HP-UX AAA Server A.08.00.01 Administrator's Guide

1. On the Local Realms screen, select the name of the directory definition you wish

to delete.

2. Click Delete.

Tuning the AAA Server to LDAP Server Connection

The AAA server to LDAP server connection can be modified by adding the following

entry to /etc/opt/aaa/aaa.config and then stopping and starting the server:

aatv.ProLDAP

{

Retry-Interval 60

Retry-Wait 1

Timeout 60

TCP-Timeout 3

Debug 0

}

• Retry-Interval sets the number of seconds for the AAA server to wait before trying

to reconnect to a LDAP directory server when a realm has failover directory servers

configured. Default value is 60 seconds.

• Retry-Wait sets the number of seconds that the AAA server will wait before

attempting to connect to the same failover LDAP server. When all failover directory

servers configured for a realm are down, the AAA server will try to reconnect to

one every time an access request is received. In that situation, this parameter

guarantees that the software does not spend too much time in trying to reconnect

those directory servers. Default value is 1 second.

• Timeout sets the number of seconds that an LDAP connection will remain open

when the AAA server has not been able to successfully perform any successful

LDAP operation. This parameter allows better handling of the situation where the

LDAP directory times out client connections.

• TCP-Timeout sets the number of seconds that the AAA server will wait for an

LDAP server when trying to establish the Transmission Control Protocol (TCP)

connection.

• Debug determines whether OpenLDAP debug messages should be written to the

AAA server radius.debug file. A value of 0 disables writing these messages; a

value of -1 enables writing these messages. The syntax of this property follows a

block syntax that is different from the other aaa.config variables.

112 Configuring Realms