:





Attribute

Name

Definition



c

country

Identifies the name of the country under which
the entry resides. For example,



c=3DUS

c=3DGB





cn

common name

Required attribute that identifies the person
or object defined by the entry. For example:



cn=3DWally Henderson

cn=3DDatabase Administrators

cn=3Dprinter3b





l

locality

Identifies the locality in which the entry resi=
des.
The locality could be a city, county, township, or other geographic region.
For example:



l=3DTucson

l=3DPacific Northwest

l=3DAnoka County





o

organization

Identifies the organization in which the entry
resides. For example:



o=3DNetscape Communications Corp

o=3DPublic Power & Gas





ou

organizational unit

Identifies a unit within the organization. For
example:



ou=3DSales

ou=3DManufacturing





st

state or province name

Identifies the state or province in which the
entry resides. For example:



st=3DIowa

st=3DBritish Columbia





street

street address

Identifies the street address at which the entry
resides. For example:



street=3D494 Rice Creek Terrace













Distinguished Name examples

The following are some examples of DNs:




cn=3DWally Henderson,ou=3DProduct Development,o=3DExample Corp,st=3DMi=
nnesota,c=3DUS






cn=3DRetch Sweeny, ou=3DProduct Test, o=3DExample Corp, st=3DMichigan,=
 c=3DUS






cn=3Dprinter3b, l=3Droom 308, o=3DExample Corp, c=3DUS









--- NEW FILE filters.htm ---




   
   









Search Filters 

This chapter
describes search filters and &fi=
le=3D.MANUAL/filters.htm#1018239">how searches
work.



Search Filters

To narrow a search, you can specify search filte=
rs
directly to the &file=3D.MANUAL/=
search.htm#1015771">Smart Search field. If
the search field contains an equal sign (=3D), Smart Search assumes the val=
ue
is a search filter, and it uses this filter directly to perform the search.=


Search filters use the value of an attribute to
select the entries to be returned for Smart Search. For example, the follow=
ing
filter specifies a search for a common name equal to Babs Jensen:





cn=3Dbabs jensen






Search Filter Syntax

The basic syntax of a search filter is:





&file=3D.MANUAL/filters.htm=
#1019127">attribute &file=3D=
.MANUAL/filters.htm#1019138">operator value




For example: 





employeenumber >=3D 100 =





In the example above, employeenumber
is the attribute, >=3D is the operator, and 100 is the value.


You can also define filters that use &file=3D.MANUAL/filters.htm#1018167">combin=
ations
of different attributes. 



Using Attributes in a Filter

When searching for an entry, you can specify att=
ributes
associated with that type of entry. For example, when you search for entries
about people, you can use the cn attribute to search for people
with specific common names. 

Examples of attributes for entries about people
might include: 




cn (the person's common name) 

telephonenumber (the person's phone number) 

employeenumber (the person's employee number) 

l (the person's location) 


For a listing of the attributes associated with
entries, see &file=3D.MANUAL/att=
ribut.htm#1002619">Appendix=EF=BF=BDA, "Entries
and attribute fields". Note that you need to use the internal
attribute names in search filters. 



Using Operators in a Filter

An operator defines one of the following types
of searches: 





Search type 

Operator 

Description 



Equality 

=3D 

Returns entries containing attributes which mat=
ch
the specified value. For example, =


cn=3DBob Johnson





Substring 

=3D<string>*<string> 

Returns entries containing attributes containing
the specified substring. For example, =


cn=3DBob*

cn=3D*Johnson

cn=3D*John*

cn=3DB*John





Greater than or equal to 

>=3D 

Returns entries containing attributes that are
greater than or equal to the specified value. For example, =


employeenumber >=3D 100





Less than or equal to 

<=3D 

Returns entries containing attributes that are
less than or equal to the specified value. For example, =


employeenumber <=3D 100





Presence 

=3D* 

Returns entries containing the specified attrib=
ute.
For example, =


cn=3D*

telephonenumber=3D*

manager=3D*





Approximate 

~=3D 

Returns entries containing the specified attrib=
ute
that is approximately equal to the specified value. For example, =


cn~=3Dsurette

l~=3Dsan fransico











For more information on these types of searches,
see "&file=3D.MANUAL/filter=
s.htm#1018239">How searching works."




Using Multiple Search Filters

You can combine different search filters by using
boolean operators. Use the operators in prefix notation as follows:




(boolean_operator((filter)(filter)(filter)=
...))



where boolean_operator is any one of the =
&file=3D.MANUAL/filters.htm#1018=
173">boolean
operators. For example: 




(&(ou=3DMarketing)(cn=3DRay*))



In the example above, the combination of filters
finds entries whose organizational unit is Marketing (ou=3DMarketing)
and whose common name starts with Ray (cn=3DRay*). The boolean ope=
rator
for "And" (&) is used in prefix notation, which
means that it precedes the search criteria. 


In addition, you can nest boolean operators to
form complex expressions, such as:




(boolean_operator(filter)((boolean_operator(filter)(filter)))





Boolean Operators

The boolean operators available for use with sea=
rch
filters are: 





Operator 

Symbol 

Description 



And 

& 

All specified filters must be true for the stat=
ement
to be true. For example, =


(&(filter1)(filter2)(filter3)...)


Filter1, filter2, and filter3 must all be true
for an entry to match.




Or 

| 

At least one specified filter must be true for
the statement to be true. For example, =


(|(filter1)(filter2)(filter3)...)


If any of filter1, filter2, or filter3 match,
the entry is returned.




Not 

! 

The specified statement must not be true for
the statement to be true. Note that only one filter is affected by the
not operator. For example, =


(!(filter))


Any entry not matching the filter is returned.












Search Filter Examples

The following filter searches for entries contai=
ning
the manager attribute. This is also known as a presence search:



=EF=BF=BDmanager=3D*


The following filter searches for entries contai=
ning
the common name of Ray Kultgen. This is also known as an equality search:



=EF=BF=BDcn=3DRay Kultgen


The following filter returns any entries that
do not contain the common name of Ray Kultgen:



=EF=BF=BD(!(cn=3DRay Kultgen))


The following filter returns any entries that
contain a description attribute with a substring of X.500:



=EF=BF=BDdescription=3D*X.500*


The following filter returns any entries whose
organizational unit is Marketing and whose description field does not conta=
in
the substring X.500:



=EF=BF=BD(&(ou=3DMarketing)(!(description=3D*X.500*)))


The following filter returns any entries whose
organizational unit is Marketing and who have Julie Fulmer or Cindy Zwaska
as a manager:



=EF=BF=BD(&(ou=3DMarketing)(|(manager=3D"cn=3DJulie Fulmer,ou=
=3DMarketing,o=3DExample Corp,c=3DUS")
(manager=3D"cn=3DCindy =
Zwaska,ou=3DMarketing,o=3DExample Corp,c=3DUS")))


The following filter returns any entries that
do not represent a person:



=EF=BF=BD(!(objectclass=3Dperson))


The following filter returns any entries that
do not represent a person and whose common name is approximately printer3b:=




=EF=BF=BD(&(!(objectclass=3Dperson))(cn~=3Dprinter3b))




How Searching Works




Note: 





The Directory Server interface is actually a collection of forms and
CGI programs that operate independently from the Directory Server. This
interface acts as an LDAP client to the Directory Server. 


The following section explains what happens when
you search the Directory Server:




When you submit the form, you send a search filter to the Directory
Server. 

The Directory Server examines the incoming request to verify that the
information is in the local directory. If the information is not in the
local directory and the Referral parameter is set for the server, the Direc=
tory
Server returns the URL for the other Directory Server where the client
can attempt to pursue the request. 

The Directory Server generates a list of entries from the directory
tree. The Directory Server then examines each of the candidate entries
to see if any entry matches the search criteria. Matching entries are retur=
ned
to the Directory Server interface as each is found. This
process continues until the Directory Server either has examined all applic=
able
entries, or until it reaches one of the following limits: 





The maximum number of entries that can be returned in response to a
search 

The maximum amount of time that can be taken for a search 

The maximum number of entries that can be examined during a search




Your administrator can configure these settings.
For more detailed information on the searching algorithm, see the Netsca=
pe
Directory Server Administrator's Guide. 

The rest of this section explains how approximate
searches work and how substring searches work. 



How Approximate ("sounds like") Searches Work

The approximate search finds a word that "s=
ounds
like" the value you enter. In the Advanced Search interface, the appro=
ximate
search corresponds to the "sounds like" search type. 

For example, an entry may include the attribute
value cn=3DRobert E Lee. An approximate search allows you to find this entry
by specifying Robert Lee, Robert, or Lee. Similarly, a search for the locat=
ion
approximately equal to San Fransico (l~=3DSan Fransico; note the misspellin=
g)
would return entries including locations exactly equal to San Francisco
(l=3DSan Francisco).

The Directory Server treats each value in an ent=
ry
as a sequence of words and generates a phonetic code for each word. When
you enter a value in an approximate search, the Directory Server also trans=
lates
the value to a sequence of phonetic codes. An entry is considered to match
a query if:




All of the codes in your search criteria are present in the codes gener=
ated
for the entry. 

All of the codes in your search criteria are specified in the same
order as the codes generated for the entry. 


For example: 





Name in the directory 

(Phonetic code) 

Your search string 

(Phonetic code) 

Match comments 



Alice B Sarette

(ALS B SRT) 

Alice Sarette

(ALS SRT) 

Matches. Codes are specified in the correct ord=
er.






Alice Sarrette

(ALS SRT) 

Matches. Codes are specified in the correct ord=
er
despite the misspelling of Sarette. 





Surette

(SRT) 

Matches. The generated code exists in the origi=
nal
name despite the misspelling of Sarette. 





Bertha Sarette

(BR0 SRT) 

No match. The code BR0 does not exist in the
original name. 





Sarette, Alice

(SRT ALS) 

No match. The codes are not specified in the
correct order. 











How Substring Searches Work

The substring search finds entries that contain
the value you have entered. In the Advanced Search interface, the substring
search corresponds to the "starts with", "contains",
and "ends with" search types. 

For example, searches of the form:



cn=3D*derson





would match the common names containing strings
such as:





Bill Anderson
Jill Anderson
Steve Sanderson




and so forth. Similarly, the search for



telephonenumber=3D *555*





would return all the entries in your directory
with telephone numbers that contain 555.





--- NEW FILE index.html ---







Symbols

&file=3D.MANUAL/=
filters.htm#1018202">! (boolean operator)=EF=BF=BD28
&file=3D.MANUAL/filters.htm#1018202=
">& (boolean operator)=EF=BF=BD28
&file=3D.MANUAL/filters.htm#1018153"><=3D (sear=
ch filter operator)=EF=BF=BD27
&file=3D.MANUAL/filters.htm#1018153">=3D (search filter o=
perator)=EF=BF=BD26
&file=3D.MANUAL/filters.htm#1018153">=3D* (search filter operator)=
=EF=BF=BD27
&=
file=3D.MANUAL/filters.htm#1018153">>=3D (search filter operator)=EF=BF=
=BD27
&file=
=3D.MANUAL/search.htm#1015792">@ symbol in search criteria=EF=BF=BD17
&file=3D.MANUAL/fi=
lters.htm#1018202">| (boolean operator)=EF=BF=BD!
 28
&file=3D.=
MANUAL/filters.htm#1018153">~=3D (search filter operator)=EF=BF=BD27

A

&file=3D.MANUAL/=
auth.htm#996824">access control=EF=BF=BD51
&file=3D.MANUAL/=
auth.htm#1019235">directory manager=EF=BF=BD56
&file=3D.MANUAL/auth.htm#1019233">setting=
 up anonymous access=EF=BF=BD55
adding
&file=3D.MANUAL/=
add.htm#996824">entries=EF=BF=BD33
&file=3D.MANUAL/add.htm#1017016">groups=EF=BF=BD37
&file=3D.MANUAL=
/add.htm#1021328">NT-people=EF=BF=BD35
&file=3D.MANUAL/add.htm#1017017">organizational u=
nits=EF=BF=BD38
&file=3D.MANUAL/add.htm#1020503">organizations=EF=BF=BD38
&file=3D.MANUAL/add.htm#101=
7015">people=EF=BF=BD34
&file=3D.MANUAL/=
attribut.htm#1016146">Admin (attribute field)=EF=BF=BD65
&file=3D.MANUAL/search.htm#1015=
906">Advanced Search=EF=BF=BD18
&file=3D.MANUAL/=
search.htm#1016481">examples of=EF=BF=BD22
&file=3D.MANUAL/search.htm#1015914">Find fiel=
d=EF=BF=BD19
=
&file=3D.MANUAL/search.htm#1016028">specifying the attribute used=EF=BF=BD2=
0
&file=3D.MA=
NUAL/search.htm#1020752">specifying the type of search=EF=BF=BD21
&file=3D.MANUAL/search=
.htm#1020751">type field=EF=BF=BD21
&file=3D.MANUAL/search.htm#1015967">where field=EF=
=BF=BD20
&file=3D.MANUAL/=
auth.htm#1019233">anonymous access=EF=BF=BD55
&file=3D.MANUAL/search.htm#1016441">approx=
imate search=EF=BF=BD22
&file=3D.MANUAL/=
filters.htm#1018301">how it works=EF=BF=BD30
&file=3D.MANUAL/=
attribut.htm#1004519">attribute fields=EF=BF=BD64
&file=3D.MANUAL/=
attribut.htm#1011923">defined=EF=BF=BD58
attributes
&file=3D.MANUAL/=
search.htm#1016028">searching based on an attribute's value=EF=BF=BD20<=
dt>
&file=3D.MANUAL/f=
ilters.htm#1019127">using in search filters=EF=BF=BD26
&file=3D.MANUAL/=
intro.htm#1019066">authentication=EF=BF=BD6, &file=3D.MANUAL/auth.htm#996824">51
&file=3D.MANUAL/=
auth.htm#1019235">as the directory manager=EF=BF=BD56
&file=3D.MANUAL/search.htm#1016557=
">no matching entries found=EF=BF=BD23
&file=3D.MANUAL/auth.htm#1016877">performing=EF=
=BF=BD52
&fil=
e=3D.MANUAL/auth.htm#1019233">setting up anonymous access=EF=BF=BD55



B

&file=3D.MANUAL/=
attribut.htm#1004700">bin (attribute field format)=EF=BF=BD65
&file=3D.MANUAL/filters.ht=
m#1018167">boolean operators=EF=BF=BD27, &file=3D.MANUAL/filters.htm#1018173">28
&file=3D.MANUAL/attribut.ht=
m#1003042">Business Category (attribute field)=EF=BF=BD65
&file=3D.MANUAL/attribut.htm#1=
003042">businessCategory (attribute internal ID)=EF=BF=BD65

C

&file=3D.MANUAL/=
intro.htm#1019537">c (attribute in a distinguished name)=EF=BF=BD10
=
&file=3D.MANUAL/attr=
ibut.htm#1003044">Car License (attribute field)=EF=BF=BD65
&file=3D.MANUAL/attribut.htm#=
1003044">carLicense (attribute internal ID)=EF=BF=BD65
&file=3D.MANUAL/attribut.htm#10=
04701">ces (attribute field format)=EF=BF=BD65
&file=3D.MANUAL/mod.htm#1018988">changing=
 a person entry's password=EF=BF=BD41
&file=3D.MANUAL/mod.htm#1020767">changing an NT-pe=
rson password=EF=BF=BD43
&file=3D.MANUAL/mod.htm#1020703">changing passwords=EF=BF=BD49<=
/a>
&file=3D.MANU=
AL/attribut.htm#1004702">cis !
 (attribute field format)=EF=BF=BD65
&file=3D.MANUAL/intro.htm#1019537">cn (attribute in=
 a distinguished name)=EF=BF=BD10
&file=3D.MANUAL/attribut.htm#1015820">cn (attribute in=
ternal ID)=EF=BF=BD67
&file=3D.MANUAL/search.htm#1019366">common names=EF=BF=BD15
&file=3D.MANUAL/att=
ribut.htm#1015820">commonName (attribute internal ID)=EF=BF=BD67
&file=3D.MANUAL/search.=
htm#1016440">"contains" search=EF=BF=BD22
&file=3D.MANUAL/=
filters.htm#1018345">how it works=EF=BF=BD31
&file=3D.MANUAL/=
attribut.htm#1017537">Create New NT Account (attribute field)=EF=BF=BD66


D

&file=3D.MANUAL/=
attribut.htm#1017434">Delete NT Account if Person Deleted (attribute field)=
=EF=BF=BD66
deleting
&file=3D.MANUAL/=
mod.htm#1017977">entries=EF=BF=BD49
&file=3D.MANUAL/mod.htm#1018061">group entries=EF=BF=
=BD44
&file=
=3D.MANUAL/mod.htm#1020767">NT-people entries=EF=BF=BD43
&file=3D.MANUAL/mod.htm#1019729=
">organization entries=EF=BF=BD46
&file=3D.MANUAL/mod.htm#1018896">organizational unit e=
ntries=EF=BF=BD45
&file=3D.MANUAL/mod.htm#1018988">people's entries=EF=BF=BD41
&file=3D.MANUAL/=
attribut.htm#1015879">departmentNumber (attribute internal ID)=EF=BF=BD66
&file=3D.MANUA=
L/attribut.htm#1015879">Dept# (attribute field)=EF=BF=BD66
&file=3D.MANUAL/attribut.htm#=
1004238">Description (attribute field)=EF=BF=BD66
&file=3D.MANUAL/attribut.htm#1004238">=
description (attribute internal ID)=EF=BF=BD66
&file=3D.MANUAL/intro.htm#1017847">Direct=
ory Server=EF=BF=BD5
&file=3D.MANUAL/=
intro.htm#1019066">access control=EF=BF=BD6, &file=3D.MANUAL/auth.htm#996824">51
&file=3D.MANUAL/add.htm#101=
7016">adding a group=EF=BF=BD37
&file=3D.MANUAL/add.htm#1017015">adding a person=EF=BF=
=BD34
&file=
=3D.MANUAL/add.htm#1021328">adding an NT-person=EF=BF=BD35
&file=3D.MANUAL/add.htm#10205=
03">adding an organization=EF=BF=BD38
&file=3D.MANUAL/add.htm#1017017">adding an organiz=
ational unit=EF=BF=BD38
&file=3D.MANUAL/intro.htm#1019060">adding entries=EF=BF=BD5,=
 &file=3D.MANUAL/add.htm=
#996824">33
&file=3D.MANUAL/intro.htm#1019066">au=
thenticating to=EF=BF=BD6
&file=3D.MANUAL/auth.htm#996824">authentication=EF=BF=BD51=
&file=3D.MANUAL/=
mod.htm#1020767">changing NT-person passwords=EF=BF=BD43
&file=3D.MANUAL/mod.htm#1020703=
">changing passwords=EF=BF=BD49
&file=3D.MANUAL/mod.htm#1018988">changing people passwor=
ds=EF=BF=BD41
&file=3D.MANUAL/intro.htm#1017847">defined=EF=BF=BD5
&file=3D.MANUAL/mod.htm#1018061">d=
eleting a group entry=EF=BF=BD44
&file=3D.MANUAL/mod.htm#1018988">deleting a person's en=
try=EF=BF=BD41
&file=3D.MANUAL/mod.htm#1020767">de!
 leting an NT-person entry=EF=BF=BD43
&file=3D.MANUAL/mod.htm#1019729">deleting an organization=
 entry=EF=BF=BD46
&file=3D.MANUAL/mod.htm#1018896">deleting an organizational unit entry=
=EF=BF=BD45
&=
file=3D.MANUAL/intro.htm#1019063">deleting entries=EF=BF=BD5, &file=3D.MANUAL/mod.htm#1017977=
">49
&file=3D=
.MANUAL/mod.htm#1018061">editing a group's entry=EF=BF=BD44
&file=3D.MANUAL/mod.htm#1018=
988">editing a person's entry=EF=BF=BD41, &file=3D.MANUAL/mod.htm#1020767">43
&file=3D.MANUAL/mod.htm#102076=
7">editing an NT-person's entry=EF=BF=BD43
&file=3D.MANUAL/mod.htm#1019729">editing an o=
rganization entry=EF=BF=BD46
&file=3D.MANUA=
L/mod.htm#1018896">editing an organizational unit entry=EF=BF=BD45
<=
dd>&file=3D.MANUAL/filte=
rs.htm#1018240">interface defined=EF=BF=BD29
&file=3D.MANUAL/intro.htm#1019063">modifyin=
g entries=EF=BF=BD5
&file=3D.MANUAL/intro.htm#1018798">organization of data in=EF=BF=BD7=
&file=3D.MAN=
UAL/auth.htm#1016903">permissions=EF=BF=BD53
&file=3D.MANUAL/mod.htm#1018061">renaming a=
 group entry=EF=BF=BD44
&file=3D.MANUAL/mod.htm#1018988">renaming a person's entry=EF=BF=
=BD41
&file=
=3D.MANUAL/mod.htm#1020767">renaming an NT-person entry=EF=BF=BD43
<=
dd>&file=3D.MANUAL/mod.htm#1019729">renaming an orga!
 nizati
entry=EF=BF=BD46
&file=3D.MANUAL/mod.htm#1018896">renaming an organizational unit entry=
=EF=BF=BD45
&=
file=3D.MANUAL/intro.htm#1019063">renaming entries=EF=BF=BD5, &file=3D.MANUAL/mod.htm#1019773=
">47
&file=3D=
.MANUAL/intro.htm#1019335">searching=EF=BF=BD5, &file=3D.MANUAL/search.htm#997436">13
&file=3D.MANUAL/intro.=
htm#1019066">security=EF=BF=BD6, &file=3D.MANUAL/auth.htm#996824">51
&file=3D.MANUAL/intro.htm#1018798">tree=
 hierarchy=EF=BF=BD7
directory service
&file=3D.MANUAL/=
intro.htm#1019237">defined=EF=BF=BD6
distinguished name (DN)
&file=3D.MANUAL/=
intro.htm#1019610">defined=EF=BF=BD9
&file=3D.MANUAL/intro.htm#1019538">examples of=EF=
=BF=BD11
&fil=
e=3D.MANUAL/intro.htm#1019466">standard attributes=EF=BF=BD10
&file=3D.MANUAL/intro.htm#=
1019462">syntax=EF=BF=BD9
&file=3D.MANUAL/=
attribut.htm#1004704">dn (attribute field format)=EF=BF=BD65

E

editing
&file=3D.MANUAL/=
mod.htm#996824">entries=EF=BF=BD41
&file=3D.MANUAL/mod.htm#1018061">group entries=EF=BF=
=BD44
&file=
=3D.MANUAL/mod.htm#1020767">NT-person entries=EF=BF=BD43
&file=3D.MANUAL/mod.htm#1019729=
">organization entries=EF=BF=BD46
&file=3D.MANUAL/mod.htm#1018896">organizational unit e=
ntries=EF=BF=BD45
&file=3D.MANUAL/mod.htm#1018988">people's entries=EF=BF=BD41, &file=3D.MANUAL/mod.htm#1020=
767">43
&file=3D.MANUAL/=
attribut.htm#1015992">E-Mail Address (attribute field)=EF=BF=BD66
e-mail addresses
&file=3D.MANUAL/=
search.htm#1015791">searching for=EF=BF=BD17
&file=3D.MANUAL/=
attribut.htm#1003050">Emp# (attribute field)=EF=BF=BD67
&file=3D.MANUAL/attribut.htm#10=
03050">employeeNumber (attribute internal ID)=EF=BF=BD67
&file=3D.MANUAL/search.htm#1016=
439">"ends with" search=EF=BF=BD22
&file=3D.MANUAL/=
filters.htm#1018345">how it works=EF=BF=BD31
entries
&file=3D.MANUAL/=
intro.htm#1019060">adding=EF=BF=BD5, &file=3D.MANUAL/add.htm#996824">33
&file=3D.MANUAL/intro.htm#1019063">d=
eleting=EF=BF=BD5, &=
file=3D.MANUAL/mod.htm#1017977">49
&file=3D.MANUAL/mod.htm#996824">editing=EF=BF=BD41
&file=3D.MANUAL=
/intro.htm#1019063">modifying=EF=BF=BD5, &file=3D.MANUAL/mod.htm#996824">41
&file=3D.MANUAL/intro.htm#10190=
63">renaming=EF=BF=BD5, &file=3D.MANUAL/mod.htm#1019773">47
&file=3D.MANUAL/search.htm#1016571">searching fo=
r types of=EF=BF=BD14
&file=3D.MANUAL/=
attribut.htm#1002653">entry types=EF=BF=BD58
&file=3D.MANUAL/=
attribut.htm#1002638">defined=EF=BF=BD58
&file=3D.MANUAL/=
search.htm#1016432">exact match search=EF=BF=BD22

F

&file=3D.MANUAL/=
attribut.htm#1004782">facsimileTelephoneNumber (attribute internal ID)=EF=
=BF=BD67
&fil=
e=3D.MANUAL/attribut.htm#1004782">Fax (attribute field)=EF=BF=BD67
<=
dd>&file=3D.MANUAL/attri=
but.htm#1004782">fax (attribute internal ID)=EF=BF=BD67
Find fie=
ld
&file=3D.MANUAL/=
search.htm#1018630">Anything=EF=BF=BD15, &file=3D.MANUAL/search.htm#1019829">19
&file=3D.MANUAL/search.htm#1=
016700">Groups=EF=BF=BD14, &file=3D.MANUAL/search.htm#1015931">19
&file=3D.MANUAL/search.htm#1015914">in Adv=
anced Search=EF=BF=BD19
&file=3D.MANUAL/search.htm#1016571">in Smart Search=EF=BF=BD14
&file=3D.MANUA=
L/search.htm#1021638">NT-people=EF=BF=BD14
&file=3D.MANUAL/search.htm#1016705">Org_Units=
=EF=BF=BD14, &file=
=3D.MANUAL/search.htm#1019059">19
&file=3D!
 .MANUAL/search.htm#1016702">Organizations=EF=BF=BD14, &file=3D.MANUAL/search.htm#1019056">19
&file=3D.MANUA=
L/search.htm#1016698">People=EF=BF=BD14, &file=3D.MANUAL/search.htm#1015916">19
&file=3D.MANUAL/=
attribut.htm#1003054">First Name (attribute field)=EF=BF=BD67
&file=3D.MANUAL/attribut.h=
tm#1015820">Full Name (attribute field)=EF=BF=BD67

G

&file=3D.MANUAL/=
attribut.htm#1003054">givenName (attribute internal ID)=EF=BF=BD67
<=
dd>&file=3D.MANUAL/attri=
but.htm#1005294">Group (entry type)=EF=BF=BD62
&file=3D.MANUAL/attribut.htm#1016040">Gro=
up Members (attribute field)=EF=BF=BD68

I

&file=3D.MANUAL/=
attribut.htm#1016236">internal attribute ID=EF=BF=BD64
&file=3D.MANUAL/search.htm#1016=
433">"is not" search=EF=BF=BD22
&file=3D.MANUAL/search.htm#1016432">"is" search=EF=BF=BD=
22

L

&file=3D.MANUAL/=
intro.htm#1019537">l (attribute in a distinguished name)=EF=BF=BD10
=
&file=3D.MANUAL/attr=
ibut.htm#1004816">l (attribute internal ID)=EF=BF=BD68
&file=3D.MANUAL/attribut.htm#10=
15921">labeledURI (attribute internal ID)=EF=BF=BD72
&file=3D.MANUAL/attribut.htm#101595=
2">Last Name (attribute field)=EF=BF=BD68
&file=3D.MANUAL/intro.htm#1019237">Lightweight=
 Directory Access Protocol (LDAP)=EF=BF=BD6
&file=3D.MANUAL/attribut.htm#1004816">locali=
tyName (attribute internal ID)=EF=BF=BD68
&file=3D.MANUAL/attribut.htm#1004816">Location=
 (attribute field)=EF=BF=BD68

M

&file=3D.MANUAL/=
attribut.htm#1015992">mail (attribute internal ID)=EF=BF=BD66
&file=3D.MANUAL/attribut.h=
tm#1016103">Mailing Address (attribute field)=EF=BF=BD68
&file=3D.MANUAL/attribut.htm#10=
15579">Manager (attribute field)=EF=BF=BD69
&file=3D.MANUAL/attribut.htm#1015579">manage=
r (attribute internal ID)=EF=BF=BD69
&file=3D.MANUAL/attribut.htm#1016040">member (attri=
bute internal ID)=EF=BF=BD68
&file=3D.MANUAL/attribut.htm#1015590">mobile (attribute int=
ernal ID)=EF=BF=BD69
&file=3D.MANUAL/attribut.htm#1015590">Mobile Phone (attribute field=
)=EF=BF=BD69
=
&file=3D.MANUAL/attribut.ht!
 m#1015590">mobileTelephoneNumber (attribute internal ID)=EF=BF=BD69
modifying
&file=3D.MANUAL/=
mod.htm#996824">entries=EF=BF=BD41
&file=3D.MANUAL/mod.htm#1018061">group entries=EF=BF=
=BD44
&file=
=3D.MANUAL/mod.htm#1020767">NT-people entries=EF=BF=BD43
&file=3D.MANUAL/mod.htm#1019729=
">organization entries=EF=BF=BD46
&file=3D.MANUAL/mod.htm#1018896">organizational unit e=
ntries=EF=BF=BD45
&file=3D.MANUAL/mod.htm#1018988">people's entries=EF=BF=BD41, &file=3D.MANUAL/mod.htm#1020=
767">43
&file=3D.MANUAL/=
filters.htm#1018167">multiple search filters=EF=BF=BD27

N

&file=3D.MANUAL/=
attribut.htm#1015595">Name (attribute field)=EF=BF=BD69
&file=3D.MANUAL/attribut.htm#10=
17346">NT Domain Name (attribute field)=EF=BF=BD69
&file=3D.MANUAL/attribut.htm#1017371"=
>NT User Id (attribute field)=EF=BF=BD70
&file=3D.MANUAL/attribut.htm#1018209">NT-person=
 (entry type)=EF=BF=BD60
&file=3D.MANUAL/attribut.htm#1017682">NTUserCreateNewAccount (a=
ttribute internal ID)=EF=BF=BD66
&file=3D.MANUAL/attribut.htm#1017503">NTUserDelete (att=
ribute internal ID)=EF=BF=BD66
&file=3D.MANUAL/attribut.htm#1017364">NTUserDomainId (att=
ribute internal ID)=EF=BF=BD70
&file=3D.M!
 ANUAL/search.htm#1019356">numbers in search criteria=EF=BF=BD17

O

&file=3D.MANUAL/=
intro.htm#1019537">o (attribute in a distinguished name)=EF=BF=BD11
=
&file=3D.MANUAL/attr=
ibut.htm#1015598">o (attribute internal ID)=EF=BF=BD70
&file=3D.MANUAL/attribut.htm#10=
05782">Organization (entry type)=EF=BF=BD64
&file=3D.MANUAL/attribut.htm#1015598">Organi=
zation Name (attribute field)=EF=BF=BD70
&file=3D.MANUAL/attribut.htm#1016060">Organizat=
ional Unit (attribute field)=EF=BF=BD71
&file=3D.MANUAL/attribut.htm#1005780">Organizati=
onal Unit (entry type)=EF=BF=BD63
&file=3D.MANUAL/attribut.htm#1016060">organizationalUn=
itName (attribute internal ID)=EF=BF=BD71
&file=3D.MANUAL/attribut.htm#1015598">organizationName (attribute intern=
al ID)=EF=BF=BD70
&file=3D.MANUAL/intro.htm#1019537">ou (attribute in a distinguished na=
me)=EF=BF=BD11
&file=3D.MANUAL/attribut.htm#1016060">ou (attribute internal ID)=EF=BF=BD=
71
&file=3D.M=
ANUAL/attribut.htm#1005719">Owner (attribute field)=EF=BF=BD70
<=
a href=3D"/clients/dsgw/bin/lang?&file=3D.MANUAL/attribut.=
htm#1005719">owner (attribute internal ID)=EF=BF=BD70

P

&file=3D.MANUAL/=
attribut.htm#1003070">Pager (attribute field)=EF=BF=BD70
&file=3D.MANUAL/attribut.htm#10=
03070">pager (attribute internal ID)=EF=BF=BD70
&file=3D.MANUAL/attribut.htm#1003070">pa=
gerTelephoneNumber (attribute internal ID)=EF=BF=BD70
passwords<=
dl>
&file=3D.MANUAL/=
mod.htm#1018988">changing=EF=BF=BD41, &file=3D.MANUAL/mod.htm#1020767">43, &file=3D.MANUAL/mod.htm#1020703">49<=
/dl>
&file=3D.MANUAL/=
auth.htm#1016903">permissions=EF=BF=BD53
&file=3D.MANUAL/attribut.htm#1005608">Person (e=
ntry type)=EF=BF=BD59, &file=3D.MANUAL/attribut.htm#1018209">60
&file=3D.MANUAL/attribut.htm#1016078">Phone =
(attribute field)=EF=BF=BD71
&file=3D.MANUAL/attribut.htm#1016103">postalAddress (attrib=
ute internal ID)=EF=BF=BD68

R

renaming
&file=3D.MANUAL/=
mod.htm#1019773">entries=EF=BF=BD47
&file=3D.MANUAL/mod.htm#1018061">group entries=EF=BF=
=BD44
&file=
=3D.MANUAL/mod.htm#1020767">NT-people entries=EF=BF=BD43
&file=3D.MANUAL/mod.htm#1019729=
">organization entries=EF=BF=BD46
&file=3D.MANUAL/mod.htm#1018896">organizational unit e=
ntries=EF=BF=BD45
&file=3D.MANUAL/mod.htm#1018988">people's entries=EF=BF=BD41
&file=3D.MANUAL/=
attribut.htm#1003082">Room Number (attribute field)=EF=BF=BD71
<=
a href=3D"/clients/dsgw/bin/lang?&file=3D.MANUAL/attribut.=
htm#1003082">roomNumber (attribute internal ID)=EF=BF=BD71

S

&file=3D.MANUAL/=
search.htm#1019400">search filters=EF=BF=BD17, &file=3D.MANUAL/filters.htm#996824">25
&file=3D.MANUAL/=
filters.htm#1018095">basic syntax=EF=BF=BD25
&file=3D.MANUAL/filters.htm#1018167">combin=
ing multiple=EF=BF=BD27
&file=3D.MANUAL/filters.htm#1018203">examples=EF=BF=BD28
=
&file=3D.MANUAL/filt=
ers.htm#1018167">syntax for multiple filters=EF=BF=BD27
&file=3D.MANUAL/filters.htm#101=
9127">using attributes=EF=BF=BD26
&file=3D.MANUAL/filters.htm#1019138">using operators=
=EF=BF=BD26
&file=3D.MANUAL/=
search.htm#1016552">search results=EF=BF=BD23
search types
&file=3D.MANUAL/=
filters.htm#1018153">approximate=EF=BF=BD27
&file=3D.MANUAL/filters.htm#1018153">equalit=
y=EF=BF=BD26
=
&file=3D.MANUAL/filters.htm#1018153">exact match=EF=BF=BD26
&file=3D.MANUAL/filters.htm#=
1018153">numeric comparisons=EF=BF=BD27
&file=3D.MANUAL/filters.htm#1018153">presence=EF=
=BF=BD27
&fil=
e=3D.MANUAL/filters.htm#1019138">search filter operators and=EF=BF=BD26=
&file=3D.MANUAL/=
search.htm#1020752">specifying in Advanced Search=EF=BF=BD21
&file=3D.MANUAL/filters.htm=
#1018153">substring=EF=BF=BD26
&file=3D.MANUAL/=
intro.htm#1019335">searching=EF=BF=BD5, &file=3D.MANUAL/search.htm#997436">13
&file=3D.MANUAL/=
search.htm#1019373">case-sensitivity and=EF=BF=BD15
&file=3D.MANUAL/search.htm#1018630">=
for all types of entries=EF=BF=BD15, &file=3D.MANUAL/search.htm#1019829">19
&file=3D.MANUAL/search.htm#1019=
372">for an exact match=EF=BF=BD15
&file=3D.MANUAL/search.htm#1015791">for e-mail addres=
ses=EF=BF=BD17
&file=3D.MANUAL/search.htm#1016700">for groups=EF=BF=BD14
&file=3D.MANUAL/search.htm#1=
019362">for names=EF=BF=BD15
&file=3D.MANUAL/search.htm#1021638">for NT-people=EF=BF=BD1=
4
&file=3D.MA=
NUAL/search.htm#1019356">for num!
 bers=EF=BF=BD17
&file=3D.MANUAL/search.htm#1016705">for organizational units=EF=BF=BD14=
, &file=3D.MANUAL/se=
arch.htm#1019059">19
&file=3D.MANUAL/search.htm#1016702">for organizations=EF=BF=BD14, &file=3D.MANUAL/searc=
h.htm#1019056">19
&file=3D.MANUAL/search.htm#1016698">for people=EF=BF=BD14, &file=3D.MANUAL/search.htm#1015=
916">19
&file=
=3D.MANUAL/search.htm#1016571">for specific types of entries=EF=BF=BD14=
&file=3D.MANUAL/=
search.htm#1019375">for words that sound alike=EF=BF=BD15
&file=3D.MANUAL/filters.htm#10=
18239">how it works=EF=BF=BD29
&f!
 ile=3D.M
AL/search.htm#1015906">using Advanced Search=EF=BF=BD18
&file=3D.MANUAL/search.htm#1019=
400">using filters=EF=BF=BD17
&file=3D.MANUAL/search.htm#1019381">using initials=EF=BF=
=BD16
&file=
=3D.MANUAL/search.htm#1015773">using Smart Search=EF=BF=BD13
&file=3D.MANUAL/search.htm#=
1016552">working with results=EF=BF=BD23
&file=3D.MANUAL/=
search.htm#1015931">searching for groups=EF=BF=BD19
&file=3D.MANUAL/attribut.htm#1016146=
">secretary (attribute internal ID)=EF=BF=BD65
&file=3D.MANUAL/auth.htm#996824">security=
=EF=BF=BD51
&file=3D.MANUAL/=
auth.htm#1019235">directory manager=EF=BF=BD56
&file=3D.MANUAL/=
attribut.htm#1004337">See Also (attribute field)=EF=BF=BD71
&file=3D.MANUAL/attribut.htm=
#1004337">seeAlso (attribute internal ID)=EF=BF=BD71
&file=3D.MANUAL/search.htm#1015773"=
>Smart Search=EF=BF=BD13
&file=3D.MANUAL/=
search.htm#1016571">Find field=EF=BF=BD14
&file=3D.MANUAL/filters.htm#996824">search fil=
ters=EF=BF=BD25
&file=3D.MANUAL/search.htm#1015791">searching for e-mail addresses=EF=BF=
=BD17
&file=
=3D.MANUAL/search.htm#1019362">searching for names=EF=BF=BD15
&file=3D.MANUAL/search.htm=
#1019381">searching for names with initials=EF=BF=BD16
&file=3D.MANUAL/search.htm#1019=
356">searching for numbers=EF=BF=BD17
&file=3D.MANUAL/search.htm#1019400">using search f=
ilters=EF=BF=BD17
&file=3D.MANUAL/=
attribut.htm#1015952">sn (attribute internal ID)=EF=BF=BD68
&file=3D.MANUAL/search.htm#1=
016441">"sounds like" search=EF=BF=BD22
&file=3D.MANUAL/=
filters.htm#1018301">how it works=EF=BF=BD30
&file=3D.MANUAL/=
intro.htm#1019537">st (attribute in a distinguished name)=EF=BF=BD11
&file=3D.MANUAL/sea=
rch.htm#1016434">"starts with" search=EF=BF=BD22
&file=3D.MANUAL/=
filters.htm#1018345">how it works=EF=BF=BD31
&file=3D.MANUAL/=
intro.htm#1019537">street (attribute in a distinguished name)=EF=BF=BD11
&file=3D.MANUAL=
/search.htm#1016434">substring search=EF=BF=BD22
&file=3D.MANUAL/=
search.htm#1019375">defined=EF=BF=BD15
&file=3D.MANUAL/filters.htm#1018345">how it works=
=EF=BF=BD31
&file=3D.MANUAL/=
attribut.htm#1015952">surname (attribute internal ID)=EF=BF=BD68

T

&file=3D.MANUAL/=
attribut.htm#1004703">tel (attribute field format)=EF=BF=BD65
&file=3D.MANUAL/attribut.h=
tm#1016078">telephoneNumber (attribute internal ID)=EF=BF=BD71
<=
a href=3D"/clients/dsgw/bin/lang?&file=3D.MANUAL/attribut.=
htm#1003096">Title (attribute field)=EF=BF=BD71
&file=3D.MANUAL/attribut.htm#1003096">ti=
tle (attribute internal ID)=EF=BF=BD71
type field
&file=3D.MANUAL/=
search.htm#1020751">in Advanced Search=EF=BF=BD21


U

&file=3D.MANUAL/=
attribut.htm#1017386">uid (attribute internal ID)=EF=BF=BD70, &file=3D.MANUAL/attribut.htm#10=
16953">72
&fi=
le=3D.MANUAL/attribut.htm#1016060">Unit Name (attribute field)=EF=BF=BD71
&file=3D.MANUA=
L/attribut.htm#1015921">URL (attribute field)=EF=BF=BD72
&file=3D.MANUAL/attribut.htm#10=
16953">User ID (attribute field)=EF=BF=BD72
&file=3D.MANUAL/attribut.htm#1016953">userid=
 (attribute internal ID)=EF=BF=BD72

W

where field
&file=3D.MANUAL/=
search.htm#1015967">in Advanced Search=EF=BF=BD20
&file=3D.MANUAL/search.htm#1020749">op=
tions for finding anything=EF=BF=BD21
&file=3D.MANUAL/search.htm#1016358">options for fi=
nding groups=EF=BF=BD20
&file=3D.MANUAL/search.htm#1016363">options for finding organiza=
tions=EF=BF=BD21
&file=3D.MANUAL/search.htm#1016284">options for finding people=EF=BF=BD=
20



--- NEW FILE index.map ---
; --- BEGIN COPYRIGHT BLOCK ---
; This Program is free software; you can redistribute it and/or modify it u=
nder
; the terms of the GNU General Public License as published by the Free Soft=
ware
; Foundation; version 2 of the License.
; =

; This Program is distributed in the hope that it will be useful, but WITHO=
UT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FIT=
NESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more det=
ails.
; =

; You should have received a copy of the GNU General Public License along w=
ith
; this Program; if not, write to the Free Software Foundation, Inc., 59 Tem=
ple
; Place, Suite 330, Boston, MA 02111-1307 USA.
; =

; In addition, as a special exception, Red Hat, Inc. gives You the addition=
al
; right to link the code of this Program with code not covered under the GNU
; General Public License ("Non-GPL Code") and to distribute linked combinat=
ions
; including the two, subject to the limitations in this paragraph. Non-GPL =
Code
; permitted under this exception must only link to the code of this Program
; through those well defined interfaces identified in the file named EXCEPT=
ION
; found in the source code files (the "Approved Interfaces"). The files of
; Non-GPL Code may instantiate templates or use macros or inline functions =
from
; the Approved Interfaces without causing the resulting work to be covered =
by
; the GNU General Public License. Only Red Hat, Inc. may make changes or
; additions to the list of Approved Interfaces. You must obey the GNU Gener=
al
; Public License in all respects for all of the Program code and other code=
 used
; in conjunction with the Program except the Non-GPL Code covered by this
; exception. If you modify this file, you may extend this exception to your
; version of the file, but you are not obligated to do so. If you do not wi=
sh to
; provide this exception without modification, you must delete this excepti=
on
; statement from your version and license this file solely under the GPL wi=
thout
; exception. =

; =

; =

; Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
; Copyright (C) 2005 Red Hat, Inc.
; All rights reserved.
; --- END COPYRIGHT BLOCK ---
;
; -------------------------------------------MAPPINGS
; CGIScriptName =3D HTMLfile#AnchorName
; last update, sarette 10/10
;-------------------------------------------PROGRAMS
;
;
SEARCHING	=3D search.htm
SMARTSEARCH	=3D search.htm#Performing a Standard Search
ASEARCH		=3D search.htm#Performing an Advanced Search

AUTHENTICATING	=3D auth.htm
AUTHHELP_ID 	=3D auth.htm#userauth
AUTHHELP_PW	=3D auth.htm#userauth
UNAUTH		=3D auth.htm#logout
AUTHPROBLEM	=3D auth.htm#incorrectauth
AUTHSUCCESS	=3D auth.htm#authsuccess
AUTHEXPIRED	=3D auth.htm#reauth
AUTHMULTMATCH	=3D auth.htm#userauth

EDITING		=3D mod.htm
EDIT_GROUP	=3D mod.htm#groups
EDIT_NTGROUP    =3D mod.htm#NTgroups
EDIT_GROUPMEM   =3D mod.htm#addowner
EDIT_PERSON	=3D mod.htm#people
EDIT_NTPERSON	=3D mod.htm#ntpeople
EDIT_ORG	=3D mod.htm#o
EDIT_ORGPERSON	=3D mod.htm#people
EDIT_ORGUNIT	=3D mod.htm#ou
MODIFYPASSWD	=3D mod.htm#changepw
EDIT_PERSON_REF =3D mod.htm#addmanager

ADDING		=3D add.htm
ADD_NOPARENT	=3D add.htm#tree
ADD_GROUP	=3D add.htm#group
ADD_NTGROUP     =3D add.htm#NTgroup
ADD_PERSON	=3D add.htm#person
ADD_NTPERSON	=3D add.htm#NTperson
ADD_ORG		=3D add.htm#o
ADD_ORGPERSON	=3D add.htm#person
ADD_ORGUNIT	=3D add.htm#ou
ENTRYEXISTS     =3D add.htm#uniqueDN

contents 	=3D contents.html


--- NEW FILE intro.htm ---



Introduction to the Netscape Directory Server Interface




Introduction to the Directory Server Interface

The Netscape Directory Server is a robust, scalable server for storing, =
querying, and =

managing an enterprise-wide directory of users and information. Using the D=
irectory Server, corporate IS organizations can manage
information from a single point of control, and employees can retrieve this=
 information from multiple network locations.

The directory server provides a simple interface to =

corporate user information. From this interface, you can:



    
&file=3D.MANUAL/=
search.htm#search">Search the directory for
        information about users and resources. For example,
        you can search for an employee's email address or phone
        number. You can find more information about searching the
        directory in &fi=
le=3D.MANUAL/search.htm">Chapter=EF=BF=BD=EF=BF=BD2,
        "Searching the Directory Tree."

    
&file=3D.MANUAL/=
add.htm#adding">Create a new entry in the
        directory. For example, you can add information about
        a new employee, such as the employee's name and phone
        number. This feature is usually reserved only for
        users who have authenticated properly to the Directory
        Server, and who have been granted write permissions by
        the directory administrator. For information about adding
        new users, groups, organizational units, and
        organizations to the directory, see &file=3D.MANUAL/add.htm">Chapter=EF=BF=BD=EF=BF=BD3,
        "Adding Entries."

    
&file=3D.MANUAL/=
mod.htm#editing">Modify existing entries in the
        directory. For example, if you have the appropriate
	  permissions, you can change existing values to entry
 	  attributes, delete the entire entry, rename the entry,
	  or change the password for the entry.
        This feature is usually reserved only for users who have been
	  granted write permissions by the directory administrator, and =

        have authenticated properly to the Directory Server. For
        instructions on updating information about users, groups,
        organizational units, and organizations, see &file=3D.MANUAL/mod=
.htm">Chapter=EF=BF=BD=EF=BF=BD4, "Editing
        Entries."

    
&file=3D.MANUAL/=
auth.htm#authenticating">Authenticate to the
        Directory Server. If your directory manager has made
        authentication a requirement for accessing or writing to the Direct=
ory
        Server, you may need to enter your user name and password.
	  While the exact authentication requirements =

        vary from site to site, the Directory Server typically
        requires authentication only if you are adding,
        modifying, or deleting an entry in the directory. For
        details on authenticating to the Directory Server, see &file=3D.MANUAL/aut=
h.htm">Chapter=EF=BF=BD=EF=BF=BD5, "Authentication."


 




--- NEW FILE mod.htm ---




  Editing Directory Entries


Editing Entries
You can modify existing entries in
the directory using the Directory Server interface. Modify an entry
by searching
for the entry, viewing
it, and then clicking the edit button.
If you have not authenticated
before
you attempt to edit an entry, or if your authentication has expired,
the
Directory Server prompts you to authenticate before continuing.

You can edit:


   people
   NT
people
   groups
   NT
groups
   organizations
   domains
   organizational
units


Editing People
To edit a person's entry, do the following:

  Search for the entry using the Standard
Search
or Advanced
Search mechanism.
   View
the entry.
  Click the Edit Person button.
  If you have not authenticated before you attempt to edit an
entry, or
if
your authentication has expired, the Directory Server prompts you to authenticate
before continuing.
  To edit the person's entry, type the value you desire for each
field. You must supply values for the required fields. The required
fields
for a person are:
  
     Full
Name
     Last
Name
  
  You can provide values for the optional fields now, or edit them
later.
The optional fields for a person are:
   
  
  
    
      
        First
NameÂ 
        PhoneÂ 
        Email
AddressÂ 
      
      
        FaxÂ 
        User
IDÂ 
        PagerÂ 
      
      
        Mobile
PhoneÂ 
        Business
CategoryÂ 
        TitleÂ 
      
      
        Organizational
UnitÂ 
        ManagerÂ 
        Room
NumberÂ 
      
      
        AdminÂ 
        Dept#Â 
        Emp#Â 
      
      
        Car
License#Â 
        Mailing
AddressÂ 
        DescriptionÂ 
      
      
        See
AlsoÂ 
        URLÂ 
        PasswordÂ 
      
    
  
  
   
  You may add
values to the Manager and Admin
fields by clicking the corresponding Edit button.
  You may add
values to the See Also field
by clicking the corresponding Edit button.
  When you are done editing the fields, click Save Changes.

>From this window you can also:

   Rename
an entry
   Delete
an entry
   Change
a password

Adding Values to the Manager and Admin
Fields
When you click the Edit button in the Manager or Admin field,
a new form that allows you to add or delete the corresponding
attribute value is displayed. To add an individual to the Manager or
Admin attribute,
do the following:

  In the text box, enter a search string to be used to locate the
entry
of
the person who is the manager or admin. Enter any of the following:
  
    A name. Enter a full name or a partial name. All entries that
equally
match
the search string are returned. If no such entries are found, all
entries
that contain the search string are returned. If no such entries are
found,
any entries that sound like the search string are returned.
    A user ID (if you are searching for user entries).
    A telephone number. If you enter only a partial number, any
entries
that
have telephone numbers ending in the search number are returned.
    An email address. Any search string containing an at (@) symbol
is
assumed
to be an email address. If an exact match cannot be found, then a
search
is performed to find all email addresses that begin with the search
string.
    An asterisk (*) to see all of the entries or groups currently
residing
in your directory.
    Any LDAP
search filter. Any string that
contains an equal sign (=3D) is considered to be a search filter.
  
  Click "Find and Add" to find the matching entry and add it to the
list. If any entries that you do not want to designate as manager
or admin are listed, click the box in the "Remove from list" column.
You can
also construct a search filter to match the entries you want removed
and
then click "Find and Remove."
  When the list of group members is complete, click Save Changes.
The currently displayed entry is now the value for the manager or admin
attribute field.


Editing NT People
To edit an NT person's entry, do the following:

  Search for the entry using the Standard
Search
or Advanced
Search mechanism.
   View
the entry.
  Click the Edit NT Person button.
  If you have not authenticated before you attempt to edit an
entry, or
if
your authentication has expired, the Directory Server prompts you to authenticate
before continuing.
  To edit the person's entry, type in the new value for each
field. You must supply values for the required fields. The required
fields
for an NT person are:
  
     Full
Name
     Last
Name
    NT
User ID
  
  You can provide values for the optional fields now, or add them
later.
The optional fields for an NT person are:
   
  
  
    
      
        First
NameÂ 
        PhoneÂ 
        Email
AddressÂ 
      
      
        FaxÂ 
        Directory
Server PasswordÂ 
        PagerÂ 
      
      
        Mobile
PhoneÂ 
        Business
CategoryÂ 
        TitleÂ 
      
      
        Organizational
UnitÂ 
        ManagerÂ 
        Room
NumberÂ 
      
      
        AdminÂ 
        Dept#Â 
        Emp#Â 
      
      
        Car
License#Â 
        Mailing
AddressÂ 
        DescriptionÂ 
      
      
        See
AlsoÂ 
        URLÂ 
        User
IdÂ 
      
    
  
  
   
  You can also change the value for the Delete
NT Account if Person deleted option.
  To add
values to the Manager and Admin
fields, click the corresponding Edit button.
  To add
values to the See Also field,
click the corresponding Edit button.
  When you are done editing the fields, click Save Changes.

>From this window you can also:

   Rename
the entry
   Delete
an entry
   Change
the password

Editing Groups
To edit a group entry, do the following:

  Search for the entry using the Standard
Search
or Advanced
Search mechanism.
   View
the entry.
  Click the Edit Group button.
  If you have not authenticated before you attempt to edit an
entry, or
if
your authentication has expired, the Directory Server prompts you to authenticate
before continuing.
  To edit the group's entry, type the new value for each
field. You must supply values for the required field, Name.
  
  You can provide values for the optional fields now, or edit them
later.
The optional fields for a group are:
   
  
  
    
      
        DescriptionÂ 
        OwnerÂ 
      
      
        Group
MembersÂ 
        See
Also
      
    
  
  
   
  To add
values to the See Also, Owners, and Group
Members fields click the corresponding Edit button.
  When you are done editing the fields, click Save Changes.

>From this window you can also:

   Rename
the entry
   Delete
an entry

Adding Values to the Owner, See Also, and
Group Member Fields
When you click the Edit button for Owner, See Also, or Group
Members, a new form that allows you to add or delete members is
displayed.
An owner, see also, or group member can be either an individual or a
group.
That is, if you add a group as an owner, see also, or group member,
anyone
belonging to the group becomes a member of the list. For example,
if Barbara Jensen is a member of the Marketing Managers group, and you
make
the Marketing Managers group a member of the Marketing Personnel group,
then Barbara Jensen is also a member of the Marketing Personnel group.
To add
members, owners, or see alsos, do the following:

  If you want to add user entries to the list, make sure People is
shown
in the first dialog box. If you want to add group entries to the group,
make sure Group is shown.
  In the second dialog box, enter a search string. Enter any of the
following:
  
    A name. Enter a full name or a partial name. All entries that
equally
match
the search string are returned. If no such entries are found, all
entries
that contain the search string are found. If no such entries are found,
any entries that sounds like the search string are returned.
    A user ID, (if you are searching for user entries).
    A telephone number. If you enter only a partial number, any
entries
that
have telephone numbers ending in the search number are returned.
    An email address. Any search string containing an at (@) symbol
is
assumed
to be an email address. If an exact match cannot be found, then a
search
is performed to find all email addresses that begin with the search
string.
    An asterisk (*) to see all of the entries or groups currently
residing
in your directory.
    Any LDAP
search filter. Any string that
contains an equal sign (=3D) is considered to be a search filter.
  
  Click "Find and Add" to find all the matching entries and add
them
to the list. If any entries are shown that you do not want to include
in
the list, click the box in the "Remove from list" column. You
can also construct a search filter to match the entries you want
removed
and then click "Find and Remove."
  When the list of group members is complete, click Save Changes.
The currently displayed entries now belong to the list.


Editing NT Groups
To edit an NT group entry, do the following:

  Search for the entry using the Standard
Search
or Advanced
Search mechanism.
   View
the entry.
  Click the Edit NT Group button.
  If you have not authenticated before you attempt to edit an
entry, or
if
your authentication has expired, the Directory Server prompts you to authenticate
before continuing.
  To edit the group's entry, type in the value for each
field. You must supply values for the required fields. The required
fields
for an NT group are:
  
     Name
     NT
Group Name
  
  You can provide values for the optional fields now, or add them
later.
The optional fields for an NT group are:
   
  
  
    
      
        DescriptionÂ 
        OwnerÂ 
      
      
        Group
MembersÂ 
        See
Also
      
    
  
  
Â  You can also change the value for the Delete
NT Group if Group Deleted option.
  You can add
values to the See Also, Owners, and Group
Members fields by clicking the corresponding "Edit" button.
  When you are done editing, click Save Changes.

>From this window you can also:

   Rename
an entry
   Delete
an entry


Editing Organizational Units
To edit an organizational unit, do the following:

  Search for the entry using the Standard
Search
or Advanced
Search mechanism.
   View
the entry.
  Click the Edit Organizational Unit button.
  If you have not authenticated before you attempt to edit an
entry, or
if
your authentication has expired, the Directory Server prompts you to authenticate
before continuing.
  To edit the organizational unit's entry, type in the value for
each
field. You must supply values for the required fields.
  The required field for an organizational unit is Unit
Name.
  You can provide values for the optional fields now, or add them
later.
The optional fields for an organizational unit are:
   
  
  
    
      
        DescriptionÂ 
        PhoneÂ 
        Business
CategoryÂ 
      
      
        FaxÂ 
        LocationÂ 
        Mailing
AddressÂ 
      
      
        See
AlsoÂ 
        Â 
        Â 
      
    
  
  
   
  When you are done editing, click Save Changes.

>From this window you can also:

   Rename
an entry
   Delete
an entry


Editing Domain Components
To edit a domain, do the following:

  Search for the entry using the Standard
Search
or Advanced
Search mechanism.
   View
the entry.
  Click the Edit Domaincomponent button.
  If you have not authenticated before you attempt to edit an
entry, or
if
your authentication has expired, the Directory Server prompts you to authenticate
before continuing.
  To edit the domain's entry, type in the value for each field. You
must
supply values for the required fields.
  The required field for a domain is Domaincomponent
Name.
  You can provide values for the optional fields now, or add them
later.
The optional fields for a domain are:
   
  
  
    
      
        Description
        Phone
        Business
Category
      
      
        Fax
        Location
        Mailing
Address
      
      
        See
Also
         
         
      
    
  
  
   
  When you are done editing, click Save Changes.

>From this window you can also:

   Rename
an entry
   Delete
an entry


Editing Organizations
To edit an organization entry, do the following:

  Search for the entry using the Standard
Search
or Advanced
Search mechanism.
   View
the entry.
  Click the Edit Organization button.
  If you have not authenticated before you attempt to edit an
entry, or
if
your authentication has expired, the Directory Server prompts you to authenticate
before continuing.
  To edit the organizational unit's entry, type in the value for
each
field. You must supply values for the required fields.
  The required fields for an organization is Organization
Name.
  You may provide values for the optional fields now, or edit them
later.
The optional fields for an organization are:
   
  
  
    
      
        DescriptionÂ 
        PhoneÂ 
        Business
CategoryÂ 
      
      
        FaxÂ 
        LocationÂ 
        Mailing
AddressÂ 
      
      
        See
AlsoÂ 
        Â 
        Â 
      
    
  
  
Â  When you are done editing, click Save Changes.

Renaming Entries
To rename an entry, do the following:

  Search for the entry using the Standard
Search
or Advanced
Search mechanism.
   View
the entry.
  Click the Edit button.
  Enter the new common name for the entry.
  Click Save Changes.

Note the following rules about renaming an entry:

  You can change only the left-most value in an entry's distinguished
name. This effectively means you can only change the entry's name;
you cannot move the entry to another branch in the directory through
this
mechanism. For example, if you have an entry that has a DN of:
  uid=3Dtandrew, ou=3DAccounting, o=3DExample.com
you can rename only the user ID (uid) part of this entry. You cannot,
however,
move user tandrew to the Marketing subtree. To do that, you must create
a new entry for tandrew in the Marketing subtree, and then delete his
old
entry in the Accounting tree. You cannot rename an organizational
unit if it has any entries
below it
in the tree. To rename a branch point in the directory tree, you must
first
delete everything below that point in the tree, and then rename the
entry.


Deleting Entries
To delete an entry, do the following:

  Search for the entry using the Standard
Search
or Advanced
Search mechanism.
   View
the entry.
  Click the Edit button.
  Click the Delete button.

Note that you cannot delete an entry if it has any child entries.
Specifically,
you cannot delete an organizational unit if it has any entries below it
in the tree. To delete a branch point in the directory tree, you must
first
delete everything below that point in the tree, and then delete the
entry.
Changing Passwords
In the Directory Server interface, you can change your own password.
You
can also change another person's password if you are the directory
manager
or an unrestricted user with write privileges to the password
attribute.
To change a password, do the following:


  Search for the entry using the Standard
Search
or Advanced
Search mechanism.
   View
the entry.
  Click the Edit button.
  Click the Change Password button.
  

If you are changing your own password, you must enter the old password
for the change command to succeed. (If you are authenticated as
anyone besides the current entry, you are not prompted to enter the
old password.) Click the Change Password button.





--- NEW FILE objclass.htm ---










Object Classes




This appendix includes information on object class definitions. Most of
the schema elements used in the Directory Server are part of the
standard LDAP protocol, which is in turn based on the X.500 standard.
However, some of the Directory Server's object classes are extensions
created by Netscape for use with its implementation of LDAP. If an
object class was created by Netscape and is not part of the standard
LDAP schema, a note is made in the description of that object class. 
For information on what the Directory Server
schema is and what it is
used for, refer to the Red Hat Directory Server Deployment Guide.


For information on the attributes in the schema, see Appendix
B, "Attributes."

The following types of object classes are described here:


  

  
  Groups
   


  

  Replication
   


  

  Locations
   


  

  Organizations
   


  

  People
   


  

  Calendar
Server Extensions
   


  

  Certificate
Server Extensions
   


  

  Collabra
Server Extensions
   


  

  Compass
Server Extensions
   


  

  Directory
Server Extensions
   


  

  Media
Server Extensions
   


  

  Messaging
Server Extensions
   


  

  Proxy
Server Extensions
   


  

  Web
Server Extensions
   


  

  Reserved
Object Classes
  


The base OID for the Fedora Directory Server is:


2.16.840.1.113730.3



All Netscape|Red Hat defined object classes have the base:


2.16.840.1.113730.3.2


Â 

 Groups

The following object classes describe entries
representing an unordered set of names that represent individual
objects or other groups of objects. Membership of a group is static:
only administrative action can modify a group (such as adding a
member), the membership is not determined dynamically each time a
reference is made to the group. Each object class contains attributes
that describe the group and its members. The object classes described
here are groupOfNames,
groupOfUniqueNames,
and NTGroup.
Â 

 groupOfNames


Defines entries for a group of names. This object
class was inherited from X.500 Directory Services. 

OID: 2.5.6.9
 

  

  
    
       Att=
ribute
      
      
       Att=
ribute
Description
      
      
    
    
       cn
      
      
      (Required) The group's common name.
      
[...8587 lines suppressed...]
    
    
       description
      
      
      Text description of the room.
      
      
    
    
       roomNumber
      
      
      The room's number.
      
      
    
    
       seeAlso
      
      
      URL to information relevant to the room.
      
      
    
    
       telephoneNumber
      
      
      The room's telephone number.
      
      
    
  


  
    
      

      
    
  


Â 

 simpleSecurityObject


Object class used to allow an entry to contain the
userPassword attribute when an entry's principal object classes do not
allow userPassword as an attribute type. Reserved.

OID: 0.9.2342.19200300.100.4.19
 

  

  
    
       Att=
ribute
      
      
       Att=
ribute
Description
      
      
    
    
       userPassword
      
      
      (Required) The entry's password and
encryption method.
      
      
    
  


  
    
      

      
    
  


Â 

 strongAuthenticationUser


Object class used to store information about clients
and certificates in the directory. This object class was inherited from
X.500 Directory Services. Reserved.

OID: 2.5.6.15
 

  

  
    
       Att=
ribute
      
      
       Att=
ribute
Description
      
      
    
    
       userCertificate
      
      
      Not used.
      
      
    
    
       userCertificate;binary
      
      
      (Required) User's certificate in binary
form.
      
      
    
  


  
    
      

      
    
  


Â 

 top

Object class used as a superclass for all other object classes in the
directory. This object class was inherited from X.500 Directory
Services. Reserved.
OID: 2.5.6.0
 

  

  
    
       Att=
ribute
      
      
       Att=
ribute
Description
      
      
    
    
       objectClass
      
      
      (Required) Mandatory attribute for all
object classes.
      
      
    
    
       aci
      
      
      Stores the Directory Server access control
information for this entry.
      
      
    
  


  
    
      

      
    
  









--- NEW FILE search.htm ---



Searching the Directory Tree




Searching the Directory Tree

The Directory Server
contains information about the people and resources in
your organization. Using the Directory Server interface, you can
easily find the information you need. To simplify the search
process, the Directory Server interface provides two types of
searches:


    &file=3D.MANUAL/=
search.htm#standard">Standard Search -- Selects an
        appropriate method of searching based on the value you
        specify. For example, if you search for moz(a)example.com,
        Standard Search searches for matching email
        addresses. 

    
&file=3D.MANUAL/=
search.htm#advanced">Advanced Search -- Provides a
        simple method for searching against specific entry
        attributes. For example, you can specify that you want to
        search for users whose last names start with k and
        whose phone numbers end with 2110. 


Both types of searches allow you select the type of entry to
search for. You can search for any of the following types of
entries:


    
        Type of Entry
        Description
    
    
        People
        Entries that describe a person. 
    
    
        NT people
        Entries that describe an NT user.
    
    
        Groups 
        Entries that describe a group. Groups
        are collections of one or more directory
        entries. For example, groups may be defined at your site
        that include the System Administrators, the Technical
        Writers, or all the people interested in fishing. Note
        that a group does not always have to identify a
        collection of people. For example, a group could be
        defined that identifies all the color printers or fax machines
	  at your site. Groups can also contain other groups. 
    
    
        NT Groups
        Entries that describe a group of NT users.
    
    
        Organizations
        Entries that describe an organization.
        An organization is usually a single, very
        large organization such as a corporation or a university.
        An organization differs from a group in that a
        group is typically an arbitrary collection of people or
        devices that is subject to change as entities are added
        to or removed from the directory. Organizations, however,
        represent a major, relatively static, subdivision or
        branching of the directory. Additions and
        subtractions of entities within the directory do not usually
	  affect organization entries.
    
    
        Domain Components
        Entries that describe your domain. =

        The Domain Component represents your directory suffix by =

        breaking your domain name into its component parts. In a =

        single enterprise environment, a directory suffix typically =

        aligns with a DNS name or Internet domain name of your =

        enterprise. For example, if your enterprise owns the domain =

        name of example.com, then your directory suffix would be of =

        the form dc=3Dexample,dc=3Dcom.
    
    
        Org-Units
        Entries that describe an organizational
        unit. Organizational units usually identify major
        subdivisions within a larger organization. In contrast to
        entries from a single, very large organization such as a
        corporation or university, organizational units describe
        smaller organizations such as accounting, marketing, the
        humanities, or Biology. 
    
    
        Anything 
        Any type of entry within the directory
        that matches the search criteria. Use Anything
        if you are unsure of how the directory manager
        represented an entry within the directory. Anything is
        also useful if the type of entry for which you are
        searching is not a person, group, or organization.
    


After the Directory Server completes the search, the Directory
Server interface displays the &file=3D.MANUAL/search.htm#results">search results,
which provide links to all matching entries. When you click an
entry displayed on the search results list, the Directory Server
displays detailed information about the entry. If the entry is a
person, you can also choose to &file=3D.MANUAL/search.htm#vCard">view the person's
digital business card, or vCard. Using the vCard, you can
add the person to your Communicator address book with a
click of a button.

Standard Search

Standard search performs different types of searches according to the
nature of the data that you specify. Depending on what
you type in the search field, Standard Search attempts to find
matching &file=3D.MANUAL=
/search.htm#Name">names, &file=3D.MANUAL/search.htm#phone">telephone
numbers, or &file=3D=
.MANUAL/search.htm#email">email addresses. 

Depending on what you enter, Standard Search
determines whether to find entries that exactly match your
criteria, entries that contain your criteria, or entries that
contain words or syllables that sound like your criteria. You can also use
an LDAP (Lightweight Directory Access Protocol) &file=3D.MANUAL/search.htm#filter">search filter =

in the Standard Search field.


Performing a
Standard Search


    Click the Standard Search tab.
    Select the &file=
=3D.MANUAL/search.htm#type">type of entry you want to
        search for from the Find drop-down list.
    Enter the value you want to find in the "Search
        for" field. The "Search for" field
        is not case sensitive. You can enter any of the following:
	  
            A &file=
=3D.MANUAL/search.htm#Name">name or part of a name 
            A person's &file=3D.MANUAL/search.htm#initials">initials 
            Some or all of a &file=3D.MANUAL/search.htm#phone">phone number
            
            Some or all of an &file=3D.MANUAL/search.htm#email">email
                address 
            An LDAP =
&file=3D.MANUAL/search.htm#filter">search filter
        
    
    Click Submit. 

        Once the form data has been submitted to the Directory
        Server, the server searches for any entries
        that exactly match, partially match, or sound like the
        value you supplied. The resulting matches are displayed
        as a &file=3D.MA=
NUAL/search.htm#results">search results table.


Searching for Names

If the string you specify:


    contains characters other than numbers 
    does not contain an at (@) symbol 


Standard Search attempts to find full names, first names, or
last names that exactly match, partially match, or sound like the
supplied value.

For example, specifying the string son
could return results such as: 



	Gary Stevenson
	Mary Sun
	Allison Barker


Searching for Names with Initials

If you specify a value that includes the following items in
the following order:


    a single letter 
    a space ( ), period (.), or period and space in any order
    one or more characters 


then Standard Search executes the search as if you
requested a first initial followed by a last name. For example,
specifying the string "S.Anderson" could return results
such as:


    Sally Anderson
    Steve Anderson
    Sue Anderson


Similarly, if you specify a value that has the following items
in the following order:


    more than one character
    a space ( ), period (.), or period and space in any order
    a single character 


then Standard Search executes the search as if you
requested a first name followed by a last initial. For example,
specifying the string "Mark
.P" could return search results such as:


    Mark Payne
    Mark Peck
    Mark Polk



    Note: 
    When you use initials Standard Search looks only for exact matches.
	 It returns entries with names that use the
    	 same initial and name as you specify on the search.
    	 Approximate (or "sounds-like") and substring
    	 searches are not performed. 


Searching for Phone Numbers

Standard Search automatically searches for a phone number if
the value you enter consists only of numerical digits. A single
hyphen (-) is also allowed if at least one digit precedes
it.

This type of search is an "ends with" search. That
is, the Directory Server searches for any phone numbers that end
with the specified value. For example, if you enter a value such
as 123, the Directory Server searches for all phone numbers that
end with 123.

Searching for Email Addresses

Standard Search automatically searches for matching email
addresses if you provide a value that contains an at (@) symbol.
Standard Search first searches for any email addresses that
exactly match the value you entered. If Standard Search doesn't
find any matching entries, it then searches for any entries that
start with the value you entered. 

For example, specifying the string son@
could return:


    son@

or, if no exact match exists in the directory:

    son(a)aardvark.org
    son(a)acme.com


Using Search Filters

Rather than allowing Standard Search to determine the correct
type of search, you can explicitly specify an LDAP search filter.
An LDAP search filter allows you to search for entries with a
specific &file=3D.MANUAL=
/attribut.htm">attribute value.
Standard Search assumes that any string containing an equal sign
(=3D) is an LDAP search filter. For example,

cn=3D*eve*

is an LDAP search filter that performs a substring search for
any common name (CN) containing the string eve.
When specifying attributes within an LDAP search filter, you
must use the attribute label used by the Directory Server
internally, the internal ID, rather than the attribute
field name as displayed in the Directory Server interface. =

For example, the internal ID for the Full Name attribute field
is cn. When you enter a search filter in Standard Search,
use the internal ID (commonName) rather than the attribute field name (Full=
 Name)
as follows: =


commonName=3DSmith Fukuda

Some attribute fields also have a second, abbreviated internal ID. For e=
xample, the Full Name field has two
internal IDs: commonName and cn. You can use either name in the search filt=
er. =



For more information on search filters, refer to =

the Directory Server Administrator's Guide.

Advanced Search

With Advanced Search, you can search for entries that have
specific values for certain attributes. For example, Advanced
Search allows you to look for a person whose email address is a
specified value. Advanced Search also allows you to look up
entries that do not include a specified attribute value. For
example, you can find all the people whose last name is not
"Smith" (such a search is likely to return a
large number of results, so you may want to avoid these kinds of
searches).

Advanced Search performs an exact search, returning entries
that exactly match the words you enter. There are four fields in
the Advanced Search form that you use to construct your search.
Together these four fields represent a sentence specifying the
search. In general, the sentence is constructed as follows: 

&file=3D.MANUAL/searc=
h.htm#type">Find: [a type of entry] &file=3D.MANUAL/search.htm#=
wherethe">where the: [attribute] &file=3D.MANUAL/search.htm#=
typeofsearch">[type of search] [search
string]

The options
for the first three of these fields are provided in pull-down
menus. The last field contains the actual search string. For example, you c=
an
construct a search to:

Find: [People] where the: [Last
Name] [is] [Bowker]

Or you can construct a search to: 

Find: [People] where the: [Full Name] [sounds
like] [tree]

Performing an
Advanced Search


    Click the Advanced Search tab.
    Select the &file=
=3D.MANUAL/search.htm#type">type of entry you want to
        search for from the Find drop-down list.
    Select the attribute you want to search for from the "where
        the" field drop-down list. The choices
        vary depending on the type of entry you selected in the Find
        field. The options are explained in the following table.


         =

            
            
                If the Find field
                is . . .
                You can choose . . .
            
            
                People
                &fil=
e=3D.MANUAL/attribut.htm#cn">full name,
                &file=3D=
.MANUAL/attribut.htm#surname">last name, &file=3D.MA=
NUAL/attribut.htm#telephoneNumber">phone number,
                &file=3D=
.MANUAL/attribut.htm#mail">email address, &file=3D.MA=
NUAL/attribut.htm#uid">user ID, or &file=3D.MA=
NUAL/attribut.htm#title">title
            
            
                Groups
                &fil=
e=3D.MANUAL/attribut.htm#cn">name, =

                &file=3D=
.MANUAL/attribut.htm#description">description, =

		&file=3D.MANUAL/attrib=
ut.htm#owner">owner, or =

                &file=3D=
.MANUAL/attribut.htm#member">member
            
                Organizations
                &fil=
e=3D.MANUAL/attribut.htm#cn">name,
                &file=3D=
.MANUAL/attribut.htm#l">location,
                &file=3D=
.MANUAL/attribut.htm#telephoneNumber">phone
                number, or &file=3D.MANUAL/attribut.htm#description">description
            
            
                Domaincomponent
                &fil=
e=3D.MANUAL/attribut.htm#cn">name,
                &file=3D=
.MANUAL/attribut.htm#l">location,
                &file=3D=
.MANUAL/attribut.htm#telephoneNumber">phone
                number, or &file=3D.MANUAL/attribut.htm#description">description
            
            
                Org-Units
                &fil=
e=3D.MANUAL/attribut.htm#cn">name, =

                &file=3D=
.MANUAL/attribut.htm#l">location,
                &file=3D=
.MANUAL/attribut.htm#telephoneNumber">phone
                number, or &file=3D.MANUAL/attribut.htm#description">description
            
            
                Anything
                &fil=
e=3D.MANUAL/attribut.htm#cn">name or
                &file=3D=
.MANUAL/attribut.htm#description">description
            
        
    

    
Select the type of search you want to perform. 

        

        In general, this field indicates if the search is to be
        an equality search, substring search, or approximate
        ("sounds like") search. The following defines
        all of the available keywords and the type of search
        that each represents. Not all of these keywords
        are available for every search; the actual keywords you
        can use depends on the values you select for the 'Find'
        and "where the" fields. You can
        choose one of the following:

        
            
                Type of search
                Description
            
            
                is
                Finds an exact match. That is,
                this option specifies an equality search. Use
                this option when you know the exact value of an
                entry's attribute. For example, if you know the
                exact spelling of a person's last name, use this
                option. 
            
            
                is not
                Returns all the entries having an attribute value
                that does not exactly match the search string. That
                is, if you want to find all the people in the
                directory whose last name is not
                "Smith," use this option. Be aware,
                however, that use of this option can return an
                extremely large number of entries. 
            
            
                sounds like
                Finds phonetic matches. Use this option if you know an
                attribute's value, but you are unsure of the
                spelling. For example, if you are not sure if a
                person's last name is spelled "Sarret,"
                "Sarette," or "Sarett," use
                this option. 
            
            
                starts with
                Performs a substring search.
                Entries having attributes with values starting with the
                specified search string are returned. For
                example, if you know a person's first name is
                "Steve," but you do not know the last
                name, use this option on a full name search. 
            
            
                ends with
                Performs a substring search.
                Entries having attributes with values ending with the speci=
fied
                search string are returned. For example, if you
                know the last four digits of a person's telephone
                number are "9876," use this option to
                locate the person's entry. 
            
            
                contains
                Performs a substring search.
                Entries having attributes with values containing the specif=
ied
                search string are returned. For example, if you
                know an organization's description
                contains the word "support," use this
                option with the search string "support"
                to find the organization's entry.
            
        
    

    
Enter the string you want to search against in the text
        box and click Search.

        Once the form data has been submitted to the directory
        server, the Directory Server searches for any entries
        that exactly match the value you supplied. The resulting
        matches are displayed as a search results list.


Advanced Search
Examples

The following examples show a few possible uses of the
Advanced Search form. The vertical bars (|) delimit the various
fields in the form.


    
        To find . . .
        Enter . . .
    
    
        All people named Darlene
        Find: People | where the: full name |
        starts with | Darlene
    
    
        All people with the last name Sweeney
        Find: People | where the: last name |
        is | Sweeny
    
    
        All the people who are vice presidents
        Find: People | where the: title |
        contains | Vice President
    
    
        The organization named Accounting
        Find: Organization | where the: name |
        is | Accounting
    
    
        Groups interested in scuba diving
        Find: Groups | where the: description |
        contains | scuba
    
    
        Any entry with a name that contains the word
        "printer"
        Find: Anything | where the: name |
        contains | printer
    


Viewing Search Results

When you perform a search using either a Standard Search or an
Advanced Search, the Directory Server interface sends the search
data to the Directory Server. The Directory Server performs the
search and then returns any matching entries to the directory
server interface. The resulting display depends on whether there
were:


    &file=3D.MANUAL/=
search.htm#nomatch">no matches
    &file=3D.MANUAL/=
search.htm#single">a single match
    &file=3D.MANUAL/=
search.htm#multiple">multiple matches


This section also discusses some of the &file=3D.MANUAL/search.htm#problems">other
problems you may run into when attempting to search the
directory tree.

No Matches 

A search result that returns no matches means one of the
following. 


    No entries in the directory match your search
        criteria. If you believe that this is the problem, try
        another search using slightly different parameters to
        see if you can get any other results.
    You did not &fil=
e=3D.MANUAL/auth.htm#1016877">authenticate
        before performing the search. The directory administrator
 	  determines Authentication requirements. Your
        directory administrator can set the access control on the
        directory so that you are required to
        authenticate before you can search the tree. This access
        control can be set for the entire directory or for
        just part of it. If you are required to
        authenticate before you can search the directory tree,
        and you do not authenticate before running the search,
        the Directory Server acts as if no matching
        entries were found in the directory; no message informs you
	  that you need to authenticate. This is for security reasons. Contact your
        directory administrator to find out if you must
        authenticate to the Directory Server before running a
        search. See Chapter=EF=BF=BD=EF=BF=BD5, "Authentication"
	for more information on authentication.
    The access control for the tree disallows you
        from viewing the entry or entries; regardless of authentication.


A Single Match 

If one and only one match is returned in response to an
"is" search, the Directory Server interface displays
information about that entry as a result of the search. If the
single result was found using any other search method, it is
displayed in a table, and you must click the link to view
detailed information about the entry. This form
contains a button that allows you to &file=3D.MANUAL/mod.htm">edit
the entry. You must have the appropriate permissions to edit an
entry, and you need to &=
file=3D.MANUAL/auth.htm#userauth">authenticate
before doing so. 

Multiple Matches 

If multiple matches are found in response to your
search, the directory interface displays
a table listing each of the matching entries and
certain relevant information for each entry, such as the entry's
phone number and email address. The type of entry for which
you are searching determines this information.
To view more information on a specific entry, click the
entry's name in the first column of the table. 

Other Problems

You may see odd results if you are searching for numerical
values because the Directory Server stores all values as
strings, regardless of whether they are actually numerical values
(such as telephone or room numbers). Consequently, when you
search for numerical values, be sure to include all spaces and
leading zeros, if any. 

Also note that the Directory Server interface strips all
leading and trailing blank spaces from your search criteria.
While it is unlikely that directory entries actually have leading
and trailing blank spaces in their values, the possibility still
exists. Because of this, exact matches against values that have
leading and trailing blank spaces fail. If you encounter
this problem, try using a substring search (a
"contains" search) instead of an exact search. 

Viewing a vCard

A vCard is a digital business card. Like a regular business
card, a vCard contains contact information about a person such as
name, title, telephone and fax numbers, and email
address. Unlike a regular business card, however, the vCard can
also contain multimedia elements such as graphics, sound,
and video. To view a vCard, do the following:


    Use the &file=3D=
.MANUAL/search.htm#standard">Standard Search or &file=3D.MANUAL/sea=
rch.htm#advanced">Advanced Search mechanism to locate
        the person whose vCard you want to view.
    Click the View Card button.

        The Directory Server interface displays a condensed
        version of the vCard.
    If you want to see more details, click View
        Complete Card.
    If you want to add the person to your Communicator
        address book, click "Add to Address Book"
        and then click OK.





--===============0453071197870990670==--

Operator	Symbol	Description
And	&	All specified filters must be true for the stat= ement to be true. For example, = `(&(filter1)(filter2)(filter3)...)` Filter1, filter2, and filter3 must all be true for an entry to match.
Or	\|	At least one specified filter must be true for the statement to be true. For example, = `(\|(filter1)(filter2)(filter3)...)` If any of filter1, filter2, or filter3 match, the entry is returned.
Not	!	The specified statement must not be true for the statement to be true. Note that only one filter is affected by the not operator. For example, = `(!(filter))` Any entry not matching the filter is returned.

To find . . .	Enter . . .
All people named Darlene	Find: People \| where the: full name \| starts with \| Darlene
All people with the last name Sweeney	Find: People \| where the: last name \| is \| Sweeny
All the people who are vice presidents	Find: People \| where the: title \| contains \| Vice President
The organization named Accounting	Find: Organization \| where the: name \| is \| Accounting
Groups interested in scuba diving	Find: Groups \| where the: description \| contains \| scuba
Any entry with a name that contains the word "printer"	Find: Anything \| where the: name \| contains \| printer

Symptom	Cause	Action
Search results are empty	Either no entries match the search string you entered, or you are required to authenticate to the directory before performing this type of search operation.	Try a different search operation. Or, if you are sure that there are entries that match the criteria you entered, &file=3D.MANUAL/auth.htm#userauth">authenticate to the directory.
Search results missing entries or missing attribute information from returned entries.	Either you are not authenticated properly or you do not have access to the information. The directory administrator can specify that all or parts of the directory tree require authentication to access entries, or even certain entry attributes. In this situation, the Directory Server does not indicate that the information exists and that you do not have = privileges to access it. Instead, it simply acts as if the information does not exist at all. This behavior is driven by the concern that knowing certain information exists in the tree, even if you are not allowed to see it, can pose a security risk.	Make sure you are properly &file=3D.MANUAL/aut= h.htm#userauth">authenticated. Then, verify with your directory administrator that you have access to the directory information you need.
Operation fails after completion	The directory is failing the operation because of improper authentication. Although, it may seem as if the interface's form action is failing the operation, the form is only passing the operation to the Directory Server, which is then failing the operation. The Directory Server interface simply reports the results of the operation. This occurs because the LDAP protocol does not currently allow the interface to know whether authentication is required before trying an operation. Using the interface, this situation can only arise if your authentication times out while you are creating or modifying the directory entry.	Make sure you are properly &file=3D.MANUAL/aut= h.htm#userauth">authenticated and that your authentication has not timed out.
A table of entries is displayed during the authentication process	Either your full name is not unique in the directory, or the name you entered does not exist in the directory.	If your entry is displayed on the table, select the corresponding link and continue with the &file= =3D.MANUAL/auth.htm#userauth">authentication process. If your entry is not displayed on the table, click Cancel and then try &fi= le=3D.MANUAL/auth.htm#userauth">authenticating again. Be sure to use your full name and not your user ID.
Username is correct, but authentication fails anyway	Your password is incorrect. If you enter a valid username but an incorrect password, and the username you supplied represents an NT person entry, the Directory Server attempts to authenticate you to the Windows network. If that is not successful or the user name you supplied does not represent an NT person entry, you are given the choice to retry, close the window, or seek help.	Click Retry and then reenter your password.

Attribute	Name	Definition
c	country	Identifies the name of the country under which the entry resides. For example, c=3DUS c=3DGB
cn	common name	Required attribute that identifies the person or object defined by the entry. For example: cn=3DWally Henderson cn=3DDatabase Administrators cn=3Dprinter3b
l	locality	Identifies the locality in which the entry resi= des. The locality could be a city, county, township, or other geographic region. For example: l=3DTucson l=3DPacific Northwest l=3DAnoka County
o	organization	Identifies the organization in which the entry resides. For example: o=3DNetscape Communications Corp o=3DPublic Power & Gas
ou	organizational unit	Identifies a unit within the organization. For example: ou=3DSales ou=3DManufacturing
st	state or province name	Identifies the state or province in which the entry resides. For example: st=3DIowa st=3DBritish Columbia
street	street address	Identifies the street address at which the entry resides. For example: street=3D494 Rice Creek Terrace

Search type	Operator	Description
Equality	=3D	Returns entries containing attributes which mat= ch the specified value. For example, = `cn=3DBob Johnson`
Substring	=3D<string>*<string>	Returns entries containing attributes containing the specified substring. For example, = `cn=3DBob` `cn=3DJohnson` `cn=3DJohn` `cn=3DB*John`
Greater than or equal to	>=3D	Returns entries containing attributes that are greater than or equal to the specified value. For example, = `employeenumber >=3D 100`
Less than or equal to	<=3D	Returns entries containing attributes that are less than or equal to the specified value. For example, = `employeenumber <=3D 100`
Presence	=3D*	Returns entries containing the specified attrib= ute. For example, = `cn=3D` `telephonenumber=3D` `manager=3D*`
Approximate	~=3D	Returns entries containing the specified attrib= ute that is approximately equal to the specified value. For example, = `cn~=3Dsurette` `l~=3Dsan fransico`

Name in the directory (Phonetic code)	Your search string (Phonetic code)	Match comments
Alice B Sarette (ALS B SRT)	Alice Sarette (ALS SRT)	Matches. Codes are specified in the correct ord= er.
	Alice Sarrette (ALS SRT)	Matches. Codes are specified in the correct ord= er despite the misspelling of Sarette.
	Surette (SRT)	Matches. The generated code exists in the origi= nal name despite the misspelling of Sarette.
	Bertha Sarette (BR0 SRT)	No match. The code BR0 does not exist in the original name.
	Sarette, Alice (SRT ALS)	No match. The codes are not specified in the correct order.

Att= ribute	Att= ribute Description
cn	(Required) The group's common name. [...8587 lines suppressed...]
description	Text description of the room.
roomNumber	The room's number.
seeAlso	URL to information relevant to the room.
telephoneNumber	The room's telephone number.

Att= ribute	Att= ribute Description
userCertificate	Not used.
userCertificate;binary	(Required) User's certificate in binary form.

Att= ribute	Att= ribute Description
objectClass	(Required) Mandatory attribute for all object classes.
aci	Stores the Directory Server access control information for this entry.

Type of Entry	Description
People	Entries that describe a person.
NT people	Entries that describe an NT user.
Groups	Entries that describe a group. Groups are collections of one or more directory entries. For example, groups may be defined at your site that include the System Administrators, the Technical Writers, or all the people interested in fishing. Note that a group does not always have to identify a collection of people. For example, a group could be defined that identifies all the color printers or fax machines at your site. Groups can also contain other groups.
NT Groups	Entries that describe a group of NT users.
Organizations	Entries that describe an organization. An organization is usually a single, very large organization such as a corporation or a university. An organization differs from a group in that a group is typically an arbitrary collection of people or devices that is subject to change as entities are added to or removed from the directory. Organizations, however, represent a major, relatively static, subdivision or branching of the directory. Additions and subtractions of entities within the directory do not usually affect organization entries.
Domain Components	Entries that describe your domain. = The Domain Component represents your directory suffix by = breaking your domain name into its component parts. In a = single enterprise environment, a directory suffix typically = aligns with a DNS name or Internet domain name of your = enterprise. For example, if your enterprise owns the domain = name of example.com, then your directory suffix would be of = the form dc=3Dexample,dc=3Dcom.
Org-Units	Entries that describe an organizational unit. Organizational units usually identify major subdivisions within a larger organization. In contrast to entries from a single, very large organization such as a corporation or university, organizational units describe smaller organizations such as accounting, marketing, the humanities, or Biology.
Anything	Any type of entry within the directory that matches the search criteria. Use Anything if you are unsure of how the directory manager represented an entry within the directory. Anything is also useful if the type of entry for which you are searching is not a person, group, or organization.

If the Find field is . . .	You can choose . . .
People	&fil= e=3D.MANUAL/attribut.htm#cn">full name, &file=3D= .MANUAL/attribut.htm#surname">last name, &file=3D.MA= NUAL/attribut.htm#telephoneNumber">phone number, &file=3D= .MANUAL/attribut.htm#mail">email address, &file=3D.MA= NUAL/attribut.htm#uid">user ID, or &file=3D.MA= NUAL/attribut.htm#title">title
Groups	&fil= e=3D.MANUAL/attribut.htm#cn">name, = &file=3D= .MANUAL/attribut.htm#description">description, = &file=3D.MANUAL/attrib= ut.htm#owner">owner, or = &file=3D= .MANUAL/attribut.htm#member">member
Organizations	&fil= e=3D.MANUAL/attribut.htm#cn">name, &file=3D= .MANUAL/attribut.htm#l">location, &file=3D= .MANUAL/attribut.htm#telephoneNumber">phone number, or &file=3D.MANUAL/attribut.htm#description">description
Domaincomponent	&fil= e=3D.MANUAL/attribut.htm#cn">name, &file=3D= .MANUAL/attribut.htm#l">location, &file=3D= .MANUAL/attribut.htm#telephoneNumber">phone number, or &file=3D.MANUAL/attribut.htm#description">description
Org-Units	&fil= e=3D.MANUAL/attribut.htm#cn">name, = &file=3D= .MANUAL/attribut.htm#l">location, &file=3D= .MANUAL/attribut.htm#telephoneNumber">phone number, or &file=3D.MANUAL/attribut.htm#description">description
Anything	&fil= e=3D.MANUAL/attribut.htm#cn">name or &file=3D= .MANUAL/attribut.htm#description">description

Type of search	Description
is	Finds an exact match. That is, this option specifies an equality search. Use this option when you know the exact value of an entry's attribute. For example, if you know the exact spelling of a person's last name, use this option.
is not	Returns all the entries having an attribute value that does not exactly match the search string. That is, if you want to find all the people in the directory whose last name is not "Smith," use this option. Be aware, however, that use of this option can return an extremely large number of entries.
sounds like	Finds phonetic matches. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a person's last name is spelled "Sarret," "Sarette," or "Sarett," use this option.
starts with	Performs a substring search. Entries having attributes with values starting with the specified search string are returned. For example, if you know a person's first name is "Steve," but you do not know the last name, use this option on a full name search.
ends with	Performs a substring search. Entries having attributes with values ending with the speci= fied search string are returned. For example, if you know the last four digits of a person's telephone number are "9876," use this option to locate the person's entry.
contains	Performs a substring search. Entries having attributes with values containing the specif= ied search string are returned. For example, if you know an organization's description contains the word "support," use this option with the search string "support" to find the organization's entry.

Adding Entries

New Entry Guidelines

Directory Tree Structure

Distinguished Name Syntax

Unique Distinguished Names

Adding a Person

Adding an NT Person

Adding a Group

Adding an NT Group

Adding an Organizational Unit

Adding a Domain Component

Adding an Organization

Authentication

Understanding Directory Access

Authenticating to the Directory

Logging Out of the Directory

Reauthenticating to the Directory

Problems Caused by Incorrect Authentication

Contents

Distinguished Names

Distinguished Name syntax

Distinguished Name attributes

Distinguished Name examples

Search Filters

Search Filters

Search Filter Syntax

Using Attributes in a Filter

Using Operators in a Filter

Using Multiple Search Filters

Boolean Operators

Search Filter Examples

How Searching Works

How Approximate ("sounds like") Searches Work

How Substring Searches Work

Symbols

A

B

C

D

E

F

G

I

L

M

N

O

P

R

S

T

U

W

Introduction to the Directory Server Interface

Editing Entries

Editing People

Adding Values to the Manager and Admin Fields

Editing NT People

Editing Groups

Adding Values to the Owner, See Also, and Group Member Fields

Editing NT Groups

Editing Organizational Units

Editing Domain Components

Editing Organizations

Renaming Entries

Deleting Entries

Changing Passwords

Groups

Searching the Directory Tree

Standard Search

Performing a Standard Search

Searching for Names

Searching for Names with Initials

Searching for Phone Numbers

Searching for Email Addresses

Using Search Filters

Advanced Search

Performing an Advanced Search

Advanced Search Examples

Viewing Search Results