<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is a [MULTI-VALUE] attribute on the W0 or W1 objects contains the list of the [key servers] in the tree for the respective [SDI Key] object.There must be at least one server in this list for the [SDI Key] object to be active. The [NICIEXT] module reads this attribute and then connects to each server in this list and requests any new [Security Domain] keys from each server in this list. Only servers in this list can create and distribute the [TreeKey].

Adding a server to this attribute makes that server a [Key server]. Although any server can be configured as a “[Key server]”, for the [treeKeys], it is recommended that only servers holding a writeable [Edirectory Replicas] of the [SDI key] object be configured.

NOTE: If a key server does not hold a writeable [Edirectory Replicas], additional rights will need to be assigned.

The [eDirectory] installation will automatically populate this attribute for the W0 object, so no action is required by an administrator for the W0 object. 

For the W1 object, an administrator will need to assign a [Key Server] to this attribute, after confirming that all servers in the tree have been upgraded to [EDirectory 9.0.0.0 (40002.79)], in order to enable the new A[ES 256-bit|AES-256] [TreeKey]. It is recommended that the first [Key server] assigned be the Master replica (for example, the server holding the Master replica of the object CN=W1.CN=KAP.CN=Security).

There must be at least one server in this list. 

[NICI] 2.0.1 and newer versions, which are distributed with [NetWare] 6 or later, make use of this attribute may be implemented to [maintain Fault Tolerance|NICISDI Tree Key Provider Fault Tolerance] 

[{$pagename}] must be at least one [NcpServer] DN value.

[NICISDI] or [NICIEXT] reads this [{$pagename}] on each loading (normally when [eDirectory] starts).

Then, [NICISDI] or [NICIEXT] connects to each server in [{$pagename}], and 
* requests any new security domain keys from each server in this list
* Existing security keys are also checked for [Key Revocation]
* However, deletion of a security domain key is not automatically done. 

Only new key retrieval (not creation) and [Key Revocation] is automatically done on every loading of [NICISDI] or [NICIEXT], or periodically as configure by the [NICISDI] Sync Period.

!! [NDS Tree Merge]
In the case of a [NDS Tree Merge], add the name of the new [SDI key] server's name to this list after trees are merged, and reboot all the servers in the tree unless periodic synchronization is enabled. The final list [MUST] contain the names of [SDI Key] servers in all trees.

!! Category
%%category [eDirectory]%%!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>