HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

131

132

133

134

135

136

137

138

139

140

with that number, and the entry is within the scope and filter of the configured DNA Plug-in, then

using the magic number automatically triggers the plug-in to generate a new value. For example:

ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: uid=jsmith, ou=people, dc=example,dc=com

objectClass: top

objectClass: person

objectClass: posixAccount

uid: jsmith

cn: John Smith

uidNumber: magic

....

The magic number is very useful for importing entries from LDIF or for triggering the DNA Plug-in

to generate unique numbers for several different attributes.

The DNA Plug-in only generates new, unique values. If an entry is added or modified to use a

specific value for an attribute controlled by the DNA Plug-in, the specified number is used; the

DNA Plug-in will not overwrite it.

3.6.1.3 Using the DNA plug-in with replication

With multi-master replication, there are two entries referenced by the server:

• The managed ranges for the DNA Plug-in

• A shared configuration entry that stores the information about the server's available ranges

When the plug-in instance is created, then the DNA Plug-in automatically creates an entry beneath

the shared configuration entry with the supplier configuration. For example:

dn: dnaHostname=ldap1.example.com+dnaPortNum=389, cn=Account UIDs,

ou=Ranges, dc=example, dc=com

objectClass: extensibleObject

objectClass: top

dnahostname: ldap1.example.com

dnaPortNum: 389

dnaSecurePortNum: 636

dnaRemainingValues: 1000

When a server needs a new range of numbers, it searches the configuration entries under the

container entry. When it finds the server with the highest available range, it sends an extended

operation request to have part of the range assigned to it. If the second server agrees, the second

server sends the requesting server the new range assignment.

3.6.2 Looking at the DNA plug-in syntax

The DNA Plug-in itself is a container entry, similar to the Password Storage Schemes Plug-in. Each

DNA entry underneath the DNA Plug-in entry defines a new managed range for the DNA Plug-in.

To new managed ranges for the DNA Plug-in, create entries beneath the container entry.

The most basic configuration is to set up distributed numeric assignments on a single server, meaning

the ranges will not be shared or transferred between servers. A basic DNA configuration entry

defines four things:

• The attribute that's value is being managed, set in the dnaType attribute

• The entry DN to use as the base to search for entries, set in the dnaScope attribute

• The search filter to use to identify entries to manage, set in the dnaFilter attribute

• The next available value to assign, set in the dnaNextValue attribute (after the entry is

created, this is handled by the plug-in)

For example:

dn: cn=Account UIDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config

objectClass: top

objectClass: extensibleObject

cn: Account UIDs

134 Creating Directory Entries