jspωiki
NDSPKISDKeyServerDN

Overview#

NDSPKISDKeyServerDN is a multi-valued attribute contains the list of Security Domain Infrastructure key servers in the tree.

There must be at least one server in this list.

NICI 2.0.1 and newer versions, which are distributed with NetWare 6 or later, make use of this attribute. NICISDI Tree Key Provider Fault Tolerance may be implemented to maintain Fault Tolerance.

NDSPKISDKeyServerDN must be at least one NcpServer DN value.

NICISDI or NICIEXT reads this NDSPKISDKeyServerDN on each loading (normally when eDirectory starts).

Then, NICISDI or NICIEXT connects to each server in NDSPKISDKeyServerDN, and requests any new security domain keys from each server in this list. Existing security keys are also checked for Key Revocation. However, deletion of a security domain key is not automatically done.

Only new key retrieval (not creation) and Key Revocation is automatically done on every loading of NICISDI or NICIEXT, or periodically as configure by the NICISDI Sync Period

In the case of a tree merge, add the name of the new SDI key server's name to this list after trees are merged, and reboot all the servers in the tree unless periodic synchronization is enabled. The final list MUST contain the names of SDI Key servers in all trees.

More Information#

There might be more information for this subject on one of the following: