Specifications
Chapter 15 Configuring and Managing Open Directory 257
Idle Rebinding Options
The following LDAPv3 plug-in parameters are documented in Open Directory
Administration. The parameters are used in the file /Library/Preferences/
DirectoryService/DSLDAPv3PlugInConfig.plist.
Delay Rebind
This parameter specifies how long the LDAP plug-in waits before attempting to
reconnect to a server that fails to respond. You can increase this value to prevent
continuous reconnection attempts.
<key>Delay Rebind Try in seconds<\key>
<integer>n<\integer>
You can find this parameter in the DSLDAPv3PlugInConfig.plist file near
<key>OpenClose Timeout in seconds<\key>. If not, add it there.
Idle Timeout
This parameter specifies how long the LDAP plug-in sits idle before disconnecting from
the server. You can adjust this value to reduce overloading the server’s connections
from remote clients.
<key>Idle Timeout in minutes<\key>
<integer>n<\integer>
If this parameter doesn’t exist in the DSLDAPv3PlugInConfig.plist file, add it near
<key>OpenClose Timeout in seconds<\key>.
Searching the LDAP Server
The ldapsearch tool connects to an LDAP server, authenticates, finds entries,
and returns attributes of the entries found.
To query the LDAP server for a user’s information:
Enter the following command, replacing the example search base (cn=users,
dc=example, dc=com) with an actual search base:
$ ldapsearch -H ldap://127.0.0.1 -b cn=users,dc=example,dc=com
By default, ldapsearch tries to connect to the LDAP server using the Simple
Authentication and Security Layer (SASL) method. If the server doesn’t support this
method, you see this error message:
ldap_sasl_interactive_bind_s: No such attribute (16)
To avoid this error, include the -x option when you enter the command. For example:
$ ldapsearch -h 192.168.100.1 -b "dc=example,dc=com" -x
The -x option forces ldapsearch to use simple authentication instead of SASL.
The -x option also works on other LDAP tools.