HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

301

302

303

304

305

306

307

308

309

310

For more information about the command to start and stop the HP-UX Directory Server,

see“Starting and stopping servers”.

Before configuring any of the PTA Plug-in parameters, the PTA Plug-in entry must be present

in the Directory Server. If this entry does not exist, create it with the appropriate syntax, as

described in “PTA plug-in syntax”.

NOTE:

If the user and configuration directories are installed on different instances of the directory, the

PTA Plug-in entry is automatically added to the user directory's configuration and enabled.

This section provides information about configuring the plug-in in the following sections:

• “Configuring the servers to use a secure connection”

• “Specifying the authenticating Directory Server”

• “Specifying the pass-through subtree”

• “Configuring the optional parameters”

7.4.3.1 Configuring the servers to use a secure connection

The PTA directory can be configured to communicate with the authenticating directory over SSL

by specifying LDAPS in the LDAP URL of the PTA directory. For example:

nsslapd-pluginarg0: ldaps://ldap.example.com:636/o=NetscapeRoot

7.4.3.2 Specifying the authenticating Directory Server

The authenticating directory contains the bind credentials for the entry with which the client is

attempting to bind. The PTA directory passes the bind request to the host defines as the

authenticating directory. To specify the authenticating Directory Server, replace authDS in the

LDAP URL of the PTA directory with the authenticating directory's host name, as described in

Table 7-4 “PTA plug-in parameters”.

1. Use ldapmodify edit the PTA Plug-in entry.

ldapmodify -p 389 -D "cn=Directory Manager" -w secret -h example

dn: cn=Pass Through Authentication,cn=plugins,cn=config

changetype: modify

replace: nsslapd-pluginarg0

nsslapd-pluginarg0: ldap://dirserver.example.com/o=NetscapeRoot

Optionally, include the port number. If the port number is not given, the PTA Directory

Server attempts to connect using either the standard port (389) for ldap:// or the secure

port (636) for ldaps://.

If the connection between the PTA Directory Server and the authenticating Directory Server

is broken or the connection cannot be opened, the PTA Directory Server sends the request

to the next server specified, if any. There can be multiple authenticating Directory Servers

specified, as required, to provide failover if the first Directory Server is unavailable. All the

authentication Directory Server is set in the nsslapd-pluginarg0 attribute.

Multiple authenticating Directory Servers are listed in a space-separate list of host:port

pairs, with this format:

ldap|ldaps://host1:port1 host2:port2/subtree

2. Restart the server.

/opt/dirsrv/slapd-instance_name/restart-slapd

For more information about the command to start and stop the HP-UX Directory Server,

see“Starting and stopping servers”.

310 Managing user authentication