HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

311

312

313

314

315

316

317

318

319

320

The default is 0, which means Start TLS is off. To enable Start TLS, set it to 1. To use Start

TLS, the LDAP URL must use ldap:, not ldaps:.

1. Use ldapmodify to edit the plug-in entry.

ldapmodify -p 389 -D "cn=Directory Manager" -w secret -h example

dn: cn=Pass Through Authentication,cn=plugins,cn=config

changetype: modify

replace: nsslapd-pluginarg0

nsslapd-pluginarg0: ldap://dirserver.example.com/o=NetscapeRoot

3,5,300,3,300,0

(In this example, each of the optional parameters is set to its default value.) Make sure there

is a space between the subtree parameter, and the optional parameters.

NOTE:

Although these parameters are optional, if any one of them is defined, they all must be

defined, even if they use the default values.

2. Restart the server.

/opt/dirsrv/slapd-instance_name/restart-slapd

For more information about the command to start and stop the HP-UX Directory Server,

see“Starting and stopping servers”.

7.4.4 PTA plug-in syntax examples

This section contains the following examples of PTA Plug-in syntax in the dse.ldif file:

• “Specifying one authenticating Directory Server and one subtree”

• “Specifying multiple authenticating Directory Servers”

• “Specifying one authenticating Directory Server and multiple subtrees”

• “Using non-default parameter values”

• “Specifying different optional parameters and subtrees for different authenticating Directory

Servers”

7.4.4.1 Specifying one authenticating Directory Server and one subtree

This example configures the PTA Plug-in to accept all defaults for the optional variables. This

configuration causes the PTA Directory Server to connect to the authenticating Directory Server

for all bind requests to the o=NetscapeRoot subtree. The host name of the authenticating

Directory Server is configdir.example.com.

dn: cn=Pass Through Authentication,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot

...

7.4.4.2 Specifying multiple authenticating Directory Servers

If the connection between the PTA Directory Server and the authenticating Directory Server is

broken or the connection cannot be opened, the PTA Directory Server sends the request to the

next server specified, if any. There can be multiple authenticating Directory Servers specified,

as required, to provide failover if the first Directory Server is unavailable. All the authentication

Directory Server is set in the nsslapd-pluginarg0 attribute. Multiple authenticating Directory

Servers are listed in a space-separate list of host:port pairs. For example:

dn: cn=Pass Through Authentication,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

312 Managing user authentication