[. . . ] novdocx (en) 22 June 2009 AUTHORIZED DOCUMENTATION Administration Guide Novell® 8. 8 SP5 eDirectoryTM December 02, 2009 www. novell. com Novell eDirectory 8. 8 Administration Guide novdocx (en) 22 June 2009 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. [. . . ] ExpirationInterval (Input and Output, Type INTEGER) Value Description <0, 0 >0 Use the default expiration interval (default). Expiration interval to be assigned to this connection. ConnectionIsAlreadyOpen (Input Only, Type BOOLEAN) WAN Traffic Manager 305 novdocx (en) 22 June 2009 Value Description TRUE FALSE eDirectory determines that it already has a connection to this address and can reuse that connection. eDirectory does not have a connection to this address and must create one. ConnectionLastUsed (Input Only, Type TIME) If ConnectionIsAlreadyOpen is TRUE, then ConnectionLastUsed is the last time that a packet was sent from eDirectory using this connection. Otherwise, it will be 0. Value Description TRUE FALSE ConnectionLastUsed is the time that eDirectory last sent a packet on this connection. ConnectionLastUsed will be 0. Sample NDS_JANITOR Before eDirectory runs the janitor, it queries WAN Traffic Manager to see if this is an acceptable time for this activity. The NDS_JANITOR does not have a destination address; it requires a NO_ADDRESSES policy. If WAN Traffic Manager returns DONT_SEND, janitor work is put off and rescheduled. The following variables are provided: Last (Input Only, Type TIME) The time of the last round of janitor work since eDirectory started. If NDS_JANITOR returns SEND, Last is set to the current time after eDirectory finishes the janitor. ExpirationInterval (Output Only, Type INTEGER) The expiration interval for all connections created while running the Janitor. Value Description <0, 0 >0 Use the default expiration interval (default). Expiration interval to be assigned to this connection. Next (Output Only, Type TIME) Tells eDirectory when to schedule the next round of Janitor work. Value Description In the past, 0 Use the default scheduling. 306 Novell eDirectory 8. 8 Administration Guide novdocx (en) 22 June 2009 Value Description In the future Time when the janitor should be scheduled. CheckEachNewOpenConnection (Output Only, Type INTEGER) Tells eDirectory what to do if it needs to create a new connection while running the janitor. CheckEachNewOpenConnection is initialized to 0. Value Description 0 1 2 Return Success without calling WAN Traffic Manager, allowing the connection to proceed normally (default). Call WAN Traffic Manager and let the policies decide whether to allow the connection. Return ERR_CONNECTION_DENIED without calling WAN Traffic Manager, causing the connection to fail. CheckEachAlreadyOpenConnection (Output Only, Type INTEGER) Tells eDirectory what to do if it needs to reuse a connection it determines is already open while running the Janitor. CheckEachAlreadyOpenConnection is initialized to 0. Value Description 0 1 2 Return Success without calling WAN Traffic Manager, allowing the connection to proceed normally (default). Call WAN Traffic Manager and let the policies decide whether to allow the connection. Return ERR_CONNECTION_DENIED without calling WAN Traffic Manager, causing the connection to fail. Sample NDS_JANITOR_OPEN NDS_JANITOR_OPEN is used only if either CheckEachNewOpenConnection or CheckEachAlreadyOpenConnection was set to 1 during the corresponding NDS_JANITOR query. This query is generated whenever CheckEachNewOpenConnection is 1 and eDirectory needs to open a new connection before doing backlinking, or when CheckEachAlreadyOpenConnection is 1 and eDirectory needs to reuse an already existing connection. The following variables are provided: Version (Input Only, Type INTEGER) The version of eDirectory. ExpirationInterval (Input and Output, INTEGER) WAN Traffic Manager 307 novdocx (en) 22 June 2009 If ConnectionIsAlreadyOpen is TRUE, ExpirationInterval is set to the expiration interval already set on the existing connection. Otherwise, it is set to the ExpirationInterval assigned in the NDS_JANITOR query. A 0 value indicates that the default (2 hours, 10 seconds) should be used. [. . . ] When the product is used by users outside of the corporate firewall, a VPN should be employed. If a server is accessible from outside the corporate network, a firewall should be configured to prevent direct access to the server. Delegation of administration provides granular control over the directory objects. We recommend that you identify a particular LDAP server as the right server for Kerberos management. [. . . ]