HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

311

312

313

314

315

316

317

318

319

320

nsslapd-pluginarg0: ldap://configdir.example.com:389 config2dir.example.com:1389/o=NetscapeRoot

...

NOTE:

The nsslapd-pluginarg0 attribute sets the authentication Directory Server; additional

nsslapd-pluginargN attributes can set additional suffixes for the PTA Plug-in to use, but

not additional hosts.

7.4.4.3 Specifying one authenticating Directory Server and multiple subtrees

The following example configures the PTA Directory Server to pass through bind requests for

more than one subtree (using parameter defaults):

dn: cn=Pass Through Authentication,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot

nsslapd-pluginarg1: ldap://configdir.example.com/dc=example,dc=com

...

7.4.4.4 Using non-default parameter values

This example uses a nondefault value (10) only for the maximum number of connections

parameter maxconns. Each of the other parameters is set to its default value. However, because

one parameter is specified, all parameters must be defined explicitly in the syntax.

dn: cn=Pass Through Authentication,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: ldap://configdir.example.com/o=NetscapeRoot

10,5,300,3,300,1

...

7.4.4.5 Specifying different optional parameters and subtrees for different authenticating Directory

Servers

To specify a different pass-through subtree and optional parameter values for each authenticating

Directory Server, set more than one LDAP URL/optional parameters pair. Separate the LDAP

URL/optional parameter pairs with a single space as follows.

dn: cn=Pass Through Authentication,cn=plugins,cn=config

...

nsslapd-pluginEnabled: on

nsslapd-pluginarg0:ldap://configdir.example.com/o=NetscapeRoot

10,15,30,3,600,0

nsslapd-pluginarg1:ldap://config2dir.example.com/dc=example,dc=com

7,7,300,3,300,1

...

7.5 Configuring autobind

Autobind is a way to connect to the Directory Server based on local UNIX credentials, which are

mapped to an identity stored in the directory itself. Autobind is configured in two parts:

Before configuring autobind, first make sure that LDAPI is enabled (in “Enabling LDAPI”). Then,

configure the autobind mappings (in “Configuring autobind”).

7.5.1 Overview of autobind and LDAPI

Inter-process communication (IPC) is a way for sepearate processes on a UNIX machine or a

network to communicate directly with each other. LDAPI is a way to run LDAP connections

over these IPC connections, meaning that LDAP operations can run over UNIX sockets. These

connections are much faster and more secure than regular LDAP conenctions.

7.5 Configuring autobind 313