HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

301

302

303

304

305

306

307

308

309

310

3. When the user directory is set up on machine B, the setup script prompts for the LDAP URL

of the configuration directory on machine A.

4. The setup program enables the PTA Plug-in and configures it to use the configuration

directory LDAP URL.

This entry contains the LDAP URL for the configuration directory. For example:

dn: cn=Pass Through Authentication,cn=plugins,

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot

...

The user directory is now configured to send all bind requests for entries with a DN

containing o=NetscapeRoot to the configuration directory configdir.example.com.

5. When installation is complete, the admin user attempts to connect to the user directory to

begin adding users.

6. The setup program adds the admin user's entry to the directory as uid=admin,

ou=TopologyManagement,o=NetscapeRoot. So the user directory passes the bind

request through to the configuration directory as defined by the PTA Plug-in configuration.

7. The configuration directory authenticates the user's credentials and sends the information

back to the user directory.

8. The user directory allows the admin user to bind.

7.4.2 PTA plug-in syntax

PTA Plug-in configuration information is specified in the cn=Pass Through Authentication,

cn=plugins,cn=config entry on the PTA directory (the user directory configured to pass

through bind requests to the authenticating directory) using the required PTA syntax. There are

only two attributes in this entry that are significant:

• nsslapd-pluginEnabled, which sets whether the plug-in is enabled or disabled. The

value for this attribute can be on or off.

• nsslapd-pluginarg0, which points to the configuration directory. The value for this

attribute is the LDAP URL of the server and suffix to which to pass the bind requests, along

with the optional parameters, maxconns, maxops, timeout, ldver, connlifetime,

startTLS.

The variable components of the PTA plug-in syntax are described in Table 7-4 “PTA plug-in

parameters”.

NOTE:

The LDAP URL (ldap|ldaps://authDS/subtree) must be separated from the optional

parameters (maxconns, maxops, timeout, ldver, connlifetime, startTLS) by a single

space. If any of the optional parameters are defined, they all must be defined, even if only the

default values are used.

Several authenticating directories or subtrees can be specified by incrementing the

nsslapd-pluginarg attribute suffix by one each time, as in “Specifying multiple authenticating

Directory Servers”. For example:

nsslapd-pluginarg0: LDAP URL for the first server

nsslapd-pluginarg1: LDAP URL for the second server

nsslapd-pluginarg2: LDAP URL for the third server

...

The optional parameters are described in the following table in the order in which they appear

in the syntax.

308 Managing user authentication